tests: PEAP/GTC key lifetime in memory

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2019-02-05 21:26:49 +02:00 committed by Jouni Malinen
parent 6110753b18
commit cdc23db2a6
2 changed files with 20 additions and 3 deletions

View File

@ -136,6 +136,7 @@ radius_accept_attr=56:x:32000011
"DOMAIN\user3" MSCHAPV2 "password" [2] "DOMAIN\user3" MSCHAPV2 "password" [2]
"user-no-passwd" MSCHAPV2,MD5,GTC [2] "user-no-passwd" MSCHAPV2,MD5,GTC [2]
"cert user" TLS [2] "cert user" TLS [2]
"user-secret" GTC "63d2d21ac3c09ed567ee004a34490f1d16e7fa5835edf17ddba70a63f1a90a25" [2]
"hs20-deauth-test" TTLS-MSCHAPV2 "password" [2] "hs20-deauth-test" TTLS-MSCHAPV2 "password" [2]
radius_accept_attr=26:x:00009f680405016400 radius_accept_attr=26:x:00009f680405016400

View File

@ -5074,10 +5074,24 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params):
p = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") p = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hapd = hostapd.add_ap(apdev[0], p) hapd = hostapd.add_ap(apdev[0], p)
password = "63d2d21ac3c09ed567ee004a34490f1d16e7fa5835edf17ddba70a63f1a90a25" password = "63d2d21ac3c09ed567ee004a34490f1d16e7fa5835edf17ddba70a63f1a90a25"
pid = find_wpas_process(dev[0])
id = eap_connect(dev[0], hapd, "TTLS", "pap-secret", id = eap_connect(dev[0], hapd, "TTLS", "pap-secret",
anonymous_identity="ttls", password=password, anonymous_identity="ttls", password=password,
ca_cert="auth_serv/ca.pem", phase2="auth=PAP") ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
run_eap_key_lifetime_in_memory(dev, params, id, password)
def test_wpa2_eap_peap_gtc_key_lifetime_in_memory(dev, apdev, params):
"""Key lifetime in memory with WPA2-Enterprise using PEAP/GTC"""
p = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hapd = hostapd.add_ap(apdev[0], p)
password = "63d2d21ac3c09ed567ee004a34490f1d16e7fa5835edf17ddba70a63f1a90a25"
id = eap_connect(dev[0], hapd, "PEAP", "user-secret",
anonymous_identity="peap", password=password,
ca_cert="auth_serv/ca.pem", phase2="auth=GTC")
run_eap_key_lifetime_in_memory(dev, params, id, password)
def run_eap_key_lifetime_in_memory(dev, params, id, password):
pid = find_wpas_process(dev[0])
# The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
# event has been delivered, so verify that wpa_supplicant has returned to # event has been delivered, so verify that wpa_supplicant has returned to
# eloop before reading process memory. # eloop before reading process memory.
@ -5097,10 +5111,12 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params):
gtk = None gtk = None
with open(os.path.join(params['logdir'], 'log0'), 'r') as f: with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
for l in f.readlines(): for l in f.readlines():
if "EAP-TTLS: Derived key - hexdump" in l: if "EAP-TTLS: Derived key - hexdump" in l or \
"EAP-PEAP: Derived key - hexdump" in l:
val = l.strip().split(':')[3].replace(' ', '') val = l.strip().split(':')[3].replace(' ', '')
msk = binascii.unhexlify(val) msk = binascii.unhexlify(val)
if "EAP-TTLS: Derived EMSK - hexdump" in l: if "EAP-TTLS: Derived EMSK - hexdump" in l or \
"EAP-PEAP: Derived EMSK - hexdump" in l:
val = l.strip().split(':')[3].replace(' ', '') val = l.strip().split(':')[3].replace(' ', '')
emsk = binascii.unhexlify(val) emsk = binascii.unhexlify(val)
if "WPA: PMK - hexdump" in l: if "WPA: PMK - hexdump" in l: