PMKID Candidate List Indications

  • Article

The 802.11 miniport driver can make PMKID candidate list indications to request pairwise master key identifiers (PMKIDs) of BSSIDs that the device can potentially roam to. For more information about pre-authentication, see WPA2 Pre-Authentication.

In a PMKID indication, the StatusBufferparameter of NdisMIndicateStatuspoints to a driver-allocated buffer that contains the following:

NDIS_802_11_STATUS_TYPE  StatusType;
NDIS_802_11_PMKID_CANDIDATE_LIST  PMKIDCandidateList[1];

When making PMKID candidate indications, the driver must set the StatusType member to Ndis802_11StatusType_PMKID_CandidateList.

The PMKIDCandidateList member is formatted as follows:

typedef struct _NDIS_802_11_PMKID_CANDIDATE_LIST
{
  ULONG  Version;
  ULONG  NumCandidates;
  PMKID_CANDIDATE  CandidateList[1];
}  NDIS_802_11_PMKID_CANDIDATE_LIST, *PNDIS_802_11_PMKID_CANDIDATE_LIST;

The members of this structure contain the following information:

  • Version
    The version of the structure. This value is currently set to 1.

  • NumCandidates
    The number of entries within the CandidateList array.

  • CandidateList
    An array of PMKID candidates.

Each entry in the CandidateList array is formatted as follows:

typedef struct _PMKID_CANDIDATE
{
  NDIS_802_11_MAC_ADDRESS  BSSID;
  DWORD  Flags;
} PMKID_CANDIDATE, *PPMKID_CANDIDATE;

The members of the PMKID_CANDIDATE structure contain the following information:

  • BSSID
    The BSSID of the PMKID candidate.

  • Flags
    Specifies the attributes of the PMKID candidate:

    • NDIS_802_11_PMKID_CANDIDATE_PREAUTH_ENABLED (0x01)
      This flag must be set if this BSSID is capable of supporting pre-authentication as indicated by the Pre-Authentication subfield of the RSN Capabilities field in the RSN IE of the beacon or probe response.

      If this flag is set, then the 802.1X supplicant will initiate the 802.1X pre-authentication with the specified BSSID.

      If this flag is not set, then pre-authentication cannot be performed with that BSSID. However, the 802.1X supplicant can update the driver's PMKID cache by using the PMK from a prior association with the BSSID.

When making PMKID indications, the driver must do the following:

  • Order the CandidateList array from most preferred to least preferred. For example, the driver can order the entries based on RSSI strength.

  • Only BSSIDs that are members of the same SSID with which the device is currently associated and authenticated can be included in the CandidateList array.

  • NumCandidates cannot be set to a value greater than the value of NoOfPMKIDs returned by the driver in response to the query of OID_802_11_CAPABILITY.

 

 

Send comments about this topic to Microsoft