Determining WPA Capability

The operating system determines whether an 802.11 miniport driver supports WPA based on the following procedure:

  • The operating system sets the driver's authentication mode to Ndis802_11AuthModeWPA through OID_802_11_AUTHENTICATION_MODE. The driver must return NDIS_STATUS_SUCCESS in response to this set operation.

  • The driver must return Ndis802_11AuthModeWPA in response to a query of OID_802_11_AUTHENTICATION_MODE.

  • The operating system then determines the most secure encryption mode supported by the driver:

    1. The operating system sets the driver's encryption mode to Ndis802_11Encryption3Enabled through a setting of OID_802_11_ENCRYPTION_STATUS. If the driver returns NDIS_STATUS_SUCCESS, then the operating system continues with step 2. Otherwise, the operating system determines that the driver does not support encryption mode Encryption3 and continues with step 3.
    2. The operating system queries the driver's current encryption mode. If the driver returns Ndis802_11Encryption3Enabled, then the operating system determines that the driver supports encryption mode Encryption3 and continues with the next step in determining WPA capability.
    3. The operating system sets the driver's encryption mode to Ndis802_11Encryption2Enabled through a setting of OID_802_11_ENCRYPTION_STATUS. If the driver returns NDIS_STATUS_SUCCESS, then the operating system continues with step 4. Otherwise, the operating system considers the driver to be incapable of supporting WPA and stops any further checks for WPA capability.
    4. The operating system queries the driver's current encryption mode. If the driver returns Ndis802_11Encryption2Enabled, then the operating system determines that the driver supports encryption mode Encryption2 and continues to the next step in determining WPA capability. Otherwise, because the driver must at least support Encryption2, the operating system considers the driver to be incapable of supporting WPA and stops any further checks for WPA capability.
  • The operating system sets an invalid key through OID_802_11_ADD_KEY with an index of 0xC0000001 (pairwise key at index 1). Because pairwise keys are always set for index 0 for WPA, the driver must fail the set operation and return NDIS_STATUS_INVALID_DATA. If it doesn't, then the operating system determines that the driver cannot support WPA and stops any further checks for WPA capability.

  • The operating system queries the driver with OID_802_11_ASSOCIATION_INFORMATION. The driver must return NDIS_STATUS_SUCCESS. If it doesn't, then the operating system determines that the driver cannot support WPA.

If the driver passes all of these tests, then the operating system considers the driver to be able to support WPA. The driver can receive set and query requests for the WPA-required 802.11 OIDs.

The following figure shows an example of how an 802.11 miniport driver that supports only encryption mode Encryption2 interacts with the operating system to determine WPA capability.

 

 

Send comments about this topic to Microsoft