Extending Support for 802.11 Cipher Algorithms

Important The Native 802.11 Wireless LAN interface is deprecated in Windows 10 and later. Please use the WLAN Device Driver Interface (WDI) instead. For more information about WDI, see WLAN Universal Windows driver model.

The independent hardware vendor (IHV) can use the Extensible Station (ExtSTA) operation mode to extend the types of 802.11 cipher algorithms that are provided by the operating system to include proprietary or non-standard algorithms supported by the IHV.

Windows Vista and later operating systems support the following 802.11 cipher algorithms:

  • IEEE 802.11 Wired Equivalent Privacy (WEP) algorithm.

  • Temporal Key Integrity Protocol (TKIP) algorithm, along with the Michael Message Integrity Code (MIC) algorithm for payload forgery protection. TKIP and Michael are defined in the Wi-Fi Protected Access (WPA) specification and IEEE 802.11i-2004 standard.

  • AES-CCMP algorithm, as specified in the IEEE 802.11i-2004 standard and IETF RFC 3610. Advanced Encryption Standard (AES) is the encryption algorithm defined in FIPS PUB 197.

To extend this list for the support of proprietary or non-standard 802.11 cipher algorithms, the miniport driver must assign a unique value within the range of DOT11_CIPHER_ALGO_IHV_START through DOT11_CIPHER_ALGO_IHV_END for each proprietary cipher algorithm that is supported by the 802.11 station.

Note The value assigned to a proprietary cipher algorithm is not a globally unique identifier (GUID). The same value can be used by different Native 802.11 miniport drivers that are developed by the IHV.

The miniport driver returns a list of supported cipher algorithms, including supported proprietary algorithms, whenever the following Native 802.11 object identifiers (OIDs) are queried:

OID_DOT11_SUPPORTED_UNICAST_ALGORITHM_PAIR
When this OID is queried, the driver returns the list of 802.11 authentication and cipher algorithms that the 802.11 station supports for unicast packets.

OID_DOT11_SUPPORTED_MULTICAST_ALGORITHM_PAIR
When this OID is queried, the driver returns the list of 802.11 authentication and cipher algorithms that the 802.11 station supports for multicast and broadcast packets.

OID_DOT11_ENABLED_UNICAST_CIPHER_ALGORITHM
When this OID is queried, the driver returns the list of 802.11 cipher algorithms that are enabled on the 802.11 station for the encryption and decryption of unicast packets.

OID_DOT11_ENABLED_MULTICAST_CIPHER_ALGORITHM
When this OID is queried, the driver returns the list of 802.11 cipher algorithms that are enabled on the 802.11 station for the encryption and decryption of multicast and broadcast packets.

For more information about 802.11 encryption and decryption by Native 802.11 miniport drivers, see Native 802.11 Cipher Operations.