tests: Make key-lifetime-in-memory more robust for GTK check

The decrypted copy of a GTK from EAPOL-Key is cleared from memory only
after having sent out CTRL-EVENT-CONNECTED. As such, there was a race
condition on the test case reading the wpa_supplicant process memory
after the connection. This was unlikely to occur due to the one second
sleep, but even with that, it would be at least theorically possible to
hit this race under heavy load (e.g., when using large number of VMs to
run parallel testing). Avoid this by running a PING command to make sure
wpa_supplicant has returned to eloop before reading the process memory.
This should make it less likely to report false positives on GTK being
found in memory.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
index c4a794eb5761d0c947e58c470162fd11d656c466..e3ee3c78eda96b901763a0f0c994cd22ddae5c36 100644 (file)
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@@ -3379,7 +3379,11 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params):
     id = eap_connect(dev[0], apdev[0], "TTLS", "pap-secret",
                      anonymous_identity="ttls", password=password,
                      ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
+    # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
+    # event has been delivered, so verify that wpa_supplicant has returned to
+    # eloop before reading process memory.
     time.sleep(1)
+    dev[0].ping()
     buf = read_process_memory(pid, password)
 
     dev[0].request("DISCONNECT")

diff --git a/tests/hwsim/test_ap_ft.py b/tests/hwsim/test_ap_ft.py
index 741ab1c4d3598cd2b45c6d082b17291e5bef111b..7faa5fe74ea9ea8c13da8900826cf89241405e9f 100644 (file)
--- a/tests/hwsim/test_ap_ft.py
+++ b/tests/hwsim/test_ap_ft.py
@@ -600,7 +600,11 @@ def test_ft_psk_key_lifetime_in_memory(dev, apdev, params):
 
     dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
                    scan_freq="2412")
+    # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
+    # event has been delivered, so verify that wpa_supplicant has returned to
+    # eloop before reading process memory.
     time.sleep(1)
+    dev[0].ping()
 
     buf = read_process_memory(pid, pmk)
 

diff --git a/tests/hwsim/test_ap_psk.py b/tests/hwsim/test_ap_psk.py
index cfd1a8043abf4ae9123c1bc7138fd5f9cebf869f..737ba13c46a88fe7b262a71d4eb68fb24be70f2e 100644 (file)
--- a/tests/hwsim/test_ap_psk.py
+++ b/tests/hwsim/test_ap_psk.py
@@ -1766,7 +1766,11 @@ def test_wpa2_psk_key_lifetime_in_memory(dev, apdev, params):
     get_key_locations(buf, pmk, "PMK")
 
     dev[0].connect_network(id, timeout=20)
+    # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
+    # event has been delivered, so verify that wpa_supplicant has returned to
+    # eloop before reading process memory.
     time.sleep(1)
+    dev[0].ping()
 
     buf = read_process_memory(pid, pmk)
 

diff --git a/tests/hwsim/test_erp.py b/tests/hwsim/test_erp.py
index 1388337bc84d820fd63065d1e904d8afbcdfcab9..e98e2a79b947735e5366bf8543d5ebcb6ae8ff6d 100644 (file)
--- a/tests/hwsim/test_erp.py
+++ b/tests/hwsim/test_erp.py
@@ -246,7 +246,11 @@ def test_erp_key_lifetime_in_memory(dev, apdev, params):
                    ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
                    erp="1", scan_freq="2412")
 
+    # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
+    # event has been delivered, so verify that wpa_supplicant has returned to
+    # eloop before reading process memory.
     time.sleep(1)
+    dev[0].ping()
     buf = read_process_memory(pid, password)
 
     dev[0].request("DISCONNECT")

diff --git a/tests/hwsim/test_sae.py b/tests/hwsim/test_sae.py
index 32ee8b1139ccee4fa69d66a3daad51ad95d2915e..6449c82b2b25aee63155a8dd563b32f995db1fbd 100644 (file)
--- a/tests/hwsim/test_sae.py
+++ b/tests/hwsim/test_sae.py
@@ -272,7 +272,11 @@ def test_sae_key_lifetime_in_memory(dev, apdev, params):
     id = dev[0].connect("test-sae", psk=password, key_mgmt="SAE",
                         scan_freq="2412")
 
+    # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
+    # event has been delivered, so verify that wpa_supplicant has returned to
+    # eloop before reading process memory.
     time.sleep(1)
+    dev[0].ping()
     buf = read_process_memory(pid, password)
 
     dev[0].request("DISCONNECT")