Move hostapd driver_ops to use similar set_key with wpa_supplicant

hostapd/driver.h

@@ -16,6 +16,7 @@
 #ifndef DRIVER_H
 #define DRIVER_H
 
+#include "defs.h"
 #include "sta_flags.h"
 
 struct hostapd_data;
@@ -98,9 +99,9 @@ struct wpa_driver_ops {
 	 */
 	int (*set_privacy)(const char *ifname, void *priv, int enabled);
 
-	int (*set_encryption)(const char *ifname, void *priv, const char *alg,
-			      const u8 *addr, int idx,
-			      const u8 *key, size_t key_len, int txkey);
+	int (*set_key)(const char *ifname, void *priv, wpa_alg alg,
+		       const u8 *addr, int key_idx, int set_tx, const u8 *seq,
+		       size_t seq_len, const u8 *key, size_t key_len);
 	int (*get_seqnum)(const char *ifname, void *priv, const u8 *addr,
 			  int idx, u8 *seq);
 	int (*get_seqnum_igtk)(const char *ifname, void *priv, const u8 *addr,

hostapd/driver_atheros.c

@@ -426,29 +426,33 @@ madwifi_del_key(void *priv, const u8 *addr, int key_idx)
 }
 
 static int
-madwifi_set_key(const char *ifname, void *priv, const char *alg,
-		const u8 *addr, int key_idx,
-		const u8 *key, size_t key_len, int txkey)
+madwifi_set_key(const char *ifname, void *priv, wpa_alg alg, const u8 *addr,
+		int key_idx, int set_tx, const u8 *seq, size_t seq_len,
+		const u8 *key, size_t key_len)
 {
 	struct madwifi_driver_data *drv = priv;
 	struct ieee80211req_key wk;
 	u_int8_t cipher;
 	int ret;
 
-	if (strcmp(alg, "none") == 0)
+	if (alg == WPA_ALG_NONE)
 		return madwifi_del_key(drv, addr, key_idx);
 
-	wpa_printf(MSG_DEBUG, "%s: alg=%s addr=%s key_idx=%d",
+	wpa_printf(MSG_DEBUG, "%s: alg=%d addr=%s key_idx=%d",
 		   __func__, alg, ether_sprintf(addr), key_idx);
 
-	if (strcmp(alg, "WEP") == 0)
+	switch (alg) {
+	case WPA_ALG_WEP:
 		cipher = IEEE80211_CIPHER_WEP;
-	else if (strcmp(alg, "TKIP") == 0)
+		break;
+	case WPA_ALG_TKIP:
 		cipher = IEEE80211_CIPHER_TKIP;
-	else if (strcmp(alg, "CCMP") == 0)
+		break;
+	case WPA_ALG_CCMP:
 		cipher = IEEE80211_CIPHER_AES_CCM;
-	else {
-		printf("%s: unknown/unsupported algorithm %s\n",
+		break;
+	default:
+		printf("%s: unknown/unsupported algorithm %d\n",
 			__func__, alg);
 		return -1;
 	}
@@ -476,9 +480,9 @@ madwifi_set_key(const char *ifname, void *priv, const char *alg,
 	ret = set80211priv(drv, IEEE80211_IOCTL_SETKEY, &wk, sizeof(wk));
 	if (ret < 0) {
 		wpa_printf(MSG_DEBUG, "%s: Failed to set key (addr %s"
-			   " key_idx %d alg '%s' key_len %lu txkey %d)",
+			   " key_idx %d alg %d key_len %lu set_tx %d)",
 			   __func__, ether_sprintf(wk.ik_macaddr), key_idx,
-			   alg, (unsigned long) key_len, txkey);
+			   alg, (unsigned long) key_len, set_tx);
 	}
 
 	return ret;
@@ -1318,7 +1322,7 @@ const struct wpa_driver_ops wpa_driver_atheros_ops = {
 	.deinit			= madwifi_deinit,
 	.set_ieee8021x		= madwifi_set_ieee8021x,
 	.set_privacy		= madwifi_set_privacy,
-	.set_encryption		= madwifi_set_key,
+	.set_key		= madwifi_set_key,
 	.get_seqnum		= madwifi_get_seqnum,
 	.flush			= madwifi_flush,
 	.set_generic_elem	= madwifi_set_opt_ie,

hostapd/driver_bsd.c

@@ -341,28 +341,28 @@ bsd_del_key(void *priv, const u8 *addr, int key_idx)
 }
 
 static int
-bsd_set_key(const char *ifname, void *priv, const char *alg,
-	    const u8 *addr, int key_idx,
-	    const u8 *key, size_t key_len, int txkey)
+bsd_set_key(const char *ifname, void *priv, wpa_alg alg,
+	    const u8 *addr, int key_idx, int set_tx, const u8 *seq,
+	    size_t seq_len, const u8 *key, size_t key_len)
 {
 	struct bsd_driver_data *drv = priv;
 	struct ieee80211req_key wk;
 	u_int8_t cipher;
 
-	if (strcmp(alg, "none") == 0)
+	if (alg == WPA_ALG_NONE)
 		return bsd_del_key(drv, addr, key_idx);
 
-	wpa_printf(MSG_DEBUG, "%s: alg=%s addr=%s key_idx=%d",
+	wpa_printf(MSG_DEBUG, "%s: alg=%d addr=%s key_idx=%d",
 		   __func__, alg, ether_sprintf(addr), key_idx);
 
-	if (strcmp(alg, "WEP") == 0)
+	if (alg == WPA_ALG_WEP)
 		cipher = IEEE80211_CIPHER_WEP;
-	else if (strcmp(alg, "TKIP") == 0)
+	else if (alg == WPA_ALG_TKIP)
 		cipher = IEEE80211_CIPHER_TKIP;
-	else if (strcmp(alg, "CCMP") == 0)
+	else if (alg == WPA_ALG_CCMP)
 		cipher = IEEE80211_CIPHER_AES_CCM;
 	else {
-		printf("%s: unknown/unsupported algorithm %s\n",
+		printf("%s: unknown/unsupported algorithm %d\n",
 			__func__, alg);
 		return -1;
 	}
@@ -756,7 +756,7 @@ const struct wpa_driver_ops wpa_driver_bsd_ops = {
 	.deinit			= bsd_deinit,
 	.set_ieee8021x		= bsd_set_ieee8021x,
 	.set_privacy		= bsd_set_privacy,
-	.set_encryption		= bsd_set_key,
+	.set_key		= bsd_set_key,
 	.get_seqnum		= bsd_get_seqnum,
 	.flush			= bsd_flush,
 	.set_generic_elem	= bsd_set_opt_ie,

hostapd/driver_hostap.c

@@ -436,10 +436,10 @@ static int hostapd_ioctl(void *priv, struct prism2_hostapd_param *param,
 }
 
 
-static int hostap_set_encryption(const char *ifname, void *priv,
-				 const char *alg, const u8 *addr,
-				 int idx, const u8 *key, size_t key_len,
-				 int txkey)
+static int hostap_set_key(const char *ifname, void *priv, wpa_alg alg,
+			  const u8 *addr, int key_idx, int set_tx,
+			  const u8 *seq, size_t seq_len, const u8 *key,
+			  size_t key_len)
 {
 	struct hostap_driver_data *drv = priv;
 	struct prism2_hostapd_param *param;
@@ -458,10 +458,29 @@ static int hostap_set_encryption(const char *ifname, void *priv,
 		memset(param->sta_addr, 0xff, ETH_ALEN);
 	else
 		memcpy(param->sta_addr, addr, ETH_ALEN);
-	os_strlcpy((char *) param->u.crypt.alg, alg,
-		   HOSTAP_CRYPT_ALG_NAME_LEN);
-	param->u.crypt.flags = txkey ? HOSTAP_CRYPT_FLAG_SET_TX_KEY : 0;
-	param->u.crypt.idx = idx;
+	switch (alg) {
+	case WPA_ALG_NONE:
+		os_strlcpy((char *) param->u.crypt.alg, "NONE",
+			   HOSTAP_CRYPT_ALG_NAME_LEN);
+		break;
+	case WPA_ALG_WEP:
+		os_strlcpy((char *) param->u.crypt.alg, "WEP",
+			   HOSTAP_CRYPT_ALG_NAME_LEN);
+		break;
+	case WPA_ALG_TKIP:
+		os_strlcpy((char *) param->u.crypt.alg, "TKIP",
+			   HOSTAP_CRYPT_ALG_NAME_LEN);
+		break;
+	case WPA_ALG_CCMP:
+		os_strlcpy((char *) param->u.crypt.alg, "CCMP",
+			   HOSTAP_CRYPT_ALG_NAME_LEN);
+		break;
+	default:
+		os_free(buf);
+		return -1;
+	}
+	param->u.crypt.flags = set_tx ? HOSTAP_CRYPT_FLAG_SET_TX_KEY : 0;
+	param->u.crypt.idx = key_idx;
 	param->u.crypt.key_len = key_len;
 	memcpy((u8 *) (param + 1), key, key_len);
 
@@ -1216,7 +1235,7 @@ const struct wpa_driver_ops wpa_driver_hostap_ops = {
 	.wireless_event_deinit = hostap_wireless_event_deinit,
 	.set_ieee8021x = hostap_set_ieee8021x,
 	.set_privacy = hostap_set_privacy,
-	.set_encryption = hostap_set_encryption,
+	.set_key = hostap_set_key,
 	.get_seqnum = hostap_get_seqnum,
 	.flush = hostap_flush,
 	.set_generic_elem = hostap_set_generic_elem,

hostapd/driver_i.h

@@ -80,14 +80,16 @@ hostapd_set_privacy(struct hostapd_data *hapd, int enabled)
 }
 
 static inline int
-hostapd_set_encryption(const char *ifname, struct hostapd_data *hapd,
-		       const char *alg, const u8 *addr, int idx,
-		       u8 *key, size_t key_len, int txkey)
+hostapd_set_key(const char *ifname, struct hostapd_data *hapd,
+		wpa_alg alg, const u8 *addr, int key_idx,
+		int set_tx, const u8 *seq, size_t seq_len,
+		const u8 *key, size_t key_len)
 {
-	if (hapd->driver == NULL || hapd->driver->set_encryption == NULL)
+	if (hapd->driver == NULL || hapd->driver->set_key == NULL)
 		return 0;
-	return hapd->driver->set_encryption(ifname, hapd->drv_priv, alg, addr,
-					    idx, key, key_len, txkey);
+	return hapd->driver->set_key(ifname, hapd->drv_priv, alg, addr,
+				     key_idx, set_tx, seq, seq_len, key,
+				     key_len);
 }
 
 static inline int

hostapd/driver_madwifi.c

@@ -458,29 +458,29 @@ madwifi_del_key(void *priv, const u8 *addr, int key_idx)
 }
 
 static int
-madwifi_set_key(const char *ifname, void *priv, const char *alg,
-		const u8 *addr, int key_idx,
-		const u8 *key, size_t key_len, int txkey)
+madwifi_set_key(const char *ifname, void *priv, wpa_alg alg,
+		const u8 *addr, int key_idx, int set_tx, const u8 *seq,
+		size_t seq_len, const u8 *key, size_t key_len)
 {
 	struct madwifi_driver_data *drv = priv;
 	struct ieee80211req_key wk;
 	u_int8_t cipher;
 	int ret;
 
-	if (strcmp(alg, "none") == 0)
+	if (alg == WPA_ALG_NONE)
 		return madwifi_del_key(drv, addr, key_idx);
 
-	wpa_printf(MSG_DEBUG, "%s: alg=%s addr=%s key_idx=%d",
+	wpa_printf(MSG_DEBUG, "%s: alg=%d addr=%s key_idx=%d",
 		   __func__, alg, ether_sprintf(addr), key_idx);
 
-	if (strcmp(alg, "WEP") == 0)
+	if (alg == WPA_ALG_WEP)
 		cipher = IEEE80211_CIPHER_WEP;
-	else if (strcmp(alg, "TKIP") == 0)
+	else if (alg == WPA_ALG_TKIP)
 		cipher = IEEE80211_CIPHER_TKIP;
-	else if (strcmp(alg, "CCMP") == 0)
+	else if (alg == WPA_ALG_CCMP)
 		cipher = IEEE80211_CIPHER_AES_CCM;
 	else {
-		printf("%s: unknown/unsupported algorithm %s\n",
+		printf("%s: unknown/unsupported algorithm %d\n",
 			__func__, alg);
 		return -1;
 	}
@@ -508,9 +508,9 @@ madwifi_set_key(const char *ifname, void *priv, const char *alg,
 	ret = set80211priv(drv, IEEE80211_IOCTL_SETKEY, &wk, sizeof(wk));
 	if (ret < 0) {
 		wpa_printf(MSG_DEBUG, "%s: Failed to set key (addr %s"
-			   " key_idx %d alg '%s' key_len %lu txkey %d)",
+			   " key_idx %d alg %d key_len %lu set_tx %d)",
 			   __func__, ether_sprintf(wk.ik_macaddr), key_idx,
-			   alg, (unsigned long) key_len, txkey);
+			   alg, (unsigned long) key_len, set_tx);
 	}
 
 	return ret;
@@ -1378,7 +1378,7 @@ const struct wpa_driver_ops wpa_driver_madwifi_ops = {
 	.deinit			= madwifi_deinit,
 	.set_ieee8021x		= madwifi_set_ieee8021x,
 	.set_privacy		= madwifi_set_privacy,
-	.set_encryption		= madwifi_set_key,
+	.set_key		= madwifi_set_key,
 	.get_seqnum		= madwifi_get_seqnum,
 	.flush			= madwifi_flush,
 	.set_generic_elem	= madwifi_set_opt_ie,

hostapd/driver_nl80211.c

@@ -264,7 +264,7 @@ static int hostapd_set_iface_flags(struct i802_driver_data *drv,
 
 
 static int nl_set_encr(int ifindex, struct i802_driver_data *drv,
-		       const char *alg, const u8 *addr, int idx, const u8 *key,
+		       wpa_alg alg, const u8 *addr, int idx, const u8 *key,
 		       size_t key_len, int txkey)
 {
 	struct nl_msg *msg;
@@ -274,29 +274,34 @@ static int nl_set_encr(int ifindex, struct i802_driver_data *drv,
 	if (!msg)
 		return -ENOMEM;
 
-	if (strcmp(alg, "none") == 0) {
+	if (alg == WPA_ALG_NONE) {
 		genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
 			    0, NL80211_CMD_DEL_KEY, 0);
 	} else {
 		genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
 			    0, NL80211_CMD_NEW_KEY, 0);
 		NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
-		if (strcmp(alg, "WEP") == 0) {
+		switch (alg) {
+		case WPA_ALG_WEP:
 			if (key_len == 5)
 				NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
 					    0x000FAC01);
 			else
 				NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
 					    0x000FAC05);
-		} else if (strcmp(alg, "TKIP") == 0)
+			break;
+		case WPA_ALG_TKIP:
 			NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC02);
-		else if (strcmp(alg, "CCMP") == 0)
+			break;
+		case WPA_ALG_CCMP:
 			NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC04);
-		else if (strcmp(alg, "IGTK") == 0)
+			break;
+		case WPA_ALG_IGTK:
 			NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC06);
-		else {
+			break;
+		default:
 			wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
-				   "algorithm '%s'", __func__, alg);
+				   "algorithm %d", __func__, alg);
 			nlmsg_free(msg);
 			return -1;
 		}
@@ -326,7 +331,7 @@ static int nl_set_encr(int ifindex, struct i802_driver_data *drv,
 		    0, NL80211_CMD_SET_KEY, 0);
 	NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
-	if (strcmp(alg, "IGTK") == 0)
+	if (alg == WPA_ALG_IGTK)
 		NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT);
 	else
 		NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
@@ -340,15 +345,15 @@ static int nl_set_encr(int ifindex, struct i802_driver_data *drv,
 }
 
 
-static int i802_set_encryption(const char *iface, void *priv, const char *alg,
-			       const u8 *addr, int idx, const u8 *key,
-			       size_t key_len, int txkey)
+static int i802_set_key(const char *iface, void *priv, wpa_alg alg,
+			const u8 *addr, int key_idx, int set_tx, const u8 *seq,
+			size_t seq_len, const u8 *key, size_t key_len)
 {
 	struct i802_driver_data *drv = priv;
 	int ret;
 
-	ret = nl_set_encr(if_nametoindex(iface), drv, alg, addr, idx, key,
-			  key_len, txkey);
+	ret = nl_set_encr(if_nametoindex(iface), drv, alg, addr, key_idx, key,
+			  key_len, set_tx);
 	if (ret < 0)
 		return ret;
 
@@ -3107,7 +3112,7 @@ const struct wpa_driver_ops wpa_driver_nl80211_ops = {
 	.wireless_event_deinit = i802_wireless_event_deinit,
 	.set_ieee8021x = i802_set_ieee8021x,
 	.set_privacy = i802_set_privacy,
-	.set_encryption = i802_set_encryption,
+	.set_key = i802_set_key,
 	.get_seqnum = i802_get_seqnum,
 	.flush = i802_flush,
 	.read_sta_data = i802_read_sta_data,

hostapd/driver_prism54.c

@@ -205,11 +205,10 @@ prism54_sta_set_flags(void *priv, const u8 *addr, int total_flags,
 }
 
 
-/* set per station key */
-static int prism54_set_encryption(const char *ifname, void *priv,
-				  const char *alg, const u8 *addr,
-				  int idx, const u8 *key, size_t key_len,
-				  int txkey)
+static int prism54_set_key(const char *ifname, void *priv, wpa_alg alg,
+			   const u8 *addr, int key_idx, int set_tx,
+			   const u8 *seq, size_t seq_len,
+			   const u8 *key, size_t key_len)
 {
 	struct prism54_driver_data *drv = priv;
 	pimdev_hdr *hdr;
@@ -230,22 +229,27 @@ static int prism54_set_encryption(const char *ifname, void *priv,
 	} else {
 		memcpy(&keys->address[0], addr, ETH_ALEN);
 	}
-	if (!strcmp(alg, "WEP")) {
+	switch (alg) {
+	case WPA_ALG_WEP:
 		keys->type = DOT11_PRIV_WEP;
-	} else if (!strcmp(alg, "TKIP")) {
+		break;
+	case WPA_ALG_TKIP:
 		keys->type = DOT11_PRIV_TKIP;
-	} else if (!strcmp(alg, "none")) {
+		break;
+	case WPA_ALG_NONE:
 		/* the only way to clear the key is to deauth it */
 		/* and prism54 is capable to receive unencrypted packet */
 		/* so we do nothing here */
 		free(hdr);
 		return 0;
-	} else {
-		printf("bad auth type: %s\n", alg);
+	default:
+		printf("bad auth type: %d\n", alg);
+		free(hdr);
+		return -1;
 	}
 	buf = (u8 *) &keys->key[0];
 	keys->length = key_len;
-	keys->keyid = idx;
+	keys->keyid = key_idx;
 	keys->options = htons(DOT11_STAKEY_OPTION_DEFAULTKEY);
 	keys->reserved = 0;
 
@@ -1079,7 +1083,7 @@ const struct wpa_driver_ops wpa_driver_prism54_ops = {
 	.deinit = prism54_driver_deinit,
 	/* .set_ieee8021x = prism54_init_1x, */
 	.set_privacy = prism54_set_privacy_invoked,
-	.set_encryption = prism54_set_encryption,
+	.set_key = prism54_set_key,
 	.get_seqnum = prism54_get_seqnum,
 	.flush = prism54_flush,
 	.set_generic_elem = prism54_set_generic_elem,

hostapd/driver_test.c

@@ -1006,12 +1006,13 @@ static int test_driver_set_privacy(const char *ifname, void *priv, int enabled)
 }
 
 
-static int test_driver_set_encryption(const char *iface, void *priv,
-				      const char *alg, const u8 *addr, int idx,
-				      const u8 *key, size_t key_len, int txkey)
+static int test_driver_set_key(const char *iface, void *priv, wpa_alg alg,
+			       const u8 *addr, int key_idx, int set_tx,
+			       const u8 *seq, size_t seq_len,
+			       const u8 *key, size_t key_len)
 {
-	wpa_printf(MSG_DEBUG, "%s(iface=%s alg=%s idx=%d txkey=%d)",
-		   __func__, iface, alg, idx, txkey);
+	wpa_printf(MSG_DEBUG, "%s(iface=%s alg=%d idx=%d set_tx=%d)",
+		   __func__, iface, alg, key_idx, set_tx);
 	if (addr)
 		wpa_printf(MSG_DEBUG, "   addr=" MACSTR, MAC2STR(addr));
 	if (key)
@@ -1217,7 +1218,7 @@ const struct wpa_driver_ops wpa_driver_test_ops = {
 	.valid_bss_mask = test_driver_valid_bss_mask,
 	.set_ssid = test_driver_set_ssid,
 	.set_privacy = test_driver_set_privacy,
-	.set_encryption = test_driver_set_encryption,
+	.set_key = test_driver_set_key,
 	.set_sta_vlan = test_driver_set_sta_vlan,
 	.sta_add = test_driver_sta_add,
 	.send_ether = test_driver_send_ether,

hostapd/hostapd.c

@@ -454,8 +454,8 @@ static void hostapd_broadcast_key_clear_iface(struct hostapd_data *hapd,
 	int i;
 
 	for (i = 0; i < NUM_WEP_KEYS; i++) {
-		if (hostapd_set_encryption(ifname, hapd, "none", NULL, i, NULL,
-					   0, i == 0 ? 1 : 0)) {
+		if (hostapd_set_key(ifname, hapd, WPA_ALG_NONE, NULL, i,
+				    i == 0 ? 1 : 0, NULL, 0, NULL, 0)) {
 			wpa_printf(MSG_DEBUG, "Failed to clear default "
 				   "encryption keys (ifname=%s keyidx=%d)",
 				   ifname, i);
@@ -464,9 +464,9 @@ static void hostapd_broadcast_key_clear_iface(struct hostapd_data *hapd,
 #ifdef CONFIG_IEEE80211W
 	if (hapd->conf->ieee80211w) {
 		for (i = NUM_WEP_KEYS; i < NUM_WEP_KEYS + 2; i++) {
-			if (hostapd_set_encryption(ifname, hapd, "none", NULL,
-						   i, NULL, 0,
-						   i == 0 ? 1 : 0)) {
+			if (hostapd_set_key(ifname, hapd, WPA_ALG_NONE, NULL,
+					    i, i == 0 ? 1 : 0, NULL, 0,
+					    NULL, 0)) {
 				wpa_printf(MSG_DEBUG, "Failed to clear "
 					   "default mgmt encryption keys "
 					   "(ifname=%s keyidx=%d)", ifname, i);
@@ -491,11 +491,9 @@ static int hostapd_broadcast_wep_set(struct hostapd_data *hapd)
 
 	idx = ssid->wep.idx;
 	if (ssid->wep.default_len &&
-	    hostapd_set_encryption(hapd->conf->iface,
-				   hapd, "WEP", NULL, idx,
-			 	   ssid->wep.key[idx],
-			 	   ssid->wep.len[idx],
-				   idx == ssid->wep.idx)) {
+	    hostapd_set_key(hapd->conf->iface,
+			    hapd, WPA_ALG_WEP, NULL, idx, idx == ssid->wep.idx,
+			    NULL, 0, ssid->wep.key[idx], ssid->wep.len[idx])) {
 		wpa_printf(MSG_WARNING, "Could not set WEP encryption.");
 		errors++;
 	}
@@ -513,10 +511,9 @@ static int hostapd_broadcast_wep_set(struct hostapd_data *hapd)
 				continue;
 
 			idx = key->idx;
-			if (hostapd_set_encryption(ifname, hapd, "WEP", NULL,
-						   idx, key->key[idx],
-						   key->len[idx],
-						   idx == key->idx)) {
+			if (hostapd_set_key(ifname, hapd, WPA_ALG_WEP, NULL,
+					    idx, idx == key->idx, NULL, 0,
+					    key->key[idx], key->len[idx])) {
 				wpa_printf(MSG_WARNING, "Could not set "
 					   "dynamic VLAN WEP encryption.");
 				errors++;
@@ -647,10 +644,10 @@ static int hostapd_setup_encryption(char *iface, struct hostapd_data *hapd)
 
 	for (i = 0; i < 4; i++) {
 		if (hapd->conf->ssid.wep.key[i] &&
-		    hostapd_set_encryption(iface, hapd, "WEP", NULL,
-					   i, hapd->conf->ssid.wep.key[i],
-					   hapd->conf->ssid.wep.len[i],
-					   i == hapd->conf->ssid.wep.idx)) {
+		    hostapd_set_key(iface, hapd, WPA_ALG_WEP, NULL, i,
+				    i == hapd->conf->ssid.wep.idx, NULL, 0,
+				    hapd->conf->ssid.wep.key[i],
+				    hapd->conf->ssid.wep.len[i])) {
 			wpa_printf(MSG_WARNING, "Could not set WEP "
 				   "encryption.");
 			return -1;
@@ -839,7 +836,7 @@ static int hostapd_wpa_auth_get_msk(void *ctx, const u8 *addr, u8 *msk,
 }
 
 
-static int hostapd_wpa_auth_set_key(void *ctx, int vlan_id, const char *alg,
+static int hostapd_wpa_auth_set_key(void *ctx, int vlan_id, wpa_alg alg,
 				    const u8 *addr, int idx, u8 *key,
 				    size_t key_len)
 {
@@ -852,8 +849,8 @@ static int hostapd_wpa_auth_set_key(void *ctx, int vlan_id, const char *alg,
 			return -1;
 	}
 
-	return hostapd_set_encryption(ifname, hapd, alg, addr, idx,
-				      key, key_len, 1);
+	return hostapd_set_key(ifname, hapd, alg, addr, idx, 1, NULL, 0,
+			       key, key_len);
 }
 
 

hostapd/ieee802_1x.c

@@ -220,8 +220,8 @@ ieee802_1x_group_alloc(struct hostapd_data *hapd, const char *ifname)
 	wpa_hexdump_key(MSG_DEBUG, "Default WEP key (dynamic VLAN)",
 			key->key[key->idx], key->len[key->idx]);
 
-	if (hostapd_set_encryption(ifname, hapd, "WEP", NULL, key->idx,
-				   key->key[key->idx], key->len[key->idx], 1))
+	if (hostapd_set_key(ifname, hapd, WPA_ALG_WEP, NULL, key->idx, 1,
+			    NULL, 0, key->key[key->idx], key->len[key->idx]))
 		printf("Could not set dynamic VLAN WEP encryption key.\n");
 
 	hostapd_set_ieee8021x(ifname, hapd, 1);
@@ -335,10 +335,9 @@ void ieee802_1x_tx_key(struct hostapd_data *hapd, struct sta_info *sta)
 
 		/* TODO: set encryption in TX callback, i.e., only after STA
 		 * has ACKed EAPOL-Key frame */
-		if (hostapd_set_encryption(hapd->conf->iface, hapd, "WEP",
-					   sta->addr, 0, ikey,
-					   hapd->conf->individual_wep_key_len,
-					   1)) {
+		if (hostapd_set_key(hapd->conf->iface, hapd, WPA_ALG_WEP,
+				    sta->addr, 0, 1, NULL, 0, ikey,
+				    hapd->conf->individual_wep_key_len)) {
 			wpa_printf(MSG_ERROR, "Could not set individual WEP "
 				   "encryption.");
 		}
@@ -1483,10 +1482,10 @@ static void ieee802_1x_rekey(void *eloop_ctx, void *timeout_ctx)
 
 	/* TODO: Could setup key for RX here, but change default TX keyid only
 	 * after new broadcast key has been sent to all stations. */
-	if (hostapd_set_encryption(hapd->conf->iface, hapd, "WEP", NULL,
-				   hapd->default_wep_key_idx,
-				   hapd->default_wep_key,
-				   hapd->conf->default_wep_key_len, 1)) {
+	if (hostapd_set_key(hapd->conf->iface, hapd, WPA_ALG_WEP, NULL,
+			    hapd->default_wep_key_idx, 1, NULL, 0,
+			    hapd->default_wep_key,
+			    hapd->conf->default_wep_key_len)) {
 		hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE8021X,
 			       HOSTAPD_LEVEL_WARNING, "failed to configure a "
 			       "new broadcast key");
@@ -1691,8 +1690,8 @@ int ieee802_1x_init(struct hostapd_data *hapd)
 		hostapd_set_privacy(hapd, 1);
 
 		for (i = 0; i < 4; i++)
-			hostapd_set_encryption(hapd->conf->iface, hapd,
-					       "none", NULL, i, NULL, 0, 0);
+			hostapd_set_key(hapd->conf->iface, hapd, WPA_ALG_NONE,
+					NULL, i, 0, NULL, 0, NULL, 0);
 
 		ieee802_1x_rekey(hapd, NULL);
 

hostapd/vlan_init.c

@@ -661,10 +661,9 @@ int vlan_setup_encryption_dyn(struct hostapd_data *hapd,
 	 * functions for setting up dynamic broadcast keys. */
 	for (i = 0; i < 4; i++) {
 		if (mssid->wep.key[i] &&
-		    hostapd_set_encryption(dyn_vlan, hapd, "WEP", NULL,
-					   i, mssid->wep.key[i],
-					   mssid->wep.len[i],
-					   i == mssid->wep.idx)) {
+		    hostapd_set_key(dyn_vlan, hapd, WPA_ALG_WEP, NULL, i,
+				    i == mssid->wep.idx, NULL, 0,
+				    mssid->wep.key[i], mssid->wep.len[i])) {
 			printf("VLAN: Could not set WEP encryption for "
 			       "dynamic VLAN.\n");
 			return -1;

hostapd/wpa.c

@@ -102,7 +102,7 @@ static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
 
 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
 				   int vlan_id,
-				   const char *alg, const u8 *addr, int idx,
+				   wpa_alg alg, const u8 *addr, int idx,
 				   u8 *key, size_t key_len)
 {
 	if (wpa_auth->cb.set_key == NULL)
@@ -1143,7 +1143,8 @@ void wpa_remove_ptk(struct wpa_state_machine *sm)
 {
 	sm->PTK_valid = FALSE;
 	os_memset(&sm->PTK, 0, sizeof(sm->PTK));
-	wpa_auth_set_key(sm->wpa_auth, 0, "none", sm->addr, 0, (u8 *) "", 0);
+	wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, (u8 *) "",
+			 0);
 	sm->pairwise_set = FALSE;
 	eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
 }
@@ -1211,18 +1212,18 @@ void wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
 }
 
 
-static const char * wpa_alg_txt(int alg)
+static wpa_alg wpa_alg_enum(int alg)
 {
 	switch (alg) {
 	case WPA_CIPHER_CCMP:
-		return "CCMP";
+		return WPA_ALG_CCMP;
 	case WPA_CIPHER_TKIP:
-		return "TKIP";
+		return WPA_ALG_TKIP;
 	case WPA_CIPHER_WEP104:
 	case WPA_CIPHER_WEP40:
-		return "WEP";
+		return WPA_ALG_WEP;
 	default:
-		return "";
+		return WPA_ALG_NONE;
 	}
 }
 
@@ -1610,13 +1611,13 @@ SM_STATE(WPA_PTK, PTKINITDONE)
 	SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
 	sm->EAPOLKeyReceived = FALSE;
 	if (sm->Pair) {
-		char *alg;
+		wpa_alg alg;
 		int klen;
 		if (sm->pairwise == WPA_CIPHER_TKIP) {
-			alg = "TKIP";
+			alg = WPA_ALG_TKIP;
 			klen = 32;
 		} else {
-			alg = "CCMP";
+			alg = WPA_ALG_CCMP;
 			klen = 16;
 		}
 		if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
@@ -1996,13 +1997,13 @@ static void wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
 	group->changed = TRUE;
 	group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
 	wpa_auth_set_key(wpa_auth, group->vlan_id,
-			 wpa_alg_txt(wpa_auth->conf.wpa_group),
+			 wpa_alg_enum(wpa_auth->conf.wpa_group),
 			 NULL, group->GN, group->GTK[group->GN - 1],
 			 group->GTK_len);
 
 #ifdef CONFIG_IEEE80211W
 	if (wpa_auth->conf.ieee80211w != WPA_NO_IEEE80211W) {
-		wpa_auth_set_key(wpa_auth, group->vlan_id, "IGTK",
+		wpa_auth_set_key(wpa_auth, group->vlan_id, WPA_ALG_IGTK,
 				 NULL, group->GN_igtk,
 				 group->IGTK[group->GN_igtk - 4],
 				 WPA_IGTK_LEN);

hostapd/wpa.h

@@ -15,6 +15,7 @@
 #ifndef WPA_AUTH_H
 #define WPA_AUTH_H
 
+#include "defs.h"
 #include "eapol_common.h"
 #include "wpa_common.h"
 
@@ -187,7 +188,7 @@ struct wpa_auth_callbacks {
 	int (*get_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var);
 	const u8 * (*get_psk)(void *ctx, const u8 *addr, const u8 *prev_psk);
 	int (*get_msk)(void *ctx, const u8 *addr, u8 *msk, size_t *len);
-	int (*set_key)(void *ctx, int vlan_id, const char *alg, const u8 *addr,
+	int (*set_key)(void *ctx, int vlan_id, wpa_alg alg, const u8 *addr,
 		       int idx, u8 *key, size_t key_len);
 	int (*get_seqnum)(void *ctx, const u8 *addr, int idx, u8 *seq);
 	int (*get_seqnum_igtk)(void *ctx, const u8 *addr, int idx, u8 *seq);

hostapd/wpa_ft.c

@@ -840,7 +840,7 @@ static int wpa_ft_parse_ies(const u8 *ies, size_t ies_len,
 
 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
 				   int vlan_id,
-				   const char *alg, const u8 *addr, int idx,
+				   wpa_alg alg, const u8 *addr, int idx,
 				   u8 *key, size_t key_len)
 {
 	if (wpa_auth->cb.set_key == NULL)
@@ -852,15 +852,15 @@ static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
 
 static void wpa_ft_install_ptk(struct wpa_state_machine *sm)
 {
-	char *alg;
+	wpa_alg alg;
 	int klen;
 
 	/* MLME-SETKEYS.request(PTK) */
 	if (sm->pairwise == WPA_CIPHER_TKIP) {
-		alg = "TKIP";
+		alg = WPA_ALG_TKIP;
 		klen = 32;
 	} else if (sm->pairwise == WPA_CIPHER_CCMP) {
-		alg = "CCMP";
+		alg = WPA_ALG_CCMP;
 		klen = 16;
 	} else
 		return;