When set, the OID_DOT11_CIPHER_KEY_MAPPING_KEY object identifier (OID) requests that the miniport driver add, modify, or delete one or more entries in its key-mapping key table.
The 802.11 station uses key-mapping keys for data encryption and decryption between the 802.11 station and a specific AP or peer station in the basic service set (BSS) network. These keys are different from the default cipher keys, which the 802.11 station uses for data encryption and decryption between the 802.11 station and any AP or peer station in the BSS network.
Note Support for this OID is mandatory if the 802.11 station supports one or more key-mapping keys. The miniport driver returns the number of key-mapping keys it supports when OID_DOT11_EXTSTA_CAPABILITY is queried.
The data type for this OID is the DOT11_BYTE_ARRAY structure. The miniport driver sets the members of this structure as follows:
The miniport driver must set the members of Header to the following values:
This member must be set to NDIS_OBJECT_TYPE_DEFAULT.
This member must be set to DOT11_CIPHER_KEY_MAPPING_KEY_VALUE_BYTE_ARRAY_REVISION_1.
This member must be set to sizeof(DOT11_BYTE_ARRAY).
For more information about these members, see NDIS_OBJECT_HEADER.
Number of bytes within the ucBuffer array pertaining to the set request.
Total number of bytes within the ucBuffer array. This value must be greater than or equal to uNumOfBytes .
The list of key-mapping keys.
Each element in the list of key-mapping keys is formatted as a variable-length DOT11_CIPHER_KEY_MAPPING_KEY_VALUE structure. There must not be padding between key entries within the ucBuffer array.
When the OID_DOT11_CIPHER_KEY_MAPPING_KEY OID is set, the miniport driver must do the following:
If the 802.11 station does not support key-mapping keys, fail the set request by returning NDIS_STATUS_INVALID_DATA from its MiniportOidRequest function.
- Follow these guidelines when validating the members of the
DOT11_CIPHER_KEY_MAPPING_KEY_VALUE structure in the following ways:
- If the 802.11 station does not support the cipher algorithm specified by the AlgorithmId member, fail the set request by returning NDIS_STATUS_INVALID_DATA from its MiniportOidRequest function.
- If the bDelete member of the DOT11_CIPHER_KEY_MAPPING_KEY_VALUE structure is set to TRUE, delete the key material for the key referenced by the PeerMacAddr and Direction members. If the driver had previously deleted the specified key, it must accept the set request by returning NDIS_STATUS_SUCCESS from its MiniportOidRequest function.
When modifying TKIP keys, synchronize the key update with the packet-processing path of the 802.11 station.
For example, the miniport driver must avoid situations in which the packet payload was decrypted using the old cipher key and verified using the new message integrity code (MIC) key.
The 802.11 station must clear its key-mapping keys if the following conditions are met:
The miniport driver's MiniportInitializeEx function is called.
A method request of OID_DOT11_RESET_REQUEST is made to reset the MAC layer of the 802.11 station.
|Available in Windows Vista and later versions of the Windows operating systems.|