diff --git a/wlantest/Makefile b/wlantest/Makefile
index 175fb515f..5b23bba53 100644
--- a/wlantest/Makefile
+++ b/wlantest/Makefile
@@ -44,6 +44,7 @@ OBJS_lib += ../src/crypto/libcrypto.a
 CFLAGS += -DCONFIG_PEERKEY
 CFLAGS += -DCONFIG_IEEE80211W
 CFLAGS += -DCONFIG_IEEE80211R
+CFLAGS += -DCONFIG_HS20
 CFLAGS += -DCONFIG_DEBUG_FILE
 
 OBJS += ../src/common/ieee802_11_common.o
diff --git a/wlantest/bss.c b/wlantest/bss.c
index 98d98efde..67af70786 100644
--- a/wlantest/bss.c
+++ b/wlantest/bss.c
@@ -154,6 +154,26 @@ void bss_update(struct wlantest *wt, struct wlantest_bss *bss,
 		bss_add_pmk(wt, bss);
 	}
 
+	if (elems->osen == NULL) {
+		if (bss->osenie[0]) {
+			add_note(wt, MSG_INFO, "BSS " MACSTR
+				 " - OSEN IE removed", MAC2STR(bss->bssid));
+			bss->rsnie[0] = 0;
+			update = 1;
+		}
+	} else {
+		if (bss->osenie[0] == 0 ||
+		    os_memcmp(bss->osenie, elems->osen - 2,
+			      elems->osen_len + 2) != 0) {
+			wpa_printf(MSG_INFO, "BSS " MACSTR " - OSEN IE "
+				   "stored", MAC2STR(bss->bssid));
+			wpa_hexdump(MSG_DEBUG, "OSEN IE", elems->osen - 2,
+				    elems->osen_len + 2);
+			update = 1;
+		}
+		os_memcpy(bss->osenie, elems->osen - 2,
+			  elems->osen_len + 2);
+	}
 
 	if (elems->rsn_ie == NULL) {
 		if (bss->rsnie[0]) {
@@ -238,25 +258,33 @@ void bss_update(struct wlantest *wt, struct wlantest_bss *bss,
 		}
 	}
 
+	if (bss->osenie[0]) {
+		bss->proto |= WPA_PROTO_OSEN;
+		bss->pairwise_cipher |= WPA_CIPHER_CCMP;
+		bss->group_cipher |= WPA_CIPHER_CCMP;
+		bss->key_mgmt |= WPA_KEY_MGMT_OSEN;
+	}
+
 	if (!(bss->proto & WPA_PROTO_RSN) ||
 	    !(bss->rsn_capab & WPA_CAPABILITY_MFPC))
 		bss->mgmt_group_cipher = 0;
 
-	if (!bss->wpaie[0] && !bss->rsnie[0] &&
+	if (!bss->wpaie[0] && !bss->rsnie[0] && !bss->osenie[0] &&
 	    (bss->capab_info & WLAN_CAPABILITY_PRIVACY))
 		bss->group_cipher = WPA_CIPHER_WEP40;
 
 	wpa_printf(MSG_INFO, "BSS " MACSTR
-		   " proto=%s%s%s"
+		   " proto=%s%s%s%s"
 		   "pairwise=%s%s%s%s"
 		   "group=%s%s%s%s%s%s"
 		   "mgmt_group_cipher=%s"
-		   "key_mgmt=%s%s%s%s%s%s%s%s"
+		   "key_mgmt=%s%s%s%s%s%s%s%s%s"
 		   "rsn_capab=%s%s%s%s%s",
 		   MAC2STR(bss->bssid),
 		   bss->proto == 0 ? "OPEN " : "",
 		   bss->proto & WPA_PROTO_WPA ? "WPA " : "",
 		   bss->proto & WPA_PROTO_RSN ? "WPA2 " : "",
+		   bss->proto & WPA_PROTO_OSEN ? "OSEN " : "",
 		   bss->pairwise_cipher == 0 ? "N/A " : "",
 		   bss->pairwise_cipher & WPA_CIPHER_NONE ? "NONE " : "",
 		   bss->pairwise_cipher & WPA_CIPHER_TKIP ? "TKIP " : "",
@@ -279,6 +307,7 @@ void bss_update(struct wlantest *wt, struct wlantest_bss *bss,
 		   "EAP-SHA256 " : "",
 		   bss->key_mgmt & WPA_KEY_MGMT_PSK_SHA256 ?
 		   "PSK-SHA256 " : "",
+		   bss->key_mgmt & WPA_KEY_MGMT_OSEN ? "OSEN " : "",
 		   bss->rsn_capab & WPA_CAPABILITY_PREAUTH ? "PREAUTH " : "",
 		   bss->rsn_capab & WPA_CAPABILITY_NO_PAIRWISE ?
 		   "NO_PAIRWISE " : "",
diff --git a/wlantest/rx_eapol.c b/wlantest/rx_eapol.c
index 5e1ad349a..8118a2768 100644
--- a/wlantest/rx_eapol.c
+++ b/wlantest/rx_eapol.c
@@ -144,8 +144,8 @@ static void derive_ptk(struct wlantest *wt, struct wlantest_bss *bss,
 {
 	struct wlantest_pmk *pmk;
 
-	wpa_printf(MSG_DEBUG, "Trying to derive PTK for " MACSTR,
-		   MAC2STR(sta->addr));
+	wpa_printf(MSG_DEBUG, "Trying to derive PTK for " MACSTR " (ver %u)",
+		   MAC2STR(sta->addr), ver);
 	dl_list_for_each(pmk, &bss->pmk, struct wlantest_pmk, list) {
 		wpa_printf(MSG_DEBUG, "Try per-BSS PMK");
 		if (try_pmk(wt, bss, sta, ver, data, len, pmk) == 0)
@@ -372,6 +372,9 @@ static u8 * decrypt_eapol_key_data(struct wlantest *wt, const u8 *kek, u16 ver,
 	case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES:
 	case WPA_KEY_INFO_TYPE_AES_128_CMAC:
 		return decrypt_eapol_key_data_aes(wt, kek, hdr, len);
+	case WPA_KEY_INFO_TYPE_AKM_DEFINED:
+		/* For now, assume this is OSEN */
+		return decrypt_eapol_key_data_aes(wt, kek, hdr, len);
 	default:
 		add_note(wt, MSG_INFO,
 			 "Unsupported EAPOL-Key Key Descriptor Version %u",
@@ -916,7 +919,8 @@ static void rx_data_eapol_key(struct wlantest *wt, const u8 *dst,
 
 	if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
 	    ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
-	    ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
+	    ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
+	    ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
 		wpa_printf(MSG_INFO, "Unsupported EAPOL-Key Key Descriptor "
 			   "Version %u from " MACSTR, ver, MAC2STR(src));
 		return;
diff --git a/wlantest/sta.c b/wlantest/sta.c
index 115ef8ada..6f6178d41 100644
--- a/wlantest/sta.c
+++ b/wlantest/sta.c
@@ -82,6 +82,14 @@ void sta_update_assoc(struct wlantest_sta *sta, struct ieee802_11_elems *elems)
 		elems->rsn_ie = NULL;
 	}
 
+	if (elems->osen && !bss->osenie[0]) {
+		wpa_printf(MSG_INFO, "OSEN IE included in Association Request "
+			   "frame from " MACSTR " even though BSS does not "
+			   "use OSEN - ignore IE",
+			   MAC2STR(sta->addr));
+		elems->osen = NULL;
+	}
+
 	if (elems->wpa_ie && elems->rsn_ie) {
 		wpa_printf(MSG_INFO, "Both WPA IE and RSN IE included in "
 			   "Association Request frame from " MACSTR,
@@ -108,6 +116,15 @@ void sta_update_assoc(struct wlantest_sta *sta, struct ieee802_11_elems *elems)
 			wpa_printf(MSG_INFO, "Failed to parse WPA IE from "
 				   MACSTR, MAC2STR(sta->addr));
 		}
+	} else if (elems->osen) {
+		wpa_hexdump(MSG_DEBUG, "OSEN IE", elems->osen - 2,
+			    elems->osen_len + 2);
+		os_memcpy(sta->osenie, elems->osen - 2, elems->osen_len + 2);
+		sta->proto = WPA_PROTO_OSEN;
+		sta->pairwise_cipher = WPA_CIPHER_CCMP;
+		sta->key_mgmt = WPA_KEY_MGMT_OSEN;
+		sta->rsn_capab = 0;
+		goto skip_rsn_wpa;
 	} else {
 		sta->rsnie[0] = 0;
 		sta->proto = 0;
@@ -151,14 +168,15 @@ void sta_update_assoc(struct wlantest_sta *sta, struct ieee802_11_elems *elems)
 
 skip_rsn_wpa:
 	wpa_printf(MSG_INFO, "STA " MACSTR
-		   " proto=%s%s%s"
+		   " proto=%s%s%s%s"
 		   "pairwise=%s%s%s%s"
-		   "key_mgmt=%s%s%s%s%s%s%s%s"
+		   "key_mgmt=%s%s%s%s%s%s%s%s%s"
 		   "rsn_capab=%s%s%s%s%s",
 		   MAC2STR(sta->addr),
 		   sta->proto == 0 ? "OPEN " : "",
 		   sta->proto & WPA_PROTO_WPA ? "WPA " : "",
 		   sta->proto & WPA_PROTO_RSN ? "WPA2 " : "",
+		   sta->proto & WPA_PROTO_OSEN ? "OSEN " : "",
 		   sta->pairwise_cipher == 0 ? "N/A " : "",
 		   sta->pairwise_cipher & WPA_CIPHER_NONE ? "NONE " : "",
 		   sta->pairwise_cipher & WPA_CIPHER_TKIP ? "TKIP " : "",
@@ -173,6 +191,7 @@ skip_rsn_wpa:
 		   "EAP-SHA256 " : "",
 		   sta->key_mgmt & WPA_KEY_MGMT_PSK_SHA256 ?
 		   "PSK-SHA256 " : "",
+		   sta->key_mgmt & WPA_KEY_MGMT_OSEN ? "OSEN " : "",
 		   sta->rsn_capab & WPA_CAPABILITY_PREAUTH ? "PREAUTH " : "",
 		   sta->rsn_capab & WPA_CAPABILITY_NO_PAIRWISE ?
 		   "NO_PAIRWISE " : "",
diff --git a/wlantest/wlantest.h b/wlantest/wlantest.h
index 68531d884..566ba6b47 100644
--- a/wlantest/wlantest.h
+++ b/wlantest/wlantest.h
@@ -61,6 +61,7 @@ struct wlantest_sta {
 	} state;
 	u16 aid;
 	u8 rsnie[257]; /* WPA/RSN IE */
+	u8 osenie[257]; /* OSEN IE */
 	int proto;
 	int pairwise_cipher;
 	int group_cipher;
@@ -130,6 +131,7 @@ struct wlantest_bss {
 	int parse_error_reported;
 	u8 wpaie[257];
 	u8 rsnie[257];
+	u8 osenie[257];
 	int proto;
 	int pairwise_cipher;
 	int group_cipher;