OID_DOT11_ENABLED_AUTHENTICATION_ALGORITHM (Compact 2013)

3/26/2014

When set, the OID_DOT11_ENABLED_AUTHENTICATION_ALGORITHM object identifier (OID) requests that the miniport driver set the Extensible Station (ExtSTA) msDot11EnabledAuthAlgo management information base (MIB) object to the specified data.

When queried, this OID requests that the miniport driver return the value of the msDot11EnabledAuthAlgo MIB object.

The msDot11EnabledAuthAlgo MIB object defines the list of authentication algorithms the 802.11 station has enabled for use when it connects to a basic service set (BSS) network. After OID_DOT11_CONNECT_REQUEST is set, the 802.11 station will try to connect to a BSS whose 802.11 Beacon or Probe Response frames specify support for an authentication algorithm defined by an entry within the msDot11EnabledAuthAlgo MIB object.

The data type for OID_DOT11_ENABLED_AUTHENTICATION_ALGORITHM is the DOT11_AUTH_ALGORITHM_LIST structure.

The Microsoft 802.1X supplicant enables only one standard 802.11 authentication algorithm. However, a supplicant developed by the independent hardware vendor (IHV) can enable one or more authentication algorithms. For more information about 802.1X supplicants, refer to the IEEE 802.1X‑2001 standard.

The 802.11 station uses the list of authentication algorithms when it performs a connection operation to a BSS network. Depending on the authentication algorithms supported by the BSS (as advertised in the 802.11 Beacon or Probe Response frames), the following apply to the 802.11 station:

• If no advertised authentication algorithm matches an algorithm from its list, the 802.11 station cannot connect to the BSS network
• If the BSS advertises an authentication algorithm that matches any algorithm in its list, the 802.11 station must connect to the BSS by using the preferred algorithm from the intersection of the advertised algorithms with its list. For example, if the Beacon frame advertises authentication algorithms that match AlgorithmIds[0] and AlgorithmIds[3], the station must connect to the BSS by using AlgorithmIds[0].

When OID_DOT11_ENABLED_AUTHENTICATION_ALGORITHM is set, the miniport driver must do the following:

• If uNumOfEntries is set to zero, fail the set request by returning NDIS_STATUS_INVALID_DATA from its MiniportOidRequest function. The msDot11EnabledAuthAlgo MIB object must always contain at least one entry.
• If the 802.11 station does not support any of the authentication algorithms in the specified list, fail the set request by returning NDIS_STATUS_INVALID_DATA from its MiniportOidRequest function.
• Reload the default values for the enabled unicast cipher algorithms for each authentication algorithm in the specified list. For more information about the default values for unicast cipher algorithms, see OID_DOT11_ENABLED_UNICAST_CIPHER_ALGORITHM.
• Reload the default values for the enabled multicast cipher algorithms for each authentication algorithm in the specified list. For more information about the default values for multicast cipher algorithms, see OID_DOT11_ENABLED_MULTICAST_CIPHER_ALGORITHM.
• Disable any authentication algorithms that are not in the specified list.

When OID_DOT11_ENABLED_AUTHENTICATION_ALGORITHM is queried, the miniport driver must verify that the InformationBuffer member of the MiniportOidRequest function’s OidRequest parameter is large enough to return the complete DOT11_AUTH_ALGORITHM_LIST structure. This includes all entries in the AlgorithmIds array. The value of the InformationBufferLength member of the OidRequest parameter determines what the miniport driver must do, as the following list shows:

• If the value of the InformationBufferLength member is less than the length, in bytes, of the complete DOT11_AUTH_ALGORITHM_LIST structure, the miniport driver must do the following:
  • Set the uNumOfEntries member to zero.
  • Set the uTotalNumOfEntries member to the number of entries in the AlgorithmIds array.
    For the OidRequest parameter, set the BytesWritten member to zero and the BytesNeeded member to the length, in bytes, of the complete DOT11_AUTH_ALGORITHM_LIST structure.
  • Fail the query request by returning NDIS_STATUS_BUFFER_OVERFLOW from its MiniportOidRequest function
• If the value of the InformationBufferLength member is greater than or equal to than the length, in bytes, of the complete DOT11_AUTH_ALGORITHM_LIST structure, the miniport driver must do the following to complete a successful query request:
  • For the DOT11_AUTH_ALGORITHM_LIST structure, set the uNumOfEntries and uTotalNumOfEntries members to the total number of entries in the AlgorithmIds array.
  • For the OidRequest parameter, set the BytesNeeded member to zero and the BytesWritten member to the length, in bytes, of the complete DOT11_AUTH_ALGORITHM_LIST structure. The miniport driver must also copy the complete DOT11_AUTH_ALGORITHM_LIST structure to the InformationBuffer member.
  • Return NDIS_STATUS_SUCCESS from its MiniportOidRequest function

The miniport driver must define a default authentication algorithm from its supported algorithms based on the following:

• If the desired BSS type is dot11_BSS_type_infrastructure, the miniport driver must select the default authentication algorithm based on the following order of preference:
  • DOT11_AUTH_ALGO_RSNA (highest preference)
  • DOT11_AUTH_ALGO_WPA
  • DOT11_AUTH_ALGO_RSNA_PSK
  • DOT11_AUTH_ALGO_WPA_PSK
  • DOT11_AUTH_ALGO_80211_OPEN
  • DOT11_AUTH_ALGO_80211_SHARED_KEY (lowest preference)
• If the desired BSS type is dot11_BSS_type_independent, the miniport driver must select the default authentication algorithm based on the following preference order:
  • DOT11_AUTH_ALGO_RSNA_PSK (highest preference)
  • DOT11_AUTH_ALGO_80211_OPEN
  • DOT11_AUTH_ALGO_80211_SHARED_KEY (lowest preference)
• If the 802.11 station supports one or more vendor-defined authentication algorithms, the miniport driver must select the preferred vendor algorithm as its default authentication algorithm.

The miniport driver must set the msDot11EnabledAuthAlgo MIB object to the default authentication algorithm whenever the following occurs:

• The miniport driver’s MiniportInitializeEx function is called.
• A method request of OID_DOT11_RESET_REQUEST is made to reset the MAC layer of the 802.11 station and the bSetDefaultMIB member of the OID_DOT11_RESET_REQUEST structure is TRUE.
• A set request of OID_DOT11_DESIRED_BSS_TYPE is made.

Requirements

Header

windot11.h

See Also

Reference

Native 802.11 Extensible Station OIDs
OID_DOT11_CONNECT_REQUEST
DOT11_AUTH_ALGORITHM_LIST
NDIS_OBJECT_HEADER
MiniportOidRequest
OID_DOT11_ENABLED_UNICAST_CIPHER_ALGORITHM
OID_DOT11_ENABLED_MULTICAST_CIPHER_ALGORITHM
MiniportInitializeEx
OID_DOT11_RESET_REQUEST
OID_DOT11_RESET_REQUEST
OID_DOT11_DESIRED_BSS_TYPE
Native 802.11 Wireless LAN OIDs

Other Resources

DOT11_AUTH_ALGORITHM