From 750904dd42814d9d1bc9dad5ac0fbfaa142c2117 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 29 Dec 2014 21:57:35 +0200 Subject: [PATCH] tests: Extend EAP key lifetime in memory to cover MSK and EMSK Signed-off-by: Jouni Malinen --- tests/hwsim/test_ap_eap.py | 20 +++++++++++++++++++- tests/hwsim/test_erp.py | 20 +++++++++++++++++++- 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index b1dcd8f58..5fe99eb10 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -2261,11 +2261,19 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params): dev[0].wait_disconnected() dev[0].relog() + msk = None + emsk = None pmk = None ptk = None gtk = None with open(os.path.join(params['logdir'], 'log0'), 'r') as f: for l in f.readlines(): + if "EAP-TTLS: Derived key - hexdump" in l: + val = l.strip().split(':')[3].replace(' ', '') + msk = binascii.unhexlify(val) + if "EAP-TTLS: Derived EMSK - hexdump" in l: + val = l.strip().split(':')[3].replace(' ', '') + emsk = binascii.unhexlify(val) if "WPA: PMK - hexdump" in l: val = l.strip().split(':')[3].replace(' ', '') pmk = binascii.unhexlify(val) @@ -2275,7 +2283,7 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params): if "WPA: Group Key - hexdump" in l: val = l.strip().split(':')[3].replace(' ', '') gtk = binascii.unhexlify(val) - if not pmk or not ptk or not gtk: + if not msk or not emsk or not pmk or not ptk or not gtk: raise Exception("Could not find keys from debug log") if len(gtk) != 16: raise Exception("Unexpected GTK length") @@ -2290,6 +2298,8 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params): logger.info("Checking keys in memory while associated") get_key_locations(buf, password, "Password") get_key_locations(buf, pmk, "PMK") + get_key_locations(buf, msk, "MSK") + get_key_locations(buf, emsk, "EMSK") if password not in buf: print("Password not found while associated") return "skip" @@ -2313,6 +2323,8 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params): get_key_locations(buf, password, "Password") get_key_locations(buf, pmk, "PMK") + get_key_locations(buf, msk, "MSK") + get_key_locations(buf, emsk, "EMSK") verify_not_present(buf, kck, fname, "KCK") verify_not_present(buf, kek, fname, "KEK") verify_not_present(buf, tk, fname, "TK") @@ -2324,6 +2336,8 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params): buf = read_process_memory(pid, password) get_key_locations(buf, password, "Password") get_key_locations(buf, pmk, "PMK") + get_key_locations(buf, msk, "MSK") + get_key_locations(buf, emsk, "EMSK") verify_not_present(buf, pmk, fname, "PMK") dev[0].request("REMOVE_NETWORK all") @@ -2333,9 +2347,13 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params): get_key_locations(buf, password, "Password") get_key_locations(buf, pmk, "PMK") + get_key_locations(buf, msk, "MSK") + get_key_locations(buf, emsk, "EMSK") verify_not_present(buf, password, fname, "password") verify_not_present(buf, pmk, fname, "PMK") verify_not_present(buf, kck, fname, "KCK") verify_not_present(buf, kek, fname, "KEK") verify_not_present(buf, tk, fname, "TK") verify_not_present(buf, gtk, fname, "GTK") + verify_not_present(buf, msk, fname, "MSK") + verify_not_present(buf, emsk, fname, "EMSK") diff --git a/tests/hwsim/test_erp.py b/tests/hwsim/test_erp.py index 9a1827e09..af7c2d0e7 100644 --- a/tests/hwsim/test_erp.py +++ b/tests/hwsim/test_erp.py @@ -248,6 +248,8 @@ def test_erp_key_lifetime_in_memory(dev, apdev, params): dev[0].wait_disconnected(timeout=15) dev[0].relog() + msk = None + emsk = None rRK = None rIK = None pmk = None @@ -255,6 +257,12 @@ def test_erp_key_lifetime_in_memory(dev, apdev, params): gtk = None with open(os.path.join(params['logdir'], 'log0'), 'r') as f: for l in f.readlines(): + if "EAP-TTLS: Derived key - hexdump" in l: + val = l.strip().split(':')[3].replace(' ', '') + msk = binascii.unhexlify(val) + if "EAP-TTLS: Derived EMSK - hexdump" in l: + val = l.strip().split(':')[3].replace(' ', '') + emsk = binascii.unhexlify(val) if "EAP: ERP rRK - hexdump" in l: val = l.strip().split(':')[3].replace(' ', '') rRK = binascii.unhexlify(val) @@ -270,7 +278,7 @@ def test_erp_key_lifetime_in_memory(dev, apdev, params): if "WPA: Group Key - hexdump" in l: val = l.strip().split(':')[3].replace(' ', '') gtk = binascii.unhexlify(val) - if not rIK or not rRK or not pmk or not ptk or not gtk: + if not msk or not emsk or not rIK or not rRK or not pmk or not ptk or not gtk: raise Exception("Could not find keys from debug log") if len(gtk) != 16: raise Exception("Unexpected GTK length") @@ -285,6 +293,8 @@ def test_erp_key_lifetime_in_memory(dev, apdev, params): logger.info("Checking keys in memory while associated") get_key_locations(buf, password, "Password") get_key_locations(buf, pmk, "PMK") + get_key_locations(buf, msk, "MSK") + get_key_locations(buf, emsk, "EMSK") get_key_locations(buf, rRK, "rRK") get_key_locations(buf, rIK, "rIK") if password not in buf: @@ -310,6 +320,8 @@ def test_erp_key_lifetime_in_memory(dev, apdev, params): get_key_locations(buf, password, "Password") get_key_locations(buf, pmk, "PMK") + get_key_locations(buf, msk, "MSK") + get_key_locations(buf, emsk, "EMSK") get_key_locations(buf, rRK, "rRK") get_key_locations(buf, rIK, "rIK") verify_not_present(buf, kck, fname, "KCK") @@ -357,6 +369,8 @@ def test_erp_key_lifetime_in_memory(dev, apdev, params): get_key_locations(buf, password, "Password") get_key_locations(buf, pmk, "PMK") + get_key_locations(buf, msk, "MSK") + get_key_locations(buf, emsk, "EMSK") get_key_locations(buf, rRK, "rRK") get_key_locations(buf, rIK, "rIK") verify_not_present(buf, kck, fname, "KCK") @@ -373,6 +387,8 @@ def test_erp_key_lifetime_in_memory(dev, apdev, params): get_key_locations(buf, password, "Password") get_key_locations(buf, pmk, "PMK") + get_key_locations(buf, msk, "MSK") + get_key_locations(buf, emsk, "EMSK") get_key_locations(buf, rRK, "rRK") get_key_locations(buf, rIK, "rIK") verify_not_present(buf, password, fname, "password") @@ -381,6 +397,8 @@ def test_erp_key_lifetime_in_memory(dev, apdev, params): verify_not_present(buf, kek, fname, "KEK") verify_not_present(buf, tk, fname, "TK") verify_not_present(buf, gtk, fname, "GTK") + verify_not_present(buf, msk, fname, "MSK") + verify_not_present(buf, emsk, fname, "EMSK") dev[0].request("ERP_FLUSH") logger.info("Checking keys in memory after ERP_FLUSH")