tests: Make key-lifetime-in-memory more robust for GTK check

The decrypted copy of a GTK from EAPOL-Key is cleared from memory only after having sent out CTRL-EVENT-CONNECTED. As such, there was a race condition on the test case reading the wpa_supplicant process memory after the connection. This was unlikely to occur due to the one second sleep, but even with that, it would be at least theorically possible to hit this race under heavy load (e.g., when using large number of VMs to run parallel testing). Avoid this by running a PING command to make sure wpa_supplicant has returned to eloop before reading the process memory. This should make it less likely to report false positives on GTK being found in memory. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-14 17:23:47 +02:00 · 2015-12-14 17:23:47 +02:00 · 8e416cecdb
parent f089cdf98e
commit 8e416cecdb
5 changed files with 20 additions and 0 deletions
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@ -3379,7 +3379,11 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params):
    id = eap_connect(dev[0], apdev[0], "TTLS", "pap-secret",
                     anonymous_identity="ttls", password=password,
                     ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
+    # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
+    # event has been delivered, so verify that wpa_supplicant has returned to
+    # eloop before reading process memory.
    time.sleep(1)
+    dev[0].ping()
    buf = read_process_memory(pid, password)

    dev[0].request("DISCONNECT")
--- a/tests/hwsim/test_ap_ft.py
+++ b/tests/hwsim/test_ap_ft.py
@ -600,7 +600,11 @@ def test_ft_psk_key_lifetime_in_memory(dev, apdev, params):

    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
                   scan_freq="2412")
+    # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
+    # event has been delivered, so verify that wpa_supplicant has returned to
+    # eloop before reading process memory.
    time.sleep(1)
+    dev[0].ping()

    buf = read_process_memory(pid, pmk)

--- a/tests/hwsim/test_ap_psk.py
+++ b/tests/hwsim/test_ap_psk.py
@ -1766,7 +1766,11 @@ def test_wpa2_psk_key_lifetime_in_memory(dev, apdev, params):
    get_key_locations(buf, pmk, "PMK")

    dev[0].connect_network(id, timeout=20)
+    # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
+    # event has been delivered, so verify that wpa_supplicant has returned to
+    # eloop before reading process memory.
    time.sleep(1)
+    dev[0].ping()

    buf = read_process_memory(pid, pmk)

--- a/tests/hwsim/test_erp.py
+++ b/tests/hwsim/test_erp.py
@ -246,7 +246,11 @@ def test_erp_key_lifetime_in_memory(dev, apdev, params):
                   ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
                   erp="1", scan_freq="2412")

+    # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
+    # event has been delivered, so verify that wpa_supplicant has returned to
+    # eloop before reading process memory.
    time.sleep(1)
+    dev[0].ping()
    buf = read_process_memory(pid, password)

    dev[0].request("DISCONNECT")
--- a/tests/hwsim/test_sae.py
+++ b/tests/hwsim/test_sae.py
@ -272,7 +272,11 @@ def test_sae_key_lifetime_in_memory(dev, apdev, params):
    id = dev[0].connect("test-sae", psk=password, key_mgmt="SAE",
                        scan_freq="2412")

+    # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
+    # event has been delivered, so verify that wpa_supplicant has returned to
+    # eloop before reading process memory.
    time.sleep(1)
+    dev[0].ping()
    buf = read_process_memory(pid, password)

    dev[0].request("DISCONNECT")