This section details the partitioning of the TCP/IP networking stack and the IEEE 802.11 Wi-Fi® stack across the host Microcontroller Unit (MCU) and nRF7002.
This description is based on Zephyr™ TCP/IP networking stack and an nRF5340 host MCU. However, the partitioning applies equally to other operating systems and host MCUs supporting a compatible Serial Peripheral Interface (SPI)/Quad Serial Peripheral Interface (QSPI).
The TCP/IP networking stack and Wi-Fi driver execute on the host MCU (for example, nRF5340) and communicate with the MAC layer on nRF7002 through SPI/QSPI. The Wi-Fi driver presents control and data interfaces (Control IF/Data IF) to the TCP/IP networking stack.
Control IF
The Control IF interfaces with the Network Management API (net_mgmt). The Control IF implements functionality like scanning, connecting to a Service Set Identifier (SSID), or setting the encryption key.
Data IF
The Data IF interfaces with the L2 Network Technologies layer of the TCP/IP networking stack. The Wi-Fi driver presents the nRF7002 as an Ethernet device to the data path of the TCP/IP networking stack. In the TX path, it receives Ethernet frames from the upper layers and in the RX path sends Ethernet frames to it. The Wi-Fi driver takes care of converting Wi-Fi frames to Ethernet frames in the RX path.
Supplicant
The supplicant is implemented as part of the Wi-Fi driver and provides the following functionality:
- 802.11 authentication and association
- The supplicant requests the driver to scan neighbouring Basic Service Set (BSS)s and then requests the driver to associate with a chosen BSS. 802.11 authentication is the first step in network attachment. 802.11 authentication requires a Station (STA) to establish its identity with an Access Point (AP). No data encryption or security is available at this stage.
- Wi-Fi Protected Access®(WPA™) authentication
- The supplicant implements the authentication services and port control
described in the IEEE802.1X standard. The initial authentication process is
carried out using either of the following:
- Pre-shared Key (PSK)
- Following an Extensible Authentication Plan (EAP) exchange through 802.1X (known as EAPOL, which requires an authentication server).
This process ensures that the client station (STA) is authenticated with the AP. This also results in the generation of a shared Pairwise Master Key (PMK) at both the STA and AP.
- 4-way handshake
- The 4-way handshake is designed such that the STA and AP can prove to each
other their knowledge of the PMK without actually disclosing the key. The
4-way handshake generates the following:
- Pairwise Transient Key (PTK): This is used to protect unicast data.
- Group Temporal Key (GTK): This is used to protect multicast and broadcast data
- Roaming
- When connected to a wireless network with multiple access points, the supplicant is typically responsible for implementing the roaming between access points. The supplicant detects a closer access point (Basic Service Set Identifier (BSSID)) in the current network (SSID), in terms of signal strength (Received Signal Strength Indication (RSSI)), it will reassociate to the closer access point.
- Software Enabled Access Point (SoftAP)
- SoftAP enables a device to turn its wireless interface into a Wi-Fi access point. In SoftAP mode, the supplicant takes care of station onboarding and management. SoftAP support is limited to PSK (WPA Personal) security.
- Peer-to-peer (P2P)
- The supplicant implements the higher layer functionality for managing P2P
groups and takes care of the following:
- Device Discovery
- Service Discovery
- Group Owner Negotiation
- P2P Invitation.
In addition, it maintains information about neighbouring P2P Devices.