Merge "[DPP R2] Added support for DPP R2 events"
diff --git a/hostapd/Android.mk b/hostapd/Android.mk
index f5e9f66..eb01da5 100644
--- a/hostapd/Android.mk
+++ b/hostapd/Android.mk
@@ -275,6 +275,10 @@
 NEED_SHA512=y
 endif
 
+ifdef CONFIG_WAPI_INTERFACE
+L_CFLAGS += -DCONFIG_WAPI_INTERFACE
+endif
+
 ifdef CONFIG_FILS
 L_CFLAGS += -DCONFIG_FILS
 OBJS += src/ap/fils_hlp.c
diff --git a/hostapd/Makefile b/hostapd/Makefile
index 955e278..f01f581 100644
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -309,6 +309,10 @@
 NEED_SHA512=y
 endif
 
+ifdef CONFIG_WAPI_INTERFACE
+L_CFLAGS += -DCONFIG_WAPI_INTERFACE
+endif
+
 ifdef CONFIG_AIRTIME_POLICY
 CFLAGS += -DCONFIG_AIRTIME_POLICY
 OBJS += ../src/ap/airtime_policy.o
diff --git a/hostapd/android.config b/hostapd/android.config
index f19f62f..68fec32 100644
--- a/hostapd/android.config
+++ b/hostapd/android.config
@@ -201,6 +201,11 @@
 # Experimental implementation of draft-harkins-owe-07.txt
 #CONFIG_OWE=y
 
+# WLAN Authentication and Privacy Infrastructure (WAPI): interface only.
+# Configure the building of the interface which allows WAPI configuration.
+# Note: does not configure WAPI implementation itself.
+#CONFIG_WAPI_INTERFACE=y
+
 # Wpa_supplicant's random pool is not necessary on Android. Randomness is
 # already provided by the entropymixer service which ensures sufficient
 # entropy is maintained across reboots. Commit b410eb1913 'Initialize
diff --git a/hostapd/defconfig b/hostapd/defconfig
index 1a3d9f9..6e2eaa3 100644
--- a/hostapd/defconfig
+++ b/hostapd/defconfig
@@ -377,6 +377,11 @@
 # Experimental implementation of draft-harkins-owe-07.txt
 #CONFIG_OWE=y
 
+# WLAN Authentication and Privacy Infrastructure (WAPI): interface only.
+# Configure the building of the interface which allows WAPI configuration.
+# Note: does not configure WAPI implementation itself.
+#CONFIG_WAPI_INTERFACE=y
+
 # Airtime policy support
 #CONFIG_AIRTIME_POLICY=y
 
diff --git a/hostapd/hidl/1.2/hostapd.cpp b/hostapd/hidl/1.2/hostapd.cpp
index 50e0a82..2b7fd15 100644
--- a/hostapd/hidl/1.2/hostapd.cpp
+++ b/hostapd/hidl/1.2/hostapd.cpp
@@ -126,13 +126,13 @@
 	}
 
 	std::string channel_config_as_string;
-	if (iface_params.V1_0.channelParams.enableAcs) {
+	if (iface_params.V1_1.V1_0.channelParams.enableAcs) {
 		std::string chanlist_as_string;
 		for (const auto &range :
-		     iface_params.channelParams.acsChannelRanges) {
+		     iface_params.V1_1.channelParams.acsChannelRanges) {
 			if (range.start != range.end) {
 				chanlist_as_string +=
-					StringPrintf("%d-%d ", range.start, range.end);
+				    StringPrintf("%d-%d ", range.start, range.end);
 			} else {
 				chanlist_as_string += StringPrintf("%d ", range.start);
 			}
@@ -141,39 +141,47 @@
 		    "channel=0\n"
 		    "acs_exclude_dfs=%d\n"
 		    "chanlist=%s",
-		    iface_params.V1_0.channelParams.acsShouldExcludeDfs,
+		    iface_params.V1_1.V1_0.channelParams.acsShouldExcludeDfs,
 		    chanlist_as_string.c_str());
 	} else {
 		channel_config_as_string = StringPrintf(
-		    "channel=%d", iface_params.V1_0.channelParams.channel);
+		    "channel=%d", iface_params.V1_1.V1_0.channelParams.channel);
 	}
 
 	// Hw Mode String
+	// TODO: b/146186687 Still missing the handling when 6GHz band is included
 	std::string hw_mode_as_string;
 	std::string ht_cap_vht_oper_chwidth_as_string;
-	switch (iface_params.V1_0.channelParams.band) {
-	case IHostapd::Band::BAND_2_4_GHZ:
-		hw_mode_as_string = "hw_mode=g";
-		break;
-	case IHostapd::Band::BAND_5_GHZ:
-		hw_mode_as_string = "hw_mode=a";
-		if (iface_params.V1_0.channelParams.enableAcs) {
-			ht_cap_vht_oper_chwidth_as_string =
-			    "ht_capab=[HT40+]\n"
-			    "vht_oper_chwidth=1";
+	unsigned int band = 0;
+	if (iface_params.V1_1.V1_0.channelParams.enableAcs) {
+		band |= iface_params.channelParams.bandMask;
+	} else {
+		band |= iface_params.V1_1.V1_0.channelParams.band;
+	}
+
+	if ((band & IHostapd::BandMask::BAND_2_GHZ) != 0) {
+		if ((band & IHostapd::BandMask::BAND_5_GHZ) != 0) {
+			hw_mode_as_string = "hw_mode=any";
+			if (iface_params.V1_1.V1_0.channelParams.enableAcs) {
+				ht_cap_vht_oper_chwidth_as_string =
+				    "ht_capab=[HT40+]\n"
+				    "vht_oper_chwidth=1";
+			}
+		} else {
+			hw_mode_as_string = "hw_mode=g";
 		}
-		break;
-	case IHostapd::Band::BAND_ANY:
-		hw_mode_as_string = "hw_mode=any";
-		if (iface_params.V1_0.channelParams.enableAcs) {
-			ht_cap_vht_oper_chwidth_as_string =
-			    "ht_capab=[HT40+]\n"
-			    "vht_oper_chwidth=1";
+	} else {
+		if ((band & IHostapd::BandMask::BAND_5_GHZ) != 0) {
+			hw_mode_as_string = "hw_mode=a";
+			if (iface_params.V1_1.V1_0.channelParams.enableAcs) {
+				ht_cap_vht_oper_chwidth_as_string =
+				    "ht_capab=[HT40+]\n"
+				    "vht_oper_chwidth=1";
+			}
+		} else {
+			wpa_printf(MSG_ERROR, "Invalid band");
+			return "";
 		}
-		break;
-	default:
-		wpa_printf(MSG_ERROR, "Invalid band");
-		return "";
 	}
 
 	return StringPrintf(
@@ -187,15 +195,17 @@
 	    "%s\n"
 	    "ieee80211n=%d\n"
 	    "ieee80211ac=%d\n"
+	    "ieee80211ax=%d\n"
 	    "%s\n"
 	    "%s\n"
 	    "ignore_broadcast_ssid=%d\n"
 	    "wowlan_triggers=any\n"
 	    "%s\n",
-	    iface_params.V1_0.ifaceName.c_str(), ssid_as_string.c_str(),
+	    iface_params.V1_1.V1_0.ifaceName.c_str(), ssid_as_string.c_str(),
 	    channel_config_as_string.c_str(),
-	    iface_params.V1_0.hwModeParams.enable80211N ? 1 : 0,
-	    iface_params.V1_0.hwModeParams.enable80211AC ? 1 : 0,
+	    iface_params.V1_1.V1_0.hwModeParams.enable80211N ? 1 : 0,
+	    iface_params.V1_1.V1_0.hwModeParams.enable80211AC ? 1 : 0,
+	    iface_params.hwModeParams.enable80211AX ? 1 : 0,
 	    hw_mode_as_string.c_str(), ht_cap_vht_oper_chwidth_as_string.c_str(),
 	    nw_params.isHidden ? 1 : 0, encryption_config_as_string.c_str());
 }
@@ -242,14 +252,23 @@
 }
 
 Return<void> Hostapd::addAccessPoint_1_1(
-    const IfaceParams& iface_params, const NetworkParams& nw_params,
-    addAccessPoint_cb _hidl_cb)
+    const V1_1::IHostapd::IfaceParams& iface_params,
+    const NetworkParams& nw_params, addAccessPoint_cb _hidl_cb)
 {
 	return call(
 	    this, &Hostapd::addAccessPointInternal_1_1, _hidl_cb, iface_params,
 	    nw_params);
 }
 
+Return<void> Hostapd::addAccessPoint_1_2(
+    const IfaceParams& iface_params, const NetworkParams& nw_params,
+    addAccessPoint_1_2_cb _hidl_cb)
+{
+	return call(
+	    this, &Hostapd::addAccessPointInternal_1_2, _hidl_cb, iface_params,
+	    nw_params);
+}
+
 Return<void> Hostapd::removeAccessPoint(
     const hidl_string& iface_name, removeAccessPoint_cb _hidl_cb)
 {
@@ -289,27 +308,34 @@
 }
 
 V1_0::HostapdStatus Hostapd::addAccessPointInternal_1_1(
+    const V1_1::IHostapd::IfaceParams& iface_params,
+    const NetworkParams& nw_params)
+{
+	return {V1_0::HostapdStatusCode::FAILURE_UNKNOWN, ""};
+}
+
+HostapdStatus Hostapd::addAccessPointInternal_1_2(
     const IfaceParams& iface_params, const NetworkParams& nw_params)
 {
-	if (hostapd_get_iface(interfaces_, iface_params.V1_0.ifaceName.c_str())) {
+	if (hostapd_get_iface(interfaces_, iface_params.V1_1.V1_0.ifaceName.c_str())) {
 		wpa_printf(
 		    MSG_ERROR, "Interface %s already present",
-		    iface_params.V1_0.ifaceName.c_str());
-		return {V1_0::HostapdStatusCode::FAILURE_IFACE_EXISTS, ""};
+		    iface_params.V1_1.V1_0.ifaceName.c_str());
+		return {HostapdStatusCode::FAILURE_IFACE_EXISTS, ""};
 	}
 	const auto conf_params = CreateHostapdConfig(iface_params, nw_params);
 	if (conf_params.empty()) {
 		wpa_printf(MSG_ERROR, "Failed to create config params");
-		return {V1_0::HostapdStatusCode::FAILURE_ARGS_INVALID, ""};
+		return {HostapdStatusCode::FAILURE_ARGS_INVALID, ""};
 	}
 	const auto conf_file_path =
-	    WriteHostapdConfig(iface_params.V1_0.ifaceName, conf_params);
+	    WriteHostapdConfig(iface_params.V1_1.V1_0.ifaceName, conf_params);
 	if (conf_file_path.empty()) {
 		wpa_printf(MSG_ERROR, "Failed to write config file");
-		return {V1_0::HostapdStatusCode::FAILURE_UNKNOWN, ""};
+		return {HostapdStatusCode::FAILURE_UNKNOWN, ""};
 	}
 	std::string add_iface_param_str = StringPrintf(
-	    "%s config=%s", iface_params.V1_0.ifaceName.c_str(),
+	    "%s config=%s", iface_params.V1_1.V1_0.ifaceName.c_str(),
 	    conf_file_path.c_str());
 	std::vector<char> add_iface_param_vec(
 	    add_iface_param_str.begin(), add_iface_param_str.end() + 1);
@@ -317,10 +343,10 @@
 		wpa_printf(
 		    MSG_ERROR, "Adding interface %s failed",
 		    add_iface_param_str.c_str());
-		return {V1_0::HostapdStatusCode::FAILURE_UNKNOWN, ""};
+		return {HostapdStatusCode::FAILURE_UNKNOWN, ""};
 	}
 	struct hostapd_data* iface_hapd =
-	    hostapd_get_iface(interfaces_, iface_params.V1_0.ifaceName.c_str());
+	    hostapd_get_iface(interfaces_, iface_params.V1_1.V1_0.ifaceName.c_str());
 	WPA_ASSERT(iface_hapd != nullptr && iface_hapd->iface != nullptr);
 	// Register the setup complete callbacks
 	on_setup_complete_internal_callback =
@@ -342,10 +368,10 @@
 	if (hostapd_enable_iface(iface_hapd->iface) < 0) {
 		wpa_printf(
 		    MSG_ERROR, "Enabling interface %s failed",
-		    iface_params.V1_0.ifaceName.c_str());
-		return {V1_0::HostapdStatusCode::FAILURE_UNKNOWN, ""};
+		    iface_params.V1_1.V1_0.ifaceName.c_str());
+		return {HostapdStatusCode::FAILURE_UNKNOWN, ""};
 	}
-	return {V1_0::HostapdStatusCode::SUCCESS, ""};
+	return {HostapdStatusCode::SUCCESS, ""};
 }
 
 V1_0::HostapdStatus Hostapd::removeAccessPointInternal(const std::string& iface_name)
diff --git a/hostapd/hidl/1.2/hostapd.h b/hostapd/hidl/1.2/hostapd.h
index 80db4e9..eea00cb 100644
--- a/hostapd/hidl/1.2/hostapd.h
+++ b/hostapd/hidl/1.2/hostapd.h
@@ -48,10 +48,13 @@
 	// Hidl methods exposed.
 	Return<void> addAccessPoint(
 	    const V1_0::IHostapd::IfaceParams& iface_params,
-	    const NetworkParams& nw_params, addAccessPoint_cb _hidl_cb) override;
+	    const V1_0::IHostapd::NetworkParams& nw_params, addAccessPoint_cb _hidl_cb) override;
 	Return<void> addAccessPoint_1_1(
-	    const IfaceParams& iface_params, const NetworkParams& nw_params,
-	    addAccessPoint_cb _hidl_cb) override;
+	    const V1_1::IHostapd::IfaceParams& iface_params,
+	    const V1_0::IHostapd::NetworkParams& nw_params, addAccessPoint_cb _hidl_cb) override;
+	Return<void> addAccessPoint_1_2(
+	    const V1_2::IHostapd::IfaceParams& iface_params, const NetworkParams& nw_params,
+	    addAccessPoint_1_2_cb _hidl_cb) override;
 	Return<void> removeAccessPoint(
 	    const hidl_string& iface_name,
 	    removeAccessPoint_cb _hidl_cb) override;
@@ -67,9 +70,13 @@
 	// Corresponding worker functions for the HIDL methods.
 	V1_0::HostapdStatus addAccessPointInternal(
 	    const V1_0::IHostapd::IfaceParams& iface_params,
-	    const NetworkParams& nw_params);
+	    const V1_0::IHostapd::NetworkParams& nw_params);
 	V1_0::HostapdStatus addAccessPointInternal_1_1(
-	    const IfaceParams& IfaceParams, const NetworkParams& nw_params);
+	    const V1_1::IHostapd::IfaceParams& IfaceParams,
+	    const V1_0::IHostapd::NetworkParams& nw_params);
+	V1_2::HostapdStatus addAccessPointInternal_1_2(
+	    const V1_2::IHostapd::IfaceParams& IfaceParams,
+	    const V1_0::IHostapd::NetworkParams& nw_params);
 	V1_0::HostapdStatus removeAccessPointInternal(const std::string& iface_name);
 	V1_0::HostapdStatus registerCallbackInternal(
 	    const sp<V1_1::IHostapdCallback>& callback);
diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk
index 8fd2710..5815b86 100644
--- a/wpa_supplicant/Android.mk
+++ b/wpa_supplicant/Android.mk
@@ -294,6 +294,10 @@
 NEED_SHA512=y
 endif
 
+ifdef CONFIG_WAPI_INTERFACE
+L_CFLAGS += -DCONFIG_WAPI_INTERFACE
+endif
+
 ifdef CONFIG_FILS
 L_CFLAGS += -DCONFIG_FILS
 NEED_SHA384=y
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
index a6329c0..b478466 100644
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -296,6 +296,10 @@
 NEED_SHA512=y
 endif
 
+ifdef CONFIG_WAPI_INTERFACE
+L_CFLAGS += -DCONFIG_WAPI_INTERFACE
+endif
+
 ifdef CONFIG_FILS
 CFLAGS += -DCONFIG_FILS
 NEED_SHA384=y
diff --git a/wpa_supplicant/android.config b/wpa_supplicant/android.config
index 643dbe3..63c8eb3 100644
--- a/wpa_supplicant/android.config
+++ b/wpa_supplicant/android.config
@@ -546,4 +546,9 @@
 CONFIG_SUITEB=y
 CONFIG_SUITEB192=y
 
+# WLAN Authentication and Privacy Infrastructure (WAPI): interface only.
+# Configure the building of the interface which allows WAPI configuration.
+# Note: does not configure WAPI implementation itself.
+#CONFIG_WAPI_INTERFACE=y
+
 include $(wildcard $(LOCAL_PATH)/android_config_*.inc)
diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig
index 792ab24..db76c6a 100644
--- a/wpa_supplicant/defconfig
+++ b/wpa_supplicant/defconfig
@@ -607,3 +607,8 @@
 
 # Device Provisioning Protocol (DPP)
 CONFIG_DPP=y
+
+# WLAN Authentication and Privacy Infrastructure (WAPI): interface only.
+# Configure the building of the interface which allows WAPI configuration.
+# Note: does not configure WAPI implementation itself.
+#CONFIG_WAPI_INTERFACE=y
diff --git a/wpa_supplicant/hidl/1.3/hidl_manager.h b/wpa_supplicant/hidl/1.3/hidl_manager.h
index 3394e4b..61601bd 100644
--- a/wpa_supplicant/hidl/1.3/hidl_manager.h
+++ b/wpa_supplicant/hidl/1.3/hidl_manager.h
@@ -385,6 +385,14 @@
 	WPA_KEY_MGMT_IEEE8021X_SHA256,
     "KeyMgmt value mismatch");
 static_assert(
+    static_cast<uint32_t>(V1_3::ISupplicantStaNetwork::KeyMgmtMask::WAPI_PSK) ==
+	WPA_KEY_MGMT_WAPI_PSK,
+    "KeyMgmt value mismatch");
+static_assert(
+    static_cast<uint32_t>(V1_3::ISupplicantStaNetwork::KeyMgmtMask::WAPI_CERT) ==
+	WPA_KEY_MGMT_WAPI_CERT,
+    "KeyMgmt value mismatch");
+static_assert(
     static_cast<uint32_t>(ISupplicantStaNetwork::ProtoMask::WPA) ==
 	WPA_PROTO_WPA,
     "Proto value mismatch");
@@ -397,6 +405,10 @@
 	WPA_PROTO_OSEN,
     "Proto value mismatch");
 static_assert(
+    static_cast<uint32_t>(V1_3::ISupplicantStaNetwork::ProtoMask::WAPI) ==
+	WPA_PROTO_WAPI,
+    "Proto value mismatch");
+static_assert(
     static_cast<uint32_t>(ISupplicantStaNetwork::AuthAlgMask::OPEN) ==
 	WPA_AUTH_ALG_OPEN,
     "AuthAlg value mismatch");
@@ -429,6 +441,10 @@
 	WPA_CIPHER_GCMP_256,
     "GroupCipher value mismatch");
 static_assert(
+    static_cast<uint32_t>(V1_3::ISupplicantStaNetwork::GroupCipherMask::SMS4) ==
+	WPA_CIPHER_SMS4,
+    "GroupCipher value mismatch");
+static_assert(
     static_cast<uint32_t>(
 	ISupplicantStaNetwork::GroupCipherMask::GTK_NOT_USED) ==
 	WPA_CIPHER_GTK_NOT_USED,
@@ -451,6 +467,11 @@
 	WPA_CIPHER_GCMP_256,
     "PairwiseCipher value mismatch");
 static_assert(
+    static_cast<uint32_t>(
+	V1_3::ISupplicantStaNetwork::PairwiseCipherMask::SMS4) ==
+	WPA_CIPHER_SMS4,
+    "PairwiseCipher value mismatch");
+static_assert(
     static_cast<uint32_t>(ISupplicantStaIfaceCallback::State::DISCONNECTED) ==
 	WPA_DISCONNECTED,
     "State value mismatch");
diff --git a/wpa_supplicant/hidl/1.3/sta_iface.cpp b/wpa_supplicant/hidl/1.3/sta_iface.cpp
index 9bea68f..60456f3 100644
--- a/wpa_supplicant/hidl/1.3/sta_iface.cpp
+++ b/wpa_supplicant/hidl/1.3/sta_iface.cpp
@@ -27,8 +27,13 @@
 }
 
 namespace {
+using ISupplicantStaNetworkV1_2 =
+	android::hardware::wifi::supplicant::V1_2::ISupplicantStaNetwork;
+using ISupplicantStaNetworkV1_3 =
+	android::hardware::wifi::supplicant::V1_3::ISupplicantStaNetwork;
 using android::hardware::wifi::supplicant::V1_0::SupplicantStatus;
 using android::hardware::wifi::supplicant::V1_0::SupplicantStatusCode;
+using android::hardware::wifi::supplicant::V1_0::ISupplicantStaNetwork;
 using android::hardware::wifi::supplicant::V1_3::ISupplicantStaIface;
 using android::hardware::wifi::supplicant::V1_3::ConnectionCapabilities;
 using android::hardware::wifi::supplicant::V1_3::WifiTechnology;
@@ -156,6 +161,53 @@
 	startExtRadioWork(work);
 }
 
+uint32_t convertWpaKeyMgmtCapabilitiesToHidl (
+    struct wpa_supplicant *wpa_s, struct wpa_driver_capa *capa) {
+
+	uint32_t mask = 0;
+	/* Logic from ctrl_iface.c, NONE and IEEE8021X have no capability
+	 * flags and always enabled.
+	 */
+	mask |=
+	    (ISupplicantStaNetwork::KeyMgmtMask::NONE |
+	     ISupplicantStaNetwork::KeyMgmtMask::IEEE8021X);
+
+	if (capa->key_mgmt &
+	    (WPA_DRIVER_CAPA_KEY_MGMT_WPA | WPA_DRIVER_CAPA_KEY_MGMT_WPA2)) {
+		mask |= ISupplicantStaNetwork::KeyMgmtMask::WPA_EAP;
+	}
+
+	if (capa->key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
+			     WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK)) {
+		mask |= ISupplicantStaNetwork::KeyMgmtMask::WPA_PSK;
+	}
+#ifdef CONFIG_SUITEB192
+	if (capa->key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_SUITE_B_192) {
+		mask |= ISupplicantStaNetworkV1_2::ISupplicantStaNetwork::KeyMgmtMask::SUITE_B_192;
+	}
+#endif /* CONFIG_SUITEB192 */
+#ifdef CONFIG_OWE
+	if (capa->key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_OWE) {
+		mask |= ISupplicantStaNetworkV1_2::ISupplicantStaNetwork::KeyMgmtMask::OWE;
+	}
+#endif /* CONFIG_OWE */
+#ifdef CONFIG_SAE
+	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE) {
+		mask |= ISupplicantStaNetworkV1_2::ISupplicantStaNetwork::KeyMgmtMask::SAE;
+	}
+#endif /* CONFIG_SAE */
+#ifdef CONFIG_DPP
+	if (capa->key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_DPP) {
+		mask |= ISupplicantStaNetworkV1_2::ISupplicantStaNetwork::KeyMgmtMask::DPP;
+	}
+#endif
+#ifdef CONFIG_WAPI_INTERFACE
+	mask |= ISupplicantStaNetworkV1_3::ISupplicantStaNetwork::KeyMgmtMask::WAPI_PSK;
+	mask |= ISupplicantStaNetworkV1_3::ISupplicantStaNetwork::KeyMgmtMask::WAPI_CERT;
+#endif /* CONFIG_WAPI_INTERFACE */
+	return mask;
+}
+
 }  // namespace
 
 namespace android {
@@ -602,6 +654,14 @@
 	    &StaIface::setMboCellularDataStatusInternal, _hidl_cb, available);
 }
 
+Return<void> StaIface::getKeyMgmtCapabilities_1_3(
+    getKeyMgmtCapabilities_1_3_cb _hidl_cb)
+{
+	return validateAndCall(
+	    this, SupplicantStatusCode::FAILURE_NETWORK_INVALID,
+	    &StaIface::getKeyMgmtCapabilitiesInternal_1_3, _hidl_cb);
+}
+
 std::pair<SupplicantStatus, std::string> StaIface::getNameInternal()
 {
 	return {{SupplicantStatusCode::SUCCESS, ""}, ifname_};
@@ -1118,52 +1178,7 @@
 std::pair<SupplicantStatus, uint32_t>
 StaIface::getKeyMgmtCapabilitiesInternal()
 {
-	struct wpa_supplicant *wpa_s = retrieveIfacePtr();
-	struct wpa_driver_capa capa;
-	uint32_t mask = 0;
-
-	/* Get capabilities from driver and populate the key management mask */
-	if (wpa_drv_get_capa(wpa_s, &capa) < 0) {
-		return {{SupplicantStatusCode::FAILURE_UNKNOWN, ""}, mask};
-	}
-
-	/* Logic from ctrl_iface.c, NONE and IEEE8021X have no capability
-	 * flags and always enabled.
-	 */
-	mask |=
-	    (ISupplicantStaNetwork::KeyMgmtMask::NONE |
-	     ISupplicantStaNetwork::KeyMgmtMask::IEEE8021X);
-
-	if (capa.key_mgmt &
-	    (WPA_DRIVER_CAPA_KEY_MGMT_WPA | WPA_DRIVER_CAPA_KEY_MGMT_WPA2)) {
-		mask |= ISupplicantStaNetwork::KeyMgmtMask::WPA_EAP;
-	}
-
-	if (capa.key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
-			     WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK)) {
-		mask |= ISupplicantStaNetwork::KeyMgmtMask::WPA_PSK;
-	}
-#ifdef CONFIG_SUITEB192
-	if (capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_SUITE_B_192) {
-		mask |= ISupplicantStaNetwork::KeyMgmtMask::SUITE_B_192;
-	}
-#endif /* CONFIG_SUITEB192 */
-#ifdef CONFIG_OWE
-	if (capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_OWE) {
-		mask |= ISupplicantStaNetwork::KeyMgmtMask::OWE;
-	}
-#endif /* CONFIG_OWE */
-#ifdef CONFIG_SAE
-	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE) {
-		mask |= ISupplicantStaNetwork::KeyMgmtMask::SAE;
-	}
-#endif /* CONFIG_SAE */
-#ifdef CONFIG_DPP
-	if (capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_DPP) {
-		mask |= ISupplicantStaNetwork::KeyMgmtMask::DPP;
-	}
-#endif
-	return {{SupplicantStatusCode::SUCCESS, ""}, mask};
+	return {{SupplicantStatusCode::FAILURE_UNKNOWN, "deprecated"}, 0};
 }
 
 std::pair<SupplicantStatus, uint32_t>
@@ -1401,6 +1416,22 @@
 #endif
 }
 
+std::pair<SupplicantStatus, uint32_t>
+StaIface::getKeyMgmtCapabilitiesInternal_1_3()
+{
+	struct wpa_supplicant *wpa_s = retrieveIfacePtr();
+	struct wpa_driver_capa capa;
+	uint32_t mask = 0;
+
+	/* Get capabilities from driver and populate the key management mask */
+	if (wpa_drv_get_capa(wpa_s, &capa) < 0) {
+		return {{SupplicantStatusCode::FAILURE_UNKNOWN, ""}, mask};
+	}
+
+	return {{SupplicantStatusCode::SUCCESS, ""},
+	    convertWpaKeyMgmtCapabilitiesToHidl(wpa_s, &capa)};
+}
+
 /**
  * Retrieve the underlying |wpa_supplicant| struct
  * pointer for this iface.
diff --git a/wpa_supplicant/hidl/1.3/sta_iface.h b/wpa_supplicant/hidl/1.3/sta_iface.h
index 23d8c38..958bdc5 100644
--- a/wpa_supplicant/hidl/1.3/sta_iface.h
+++ b/wpa_supplicant/hidl/1.3/sta_iface.h
@@ -188,6 +188,8 @@
 	    getWpaDriverCapabilities_cb _hidl_cb) override;
 	Return<void> setMboCellularDataStatus(bool available,
 	    setMboCellularDataStatus_cb _hidl_cb) override;
+	Return<void> getKeyMgmtCapabilities_1_3(
+	    getKeyMgmtCapabilities_1_3_cb _hidl_cb) override;
 
 private:
 	// Corresponding worker functions for the HIDL methods.
@@ -274,6 +276,7 @@
 	std::pair<SupplicantStatus, ConnectionCapabilities> getConnectionCapabilitiesInternal();
 	std::pair<SupplicantStatus, uint32_t> getWpaDriverCapabilitiesInternal();
 	SupplicantStatus setMboCellularDataStatusInternal(bool available);
+	std::pair<SupplicantStatus, uint32_t> getKeyMgmtCapabilitiesInternal_1_3();
 
 	struct wpa_supplicant* retrieveIfacePtr();
 
diff --git a/wpa_supplicant/hidl/1.3/sta_network.cpp b/wpa_supplicant/hidl/1.3/sta_network.cpp
index 242d7d7..ba04388 100644
--- a/wpa_supplicant/hidl/1.3/sta_network.cpp
+++ b/wpa_supplicant/hidl/1.3/sta_network.cpp
@@ -37,11 +37,14 @@
      static_cast<uint32_t>(ISupplicantStaNetworkV1_2::KeyMgmtMask::SUITE_B_192) |
      static_cast<uint32_t>(ISupplicantStaNetworkV1_2::KeyMgmtMask::OWE) |
      static_cast<uint32_t>(ISupplicantStaNetworkV1_2::KeyMgmtMask::WPA_PSK_SHA256) |
-     static_cast<uint32_t>(ISupplicantStaNetworkV1_2::KeyMgmtMask::WPA_EAP_SHA256));
+     static_cast<uint32_t>(ISupplicantStaNetworkV1_2::KeyMgmtMask::WPA_EAP_SHA256) |
+     static_cast<uint32_t>(ISupplicantStaNetworkV1_3::KeyMgmtMask::WAPI_PSK) |
+     static_cast<uint32_t>(ISupplicantStaNetworkV1_3::KeyMgmtMask::WAPI_CERT));
 constexpr uint32_t kAllowedProtoMask =
     (static_cast<uint32_t>(ISupplicantStaNetwork::ProtoMask::WPA) |
      static_cast<uint32_t>(ISupplicantStaNetwork::ProtoMask::RSN) |
-     static_cast<uint32_t>(ISupplicantStaNetwork::ProtoMask::OSEN));
+     static_cast<uint32_t>(ISupplicantStaNetwork::ProtoMask::OSEN) |
+     static_cast<uint32_t>(ISupplicantStaNetworkV1_3::ProtoMask::WAPI));
 constexpr uint32_t kAllowedAuthAlgMask =
     (static_cast<uint32_t>(ISupplicantStaNetwork::AuthAlgMask::OPEN) |
      static_cast<uint32_t>(ISupplicantStaNetwork::AuthAlgMask::SHARED) |
@@ -53,13 +56,16 @@
      static_cast<uint32_t>(ISupplicantStaNetwork::GroupCipherMask::CCMP) |
      static_cast<uint32_t>(
 	 ISupplicantStaNetwork::GroupCipherMask::GTK_NOT_USED) |
-     static_cast<uint32_t>(ISupplicantStaNetworkV1_2::GroupCipherMask::GCMP_256));
+     static_cast<uint32_t>(ISupplicantStaNetworkV1_2::GroupCipherMask::GCMP_256) |
+     static_cast<uint32_t>(ISupplicantStaNetworkV1_3::GroupCipherMask::SMS4));
 constexpr uint32_t kAllowedPairwisewCipherMask =
     (static_cast<uint32_t>(ISupplicantStaNetwork::PairwiseCipherMask::NONE) |
      static_cast<uint32_t>(ISupplicantStaNetwork::PairwiseCipherMask::TKIP) |
      static_cast<uint32_t>(ISupplicantStaNetwork::PairwiseCipherMask::CCMP) |
      static_cast<uint32_t>(
-	 ISupplicantStaNetworkV1_2::PairwiseCipherMask::GCMP_256));
+	 ISupplicantStaNetworkV1_2::PairwiseCipherMask::GCMP_256) |
+     static_cast<uint32_t>(
+	 ISupplicantStaNetworkV1_3::PairwiseCipherMask::SMS4));
 constexpr uint32_t kAllowedGroupMgmtCipherMask =
 	(static_cast<uint32_t>(
 			ISupplicantStaNetworkV1_2::GroupMgmtCipherMask::BIP_GMAC_128) |
@@ -84,6 +90,10 @@
 constexpr char kNetworkEapSimUmtsAutsResponse[] = "UMTS-AUTS";
 constexpr char kNetworkEapSimGsmAuthFailure[] = "GSM-FAIL";
 constexpr char kNetworkEapSimUmtsAuthFailure[] = "UMTS-FAIL";
+
+#ifdef CONFIG_WAPI_INTERFACE
+std::string dummyWapiCertSuite;
+#endif /* CONFIG_WAPI_INTERFACE */
 }  // namespace
 
 namespace android {
@@ -388,6 +398,13 @@
 	    &StaNetwork::setUpdateIdentifierInternal, _hidl_cb, id);
 }
 
+Return<void> StaNetwork::setWapiCertSuite(
+    const hidl_string& suite, setWapiCertSuite_cb _hidl_cb) {
+	return validateAndCall(
+	    this, SupplicantStatusCode::FAILURE_NETWORK_INVALID,
+	    &StaNetwork::setWapiCertSuiteInternal, _hidl_cb, suite);
+}
+
 Return<void> StaNetwork::getSsid(getSsid_cb _hidl_cb)
 {
 	return validateAndCall(
@@ -609,6 +626,13 @@
 	    &StaNetwork::getWpsNfcConfigurationTokenInternal, _hidl_cb);
 }
 
+Return<void> StaNetwork::getWapiCertSuite(getWapiCertSuite_cb _hidl_cb)
+{
+	return validateAndCall(
+	    this, SupplicantStatusCode::FAILURE_NETWORK_INVALID,
+	    &StaNetwork::getWapiCertSuiteInternal, _hidl_cb);
+}
+
 Return<void> StaNetwork::enable(bool no_connect, enable_cb _hidl_cb)
 {
 	return validateAndCall(
@@ -816,6 +840,67 @@
 	    &StaNetwork::setPmkCacheInternal, _hidl_cb, serializedEntry);
 }
 
+Return<void> StaNetwork::setKeyMgmt_1_3(
+    uint32_t key_mgmt_mask, setKeyMgmt_1_3_cb _hidl_cb)
+{
+	return validateAndCall(
+	    this, SupplicantStatusCode::FAILURE_NETWORK_INVALID,
+	    &StaNetwork::setKeyMgmt_1_3Internal, _hidl_cb, key_mgmt_mask);
+}
+
+Return<void> StaNetwork::getKeyMgmt_1_3(getKeyMgmt_1_3_cb _hidl_cb)
+{
+	return validateAndCall(
+	    this, SupplicantStatusCode::FAILURE_NETWORK_INVALID,
+	    &StaNetwork::getKeyMgmt_1_3Internal, _hidl_cb);
+}
+
+Return<void> StaNetwork::setProto_1_3(uint32_t proto_mask, setProto_1_3_cb _hidl_cb)
+{
+	return validateAndCall(
+	    this, SupplicantStatusCode::FAILURE_NETWORK_INVALID,
+	    &StaNetwork::setProto_1_3Internal, _hidl_cb, proto_mask);
+}
+
+Return<void> StaNetwork::getProto_1_3(getProto_1_3_cb _hidl_cb)
+{
+	return validateAndCall(
+	    this, SupplicantStatusCode::FAILURE_NETWORK_INVALID,
+	    &StaNetwork::getProto_1_3Internal, _hidl_cb);
+}
+
+Return<void> StaNetwork::setGroupCipher_1_3(
+    uint32_t group_cipher_mask, setGroupCipher_1_3_cb _hidl_cb)
+{
+	return validateAndCall(
+	    this, SupplicantStatusCode::FAILURE_NETWORK_INVALID,
+	    &StaNetwork::setGroupCipher_1_3Internal, _hidl_cb, group_cipher_mask);
+}
+
+Return<void> StaNetwork::getGroupCipher_1_3(getGroupCipher_1_3_cb _hidl_cb)
+{
+	return validateAndCall(
+	    this, SupplicantStatusCode::FAILURE_NETWORK_INVALID,
+	    &StaNetwork::getGroupCipher_1_3Internal, _hidl_cb);
+}
+
+Return<void> StaNetwork::setPairwiseCipher_1_3(
+    uint32_t pairwise_cipher_mask, setPairwiseCipher_1_3_cb _hidl_cb)
+{
+	return validateAndCall(
+	    this, SupplicantStatusCode::FAILURE_NETWORK_INVALID,
+	    &StaNetwork::setPairwiseCipher_1_3Internal, _hidl_cb,
+	    pairwise_cipher_mask);
+}
+
+Return<void> StaNetwork::getPairwiseCipher_1_3(
+    getPairwiseCipher_1_3_cb _hidl_cb)
+{
+	return validateAndCall(
+	    this, SupplicantStatusCode::FAILURE_NETWORK_INVALID,
+	    &StaNetwork::getPairwiseCipher_1_3Internal, _hidl_cb);
+}
+
 std::pair<SupplicantStatus, uint32_t> StaNetwork::getIdInternal()
 {
 	return {{SupplicantStatusCode::SUCCESS, ""}, network_id_};
@@ -896,27 +981,12 @@
 
 SupplicantStatus StaNetwork::setKeyMgmtInternal(uint32_t key_mgmt_mask)
 {
-	struct wpa_ssid *wpa_ssid = retrieveNetworkPtr();
-	if (key_mgmt_mask & ~kAllowedKeyMgmtMask) {
-		return {SupplicantStatusCode::FAILURE_ARGS_INVALID, ""};
-	}
-	setFastTransitionKeyMgmt(key_mgmt_mask);
-	wpa_ssid->key_mgmt = key_mgmt_mask;
-	wpa_printf(MSG_MSGDUMP, "key_mgmt: 0x%x", wpa_ssid->key_mgmt);
-	resetInternalStateAfterParamsUpdate();
-	return {SupplicantStatusCode::SUCCESS, ""};
+	return {SupplicantStatusCode::FAILURE_UNKNOWN, "deprecated"};
 }
 
 SupplicantStatus StaNetwork::setProtoInternal(uint32_t proto_mask)
 {
-	struct wpa_ssid *wpa_ssid = retrieveNetworkPtr();
-	if (proto_mask & ~kAllowedProtoMask) {
-		return {SupplicantStatusCode::FAILURE_ARGS_INVALID, ""};
-	}
-	wpa_ssid->proto = proto_mask;
-	wpa_printf(MSG_MSGDUMP, "proto: 0x%x", wpa_ssid->proto);
-	resetInternalStateAfterParamsUpdate();
-	return {SupplicantStatusCode::SUCCESS, ""};
+	return {SupplicantStatusCode::FAILURE_UNKNOWN, "deprecated"};
 }
 
 SupplicantStatus StaNetwork::setAuthAlgInternal(uint32_t auth_alg_mask)
@@ -933,28 +1003,13 @@
 
 SupplicantStatus StaNetwork::setGroupCipherInternal(uint32_t group_cipher_mask)
 {
-	struct wpa_ssid *wpa_ssid = retrieveNetworkPtr();
-	if (group_cipher_mask & ~kAllowedGroupCipherMask) {
-		return {SupplicantStatusCode::FAILURE_ARGS_INVALID, ""};
-	}
-	wpa_ssid->group_cipher = group_cipher_mask;
-	wpa_printf(MSG_MSGDUMP, "group_cipher: 0x%x", wpa_ssid->group_cipher);
-	resetInternalStateAfterParamsUpdate();
-	return {SupplicantStatusCode::SUCCESS, ""};
+	return {SupplicantStatusCode::FAILURE_UNKNOWN, "deprecated"};
 }
 
 SupplicantStatus StaNetwork::setPairwiseCipherInternal(
     uint32_t pairwise_cipher_mask)
 {
-	struct wpa_ssid *wpa_ssid = retrieveNetworkPtr();
-	if (pairwise_cipher_mask & ~kAllowedPairwisewCipherMask) {
-		return {SupplicantStatusCode::FAILURE_ARGS_INVALID, ""};
-	}
-	wpa_ssid->pairwise_cipher = pairwise_cipher_mask;
-	wpa_printf(
-	    MSG_MSGDUMP, "pairwise_cipher: 0x%x", wpa_ssid->pairwise_cipher);
-	resetInternalStateAfterParamsUpdate();
-	return {SupplicantStatusCode::SUCCESS, ""};
+	return {SupplicantStatusCode::FAILURE_UNKNOWN, "deprecated"};
 }
 
 SupplicantStatus StaNetwork::setPskPassphraseInternal(const std::string &psk)
@@ -1317,6 +1372,16 @@
 	return {SupplicantStatusCode::SUCCESS, ""};
 }
 
+SupplicantStatus StaNetwork::setWapiCertSuiteInternal(const std::string &suite)
+{
+#ifdef CONFIG_WAPI_INTERFACE
+	dummyWapiCertSuite = suite;
+	return {SupplicantStatusCode::SUCCESS, "Dummy implementation"};
+#else
+	return {SupplicantStatusCode::FAILURE_UNKNOWN, "Not implemented"};
+#endif
+}
+
 std::pair<SupplicantStatus, std::vector<uint8_t>> StaNetwork::getSsidInternal()
 {
 	struct wpa_ssid *wpa_ssid = retrieveNetworkPtr();
@@ -1346,18 +1411,12 @@
 
 std::pair<SupplicantStatus, uint32_t> StaNetwork::getKeyMgmtInternal()
 {
-	struct wpa_ssid *wpa_ssid = retrieveNetworkPtr();
-	uint32_t key_mgmt_mask = wpa_ssid->key_mgmt & kAllowedKeyMgmtMask;
-
-	resetFastTransitionKeyMgmt(key_mgmt_mask);
-	return {{SupplicantStatusCode::SUCCESS, ""}, key_mgmt_mask};
+	return {{SupplicantStatusCode::FAILURE_UNKNOWN, "deprecated"}, 0};
 }
 
 std::pair<SupplicantStatus, uint32_t> StaNetwork::getProtoInternal()
 {
-	struct wpa_ssid *wpa_ssid = retrieveNetworkPtr();
-	return {{SupplicantStatusCode::SUCCESS, ""},
-		wpa_ssid->proto & kAllowedProtoMask};
+	return {{SupplicantStatusCode::FAILURE_UNKNOWN, "deprecated"}, 0};
 }
 
 std::pair<SupplicantStatus, uint32_t> StaNetwork::getAuthAlgInternal()
@@ -1369,16 +1428,12 @@
 
 std::pair<SupplicantStatus, uint32_t> StaNetwork::getGroupCipherInternal()
 {
-	struct wpa_ssid *wpa_ssid = retrieveNetworkPtr();
-	return {{SupplicantStatusCode::SUCCESS, ""},
-		wpa_ssid->group_cipher & kAllowedGroupCipherMask};
+	return {{SupplicantStatusCode::FAILURE_UNKNOWN, "deprecated"}, 0};
 }
 
 std::pair<SupplicantStatus, uint32_t> StaNetwork::getPairwiseCipherInternal()
 {
-	struct wpa_ssid *wpa_ssid = retrieveNetworkPtr();
-	return {{SupplicantStatusCode::SUCCESS, ""},
-		wpa_ssid->pairwise_cipher & kAllowedPairwisewCipherMask};
+	return {{SupplicantStatusCode::FAILURE_UNKNOWN, "deprecated"}, 0};
 }
 
 std::pair<SupplicantStatus, std::string> StaNetwork::getPskPassphraseInternal()
@@ -1665,6 +1720,15 @@
 		misc_utils::convertWpaBufToVector(token_buf.get())};
 }
 
+std::pair<SupplicantStatus, std::string> StaNetwork::getWapiCertSuiteInternal()
+{
+#ifdef CONFIG_WAPI_INTERFACE
+	return {{SupplicantStatusCode::SUCCESS, "Dummy implementation"}, dummyWapiCertSuite};
+#else
+	return {{SupplicantStatusCode::FAILURE_UNKNOWN, "Not implemented"}, {}};
+#endif
+}
+
 SupplicantStatus StaNetwork::enableInternal(bool no_connect)
 {
 	struct wpa_ssid *wpa_ssid = retrieveNetworkPtr();
@@ -2010,6 +2074,88 @@
 
 	return {SupplicantStatusCode::SUCCESS, ""};
 }
+
+SupplicantStatus StaNetwork::setKeyMgmt_1_3Internal(uint32_t key_mgmt_mask)
+{
+	struct wpa_ssid *wpa_ssid = retrieveNetworkPtr();
+	if (key_mgmt_mask & ~kAllowedKeyMgmtMask) {
+		return {SupplicantStatusCode::FAILURE_ARGS_INVALID, ""};
+	}
+	setFastTransitionKeyMgmt(key_mgmt_mask);
+	wpa_ssid->key_mgmt = key_mgmt_mask;
+	wpa_printf(MSG_MSGDUMP, "key_mgmt: 0x%x", wpa_ssid->key_mgmt);
+	resetInternalStateAfterParamsUpdate();
+	return {SupplicantStatusCode::SUCCESS, ""};
+}
+
+std::pair<SupplicantStatus, uint32_t> StaNetwork::getKeyMgmt_1_3Internal()
+{
+	struct wpa_ssid *wpa_ssid = retrieveNetworkPtr();
+	uint32_t key_mgmt_mask = wpa_ssid->key_mgmt & kAllowedKeyMgmtMask;
+
+	resetFastTransitionKeyMgmt(key_mgmt_mask);
+	return {{SupplicantStatusCode::SUCCESS, ""}, key_mgmt_mask};
+}
+
+SupplicantStatus StaNetwork::setProto_1_3Internal(uint32_t proto_mask)
+{
+	struct wpa_ssid *wpa_ssid = retrieveNetworkPtr();
+	if (proto_mask & ~kAllowedProtoMask) {
+		return {SupplicantStatusCode::FAILURE_ARGS_INVALID, ""};
+	}
+	wpa_ssid->proto = proto_mask;
+	wpa_printf(MSG_MSGDUMP, "proto: 0x%x", wpa_ssid->proto);
+	resetInternalStateAfterParamsUpdate();
+	return {SupplicantStatusCode::SUCCESS, ""};
+}
+
+std::pair<SupplicantStatus, uint32_t> StaNetwork::getProto_1_3Internal()
+{
+	struct wpa_ssid *wpa_ssid = retrieveNetworkPtr();
+	return {{SupplicantStatusCode::SUCCESS, ""},
+		wpa_ssid->proto & kAllowedProtoMask};
+}
+
+SupplicantStatus StaNetwork::setGroupCipher_1_3Internal(uint32_t group_cipher_mask)
+{
+	struct wpa_ssid *wpa_ssid = retrieveNetworkPtr();
+	if (group_cipher_mask & ~kAllowedGroupCipherMask) {
+		return {SupplicantStatusCode::FAILURE_ARGS_INVALID, ""};
+	}
+	wpa_ssid->group_cipher = group_cipher_mask;
+	wpa_printf(MSG_MSGDUMP, "group_cipher: 0x%x", wpa_ssid->group_cipher);
+	resetInternalStateAfterParamsUpdate();
+	return {SupplicantStatusCode::SUCCESS, ""};
+}
+
+std::pair<SupplicantStatus, uint32_t> StaNetwork::getGroupCipher_1_3Internal()
+{
+	struct wpa_ssid *wpa_ssid = retrieveNetworkPtr();
+	return {{SupplicantStatusCode::SUCCESS, ""},
+		wpa_ssid->group_cipher & kAllowedGroupCipherMask};
+}
+
+SupplicantStatus StaNetwork::setPairwiseCipher_1_3Internal(
+    uint32_t pairwise_cipher_mask)
+{
+	struct wpa_ssid *wpa_ssid = retrieveNetworkPtr();
+	if (pairwise_cipher_mask & ~kAllowedPairwisewCipherMask) {
+		return {SupplicantStatusCode::FAILURE_ARGS_INVALID, ""};
+	}
+	wpa_ssid->pairwise_cipher = pairwise_cipher_mask;
+	wpa_printf(
+	    MSG_MSGDUMP, "pairwise_cipher: 0x%x", wpa_ssid->pairwise_cipher);
+	resetInternalStateAfterParamsUpdate();
+	return {SupplicantStatusCode::SUCCESS, ""};
+}
+
+std::pair<SupplicantStatus, uint32_t> StaNetwork::getPairwiseCipher_1_3Internal()
+{
+	struct wpa_ssid *wpa_ssid = retrieveNetworkPtr();
+	return {{SupplicantStatusCode::SUCCESS, ""},
+		wpa_ssid->pairwise_cipher & kAllowedPairwisewCipherMask};
+}
+
 /**
  * Retrieve the underlying |wpa_ssid| struct pointer for
  * this network.
diff --git a/wpa_supplicant/hidl/1.3/sta_network.h b/wpa_supplicant/hidl/1.3/sta_network.h
index 121d2e1..e1a74fe 100644
--- a/wpa_supplicant/hidl/1.3/sta_network.h
+++ b/wpa_supplicant/hidl/1.3/sta_network.h
@@ -232,6 +232,25 @@
 	    getOcsp_cb _hidl_cb) override;
 	Return<void> setPmkCache(const hidl_vec<uint8_t>& serializedEntry,
 			setPmkCache_cb _hidl_cb) override;
+	Return<void> setKeyMgmt_1_3(
+	    uint32_t key_mgmt_mask, setKeyMgmt_1_3_cb _hidl_cb) override;
+	Return<void> getKeyMgmt_1_3(getKeyMgmt_1_3_cb _hidl_cb) override;
+	Return<void> setProto_1_3(
+	    uint32_t proto_mask, setProto_cb _hidl_cb) override;
+	Return<void> getProto_1_3(getProto_cb _hidl_cb) override;
+	Return<void> setPairwiseCipher_1_3(
+	    uint32_t pairwise_cipher_mask,
+	    setPairwiseCipher_1_3_cb _hidl_cb) override;
+	Return<void> getPairwiseCipher_1_3(
+	    getPairwiseCipher_1_3_cb _hidl_cb) override;
+	Return<void> setGroupCipher_1_3(
+	    uint32_t group_cipher_mask,
+	    setGroupCipher_1_3_cb _hidl_cb) override;
+	Return<void> getGroupCipher_1_3(
+	    getGroupCipher_1_3_cb _hidl_cb) override;
+	Return<void> setWapiCertSuite(
+	    const hidl_string& suite, setWapiCertSuite_cb _hidl_cb) override;
+	Return<void> getWapiCertSuite(getWapiCertSuite_cb _hidl_cb) override;
 
 private:
 	// Corresponding worker functions for the HIDL methods.
@@ -351,6 +370,17 @@
 	SupplicantStatus setOcspInternal(OcspType ocspType);
 	std::pair<SupplicantStatus, OcspType> getOcspInternal();
 	SupplicantStatus setPmkCacheInternal(const std::vector<uint8_t>& serialziedEntry);
+	SupplicantStatus setWapiCertSuiteInternal(const std::string& suite);
+	std::pair<SupplicantStatus, std::string> getWapiCertSuiteInternal();
+	SupplicantStatus setKeyMgmt_1_3Internal(uint32_t key_mgmt_mask);
+	std::pair<SupplicantStatus, uint32_t> getKeyMgmt_1_3Internal();
+	SupplicantStatus setProto_1_3Internal(uint32_t proto_mask);
+	std::pair<SupplicantStatus, uint32_t> getProto_1_3Internal();
+	std::pair<SupplicantStatus, uint32_t> getGroupCipher_1_3Internal();
+	SupplicantStatus setGroupCipher_1_3Internal(uint32_t group_cipher_mask);
+	std::pair<SupplicantStatus, uint32_t> getPairwiseCipher_1_3Internal();
+	SupplicantStatus setPairwiseCipher_1_3Internal(
+	    uint32_t pairwise_cipher_mask);
 
 	struct wpa_ssid* retrieveNetworkPtr();
 	struct wpa_supplicant* retrieveIfacePtr();