mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 08:48:31 -05:00
tests: PEAP/GTC key lifetime in memory
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
6110753b18
commit
cdc23db2a6
@ -136,6 +136,7 @@ radius_accept_attr=56:x:32000011
|
|||||||
"DOMAIN\user3" MSCHAPV2 "password" [2]
|
"DOMAIN\user3" MSCHAPV2 "password" [2]
|
||||||
"user-no-passwd" MSCHAPV2,MD5,GTC [2]
|
"user-no-passwd" MSCHAPV2,MD5,GTC [2]
|
||||||
"cert user" TLS [2]
|
"cert user" TLS [2]
|
||||||
|
"user-secret" GTC "63d2d21ac3c09ed567ee004a34490f1d16e7fa5835edf17ddba70a63f1a90a25" [2]
|
||||||
|
|
||||||
"hs20-deauth-test" TTLS-MSCHAPV2 "password" [2]
|
"hs20-deauth-test" TTLS-MSCHAPV2 "password" [2]
|
||||||
radius_accept_attr=26:x:00009f680405016400
|
radius_accept_attr=26:x:00009f680405016400
|
||||||
|
@ -5074,10 +5074,24 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params):
|
|||||||
p = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
p = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||||
hapd = hostapd.add_ap(apdev[0], p)
|
hapd = hostapd.add_ap(apdev[0], p)
|
||||||
password = "63d2d21ac3c09ed567ee004a34490f1d16e7fa5835edf17ddba70a63f1a90a25"
|
password = "63d2d21ac3c09ed567ee004a34490f1d16e7fa5835edf17ddba70a63f1a90a25"
|
||||||
pid = find_wpas_process(dev[0])
|
|
||||||
id = eap_connect(dev[0], hapd, "TTLS", "pap-secret",
|
id = eap_connect(dev[0], hapd, "TTLS", "pap-secret",
|
||||||
anonymous_identity="ttls", password=password,
|
anonymous_identity="ttls", password=password,
|
||||||
ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
|
ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
|
||||||
|
run_eap_key_lifetime_in_memory(dev, params, id, password)
|
||||||
|
|
||||||
|
def test_wpa2_eap_peap_gtc_key_lifetime_in_memory(dev, apdev, params):
|
||||||
|
"""Key lifetime in memory with WPA2-Enterprise using PEAP/GTC"""
|
||||||
|
p = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||||
|
hapd = hostapd.add_ap(apdev[0], p)
|
||||||
|
password = "63d2d21ac3c09ed567ee004a34490f1d16e7fa5835edf17ddba70a63f1a90a25"
|
||||||
|
id = eap_connect(dev[0], hapd, "PEAP", "user-secret",
|
||||||
|
anonymous_identity="peap", password=password,
|
||||||
|
ca_cert="auth_serv/ca.pem", phase2="auth=GTC")
|
||||||
|
run_eap_key_lifetime_in_memory(dev, params, id, password)
|
||||||
|
|
||||||
|
def run_eap_key_lifetime_in_memory(dev, params, id, password):
|
||||||
|
pid = find_wpas_process(dev[0])
|
||||||
|
|
||||||
# The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
|
# The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
|
||||||
# event has been delivered, so verify that wpa_supplicant has returned to
|
# event has been delivered, so verify that wpa_supplicant has returned to
|
||||||
# eloop before reading process memory.
|
# eloop before reading process memory.
|
||||||
@ -5097,10 +5111,12 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params):
|
|||||||
gtk = None
|
gtk = None
|
||||||
with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
|
with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
|
||||||
for l in f.readlines():
|
for l in f.readlines():
|
||||||
if "EAP-TTLS: Derived key - hexdump" in l:
|
if "EAP-TTLS: Derived key - hexdump" in l or \
|
||||||
|
"EAP-PEAP: Derived key - hexdump" in l:
|
||||||
val = l.strip().split(':')[3].replace(' ', '')
|
val = l.strip().split(':')[3].replace(' ', '')
|
||||||
msk = binascii.unhexlify(val)
|
msk = binascii.unhexlify(val)
|
||||||
if "EAP-TTLS: Derived EMSK - hexdump" in l:
|
if "EAP-TTLS: Derived EMSK - hexdump" in l or \
|
||||||
|
"EAP-PEAP: Derived EMSK - hexdump" in l:
|
||||||
val = l.strip().split(':')[3].replace(' ', '')
|
val = l.strip().split(':')[3].replace(' ', '')
|
||||||
emsk = binascii.unhexlify(val)
|
emsk = binascii.unhexlify(val)
|
||||||
if "WPA: PMK - hexdump" in l:
|
if "WPA: PMK - hexdump" in l:
|
||||||
|
Loading…
Reference in New Issue
Block a user