Wi-Fi Protected Access (WPA/WPA2)

Microchip TCP/IP Stack

Microchip TCP/IP Stack Help
Wi-Fi Protected Access (WPA/WPA2)
Wi-Fi PROTECTED ACCESS (WPA/WPA2)

Refer to the Wi-Fi Protected Access (WPA) Enhanced Security Implementation Based on IEEE P802.11i standard. 

Other equivalent WPA/WPA2 terminologies used are WPA - 4 way handshake or EAPOL - 4 way handshake or 802.1X authentication. 

 

Upon initial connection, after authentication followed by association, WPA/WPA2 EAPOL 4-way handshaking will takes place. 

 

WPA/WPA2 security modes supported are

  • WF_SECURITY_WPA_WITH_KEY

WPA-PSK Personal where binary key is given to MRF24W

  • WF_SECURITY_WPA_WITH_PASS_PHRASE

WPA-PSK Personal where passphrase is given to MRF24W and it calculates the binary key

  • WF_SECURITY_WPA2_WITH_KEY

WPA2-PSK Personal where binary key is given to MRF24W

  • WF_SECURITY_WPA2_WITH_PASS_PHRASE

WPA2-PSK Personal where passphrase is given to MRF24W and it calculates the binary key

  • WF_SECURITY_WPA_AUTO_WITH_KEY

WPA-PSK Personal or WPA2-PSK Personal where binary key is given and MRF24W will connect at highest level AP supports (WPA or WPA2)

  • WF_SECURITY_WPA_AUTO_WITH_PASS_PHRASE

WPA-PSK Personal or WPA2-PSK Personal where passphrase is given to MRF24W and it calculates the binary key and connects at highest level AP supports (WPA or WPA2). 

 

MRF24W can be configured to accept either binary key or passphrase, through MY_DEFAULT_WIFI_SECURITY_MODE compile-time definiton. The WPA/WPA2 authentication process involves key derivation from the given passphrase. 

Since this key derivation process is computational intensive and requires memory space, options are given

  • Host to derive the key from the passphrase

DERIVE_KEY_FROM_PASSPHRASE_IN_HOST needs to be enabled. Refer to function prototype pbkdf2_sha1() in WF_pbkdf2.c for the algorithm. 

In this scenario, MRF24W will generate an event (WF_EVENT_KEY_CALCULATION_REQUEST) to host (eg PIC32) and set g_WpsPassphrase.valid to TRUE. Upon receipt of this event, the host will execute the function WF_ConvPassphrase2Key() to convert the passphrase to key. Upon completion of this conversion, the host will call WF_SetPSK() to pass the converted key to MRF24W.

  • MRF24W will handle the entire WPA/WPA2 passphase and then key derivation

MRF24WB0M consumes about ~32 seconds whereas MRF24WG0M will consume about ~25 seconds.

Functions
 
Name 
Description 
 
Updates the PMK element in the connection profile ID retrieved out of 802.1x authentication process 
 
Allow host to convert passphrase to key 
 
This is function pbkdf2_sha1. 
Microchip TCP/IP Stack 5.42.08 - June 15, 2013
Copyright © 2012 Microchip Technology, Inc.  All rights reserved.