OID_DOT11_ENABLED_AUTHENTICATION_ALGORITHM

  • Article

Important  The Native 802.11 Wireless LAN interface is deprecated in Windows 10 and later. Please use the WLAN Device Driver Interface (WDI) instead. For more information about WDI, see WLAN Universal Windows driver model.

 

When set, the OID_DOT11_ENABLED_AUTHENTICATION_ALGORITHM object identifier (OID) requests that the miniport driver set the Extensible Station (ExtSTA) msDot11EnabledAuthAlgo management information base (MIB) object to the specified data.

When queried, this OID requests that the miniport driver return the value of the msDot11EnabledAuthAlgo MIB object.

The msDot11EnabledAuthAlgo MIB object defines the list of authentication algorithms the 802.11 station has enabled for use when connecting to a basic service set (BSS) network. After OID_DOT11_CONNECT_REQUEST is set, the 802.11 station will attempt to connect to a BSS whose 802.11 Beacon or Probe Response frames specify support for an authentication algorithm defined by an entry within the msDot11EnabledAuthAlgo MIB object.

The data type for OID_DOT11_ENABLED_AUTHENTICATION_ALGORITHM is the DOT11_AUTH_ALGORITHM_LIST structure.

    typedef struct DOT11_AUTH_ALGORITHM_LIST {
         NDIS_OBJECT_HEADER Header;
         ULONG uNumOfEntries;
         ULONG uTotalNumOfEntries;
         DOT11_AUTH_ALGORITHM AlgorithmIds[1];
    } DOT11_AUTH_ALGORITHM_LIST,   *PDOT11_AUTH_ALGORITHM_LIST;

This structure includes the following members:

Header
The type, revision, and size of the DOT11_AUTH_ALGORITHM_LIST structure. This member is formatted as an NDIS_OBJECT_HEADER structure.

The miniport driver must set the members of Header to the following values:

Type
This member must be set to NDIS_OBJECT_TYPE_DEFAULT.

Revision
This member must be set to DOT11_AUTH_ALGORITHM_LIST_REVISION_1.

Size
This member must be set to sizeof(DOT11_AUTH_ALGORITHM_LIST).

For more information about these members, see NDIS_OBJECT_HEADER.

uNumOfEntries
Number of entries in the AlgorithmIds array. A zero value for this member indicates an empty list.

uTotalNumOfEntries
Maximum number of entries that the AlgorithmIds array can contain.

AlgorithmIds
The authentication algorithm list, with each entry specified by a DOT11_AUTH_ALGORITHM enumerator value.

The list of authentication algorithms is sorted by preference. AlgorithmIds[0] specifies the authentication algorithm with the highest preference.

The Microsoft 802.1X supplicant enables only one standard 802.11 authentication algorithm. However, a supplicant developed by the independent hardware vendor (IHV) can enable one or more authentication algorithms. For more information about 802.1X supplicants, refer to the IEEE 802.1X-2001 standard.

The 802.11 station uses the list of authentication algorithms when performing a connection operation to a BSS network. Depending on the authentication algorithms supported by the BSS (as advertised in the 802.11 Beacon or Probe Response frames), the following apply to the 802.11 station:

  • If none of the advertised authentication algorithms matches an algorithm from its list, the 802.11 station cannot connect to the BSS network.

  • If the BSS advertises one or more authentication algorithm that match algorithms from its list, the 802.11 station must connect to the BSS using the most preferred algorithm from the intersection of the advertised algorithms with its list. For example, if the Beacon frame advertises authentication algorithms that match AlgorithmIds[0] and AlgorithmIds[3], the station must connect to the BSS using AlgorithmIds[0].

For more information about the connection operation, see Connection Operations.

When OID_DOT11_ENABLED_AUTHENTICATION_ALGORITHM is set, the miniport driver must do the following:

  • If uNumOfEntries is set to zero, fail the set request by returning NDIS_STATUS_INVALID_DATA from its MiniportOidRequest function. The msDot11EnabledAuthAlgo MIB object must always contain at least one entry.

  • If the 802.11 station does not support any of the authentication algorithms in the specified list, fail the set request by returning NDIS_STATUS_INVALID_DATA from its MiniportOidRequest function.

  • Reload the default values for the enabled unicast cipher algorithms for each authentication algorithm in the specified list. For more information about the default values for unicast cipher algorithms, see OID_DOT11_ENABLED_UNICAST_CIPHER_ALGORITHM.

  • Reload the default values for the enabled multicast cipher algorithms for each authentication algorithm in the specified list. For more information about the default values for multicast cipher algorithms, see OID_DOT11_ENABLED_MULTICAST_CIPHER_ALGORITHM.

  • Disable any authentication algorithms that are not in the specified list.

  • Ensure that the value of the InformationBufferLength member of the MiniportOidRequest function's OidRequest parameter is at least the value returned by the following formula:

     FIELD_OFFSET(DOT11_AUTH_ALGORITHM_LIST, AlgorithmIds) + uNumOfEntries * sizeof(DOT11_AUTH_ALGORITHM))

When OID_DOT11_ENABLED_AUTHENTICATION_ALGORITHM is queried, the miniport driver must verify that the InformationBuffer member of the MiniportOidRequest function's OidRequest parameter is large enough to return the entire DOT11_AUTH_ALGORITHM_LIST structure, including all entries in the AlgorithmIds array. The value of the InformationBufferLength member of the OidRequest parameter determines what the miniport driver must do, as the following list shows:

  • If the value of the InformationBufferLength member is less than the length, in bytes, of the entire DOT11_AUTH_ALGORITHM_LIST structure, the miniport driver must do the following:

    • Set the uNumOfEntries member to zero.

    • Set the uTotalNumOfEntries member to the number of entries in the AlgorithmIds array.

    • For the OidRequest parameter, set the BytesWritten member to zero and the BytesNeeded member to the length, in bytes, of the entire DOT11_AUTH_ALGORITHM_LIST structure.

    • Fail the query request by returning NDIS_STATUS_BUFFER_OVERFLOW from its MiniportOidRequest function.

  • If the value of the InformationBufferLength member is greater than or equal to than the length, in bytes, of the entire DOT11_AUTH_ALGORITHM_LIST structure, the miniport driver must do the following to complete a successful query request:

    • For the DOT11_AUTH_ALGORITHM_LIST structure, set the uNumOfEntries and uTotalNumOfEntries members to the total number of entries in the AlgorithmIds array.

    • For the OidRequest parameter, set the BytesNeeded member to zero and the BytesWritten member to the length, in bytes, of the entire DOT11_AUTH_ALGORITHM_LIST structure. The miniport driver must also copy the entire DOT11_AUTH_ALGORITHM_LIST structure to the InformationBuffer member.

    • Return NDIS_STATUS_SUCCESS from its MiniportOidRequest function.

The miniport driver must define a default authentication algorithm from its supported algorithms based on the following:

  • If the desired BSS type is dot11_BSS_type_infrastructure, the miniport driver must choose the default authentication algorithm based on the following order of preference:

    DOT11_AUTH_ALGO_RSNA(highest preference)

    DOT11_AUTH_ALGO_WPA

    DOT11_AUTH_ALGO_RSNA_PSK

    DOT11_AUTH_ALGO_WPA_PSK

    DOT11_AUTH_ALGO_80211_OPEN

    DOT11_AUTH_ALGO_80211_SHARED_KEY(lowest preference)

  • If the desired BSS type is dot11_BSS_type_independent, the miniport driver must choose the default authentication algorithm based on the following preference order:

    DOT11_AUTH_ALGO_RSNA_PSK(highest preference)

    DOT11_AUTH_ALGO_80211_OPEN

    DOT11_AUTH_ALGO_80211_SHARED_KEY(lowest preference)

  • If the 802.11 station supports one or more vendor-defined authentication algorithms, the miniport driver must select the most preferred vendor algorithm as its default authentication algorithm.

The miniport driver must set the msDot11EnabledAuthAlgo MIB object to the default authentication algorithm whenever the following occurs:

Note  Beginning in Windows 7, the operating system enables only one authentication algorithm at a time.

 

Requirements

Version

Available in Windows Vista and later versions of the Windows operating systems.

Header

 Windot11.h (include Ndis.h)

See also

Native 802.11 Wireless LAN OIDs