The Pre-shared Key mechanism till association was described here <Wireless Capture Example – Pre-shared Key Part 1>.
In the Pre-shared Key mechanism – the Master Key material for the 4-way EAPOL handshake is obtained from the secret passphrase that is known a-priori between the Access Point and the WLAN station. The reader can understand the mechanism here <Pre-shared Key Mechanism- Generation of Master Key>.
The EAPOL handshake follows the WLAN association. It is shown below
The different messages with a short explanation are shown below
- EAPOL Message 1 – The Access Point sends the AP Nonce (ANonce) to the wireless LAN station
- EAPOL Message 2 – The Station after receipt of the ANonce has all the material to generate the PTK at its end. it computes the keys and responds to the Access Point with the Station Nonce (SNonce) and a MIC value computed over the EAPOL frame. The WPA Key data is the WPA information element added to the EAPOL frame
- EAPOL Message 3 -The Access Point on receipt of the SNonce computes the keys at its end, verifies the MIC and responds to the WLAN station with the Group Temporal Key and receive sequence counter for Group Temporal key. The “install Key bit” and “Key ACK bit” is set and a MIC computed over the EAPOL frame is sent to the WLAN Station
- EAPOL Message 4 – The Station finally sends message 4 with a MIC calculation. The WLAN station contains the relevant keys at this juncture and can configure the keys to its hardware. The Access Point on receipt of the EAPOL Message 4 computes the MIC and verifies it. If the MIC calculation succeeds – it goes ahead and installs the key
- At any point during the EAPOL frame exchange if the MIC verification fails – the EAPOL frame is discarded and the station is disassociated from the Access Point.