more than 1 pmkid in 2/4 message

Jouni Malinen j at
Sat Feb 3 01:15:39 PST 2024

On Sat, Feb 03, 2024 at 01:08:09PM +0530, harisha ja wrote:
> Post reassociation success duing 2/4 message client is trying include 2
> PMKIDs in 2/4 and code is failing below with  ie.num_pmkid

Would you be able to share a sniffer capture showing this behavior? I
would be interested in seeing the exact contents of the RSNE in
(Re)Association Request frame and EAPOL-Key message 2. Is this for the
FT initial mobility domain association or for PTK rekeying during an
association stated through the use of FT protocol?

> Is it expected that the client sends 2 pmkid  in 2/4 message? in
> what situation can it do so?
> In this case should AP honour 2 PMKIDs ?

The IEEE 802.11 standard is somewhat vague on this front. It is possible
to interpret it as indicating that there is only PMKR1Name in the list,
but it looks like it would also be possible to interpret it for the FT
initial mobility domain association case as containing whatever PMKIDs
were included in the (Re)Association Request frame (i.e., something
using for PMKSA caching) and the PMKR1Name added to the list.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list