jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

tests: Extend EAP key lifetime in memory to cover MSK and EMSK

Browse source 
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-12-29 21:57:35 +02:00
parent 5eb513c3ba
commit 750904dd42
2 changed files with 38 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
tests/hwsim/test_ap_eap.py
View file

@ -2261,11 +2261,19 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params):
dev[0].wait_disconnected() dev[0].wait_disconnected()
dev[0].relog() dev[0].relog()
msk = None
emsk = None
pmk = None pmk = None
ptk = None ptk = None
gtk = None gtk = None
with open(os.path.join(params['logdir'], 'log0'), 'r') as f: with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
for l in f.readlines(): for l in f.readlines():
if "EAP-TTLS: Derived key - hexdump" in l:
val = l.strip().split(':')[3].replace(' ', '')
msk = binascii.unhexlify(val)
if "EAP-TTLS: Derived EMSK - hexdump" in l:
val = l.strip().split(':')[3].replace(' ', '')
emsk = binascii.unhexlify(val)
if "WPA: PMK - hexdump" in l: if "WPA: PMK - hexdump" in l:
val = l.strip().split(':')[3].replace(' ', '') val = l.strip().split(':')[3].replace(' ', '')
pmk = binascii.unhexlify(val) pmk = binascii.unhexlify(val)
@ -2275,7 +2283,7 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params):
if "WPA: Group Key - hexdump" in l: if "WPA: Group Key - hexdump" in l:
val = l.strip().split(':')[3].replace(' ', '') val = l.strip().split(':')[3].replace(' ', '')
gtk = binascii.unhexlify(val) gtk = binascii.unhexlify(val)
if not pmk or not ptk or not gtk: if not msk or not emsk or not pmk or not ptk or not gtk:
raise Exception("Could not find keys from debug log") raise Exception("Could not find keys from debug log")
if len(gtk) != 16: if len(gtk) != 16:
raise Exception("Unexpected GTK length") raise Exception("Unexpected GTK length")
@ -2290,6 +2298,8 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params):
logger.info("Checking keys in memory while associated") logger.info("Checking keys in memory while associated")
get_key_locations(buf, password, "Password") get_key_locations(buf, password, "Password")
get_key_locations(buf, pmk, "PMK") get_key_locations(buf, pmk, "PMK")
get_key_locations(buf, msk, "MSK")
get_key_locations(buf, emsk, "EMSK")
if password not in buf: if password not in buf:
print("Password not found while associated") print("Password not found while associated")
return "skip" return "skip"
@ -2313,6 +2323,8 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params):
get_key_locations(buf, password, "Password") get_key_locations(buf, password, "Password")
get_key_locations(buf, pmk, "PMK") get_key_locations(buf, pmk, "PMK")
get_key_locations(buf, msk, "MSK")
get_key_locations(buf, emsk, "EMSK")
verify_not_present(buf, kck, fname, "KCK") verify_not_present(buf, kck, fname, "KCK")
verify_not_present(buf, kek, fname, "KEK") verify_not_present(buf, kek, fname, "KEK")
verify_not_present(buf, tk, fname, "TK") verify_not_present(buf, tk, fname, "TK")
@ -2324,6 +2336,8 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params):
buf = read_process_memory(pid, password) buf = read_process_memory(pid, password)
get_key_locations(buf, password, "Password") get_key_locations(buf, password, "Password")
get_key_locations(buf, pmk, "PMK") get_key_locations(buf, pmk, "PMK")
get_key_locations(buf, msk, "MSK")
get_key_locations(buf, emsk, "EMSK")
verify_not_present(buf, pmk, fname, "PMK") verify_not_present(buf, pmk, fname, "PMK")
dev[0].request("REMOVE_NETWORK all") dev[0].request("REMOVE_NETWORK all")
@ -2333,9 +2347,13 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params):
get_key_locations(buf, password, "Password") get_key_locations(buf, password, "Password")
get_key_locations(buf, pmk, "PMK") get_key_locations(buf, pmk, "PMK")
get_key_locations(buf, msk, "MSK")
get_key_locations(buf, emsk, "EMSK")
verify_not_present(buf, password, fname, "password") verify_not_present(buf, password, fname, "password")
verify_not_present(buf, pmk, fname, "PMK") verify_not_present(buf, pmk, fname, "PMK")
verify_not_present(buf, kck, fname, "KCK") verify_not_present(buf, kck, fname, "KCK")
verify_not_present(buf, kek, fname, "KEK") verify_not_present(buf, kek, fname, "KEK")
verify_not_present(buf, tk, fname, "TK") verify_not_present(buf, tk, fname, "TK")
verify_not_present(buf, gtk, fname, "GTK") verify_not_present(buf, gtk, fname, "GTK")
verify_not_present(buf, msk, fname, "MSK")
verify_not_present(buf, emsk, fname, "EMSK")

20
tests/hwsim/test_erp.py
View file

@ -248,6 +248,8 @@ def test_erp_key_lifetime_in_memory(dev, apdev, params):
dev[0].wait_disconnected(timeout=15) dev[0].wait_disconnected(timeout=15)
dev[0].relog() dev[0].relog()
msk = None
emsk = None
rRK = None rRK = None
rIK = None rIK = None
pmk = None pmk = None
@ -255,6 +257,12 @@ def test_erp_key_lifetime_in_memory(dev, apdev, params):
gtk = None gtk = None
with open(os.path.join(params['logdir'], 'log0'), 'r') as f: with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
for l in f.readlines(): for l in f.readlines():
if "EAP-TTLS: Derived key - hexdump" in l:
val = l.strip().split(':')[3].replace(' ', '')
msk = binascii.unhexlify(val)
if "EAP-TTLS: Derived EMSK - hexdump" in l:
val = l.strip().split(':')[3].replace(' ', '')
emsk = binascii.unhexlify(val)
if "EAP: ERP rRK - hexdump" in l: if "EAP: ERP rRK - hexdump" in l:
val = l.strip().split(':')[3].replace(' ', '') val = l.strip().split(':')[3].replace(' ', '')
rRK = binascii.unhexlify(val) rRK = binascii.unhexlify(val)
@ -270,7 +278,7 @@ def test_erp_key_lifetime_in_memory(dev, apdev, params):
if "WPA: Group Key - hexdump" in l: if "WPA: Group Key - hexdump" in l:
val = l.strip().split(':')[3].replace(' ', '') val = l.strip().split(':')[3].replace(' ', '')
gtk = binascii.unhexlify(val) gtk = binascii.unhexlify(val)
if not rIK or not rRK or not pmk or not ptk or not gtk: if not msk or not emsk or not rIK or not rRK or not pmk or not ptk or not gtk:
raise Exception("Could not find keys from debug log") raise Exception("Could not find keys from debug log")
if len(gtk) != 16: if len(gtk) != 16:
raise Exception("Unexpected GTK length") raise Exception("Unexpected GTK length")
@ -285,6 +293,8 @@ def test_erp_key_lifetime_in_memory(dev, apdev, params):
logger.info("Checking keys in memory while associated") logger.info("Checking keys in memory while associated")
get_key_locations(buf, password, "Password") get_key_locations(buf, password, "Password")
get_key_locations(buf, pmk, "PMK") get_key_locations(buf, pmk, "PMK")
get_key_locations(buf, msk, "MSK")
get_key_locations(buf, emsk, "EMSK")
get_key_locations(buf, rRK, "rRK") get_key_locations(buf, rRK, "rRK")
get_key_locations(buf, rIK, "rIK") get_key_locations(buf, rIK, "rIK")
if password not in buf: if password not in buf:
@ -310,6 +320,8 @@ def test_erp_key_lifetime_in_memory(dev, apdev, params):
get_key_locations(buf, password, "Password") get_key_locations(buf, password, "Password")
get_key_locations(buf, pmk, "PMK") get_key_locations(buf, pmk, "PMK")
get_key_locations(buf, msk, "MSK")
get_key_locations(buf, emsk, "EMSK")
get_key_locations(buf, rRK, "rRK") get_key_locations(buf, rRK, "rRK")
get_key_locations(buf, rIK, "rIK") get_key_locations(buf, rIK, "rIK")
verify_not_present(buf, kck, fname, "KCK") verify_not_present(buf, kck, fname, "KCK")
@ -357,6 +369,8 @@ def test_erp_key_lifetime_in_memory(dev, apdev, params):
get_key_locations(buf, password, "Password") get_key_locations(buf, password, "Password")
get_key_locations(buf, pmk, "PMK") get_key_locations(buf, pmk, "PMK")
get_key_locations(buf, msk, "MSK")
get_key_locations(buf, emsk, "EMSK")
get_key_locations(buf, rRK, "rRK") get_key_locations(buf, rRK, "rRK")
get_key_locations(buf, rIK, "rIK") get_key_locations(buf, rIK, "rIK")
verify_not_present(buf, kck, fname, "KCK") verify_not_present(buf, kck, fname, "KCK")
@ -373,6 +387,8 @@ def test_erp_key_lifetime_in_memory(dev, apdev, params):
get_key_locations(buf, password, "Password") get_key_locations(buf, password, "Password")
get_key_locations(buf, pmk, "PMK") get_key_locations(buf, pmk, "PMK")
get_key_locations(buf, msk, "MSK")
get_key_locations(buf, emsk, "EMSK")
get_key_locations(buf, rRK, "rRK") get_key_locations(buf, rRK, "rRK")
get_key_locations(buf, rIK, "rIK") get_key_locations(buf, rIK, "rIK")
verify_not_present(buf, password, fname, "password") verify_not_present(buf, password, fname, "password")
@ -381,6 +397,8 @@ def test_erp_key_lifetime_in_memory(dev, apdev, params):
verify_not_present(buf, kek, fname, "KEK") verify_not_present(buf, kek, fname, "KEK")
verify_not_present(buf, tk, fname, "TK") verify_not_present(buf, tk, fname, "TK")
verify_not_present(buf, gtk, fname, "GTK") verify_not_present(buf, gtk, fname, "GTK")
verify_not_present(buf, msk, fname, "MSK")
verify_not_present(buf, emsk, fname, "EMSK")
dev[0].request("ERP_FLUSH") dev[0].request("ERP_FLUSH")
logger.info("Checking keys in memory after ERP_FLUSH") logger.info("Checking keys in memory after ERP_FLUSH")