tests: Allow wpa_supplicant to maintain GTK in memory during association

This is needed to allow GTK configuration triggers to verify whether the
key has changed.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2017-08-05 17:07:36 +03:00
parent d7f0bef94e
commit 6db556b21d
5 changed files with 10 additions and 15 deletions

View file

@ -5032,9 +5032,6 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params):
raise Exception("KEK not found while associated") raise Exception("KEK not found while associated")
if tk in buf: if tk in buf:
raise Exception("TK found from memory") raise Exception("TK found from memory")
if gtk in buf:
get_key_locations(buf, gtk, "GTK")
raise Exception("GTK found from memory")
logger.info("Checking keys in memory after disassociation") logger.info("Checking keys in memory after disassociation")
buf = read_process_memory(pid, password) buf = read_process_memory(pid, password)
@ -5049,6 +5046,8 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params):
verify_not_present(buf, kck, fname, "KCK") verify_not_present(buf, kck, fname, "KCK")
verify_not_present(buf, kek, fname, "KEK") verify_not_present(buf, kek, fname, "KEK")
verify_not_present(buf, tk, fname, "TK") verify_not_present(buf, tk, fname, "TK")
if gtk in buf:
get_key_locations(buf, gtk, "GTK")
verify_not_present(buf, gtk, fname, "GTK") verify_not_present(buf, gtk, fname, "GTK")
dev[0].request("PMKSA_FLUSH") dev[0].request("PMKSA_FLUSH")

View file

@ -913,9 +913,6 @@ def test_ft_psk_key_lifetime_in_memory(dev, apdev, params):
raise Exception("KEK not found while associated") raise Exception("KEK not found while associated")
if tk in buf: if tk in buf:
raise Exception("TK found from memory") raise Exception("TK found from memory")
if gtk in buf:
get_key_locations(buf, gtk, "GTK")
raise Exception("GTK found from memory")
logger.info("Checking keys in memory after disassociation") logger.info("Checking keys in memory after disassociation")
buf = read_process_memory(pid, pmk) buf = read_process_memory(pid, pmk)
@ -932,6 +929,8 @@ def test_ft_psk_key_lifetime_in_memory(dev, apdev, params):
verify_not_present(buf, kck, fname, "KCK") verify_not_present(buf, kck, fname, "KCK")
verify_not_present(buf, kek, fname, "KEK") verify_not_present(buf, kek, fname, "KEK")
verify_not_present(buf, tk, fname, "TK") verify_not_present(buf, tk, fname, "TK")
if gtk in buf:
get_key_locations(buf, gtk, "GTK")
verify_not_present(buf, gtk, fname, "GTK") verify_not_present(buf, gtk, fname, "GTK")
dev[0].request("REMOVE_NETWORK all") dev[0].request("REMOVE_NETWORK all")

View file

@ -1839,9 +1839,6 @@ def test_wpa2_psk_key_lifetime_in_memory(dev, apdev, params):
raise Exception("KEK not found while associated") raise Exception("KEK not found while associated")
if tk in buf: if tk in buf:
raise Exception("TK found from memory") raise Exception("TK found from memory")
if gtk in buf:
get_key_locations(buf, gtk, "GTK")
raise Exception("GTK found from memory")
logger.info("Checking keys in memory after disassociation") logger.info("Checking keys in memory after disassociation")
buf = read_process_memory(pid, pmk) buf = read_process_memory(pid, pmk)
@ -1854,6 +1851,8 @@ def test_wpa2_psk_key_lifetime_in_memory(dev, apdev, params):
verify_not_present(buf, kck, fname, "KCK") verify_not_present(buf, kck, fname, "KCK")
verify_not_present(buf, kek, fname, "KEK") verify_not_present(buf, kek, fname, "KEK")
verify_not_present(buf, tk, fname, "TK") verify_not_present(buf, tk, fname, "TK")
if gtk in buf:
get_key_locations(buf, gtk, "GTK")
verify_not_present(buf, gtk, fname, "GTK") verify_not_present(buf, gtk, fname, "GTK")
dev[0].request("REMOVE_NETWORK all") dev[0].request("REMOVE_NETWORK all")

View file

@ -318,9 +318,6 @@ def test_erp_key_lifetime_in_memory(dev, apdev, params):
raise Exception("KEK not found while associated") raise Exception("KEK not found while associated")
if tk in buf: if tk in buf:
raise Exception("TK found from memory") raise Exception("TK found from memory")
if gtk in buf:
get_key_locations(buf, gtk, "GTK")
raise Exception("GTK found from memory")
logger.info("Checking keys in memory after disassociation") logger.info("Checking keys in memory after disassociation")
buf = read_process_memory(pid, password) buf = read_process_memory(pid, password)
@ -337,6 +334,8 @@ def test_erp_key_lifetime_in_memory(dev, apdev, params):
verify_not_present(buf, kck, fname, "KCK") verify_not_present(buf, kck, fname, "KCK")
verify_not_present(buf, kek, fname, "KEK") verify_not_present(buf, kek, fname, "KEK")
verify_not_present(buf, tk, fname, "TK") verify_not_present(buf, tk, fname, "TK")
if gtk in buf:
get_key_locations(buf, gtk, "GTK")
verify_not_present(buf, gtk, fname, "GTK") verify_not_present(buf, gtk, fname, "GTK")
dev[0].request("RECONNECT") dev[0].request("RECONNECT")

View file

@ -346,9 +346,6 @@ def test_sae_key_lifetime_in_memory(dev, apdev, params):
raise Exception("KEK not found while associated") raise Exception("KEK not found while associated")
if tk in buf: if tk in buf:
raise Exception("TK found from memory") raise Exception("TK found from memory")
if gtk in buf:
get_key_locations(buf, gtk, "GTK")
raise Exception("GTK found from memory")
verify_not_present(buf, sae_k, fname, "SAE(k)") verify_not_present(buf, sae_k, fname, "SAE(k)")
verify_not_present(buf, sae_keyseed, fname, "SAE(keyseed)") verify_not_present(buf, sae_keyseed, fname, "SAE(keyseed)")
verify_not_present(buf, sae_kck, fname, "SAE(KCK)") verify_not_present(buf, sae_kck, fname, "SAE(KCK)")
@ -364,6 +361,8 @@ def test_sae_key_lifetime_in_memory(dev, apdev, params):
verify_not_present(buf, kck, fname, "KCK") verify_not_present(buf, kck, fname, "KCK")
verify_not_present(buf, kek, fname, "KEK") verify_not_present(buf, kek, fname, "KEK")
verify_not_present(buf, tk, fname, "TK") verify_not_present(buf, tk, fname, "TK")
if gtk in buf:
get_key_locations(buf, gtk, "GTK")
verify_not_present(buf, gtk, fname, "GTK") verify_not_present(buf, gtk, fname, "GTK")
verify_not_present(buf, sae_k, fname, "SAE(k)") verify_not_present(buf, sae_k, fname, "SAE(k)")
verify_not_present(buf, sae_keyseed, fname, "SAE(keyseed)") verify_not_present(buf, sae_keyseed, fname, "SAE(keyseed)")