Driver Requirements for WPA
A miniport driver that supports WPA must support the following 802.11 OIDs:
In addition, a driver that supports WPA must handle the following 802.11 OIDs as indicated:
On both a query and a setting of this OID, the driver must support authentication modes of Ndis802_11AuthModeWPA and Ndis802_11AuthModeWPAPSK for infrastructure networks. Support for Ndis802_11AuthModeWPANone is optional, but is used only with ad hoc networks.
On both a query and a setting of this OID, the driver must the support the Encryption2 encryption mode. Support for the Encryption3 encryption mode is optional.
When this OID is queried, the driver must return the NDIS_802_11_BSSID_LIST_EX structure. In particular, the driver must return the WPA IE from the beacon or probe response. The WPA IE is needed by the 802.1X supplicant during the WPA authentication.
A miniport driver that supports WPA must also do the following:
The driver must support the cipher suites for encryption mode Encryption2 (WEP and TKIP). The device can also support Encryption3 (WEP, TKIP, and AES). The device must be able to support different cipher suites for unicast and multicast/broadcast packets.
The device must support Michael integrity checks with TKIP. On detecting a Michael integrity check failure, the driver must make an authentication indication. The driver does this by calling NdisMIndicateStatus with the GeneralStatus parameter set to NDIS_STATUS_MEDIA_SPECIFIC_INDICATION and the StatusType parameter set to Ndis802_11StatusType_Authentication. For more information, see 802.11 Media-Specific Status Indications.
The device must support TKIP countermeasures. For more information, see Receiving 802.11 Packets.
The driver must send IEEE 802.1X Extensible Authentication Protocol Over LAN (EAPOL) packets unencrypted until a pairwise key is installed through a setting of OID_802_11_ADD_KEY.
The driver must not send non-802.1X EAPOL packets until a group key is installed through a setting of OID_802_11_ADD_KEY.