Expand Minimize

OID_DOT11_CIPHER_KEY_MAPPING_KEY

When set, the OID_DOT11_CIPHER_KEY_MAPPING_KEY object identifier (OID) requests that the miniport driver add, modify, or delete one or more entries in its key-mapping key table.

The 802.11 station uses key-mapping keys for data encryption and decryption between the 802.11 station and a specific AP or peer station in the basic service set (BSS) network. These keys are different from the default cipher keys, which the 802.11 station uses for data encryption and decryption between the 802.11 station and any AP or peer station in the BSS network.

Note  Support for this OID is mandatory if the 802.11 station supports one or more key-mapping keys. The miniport driver returns the number of key-mapping keys it supports when OID_DOT11_EXTSTA_CAPABILITY is queried.

The data type for this OID is the DOT11_BYTE_ARRAY structure. The miniport driver sets the members of this structure as follows:

Header

The type and size of the DOT11_BYTE_ARRAY structure and the revision of the DOT11_CIPHER_KEY_MAPPING_KEY_VALUE structures that follows it. This member is formatted as an NDIS_OBJECT_HEADER structure.

The miniport driver must set the members of Header to the following values:

Type

This member must be set to NDIS_OBJECT_TYPE_DEFAULT.

Revision

This member must be set to DOT11_CIPHER_KEY_MAPPING_KEY_VALUE_BYTE_ARRAY_REVISION_1.

Size

This member must be set to sizeof(DOT11_BYTE_ARRAY).

For more information about these members, see NDIS_OBJECT_HEADER.

uNumOfBytes

Number of bytes within the ucBuffer array pertaining to the set request.

uTotalNumOfBytes

Total number of bytes within the ucBuffer array. This value must be greater than or equal to uNumOfBytes .

ucBuffer

The list of key-mapping keys.

Each element in the list of key-mapping keys is formatted as a variable-length DOT11_CIPHER_KEY_MAPPING_KEY_VALUE structure. There must not be padding between key entries within the ucBuffer array.

When the OID_DOT11_CIPHER_KEY_MAPPING_KEY OID is set, the miniport driver must do the following:

  • If the 802.11 station does not support key-mapping keys, fail the set request by returning NDIS_STATUS_INVALID_DATA from its MiniportOidRequest function.

  • Follow these guidelines when validating the members of the DOT11_CIPHER_KEY_MAPPING_KEY_VALUE structure in the following ways:
    • If the 802.11 station does not support the cipher algorithm specified by the AlgorithmId member, fail the set request by returning NDIS_STATUS_INVALID_DATA from its MiniportOidRequest function.
    • If the bDelete member of the DOT11_CIPHER_KEY_MAPPING_KEY_VALUE structure is set to TRUE, delete the key material for the key referenced by the PeerMacAddr and Direction members. If the driver had previously deleted the specified key, it must accept the set request by returning NDIS_STATUS_SUCCESS from its MiniportOidRequest function.
  • When modifying TKIP keys, synchronize the key update with the packet-processing path of the 802.11 station.

    For example, the miniport driver must avoid situations in which the packet payload was decrypted using the old cipher key and verified using the new message integrity code (MIC) key.

The 802.11 station must clear its key-mapping keys if the following conditions are met:

Requirements

Version

Available in Windows Vista and later versions of the Windows operating systems.

Header

Windot11.h (include Ndis.h)

See also

Native 802.11 Wireless LAN OIDs

 

 

Send comments about this topic to Microsoft

Show:
© 2014 Microsoft. All rights reserved.