wpa_supplicant state machines
like WAPI, EAP, etc. will also be authenticated before association.
DISCONNECTED This state indicates that the client is not associated, but may start looking for an access point. Enter this state when the connection is disconnected.
INACTIVE If there is no enabled network, then enter this state
, wpa_supplicant does not try to
interact with the new network and the outside, wpa_supplicant is disabled
INTERFACE_DISABLED If the network interface is disabled , then enter this state. wpa_supplicant refuses to
use the radio until the interface is enabled.
AUTHENTICATING (pre-association of identity authentication) When wpa_supplicant finds a suitable BSS, it enters this state
for authentication, and the driver is configured to try to authenticate with this BSS.
UNINITIALIZED This is an additional pseudo-state to handle situations where wpa_supplicant is not running and/or we cannot establish a connection with it
SCANNING -> ASSOCIATING -> ASSOCIATED -> 4WAY_HANDSHAKE -> GROUP_HANDSHAKE -> COMPLETED
Four-way handshake:
Initialization: Broadcast AP's SSID and MAC address continuously.
AP generates PSK=PMK=(pwd+ssid+ssid length+4096) pwd is the password preset by AP
. First handshake: AP generates Anonce (random code) )
STA obtains the broadcast ssid and mac, and obtains the random code generated by ap. The
client generates PSK=PMK=(pwd+ssid+ssid length+4096) pwd is the password entered by the
client. The client also generates the random code Snonce
generates PTK=PMK +Anonce+Snonce+AP mac+STA mac
extracts the first 16 bytes of PTK to become the MIC key and 802.1x data frame through the algorithm to obtain the MIC value MIC (CL) = HMAC_MD5 (MIC key, 16, 802.1x frame) The
second handshake: AP acquires Snonce obtained from the STA, STA MAC, MIC
AP generates a PTK, generates a MIC
STA generates a random code and MIC has, no action
third handshake: consistent AP-end parity AP and the STA generate the MIC MIC generated,
generating The temporary broadcast key GTK
sends a broadcast notification to the STA to install GTK and PTK.
AP installs its own PTK and GTK.
STA receives the GTK sent by the AP and installs its own PTK and AP’s GTK. The
fourth handshake: After the client installs PTK and GTK, Notify AP
AP to confirm that PTK and GTK are installed, and proceed to the next step of data frame control frame operation