Wi-Fi security authentication method and communication apparatus

What is claimed is: 1. A wireless fidelity (Wi-Fi) security authentication method, applied to an access point (AP), comprising: receiving a first access request from a supplicant, wherein the first access request carries a first parameter, and the first parameter is a parameter generated by the supplicant based on a generator of a cyclic group and a first random number; generating a second random number, generating a second parameter based on the second random number and the generator of the cyclic group, and sending the second parameter to the supplicant, so that the supplicant generates a first pairwise master key based on the second parameter, wherein the second random number is a positive integer not greater than an order of the cyclic group; generating a second pairwise master key based on the second random number, the first parameter, the second parameter, and a first target random key, wherein the first target random key is a random key newly allocated to the supplicant; and performing a four-way handshake authentication procedure with the supplicant based on the first pairwise master key and the second pairwise master key. 2. The method according to claim 1 , further comprising: in a process of performing the four-way handshake authentication procedure with the supplicant, upon determining that the second pairwise master key is different from the first pairwise master key, generating a third pairwise master key based on the second random number, the first parameter, the second parameter, and a second target random key, wherein the second target random key is a random key allocated to the supplicant before the first target random key; and performing the four-way handshake authentication procedure with the supplicant based on the third pairwise master key. 3. The method according to claim 1 , further comprising: after successfully performing the four-way handshake authentication procedure with the supplicant, allocating a new random key to the supplicant, and storing the new random key. 4. The method according to claim 1 , wherein the first access request further comprises an identifier of the supplicant; and after the receiving a first access request from a supplicant and before the generating a second parameter based on the second random number, the method further comprises: generating a verification token based on the identifier of the supplicant, and sending the verification token to the supplicant; and receiving a second access request from the supplicant, and determining that the second access request carries the verification token. 5. The method according to claim 4 , wherein the generating a second pairwise master key based on the second random number, the first parameter, the second parameter, and a first target random key comprises: generating a third parameter based on the second random number and the first parameter; and obtaining the second pairwise master key through calculation based on the first parameter, the second parameter, the third parameter, the identifier of the supplicant, an identifier of the AP, and the first target random key by using a key derivation function. 6. The method according to claim 1 , wherein before the receiving a first access request from a supplicant, the method further comprises: performing a password authenticated key exchange (PAKE) procedure with the supplicant based on a password, and after successfully performing the PAKE procedure with the supplicant, allocating an initial random key to the supplicant; or receiving an access authorization request from the supplicant, wherein the access authorization request requests to access the AP, authorizing the supplicant, and allocating an initial random key to the supplicant after the authorization succeeds; and storing the initial random key. 7. The method according to claim 1 , wherein the receiving a first access request from a supplicant comprises: receiving the first access request that is from the supplicant and that is forwarded by a master supplicant, wherein the master supplicant is a supplicant that first accesses the AP, or is a preset supplicant. 8. A wireless fidelity (Wi-Fi) security authentication method, applied to a supplicant, comprising: generating a first random number, and generating a first parameter based on the first random number and a generator of a cyclic group, wherein the first random number is a positive integer not greater than an order of the cyclic group; sending a first access request to an accessed access point (AP), wherein the first access request carries the first parameter, so that the AP generates a second pairwise master key based on the first parameter; receiving a second parameter from the AP, wherein the second parameter is a parameter generated by the AP based on the generator of the cyclic group and a second random number; generating a first pairwise master key based on the first random number, the first parameter, the second parameter, and a third target random key, wherein the third target random key is a stored random key newly allocated by the AP; and performing a four-way handshake authentication procedure with the AP based on the first pairwise master key and the second pairwise master key. 9. The method according to claim 8 , further comprising: after successfully performing the four-way handshake authentication procedure with the AP, receiving a new random key allocated by the supplicant, and storing the new random key. 10. The method according to claim 8 , wherein the first access request further comprises an identifier of the supplicant; and after the sending a first access request to an AP and before the receiving a second parameter from the AP, the method further comprises: receiving a token from the AP; and sending a second access request to the AP, wherein the second access request carries the token. 11. The method according to claim 10 , wherein the generating a first pairwise master key based on the first random number, the first parameter, the second parameter, and a third target random key comprises: generating a third parameter based on the first random number and the second parameter; and obtaining the first pairwise master key through calculation based on the first parameter, the second parameter, the third parameter, the identifier of the supplicant, an identifier of the AP, and the third target random key by using a key derivation function. 12. The method according to claim 8 , wherein before the generating a first random number, the method further comprises: performing a password authenticated key exchange (PAKE) procedure with the AP based on a password, and receiving an initial random key allocated by the AP; or sending an access authorization request to the AP, wherein the access authorization request requests to access the AP, and receiving an initial random key allocated by the AP. 13. The method according to claim 8 , wherein the sending a first access request to an AP comprises: sending the first access request to the AP through forwarding by a master supplicant, wherein the master supplicant is a supplicant that first accesses the AP, or is a preset supplicant. 14. A communication apparatus, comprising a transceiver and at least one processor, wherein the transceiver is configured to receive a first access request from a supplicant, wherein the first access request carries a first parameter, and the first parameter is a parameter generated by the supplicant based on a generator of a cyclic group and a first random number; and the at least one processor is coupled to the transceiver and cooperates with the transceiver, and