From: Jouni Malinen Date: Mon, 14 Dec 2015 15:23:47 +0000 (+0200) Subject: tests: Make key-lifetime-in-memory more robust for GTK check X-Git-Tag: hostap_2_6~1196 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8e416cecdba5c062b7ec9a6d3bf7c41e5c4962aa;p=thirdparty%2Fhostap.git tests: Make key-lifetime-in-memory more robust for GTK check The decrypted copy of a GTK from EAPOL-Key is cleared from memory only after having sent out CTRL-EVENT-CONNECTED. As such, there was a race condition on the test case reading the wpa_supplicant process memory after the connection. This was unlikely to occur due to the one second sleep, but even with that, it would be at least theorically possible to hit this race under heavy load (e.g., when using large number of VMs to run parallel testing). Avoid this by running a PING command to make sure wpa_supplicant has returned to eloop before reading the process memory. This should make it less likely to report false positives on GTK being found in memory. Signed-off-by: Jouni Malinen --- diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index c4a794eb5..e3ee3c78e 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -3379,7 +3379,11 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params): id = eap_connect(dev[0], apdev[0], "TTLS", "pap-secret", anonymous_identity="ttls", password=password, ca_cert="auth_serv/ca.pem", phase2="auth=PAP") + # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED + # event has been delivered, so verify that wpa_supplicant has returned to + # eloop before reading process memory. time.sleep(1) + dev[0].ping() buf = read_process_memory(pid, password) dev[0].request("DISCONNECT") diff --git a/tests/hwsim/test_ap_ft.py b/tests/hwsim/test_ap_ft.py index 741ab1c4d..7faa5fe74 100644 --- a/tests/hwsim/test_ap_ft.py +++ b/tests/hwsim/test_ap_ft.py @@ -600,7 +600,11 @@ def test_ft_psk_key_lifetime_in_memory(dev, apdev, params): dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", scan_freq="2412") + # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED + # event has been delivered, so verify that wpa_supplicant has returned to + # eloop before reading process memory. time.sleep(1) + dev[0].ping() buf = read_process_memory(pid, pmk) diff --git a/tests/hwsim/test_ap_psk.py b/tests/hwsim/test_ap_psk.py index cfd1a8043..737ba13c4 100644 --- a/tests/hwsim/test_ap_psk.py +++ b/tests/hwsim/test_ap_psk.py @@ -1766,7 +1766,11 @@ def test_wpa2_psk_key_lifetime_in_memory(dev, apdev, params): get_key_locations(buf, pmk, "PMK") dev[0].connect_network(id, timeout=20) + # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED + # event has been delivered, so verify that wpa_supplicant has returned to + # eloop before reading process memory. time.sleep(1) + dev[0].ping() buf = read_process_memory(pid, pmk) diff --git a/tests/hwsim/test_erp.py b/tests/hwsim/test_erp.py index 1388337bc..e98e2a79b 100644 --- a/tests/hwsim/test_erp.py +++ b/tests/hwsim/test_erp.py @@ -246,7 +246,11 @@ def test_erp_key_lifetime_in_memory(dev, apdev, params): ca_cert="auth_serv/ca.pem", phase2="auth=PAP", erp="1", scan_freq="2412") + # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED + # event has been delivered, so verify that wpa_supplicant has returned to + # eloop before reading process memory. time.sleep(1) + dev[0].ping() buf = read_process_memory(pid, password) dev[0].request("DISCONNECT") diff --git a/tests/hwsim/test_sae.py b/tests/hwsim/test_sae.py index 32ee8b113..6449c82b2 100644 --- a/tests/hwsim/test_sae.py +++ b/tests/hwsim/test_sae.py @@ -272,7 +272,11 @@ def test_sae_key_lifetime_in_memory(dev, apdev, params): id = dev[0].connect("test-sae", psk=password, key_mgmt="SAE", scan_freq="2412") + # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED + # event has been delivered, so verify that wpa_supplicant has returned to + # eloop before reading process memory. time.sleep(1) + dev[0].ping() buf = read_process_memory(pid, password) dev[0].request("DISCONNECT")