Partager via


OID_802_11_ENCRYPTION_STATUS

When set, the OID_802_11_ENCRYPTION_STATUS OID requests that the miniport driver change its encryption mode. A single encryption mode value can be set, though this may enable one or more cipher suites or disable all cipher suites on the device. A transmit key is not required to set the encryption mode.

Encryption modes define the set of cipher suites that can be enabled on the 802.11 device:

  • Encryption1
    WEP encryption is supported and enabled on the device. The device either does not support TKIP and AES or these cipher suites are disabled.

    The WEP cipher suite as defined through this OID uses either 40-bit or 104-bit key lengths. Other extended key lengths are not supported for the WEP cipher suite.

  • Encryption2
    WEP and TKIP encryption are supported and enabled on the device. The device either does not support AES or this cipher suite is disabled.

  • Encryption3
    WEP, TKIP, and AES encryption are supported and enabled on the device.

    The AES cipher suite as defined through this OID is AES-CCMP. If the device supports other variants of the AES cipher suite, it cannot advertise support for the Encryption3 encryption mode unless the device also supports AES-CCMP.

For more information regarding encryption modes, refer to 802.11 Encryption.

If the miniport driver cannot accept the specified encryption mode, it must return NDIS_STATUS_NOT_ACCEPTED.

If an invalid type is specified in the set request, the miniport driver must return NDIS_STATUS_INVALID_DATA.

If the device does not support Temporal Key Integrity Protocol (TKIP), the miniport driver must fail any set request that specifies Ndis802_11Encryption3Enabled or Ndis802_11Encryption2Enabled, and return NDIS_STATUS_NOT_SUPPORTED.

If the device does not support Advanced Encryption Standard (AES), the miniport driver must fail any set request that specifies Ndis802_11Encryption3Enabled, and return NDIS_STATUS_NOT_SUPPORTED.

If Wireless Equivalent Privacy (WEP), TKIP, or AES are enabled, but a transmit key is not available, the device must send only 802.1X packets unencrypted. In this scenario, the device must not send other types of packets, such as TCP or UDP packets.

When queried, this OID requests that the miniport driver return its current encryption mode. In response, the miniport driver can indicate which encryption mode is enabled or disabled, that the transmit key is absent, or that encryption is not supported.

The data passed in a query or set of this OID is the NDIS_802_11_ENCRYPTION_STATUS enumeration, which defines the following encryption status values:

  • Ndis802_11EncryptionNotSupported
    Encryption using the WEP, TKIP, and AES cipher suites is not supported.

  • Ndis802_11EncryptionDisabled
    AES, TKIP, and WEP are disabled, and a transmit key is available.

  • Ndis802_11Encryption1Enabled
    WEP is enabled; TKIP and AES are disabled. A transmit key may or may not be available.

  • Ndis802_11Encryption1KeyAbsent
    WEP, TKIP and AES are disabled. A transmit key is not available.

  • Ndis802_11Encryption2Enabled
    TKIP and WEP are enabled; AES is disabled. A transmit key is available.

  • Ndis802_11Encryption2KeyAbsent
    TKIP and WEP are enabled; AES is disabled. A transmit key is not available.

  • Ndis802_11Encryption3Enabled
    AES, TKIP, and WEP are enabled, and a transmit key is available.

  • Ndis802_11Encryption3KeyAbsent
    AES, TKIP, and WEP are enabled. A transmit keys is not available.

When a device is neither associated with an access point nor operating in ad hoc mode, the transmit key status is based on the availability of a transmit key in the set of default keys.

This OID enables or disables the cipher suites (and, for AES and TKIP, the integrity suites) in groups. For example, specifying Ndis802_11Encryption3Enabled enables TKIP, AES, and WEP. This behavior does not reflect any network-policy decisions made elsewhere that determine which ciphers an access point must support to allow a client to associate with it.

The device must not associate with an access point that advertises any cipher suite that is not supported by the device or is not enabled in the device's current encryption mode.

The following values are valid for set operations:

Ndis802_11Encryption1Enabled

Ndis802_11Encryption2Enabled

Ndis802_11Encryption3Enabled

Ndis802_11EncryptionDisabled

The following table shows the encryption modes that the miniport driver returns when queried by this OID. The returned value is based on the status of the device's cipher suites and availability of a transmit key.

Encryption mode returned AES status TKIP status WEP status Transmit key available
Ndis802_11EncryptionNotSupported Not supported Not supported Not supported No
Ndis802_11EncryptionNotSupported Not supported Not supported Not supported Yes
Ndis802_11Encryption1KeyAbsent Disabled / not supported Disabled / not supported Disabled No
Ndis802_11EncryptionDisabled Disabled / not supported Disabled / not supported Disabled Yes
Ndis802_11Encryption1Enabled Disabled / not supported Disabled / not supported Enabled No
Ndis802_11Encryption1Enabled Disabled / not supported Disabled / not supported Enabled Yes
Ndis802_11Encryption2KeyAbsent Disabled / not supported Enabled Enabled No
Ndis802_11Encryption2Enabled Disabled / not supported Enabled Enabled Yes
Ndis802_11Encryption3KeyAbsent Enabled Enabled Enabled No
Ndis802_11Encryption3Enabled Enabled Enabled Enabled Yes

 

The encryption state affects some of the values in the 802.11 WPA and RSN information element (IE) of the device's associate and reassociate requests. The encryption state also determines whether the device associates with the access point or authenticates in ad hoc mode.

AP unicast cipher AP multicast cipher Encryption mode ESS associate or IBSS authenticate Associate unicast cipher Associate multicast cipher
None WEP Ndis802_11Encryption1Enabled Yes None WEP
None WEP Ndis802_11Encryption2Enabled No Not applicable Not applicable
None WEP Ndis802_11Encryption3Enabled No Not applicable Not applicable
None TKIP Ndis802_11Encryption1Enabled No Not applicable Not applicable
None TKIP Ndis802_11Encryption2Enabled Yes None TKIP
None TKIP Ndis802_11Encryption3Enabled No Not applicable Not applicable
None AES Ndis802_11Encryption1Enabled No Not applicable Not applicable
None AES Ndis802_11Encryption2Enabled No Not applicable Not applicable
None AES Ndis802_11Encryption3Enabled Yes None AES
TKIP WEP Ndis802_11Encryption1Enabled No Not applicable Not applicable
TKIP WEP Ndis802_11Encryption2Enabled Yes TKIP WEP
TKIP WEP Ndis802_11Encryption3Enabled No Not applicable Not applicable
TKIP TKIP Ndis802_11Encryption1Enabled No Not applicable Not applicable
TKIP TKIP Ndis802_11Encryption2Enabled Yes TKIP TKIP
TKIP TKIP Ndis802_11Encryption3Enabled No Not applicable Not applicable
TKIP AES Ndis802_11Encryption1Enabled No Not applicable Not applicable
TKIP AES Ndis802_11Encryption2Enabled No Not applicable Not applicable
TKIP AES Ndis802_11Encryption3Enabled No Not applicable Not applicable
AES WEP Ndis802_11Encryption1Enabled No Not applicable Not applicable
AES WEP Ndis802_11Encryption2Enabled No Not applicable Not applicable
AES WEP Ndis802_11Encryption3Enabled Yes AES WEP
AES TKIP Ndis802_11Encryption1Enabled No Not applicable Not applicable
AES TKIP Ndis802_11Encryption2Enabled No Not applicable Not applicable
AES TKIP Ndis802_11Encryption3Enabled Yes AES TKIP
AES AES Ndis802_11Encryption1Enabled No Not applicable Not applicable
AES AES Ndis802_11Encryption2Enabled No Not applicable Not applicable
AES AES Ndis802_11Encryption3Enabled Yes AES AES

 

 

 

Send comments about this topic to Microsoft