Upgrade to version 2.2

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
Fix for mbedtls 3.6
2024-07-15 15:16:36 +02:00 · 2024-07-15 15:16:36 +02:00 · 2024-07-15 15:16:31 +02:00 · 2024-07-15 15:12:26 +02:00 · 2024-07-06 22:09:37 +08:00 · 2024-05-30 19:16:50 +02:00
162 changed files with 10118 additions and 774 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1,4 @@
 # These are supported funding model platforms
 github: polhenarejos
 custom: ["https://www.paypal.me/polhenarejos"]
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,72 @@
 # For most projects, this workflow file will not need changing; you simply need
 # to commit it to your repository.
 #
 # You may wish to alter this file to override the set of languages analyzed,
 # or to provide custom queries or build logic.
 #
 # ******** NOTE ********
 # We have attempted to detect the languages in your repository. Please check
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
 name: "CodeQL"
 on:
  push:
    branches: [ "main" ]
  pull_request:
    # The branches below must be a subset of the branches above
    branches: [ "main" ]
  schedule:
    - cron: '23 5 * * 4'
 jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    strategy:
      fail-fast: false
      matrix:
        language: [ 'cpp', 'python' ]
        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
    steps:
    - name: Checkout repository
      uses: actions/checkout@v3
    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v2
      with:
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
        # By default, queries listed here will override any specified in a config file.
        # Prefix the list here with "+" to use these queries and those in the config file.
        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
        # queries: security-extended,security-and-quality
    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    # - name: Autobuild
    #  uses: github/codeql-action/autobuild@v2
    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
    #   If the Autobuild fails above, remove it and uncomment the following three lines.
    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
    - run: |
       echo "Run, Build Application using script"
       ./workflows/autobuild.sh
    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v2
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -0,0 +1,37 @@
 # For most projects, this workflow file will not need changing; you simply need
 # to commit it to your repository.
 #
 # You may wish to alter this file to override the set of languages analyzed,
 # or to provide custom queries or build logic.
 #
 # ******** NOTE ********
 # We have attempted to detect the languages in your repository. Please check
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
 name: "Emulation and test"
 on:
  workflow_dispatch:
  push:
    branches: [ "main", "piv" ]
  pull_request:
    # The branches below must be a subset of the branches above
    branches: [ "main", "piv" ]
  schedule:
    - cron: '23 5 * * 4'
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout repository and submodules
      uses: actions/checkout@v3
      with:
        submodules: recursive
    - name: Build in container
      run: ./tests/build-in-docker.sh
    - name: Start emulation and test
      run: ./tests/run-test-in-docker.sh
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,3 @@
-[submodule "pico-ccid"]
+[submodule "pico-keys-sdk"]
-	path = pico-ccid
+	path = pico-keys-sdk
-	url = https://github.com/polhenarejos/pico-ccid.git
+	url = https://github.com/polhenarejos/pico-keys-sdk
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -17,86 +17,64 @@
 cmake_minimum_required(VERSION 3.13)
 if(ENABLE_EMULATION)
 else()
 include(pico_sdk_import.cmake)
 endif()
 project(pico_openpgp C CXX ASM)
 set(CMAKE_C_STANDARD 11)
 set(CMAKE_CXX_STANDARD 17)
 if(ENABLE_EMULATION)
 else()
 pico_sdk_init()
 endif()
 add_executable(pico_openpgp)
-if (NOT DEFINED USB_VID)
+set(SOURCES ${SOURCES}
    set(USB_VID 0xFEFF)
 endif()
 add_definitions(-DUSB_VID=${USB_VID})
 if (NOT DEFINED USB_PID)
    set(USB_PID 0xFCFD)
 endif()
 add_definitions(-DUSB_PID=${USB_PID})
 target_sources(pico_openpgp PUBLIC
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/ccid/ccid2040.c
        ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/openpgp.c
        ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/files.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/usb/usb_descriptors.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/piv.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/fs/file.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/fs/flash.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/fs/low_flash.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/rng/random.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/rng/neug.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/ccid/crypto_utils.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/ccid/eac.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/sha256.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/aes.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/sha512.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/rsa.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/bignum.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/platform_util.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/md.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/oid.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/rsa_alt_helpers.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/constant_time.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/ecdsa.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/ecp.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/ecp_curves.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/asn1write.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/hmac_drbg.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/md5.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/ripemd160.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/sha1.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/ecdh.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/cmac.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/cipher.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/cipher_wrap.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/chachapoly.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/camellia.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/chacha20.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/aria.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/poly1305.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/gcm.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/ccm.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/des.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/nist_kw.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/hkdf.c
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/asn1parse.c
        )
-target_include_directories(pico_openpgp PUBLIC
+set(INCLUDES ${INCLUDES}
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/fs
        ${CMAKE_CURRENT_LIST_DIR}/src/openpgp
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/ccid
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/rng
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/usb
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/include
        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library
        )
 set(USB_ITF_CCID 1)
 include(pico-keys-sdk/pico_keys_sdk_import.cmake)
 target_sources(pico_openpgp PUBLIC ${SOURCES})
 target_include_directories(pico_openpgp PUBLIC ${INCLUDES})
 target_compile_options(pico_openpgp PUBLIC
    -Wall
    -Werror
 )
 if(ENABLE_EMULATION)
 target_compile_options(pico_openpgp PUBLIC
        -fdata-sections
        -ffunction-sections
        )
 if(APPLE)
 target_link_options(pico_openpgp PUBLIC
        -Wl,-dead_strip
        )
 else()
 target_link_options(pico_openpgp PUBLIC
        -Wl,--gc-sections
        )
 endif (APPLE)
 else()
 pico_add_extra_outputs(pico_openpgp)
 #target_compile_definitions(pico_openpgp PRIVATE MBEDTLS_ECDSA_DETERMINISTIC=1)
-target_link_libraries(pico_openpgp PRIVATE pico_stdlib tinyusb_device tinyusb_board pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc)
+target_link_libraries(pico_openpgp PRIVATE pico_keys_sdk pico_stdlib tinyusb_device tinyusb_board pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc)
 endif()
--- a/README.md
+++ b/README.md
@@ -21,13 +21,30 @@ Pico OpenPGP has implemented the following features:
 - USB/CCID support with OpenSC, openssl, etc.
 - Extended APDU support.
 - Lifecycle card (termination and activation).
 - Press-to-confirm button.
 - User Interaction Flag for enabling/disabling press-to-confirm button.
 - Key Derivation Function (KDF) for PIN.
 - Manage Security Environment (MSE).
 - DEK for internal safe storage.
 - AES key generation.
 - AES ciphering and deciphering.
 - Cardholder certificates support.
 All these features are compliant with the specification. Therefore, if you detect some behaviour that is not expected or it does not follow the rules of specs, please open an issue.
-### About Gnuk
+## AES support
-This project was inspired by [Gnuk](https://wiki.debian.org/GNUK "Gnuk"), a same project but focused on STM32 processor family. Despite the initial idea was to port Gnuk to the Raspberry Pico family, the underlaying architecture is widely different (although they run on ARM). For instance, the Pico has two ARM cores, with an appropiate SDK able to leverage them. Also, Pico has an internal flash storage, which is farly larger compared to STM32 ROM storage. Finally, the Pico has a complete USB interface based on TinyUSB, which difficults to port Gnuk. These are only few examples of the difficulties of porting Gnuk to the Raspberry Pico.
+There is no known software that supports AES with OpenPGP. Nevertheless, it can be used with customized PKCS11 modules or interfacing with raw APDU packets.
-As a consequence, Pico OpenPGP is designed from zero. Well, not strictly from zero, as it borrows some of the buffering between USB and CCID interfaces from Gnuk. Cryptographic operations are implemented with MBEDTLS library.
+During asymmetric key generation for DEC key, Pico OpenPGP also generates a 32 bits symmetric key for AES operations.
 OpenPGP card 3.4 specifications describe the procedure to perform ciphering (encryption and decryption) with AES via PSO:ENCIPHER and PSO:DECIPHER. Both commands are supported by Pico OpenPGP.
 ### About Gnuk
 This project was inspired by [Gnuk](https://wiki.debian.org/GNUK "Gnuk"), a same project but focused on STM32 processor family. Despite the initial idea was to port Gnuk to the Raspberry Pico family, the underlaying architecture is widely different (although boh run on ARM). For instance, the Pico has two ARM cores, with an appropiate SDK able to leverage them. Also, Pico has an internal flash storage, which is farly larger compared to STM32 ROM storage. Finally, the Pico has a complete USB interface based on TinyUSB, which difficults to port Gnuk. These are only few examples of the difficulties of porting Gnuk to the Raspberry Pico.
 As a consequence, Pico OpenPGP is designed from zero. Well, not strictly from zero, as it borrows some of the cryptographic operations implemented with MbedTLS library.
 Whilst Gnuk is OpenPGP 2.0 with small set of enhancements, Pico OpenPGP aims at being OpenPGP 3.4 compliant, with new features (not present in Gnuk), such as Manage Security Environment (MSE) or UIF.
 ## Security considerations
 All secret keys (asymmetric and symmetric) are stored encrypted in the flash memory of the Raspberry Pico. DEK is used as a 256 bit AES key to protect private and secret keys. Keys are never stored in RAM except for signature and decryption operations and only during the process. All keys (including DEK) are loaded and cleared every time to avoid potential security flaws.
@@ -39,10 +56,17 @@ If the Pico is stolen the contents of private and secret keys cannot be read wit
 ## Download
 Please, go to the [Release page](https://github.com/polhenarejos/pico-openpgp/releases "Release page"))  and download the UF2 file for your board.
-Note that UF2 files are shiped with a dummy VID/PID to avoid license issues (FEFF:FCFD). If you are planning to use it with OpenSC or similar, you should modify Info.plist of CCID driver to add these VID/PID or use the VID/PID patcher as follows: `./patch_vidpid.sh VID:PID input_openpgp_file.uf2 output_openpgp_file.uf2`
+Please, go to the Release page and download the UF2 file for your board.
 Note that UF2 files are shiped with a dummy VID/PID to avoid license issues (FEFF:FCFD). If you are planning to use it with OpenSC or similar, you should modify Info.plist of CCID driver to add these VID/PID or use the [Pico Patcher tool](https://www.picokeys.com/pico-patcher/).
 Alternatively you can use the legacy VID/PID patcher as follows:
 `./patch_vidpid.sh VID:PID input_hsm_file.uf2 output_hsm_file.uf2`
 You can use whatever VID/PID (i.e., 234b:0000 from FISJ), but remember that you are not authorized to distribute the binary with a VID/PID that you do not own.
 Note that the pure-browser option [Pico Patcher tool](https://www.picokeys.com/pico-patcher/) is the most recommended. 
 ## Build
 Before building, ensure you have installed the toolchain for the Pico and the Pico SDK is properly located in your drive.
@@ -115,7 +139,6 @@ OpenSC relies on PCSC driver, which reads a list (`Info.plist`) that contains a
 ## Credits
 Pico OpenPGP uses the following libraries or portion of code:
- mbedTLS for cryptographic operations.
+- MbedTLS for cryptographic operations.
 - gnuk for low level CCID procedures support.
 - TinyUSB for low level USB procedures.
--- a/2
+++ b/2
@@ -1 +1 @@
-Version=1.2
+Version=2.0
--- a/build_pico_openpgp.sh
+++ b/build_pico_openpgp.sh
@@ -1,21 +1,57 @@
 #!/bin/bash
-VERSION_MAJOR="1"
+VERSION_MAJOR="2"
 VERSION_MINOR="2"
 rm -rf release/*
 cd build_release
-for board in adafruit_feather_rp2040 adafruit_itsybitsy_rp2040 adafruit_qtpy_rp2040 adafruit_trinkey_qt2040 arduino_nano_rp2040_connect melopero_shake_rp2040 pimoroni_interstate75 pimoroni_keybow2040 pimoroni_pga2040 pimoroni_picolipo_4mb pimoroni_picolipo_16mb pimoroni_picosystem pimoroni_plasma2040 pimoroni_tiny2040 pybstick26_rp2040 sparkfun_micromod sparkfun_promicro sparkfun_thingplus vgaboard waveshare_rp2040_lcd_0.96 waveshare_rp2040_plus_4mb waveshare_rp2040_plus_16mb waveshare_rp2040_zero
+for board in adafruit_feather_rp2040 \
    adafruit_itsybitsy_rp2040 \
    adafruit_kb2040 \
    adafruit_macropad_rp2040 \
    adafruit_qtpy_rp2040 \
    adafruit_trinkey_qt2040 \
    arduino_nano_rp2040_connect \
    datanoisetv_rp2040_dsp \
    eetree_gamekit_rp2040 \
    garatronic_pybstick26_rp2040 \
    melopero_shake_rp2040 \
    nullbits_bit_c_pro \
    pico \
    pico_w \
    pimoroni_badger2040 \
    pimoroni_interstate75 \
    pimoroni_keybow2040 \
    pimoroni_motor2040 \
    pimoroni_pga2040 \
    pimoroni_picolipo_4mb \
    pimoroni_picolipo_16mb \
    pimoroni_picosystem \
    pimoroni_plasma2040 \
    pimoroni_servo2040 \
    pimoroni_tiny2040 \
    pimoroni_tiny2040_2mb \
    pololu_3pi_2040_robot \
    seeed_xiao_rp2040 \
    solderparty_rp2040_stamp \
    solderparty_rp2040_stamp_carrier \
    solderparty_rp2040_stamp_round_carrier \
    sparkfun_micromod \
    sparkfun_promicro \
    sparkfun_thingplus \
    vgaboard \
    waveshare_rp2040_lcd_0.96 \
    waveshare_rp2040_lcd_1.28 \
    waveshare_rp2040_one \
    waveshare_rp2040_plus_4mb \
    waveshare_rp2040_plus_16mb \
    waveshare_rp2040_zero \
    wiznet_w5100s_evb_pico
 do
    rm -rf *
-    PICO_SDK_PATH=~/Devel/pico/pico-sdk cmake .. -DPICO_BOARD=$board 
+    PICO_SDK_PATH=../../pico-sdk cmake .. -DPICO_BOARD=$board
    make -kj20
    mv pico_openpgp.uf2 ../release/pico_openpgp_$board-$VERSION_MAJOR.$VERSION_MINOR.uf2
 done
 rm -rf *
 PICO_SDK_PATH=~/Devel/pico/pico-sdk cmake ..
 make -kj20
 mv pico_openpgp.uf2 ../release/pico_openpgp_pico_generic-$VERSION_MAJOR.$VERSION_MINOR.uf2
--- a/patch_vidpid.sh
+++ b/patch_vidpid.sh
@@ -17,8 +17,8 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
-VERSION_MAJOR="1" #Version of Pico CCID Core
+VERSION_MAJOR="5" #Version of Pico Keys SDK
-VERSION_MINOR="1"
+VERSION_MINOR="0"
 echo "----------------------------"
 echo "VID/PID patcher for Pico OpenPGP"
--- a/1
+++ b/1
--- a/1
+++ b/1
--- a/src/openpgp/files.c
+++ b/src/openpgp/files.c
@@ -20,12 +20,12 @@
 extern const uint8_t openpgp_aid[];
 extern const uint8_t openpgp_aid_full[];
-#define ACL_NONE    {0xff,0xff,0xff,0xff,0xff,0xff,0xff}
+#define ACL_NONE    { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }
-#define ACL_ALL     {0}
+#define ACL_ALL     { 0 }
-#define ACL_RO      {0xff,0xff,0xff,0xff,0xff,0xff,0x00}
+#define ACL_RO      { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00 }
-#define ACL_RW      {0xff,0xff,0xff,0xff,0x00,0x00,0x00}
+#define ACL_RW      { 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00 }
-#define ACL_R_WP    {0xff,0xff,0xff,0xff,0x90,0x90,0x00}
+#define ACL_R_WP    { 0xff, 0xff, 0xff, 0xff, 0x90, 0x90, 0x00 }
-#define ACL_WP      {0xff,0xff,0xff,0xff,0x90,0x90,0xff}
+#define ACL_WP      { 0xff, 0xff, 0xff, 0xff, 0x90, 0x90, 0xff }
 extern int parse_ch_data(const file_t *f, int mode);
 extern int parse_sec_tpl(const file_t *f, int mode);
@@ -39,6 +39,7 @@ extern int parse_algoinfo(const file_t *f, int mode);
 extern int parse_app_data(const file_t *f, int mode);
 extern int parse_discrete_do(const file_t *f, int mode);
 extern int parse_pw_status(const file_t *f, int mode);
 extern int piv_parse_discovery(const file_t *f);
 uint8_t historical_bytes[] = {
    10, 0,
@@ -54,7 +55,7 @@ uint8_t historical_bytes[] = {
 uint8_t extended_capabilities[] = {
    10, 0,
-  0x76,				/*
+    0x77,           /*
                     * No Secure Messaging supported
                     * GET CHALLENGE supported
                     * Key import supported
@@ -62,7 +63,7 @@ uint8_t extended_capabilities[] = {
                     * No private_use_DO
                     * Algorithm attrs are changable
                     * ENC/DEC with AES
-				 * No KDF-DO available
+                     * KDF-DO available
                     */
    0,        /* Secure Messaging Algorithm: N/A (TDES=0, AES=1) */
    0x00, 128,      /* Max size of GET CHALLENGE */
@@ -77,71 +78,411 @@ uint8_t feature_mngmnt[] = {
 };
 uint8_t exlen_info[] = {
-    8,0,
+    8, 0,
    0x2, 0x2, 0x07, 0xff,
    0x2, 0x2, 0x08, 0x00,
 };
 file_t file_entries[] = {
-    /*  0 */ { .fid = 0x3f00, .parent = 0xff, .name = NULL, .type = FILE_TYPE_DF, .data = NULL, .ef_structure = 0, .acl = ACL_NONE }, // MF
+    /*  0 */ { .fid = 0x3f00, .parent = 0xff, .name = NULL, .type = FILE_TYPE_DF, .data = NULL,
-    /*  1 */ { .fid = EF_FULL_AID, .parent = 0, .name = openpgp_aid_full, .type = FILE_TYPE_WORKING_EF, .data = (uint8_t *)openpgp_aid_full, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
+               .ef_structure = 0, .acl = ACL_NONE },                                                                                  // MF
-    /*  2 */ { .fid = EF_CH_NAME, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+    /*  1 */ { .fid = EF_FULL_AID, .parent = 0, .name = openpgp_aid_full,
-    /*  3 */ { .fid = EF_LOGIN_DATA, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+               .type = FILE_TYPE_WORKING_EF, .data = (uint8_t *) openpgp_aid_full,
-    /*  4 */ { .fid = EF_LANG_PREF, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
-    /*  5 */ { .fid = EF_SEX, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+    /*  2 */ { .fid = EF_CH_NAME, .parent = 0, .name = NULL,
-    /*  6 */ { .fid = EF_URI_URL, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
-    /*  7 */ { .fid = EF_HIST_BYTES, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = historical_bytes, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
+               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
-    /*  8 */ { .fid = EF_CH_DATA, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *)parse_ch_data, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
+    /*  3 */ { .fid = EF_LOGIN_DATA, .parent = 0, .name = NULL,
-    /*  9 */ { .fid = EF_SEC_TPL, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *)parse_sec_tpl, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
+               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
-    /* 10 */ { .fid = EF_CH_CERT, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *)parse_ch_cert, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
+               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
-    /* 11 */ { .fid = EF_EXLEN_INFO, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = exlen_info, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
+    /*  4 */ { .fid = EF_LANG_PREF, .parent = 0, .name = NULL,
-    /* 12 */ { .fid = EF_GFM, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = feature_mngmnt, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
+               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
-    /* 13 */ { .fid = EF_SIG_COUNT, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
+               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
-    /* 14 */ { .fid = EF_EXT_CAP, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = extended_capabilities, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
+    /*  5 */ { .fid = EF_SEX, .parent = 0, .name = NULL,
-    /* 15 */ { .fid = EF_ALGO_SIG, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *)parse_algoinfo, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
-    /* 16 */ { .fid = EF_ALGO_DEC, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *)parse_algoinfo, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
-    /* 17 */ { .fid = EF_ALGO_AUT, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *)parse_algoinfo, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+    /*  6 */ { .fid = EF_URI_URL, .parent = 0, .name = NULL,
-    /* 18 */ { .fid = EF_PW_STATUS, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *)parse_pw_status, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
-    /* 19 */ { .fid = EF_FP, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *)parse_fp, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
+               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
-    /* 20 */ { .fid = EF_FP_SIG, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+    /*  7 */ { .fid = EF_HIST_BYTES, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF,
-    /* 21 */ { .fid = EF_FP_DEC, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+               .data = historical_bytes, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
-    /* 22 */ { .fid = EF_FP_AUT, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+    /*  8 */ { .fid = EF_CH_DATA, .parent = 0, .name = NULL,
-    /* 23 */ { .fid = EF_CA_FP, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *)parse_cafp, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
+               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *) parse_ch_data,
-    /* 24 */ { .fid = EF_FP_CA1, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
-    /* 25 */ { .fid = EF_FP_CA2, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+    /*  9 */ { .fid = EF_SEC_TPL, .parent = 0, .name = NULL,
-    /* 26 */ { .fid = EF_FP_CA3, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *) parse_sec_tpl,
-    /* 27 */ { .fid = EF_TS_ALL, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *)parse_ts, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
+               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
-    /* 28 */ { .fid = EF_TS_SIG, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+    /* 10 */ { .fid = EF_CH_CERT, .parent = 0, .name = NULL,
-    /* 29 */ { .fid = EF_TS_DEC, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *) parse_ch_cert,
-    /* 30 */ { .fid = EF_TS_AUT, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
-    /* 31 */ { .fid = EF_RESET_CODE, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
+    /* 11 */ { .fid = EF_EXLEN_INFO, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF,
-    /* 32 */ { .fid = EF_UIF_SIG, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+               .data = exlen_info, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
-    /* 33 */ { .fid = EF_UIF_DEC, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+    /* 12 */ { .fid = EF_GFM, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF,
-    /* 34 */ { .fid = EF_UIF_AUT, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+               .data = feature_mngmnt, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
-    /* 35 */ { .fid = EF_KEY_INFO, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *)parse_keyinfo, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
+    /* 13 */ { .fid = EF_SIG_COUNT, .parent = 0, .name = NULL,
-    /* 36 */ { .fid = EF_ALGO_INFO, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *)parse_algoinfo, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
+               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
-    /* 37 */ { .fid = EF_APP_DATA, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *)parse_app_data, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
+               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
-    /* 38 */ { .fid = EF_DISCRETE_DO, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *)parse_discrete_do, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
+    /* 14 */ { .fid = EF_EXT_CAP, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF,
               .data = extended_capabilities, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
    /* 15 */ { .fid = EF_ALGO_SIG, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *) parse_algoinfo,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 16 */ { .fid = EF_ALGO_DEC, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *) parse_algoinfo,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 17 */ { .fid = EF_ALGO_AUT, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *) parse_algoinfo,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 18 */ { .fid = EF_PW_STATUS, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *) parse_pw_status,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 19 */ { .fid = EF_FP, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *) parse_fp,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
    /* 20 */ { .fid = EF_FP_SIG, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 21 */ { .fid = EF_FP_DEC, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 22 */ { .fid = EF_FP_AUT, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 23 */ { .fid = EF_CA_FP, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *) parse_cafp,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
    /* 24 */ { .fid = EF_FP_CA1, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 25 */ { .fid = EF_FP_CA2, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 26 */ { .fid = EF_FP_CA3, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 27 */ { .fid = EF_TS_ALL, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *) parse_ts,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
    /* 28 */ { .fid = EF_TS_SIG, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 29 */ { .fid = EF_TS_DEC, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 30 */ { .fid = EF_TS_AUT, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 31 */ { .fid = EF_RESET_CODE, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 32 */ { .fid = EF_UIF_SIG, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 33 */ { .fid = EF_UIF_DEC, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 34 */ { .fid = EF_UIF_AUT, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 35 */ { .fid = EF_KEY_INFO, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *) parse_keyinfo,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
    /* 36 */ { .fid = EF_ALGO_INFO, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *) parse_algoinfo,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
    /* 37 */ { .fid = EF_APP_DATA, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *) parse_app_data,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
    /* 38 */ { .fid = EF_DISCRETE_DO, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *) parse_discrete_do,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
    /* 39 */ { .fid = EF_PW1, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 40 */ { .fid = EF_RC, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 41 */ { .fid = EF_PW3, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 42 */ { .fid = EF_ALGO_PRIV1, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 43 */ { .fid = EF_ALGO_PRIV2, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 44 */ { .fid = EF_ALGO_PRIV3, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 45 */ { .fid = EF_PK_SIG, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 46 */ { .fid = EF_PK_DEC, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 47 */ { .fid = EF_PK_AUT, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 48 */ { .fid = EF_PB_SIG, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 49 */ { .fid = EF_PB_DEC, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 50 */ { .fid = EF_PB_AUT, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 51 */ { .fid = EF_PW_PRIV, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 52 */ { .fid = EF_DEK, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_NONE },
    /* 53 */ { .fid = EF_KDF, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 54 */ { .fid = EF_CH_1, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_NONE },
    /* 55 */ { .fid = EF_CH_2, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_NONE },
    /* 56 */ { .fid = EF_CH_3, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_NONE },
    // ** PIV ** //
    /* 57 */ { .fid = EF_PIV_ADMIN_DATA, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 58 */ { .fid = EF_PIV_ATTESTATION, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 59 */ { .fid = EF_PIV_MSCMAP, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 60 */ { .fid = EF_PIV_MSROOTS1, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 61 */ { .fid = EF_PIV_MSROOTS2, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 62 */ { .fid = EF_PIV_MSROOTS3, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 63 */ { .fid = EF_PIV_MSROOTS4, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 64 */ { .fid = EF_PIV_MSROOTS5, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 65 */ { .fid = EF_PIV_KEY_AUTHENTICATION, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 66 */ { .fid = EF_PIV_KEY_CARDMGM, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 67 */ { .fid = EF_PIV_KEY_SIGNATURE, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 68 */ { .fid = EF_PIV_KEY_KEYMGM, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 69 */ { .fid = EF_PIV_KEY_CARDAUTH, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 70 */ { .fid = EF_PIV_KEY_RETIRED1, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 71 */ { .fid = EF_PIV_KEY_RETIRED2, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 72 */ { .fid = EF_PIV_KEY_RETIRED3, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 73 */ { .fid = EF_PIV_KEY_RETIRED4, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 74 */ { .fid = EF_PIV_KEY_RETIRED5, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 75 */ { .fid = EF_PIV_KEY_RETIRED6, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 76 */ { .fid = EF_PIV_KEY_RETIRED7, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 77 */ { .fid = EF_PIV_KEY_RETIRED8, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 78 */ { .fid = EF_PIV_KEY_RETIRED9, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 79 */ { .fid = EF_PIV_KEY_RETIRED10, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 80 */ { .fid = EF_PIV_KEY_RETIRED11, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 81 */ { .fid = EF_PIV_KEY_RETIRED12, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 82 */ { .fid = EF_PIV_KEY_RETIRED12, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 83 */ { .fid = EF_PIV_KEY_RETIRED13, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 84 */ { .fid = EF_PIV_KEY_RETIRED14, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 85 */ { .fid = EF_PIV_KEY_RETIRED15, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 86 */ { .fid = EF_PIV_KEY_RETIRED16, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 87 */ { .fid = EF_PIV_KEY_RETIRED17, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 88 */ { .fid = EF_PIV_KEY_RETIRED18, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 89 */ { .fid = EF_PIV_KEY_RETIRED19, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 90 */ { .fid = EF_PIV_KEY_RETIRED20, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 91 */ { .fid = EF_PIV_KEY_ATTESTATION, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 92 */ { .fid = EF_PIV_CAPABILITY, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 93 */ { .fid = EF_PIV_CHUID, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 94 */ { .fid = EF_PIV_AUTHENTICATION, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 95 */ { .fid = EF_PIV_FINGERPRINTS, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 96 */ { .fid = EF_PIV_SECURITY, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 97 */ { .fid = EF_PIV_FACIAL, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 98 */ { .fid = EF_PIV_PRINTED, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 99 */ { .fid = EF_PIV_SIGNATURE, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 100 */ { .fid = EF_PIV_KEY_MANAGEMENT, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 101 */ { .fid = EF_PIV_CARD_AUTH, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 102 */ { .fid = EF_PIV_DISCOVERY, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *) piv_parse_discovery,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 103 */ { .fid = EF_PIV_KEY_HISTORY, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 104 */ { .fid = EF_PIV_IRIS, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 105 */ { .fid = EF_PIV_BITGT, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 106 */ { .fid = EF_PIV_SM_SIGNER, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 107 */ { .fid = EF_PIV_PC_REF_DATA, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 108 */ { .fid = EF_PIV_RETIRED1, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 109 */ { .fid = EF_PIV_RETIRED2, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 110 */ { .fid = EF_PIV_RETIRED3, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 111 */ { .fid = EF_PIV_RETIRED4, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 112 */ { .fid = EF_PIV_RETIRED5, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 113 */ { .fid = EF_PIV_RETIRED6, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 114 */ { .fid = EF_PIV_RETIRED7, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 115 */ { .fid = EF_PIV_RETIRED8, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 116 */ { .fid = EF_PIV_RETIRED9, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 117 */ { .fid = EF_PIV_RETIRED10, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 118 */ { .fid = EF_PIV_RETIRED11, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 119 */ { .fid = EF_PIV_RETIRED12, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 120 */ { .fid = EF_PIV_RETIRED13, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 121 */ { .fid = EF_PIV_RETIRED14, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 122 */ { .fid = EF_PIV_RETIRED15, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 123 */ { .fid = EF_PIV_RETIRED16, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 124 */ { .fid = EF_PIV_RETIRED17, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 125 */ { .fid = EF_PIV_RETIRED18, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 126 */ { .fid = EF_PIV_RETIRED19, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 127 */ { .fid = EF_PIV_RETIRED20, .parent = 0, .name = NULL,
               .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 128 */ { .fid = EF_PIV_PIN, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 129 */ { .fid = EF_PIV_PUK, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 130 */ { .fid = EF_META, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_NONE },
    /* 131 */ { .fid = EF_PW_RETRIES, .parent = 0, .name = NULL,
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
-    /* 39 */ { .fid = EF_PW1, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
+    /* 132 */ { .fid = 0x0000, .parent = 0, .name = openpgp_aid, .type = FILE_TYPE_WORKING_EF,
-    /* 40 */ { .fid = EF_RC, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
+               .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
-    /* 41 */ { .fid = EF_PW3, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
+    /* 133 */ { .fid = 0x0000, .parent = 0xff, .name = NULL, .type = FILE_TYPE_NOT_KNOWN, .data = NULL,
-    /* 42 */ { .fid = EF_ALGO_PRIV1, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+               .ef_structure = 0, .acl = ACL_NONE }                                                                                       //end
    /* 43 */ { .fid = EF_ALGO_PRIV2, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 44 */ { .fid = EF_ALGO_PRIV3, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 45 */ { .fid = EF_PK_SIG, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 46 */ { .fid = EF_PK_DEC, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 47 */ { .fid = EF_PK_AUT, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
    /* 48 */ { .fid = EF_PB_SIG, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 49 */ { .fid = EF_PB_DEC, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 50 */ { .fid = EF_PB_AUT, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 51 */ { .fid = EF_PW_PRIV, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
    /* 52 */ { .fid = EF_DEK, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_NONE },
    /* 53 */ { .fid = 0x0000, .parent = 0, .name = openpgp_aid, .type = FILE_TYPE_WORKING_EF, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
    /* 54 */ { .fid = 0x0000, .parent = 0xff, .name = NULL, .type = FILE_TYPE_UNKNOWN, .data = NULL, .ef_structure = 0, .acl = ACL_NONE } //end
 };
 const file_t *MF = &file_entries[0];
-const file_t *file_openpgp = &file_entries[sizeof(file_entries)/sizeof(file_t)-2];
+const file_t *file_openpgp = &file_entries[sizeof(file_entries) / sizeof(file_t) - 2];
-const file_t *file_last = &file_entries[sizeof(file_entries)/sizeof(file_t)-1];
+const file_t *file_last = &file_entries[sizeof(file_entries) / sizeof(file_t) - 1];
--- a/src/openpgp/files.h
+++ b/src/openpgp/files.h
@@ -28,6 +28,7 @@
 #define EF_ALGO_PRIV2   0x10c2
 #define EF_ALGO_PRIV3   0x10c3
 #define EF_PW_PRIV      0x10c4
 #define EF_PW_RETRIES   0x10c5
 #define EF_PK_SIG       0x10d1
 #define EF_PK_DEC       0x10d2
 #define EF_PK_AUT       0x10d3
@@ -35,6 +36,9 @@
 #define EF_PB_DEC       0x10d5
 #define EF_PB_AUT       0x10d6
 #define EF_DEK          0x1099
 #define EF_CH_1         0x1f21
 #define EF_CH_2         0x1f22
 #define EF_CH_3         0x1f23
 #define EF_EXT_HEADER   0x004d //C
 #define EF_FULL_AID     0x004f //S
@@ -63,10 +67,12 @@
 #define EF_TS_DEC       0x00cf //S
 #define EF_TS_AUT       0x00d0 //S
 #define EF_RESET_CODE   0x00d3 //S
 #define EF_AES_KEY      0x00d5 //S
 #define EF_UIF_SIG      0x00d6 //S
 #define EF_UIF_DEC      0x00d7 //S
 #define EF_UIF_AUT      0x00d8 //S
 #define EF_KEY_INFO     0x00de //S
 #define EF_KDF          0x00f9 //C
 #define EF_ALGO_INFO    0x00fa //C
 #define EF_LANG_PREF    0x5f2d //S
 #define EF_SEX          0x5f35 //S
@@ -76,4 +82,83 @@
 #define EF_EXLEN_INFO   0x7f66 //C
 #define EF_GFM          0x7f74 //C
 // PIV
 #define EF_PIV_PIN  0x1184
 #define EF_PIV_PUK  0x1185
 #define EF_PIV_ADMIN_DATA  0xff00
 #define EF_PIV_ATTESTATION 0xff01
 #define	EF_PIV_MSCMAP      0xff10
 #define	EF_PIV_MSROOTS1    0xff11
 #define EF_PIV_MSROOTS2    0xff12
 #define EF_PIV_MSROOTS3    0xff13
 #define EF_PIV_MSROOTS4    0xff14
 #define EF_PIV_MSROOTS5    0xff15
 #define EF_PIV_KEY_AUTHENTICATION   0x009a
 #define EF_PIV_KEY_CARDMGM          0x009b
 #define EF_PIV_KEY_SIGNATURE        0x009c
 #define EF_PIV_KEY_KEYMGM           0x009d
 #define EF_PIV_KEY_CARDAUTH         0x009e
 #define EF_PIV_KEY_RETIRED1         0x0082
 #define EF_PIV_KEY_RETIRED2         0x0083
 #define EF_PIV_KEY_RETIRED3         0x0084
 #define EF_PIV_KEY_RETIRED4         0x0085
 #define EF_PIV_KEY_RETIRED5         0x0086
 #define EF_PIV_KEY_RETIRED6         0x0087
 #define EF_PIV_KEY_RETIRED7         0x0088
 #define EF_PIV_KEY_RETIRED8         0x0089
 #define EF_PIV_KEY_RETIRED9         0x008a
 #define EF_PIV_KEY_RETIRED10        0x008b
 #define EF_PIV_KEY_RETIRED11        0x008c
 #define EF_PIV_KEY_RETIRED12        0x008d
 #define EF_PIV_KEY_RETIRED13        0x008e
 #define EF_PIV_KEY_RETIRED14        0x008f
 #define EF_PIV_KEY_RETIRED15        0x0090
 #define EF_PIV_KEY_RETIRED16        0x0091
 #define EF_PIV_KEY_RETIRED17        0x0092
 #define EF_PIV_KEY_RETIRED18        0x0096 // It's 0x93 but assigned to EF_SIG_COUNT
 #define EF_PIV_KEY_RETIRED19        0x0094
 #define EF_PIV_KEY_RETIRED20        0x0095
 #define EF_PIV_KEY_ATTESTATION      0x00fb // It's 0xf9 but assigned to EF_KDF
 #define EF_PIV_CAPABILITY       0xc107
 #define EF_PIV_CHUID            0xc102
 #define EF_PIV_AUTHENTICATION   0xc105 /* cert for 9a key */
 #define EF_PIV_FINGERPRINTS     0xc103
 #define EF_PIV_SECURITY         0xc106
 #define EF_PIV_FACIAL           0xc108
 #define EF_PIV_PRINTED          0xc109
 #define EF_PIV_SIGNATURE        0xc10a /* cert for 9c key */
 #define EF_PIV_KEY_MANAGEMENT   0xc10b /* cert for 9d key */
 #define EF_PIV_CARD_AUTH        0xc101 /* cert for 9e key */
 #define EF_PIV_DISCOVERY        0x007e
 #define EF_PIV_KEY_HISTORY      0xc10c
 #define EF_PIV_IRIS             0xc121
 #define EF_PIV_BITGT            0x7f61
 #define EF_PIV_SM_SIGNER        0xc122
 #define EF_PIV_PC_REF_DATA      0xc123
 #define EF_PIV_RETIRED1  0xc10d
 #define EF_PIV_RETIRED2  0xc10e
 #define EF_PIV_RETIRED3  0xc10f
 #define EF_PIV_RETIRED4  0xc110
 #define EF_PIV_RETIRED5  0xc111
 #define EF_PIV_RETIRED6  0xc112
 #define EF_PIV_RETIRED7  0xc113
 #define EF_PIV_RETIRED8  0xc114
 #define EF_PIV_RETIRED9  0xc115
 #define EF_PIV_RETIRED10 0xc116
 #define EF_PIV_RETIRED11 0xc117
 #define EF_PIV_RETIRED12 0xc118
 #define EF_PIV_RETIRED13 0xc119
 #define EF_PIV_RETIRED14 0xc11a
 #define EF_PIV_RETIRED15 0xc11b
 #define EF_PIV_RETIRED16 0xc11c
 #define EF_PIV_RETIRED17 0xc11d
 #define EF_PIV_RETIRED18 0xc11e
 #define EF_PIV_RETIRED19 0xc11f
 #define EF_PIV_RETIRED20 0xc120
 #endif
--- a/src/openpgp/openpgp.c
+++ b/src/openpgp/openpgp.c
--- a/src/openpgp/openpgp.h
+++ b/src/openpgp/openpgp.h
@@ -19,12 +19,41 @@
 #define __OPENPGP_H_
 #include "stdlib.h"
 #ifndef ENABLE_EMULATION
 #include <pico/stdlib.h>
 #endif
-#include "ccid2040.h"
+#include "pico_keys.h"
 #include "apdu.h"
 #include "mbedtls/rsa.h"
 #include "mbedtls/ecdsa.h"
 extern bool has_pw1;
 extern bool has_pw3;
-#endif
+extern int store_keys(void *key_ctx, int type, uint16_t key_id, bool use_kek);
 extern void make_rsa_response(mbedtls_rsa_context *rsa);
 extern void make_ecdsa_response(mbedtls_ecdsa_context *ecdsa);
 extern int ecdsa_sign(mbedtls_ecdsa_context *ctx,
                      const uint8_t *data,
                      size_t data_len,
                      uint8_t *out,
                      size_t *out_len);
 extern int rsa_sign(mbedtls_rsa_context *ctx,
                    const uint8_t *data,
                    size_t data_len,
                    uint8_t *out,
                    size_t *out_len);
 extern int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey, bool use_dek);
 extern int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey, bool use_dek);
 extern int pin_reset_retries(const file_t *pin, bool force);
 #define ALGO_RSA        0x01
 #define ALGO_ECDH       0x12
 #define ALGO_ECDSA      0x13
 #define ALGO_AES        0x70
 #define ALGO_AES_128    0x71
 #define ALGO_AES_192    0x72
 #define ALGO_AES_256    0x74
 #endif
--- a/src/openpgp/piv.c
+++ b/src/openpgp/piv.c
--- a/src/openpgp/version.h
+++ b/src/openpgp/version.h
@@ -23,5 +23,15 @@
 #define OPGP_VERSION_MAJOR ((OPGP_VERSION >> 8) & 0xff)
 #define OPGP_VERSION_MINOR (OPGP_VERSION & 0xff)
 #endif
 #define PIPGP_VERSION 0x0202
 #define PIPGP_VERSION_MAJOR ((PIPGP_VERSION >> 8) & 0xff)
 #define PIPGP_VERSION_MINOR (PIPGP_VERSION & 0xff)
 #define PIV_VERSION 0x0507
 #define PIV_VERSION_MAJOR ((PIV_VERSION >> 8) & 0xff)
 #define PIV_VERSION_MINOR (PIV_VERSION & 0xff)
 #endif
--- a/tests/000_config/test_000_config_card.py
+++ b/tests/000_config/test_000_config_card.py
@@ -0,0 +1 @@
 from card_test_check_card import *
--- a/tests/001_initial_check/test_000_initial_card.py
+++ b/tests/001_initial_check/test_000_initial_card.py
@@ -0,0 +1 @@
 from card_test_empty_card import *
--- a/tests/001_initial_check/test_001_initial_card.py
+++ b/tests/001_initial_check/test_001_initial_card.py
@@ -0,0 +1 @@
 from card_test_set_attr import *
--- a/tests/010_kdfnone/test_010_adminfull_kdfnone.py
+++ b/tests/010_kdfnone/test_010_adminfull_kdfnone.py
@@ -0,0 +1,2 @@
 from skip_if_kdfreq import *
 from card_test_personalize_card_1 import *
--- a/tests/010_kdfnone/test_011_adminfull_kdfnone.py
+++ b/tests/010_kdfnone/test_011_adminfull_kdfnone.py
@@ -0,0 +1,2 @@
 from skip_if_kdfreq import *
 from card_test_personalize_card_2 import *
--- a/tests/010_kdfnone/test_012_adminfull_kdfnone.py
+++ b/tests/010_kdfnone/test_012_adminfull_kdfnone.py
@@ -0,0 +1,2 @@
 from skip_if_kdfreq import *
 from card_test_public_key_operations import *
--- a/tests/010_kdfnone/test_013_adminfull_kdfnone.py
+++ b/tests/010_kdfnone/test_013_adminfull_kdfnone.py
@@ -0,0 +1,2 @@
 from skip_if_kdfreq import *
 from card_test_ds_counter2 import *
--- a/tests/010_kdfnone/test_014_keygen_kdfnone.py
+++ b/tests/010_kdfnone/test_014_keygen_kdfnone.py
@@ -0,0 +1,24 @@
 """
 test_005_keygen.py - test key generation
 Copyright (C) 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from skip_if_kdfreq import *
 from card_test_keygen import *
--- a/tests/010_kdfnone/test_015_keygen_kdfnone.py
+++ b/tests/010_kdfnone/test_015_keygen_kdfnone.py
@@ -0,0 +1,24 @@
 """
 test_005_keygen.py - test key generation
 Copyright (C) 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from skip_if_kdfreq import *
 from card_test_public_key_operations_kg import *
--- a/tests/010_kdfnone/test_016_keygen_kdfnone.py
+++ b/tests/010_kdfnone/test_016_keygen_kdfnone.py
@@ -0,0 +1,24 @@
 """
 test_005_keygen.py - test key generation
 Copyright (C) 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from skip_if_kdfreq import *
 from card_test_ds_counter1 import *
--- a/tests/010_kdfnone/test_017_adminfull_kdfnone.py
+++ b/tests/010_kdfnone/test_017_adminfull_kdfnone.py
@@ -0,0 +1,2 @@
 from skip_if_kdfreq import *
 from card_test_personalize_reset import *
--- a/tests/010_kdfnone/test_018_adminfull_kdfnone.py
+++ b/tests/010_kdfnone/test_018_adminfull_kdfnone.py
@@ -0,0 +1,2 @@
 from skip_if_kdfreq import *
 from card_test_remove_keys import *
--- a/tests/010_kdfnone/test_019_adminfull_kdfnone.py
+++ b/tests/010_kdfnone/test_019_adminfull_kdfnone.py
@@ -0,0 +1,2 @@
 from skip_if_kdfreq import *
 from card_test_reset_pw3 import *
--- a/tests/010_kdfnone/test_040_adminless_kdfnone.py
+++ b/tests/010_kdfnone/test_040_adminless_kdfnone.py
@@ -0,0 +1,25 @@
 """
 test_005_adminless_kdfnone.py - test admin-less mode
 Copyright (C) 2016, 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from skip_if_kdfreq import *
 from skip_gnuk_only_tests import *
 from card_test_personalize_admin_less_1 import *
--- a/tests/010_kdfnone/test_041_adminless_kdfnone.py
+++ b/tests/010_kdfnone/test_041_adminless_kdfnone.py
@@ -0,0 +1,25 @@
 """
 test_005_adminless_kdfnone.py - test admin-less mode
 Copyright (C) 2016, 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from skip_if_kdfreq import *
 from skip_gnuk_only_tests import *
 from card_test_public_key_operations_alt import *
--- a/tests/010_kdfnone/test_042_adminless_kdfnone.py
+++ b/tests/010_kdfnone/test_042_adminless_kdfnone.py
@@ -0,0 +1,25 @@
 """
 test_005_adminless_kdfnone.py - test admin-less mode
 Copyright (C) 2016, 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from skip_if_kdfreq import *
 from skip_gnuk_only_tests import *
 from card_test_ds_counter1 import *
--- a/tests/010_kdfnone/test_043_adminless_kdfnone.py
+++ b/tests/010_kdfnone/test_043_adminless_kdfnone.py
@@ -0,0 +1,25 @@
 """
 test_005_adminless_kdfnone.py - test admin-less mode
 Copyright (C) 2016, 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from skip_if_kdfreq import *
 from skip_gnuk_only_tests import *
 from card_test_personalize_admin_less_2 import *
--- a/tests/010_kdfnone/test_044_adminless_kdfnone.py
+++ b/tests/010_kdfnone/test_044_adminless_kdfnone.py
@@ -0,0 +1,25 @@
 """
 test_005_adminless_kdfnone.py - test admin-less mode
 Copyright (C) 2016, 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from skip_if_kdfreq import *
 from skip_gnuk_only_tests import *
 from card_test_personalize_reset import *
--- a/tests/010_kdfnone/test_045_adminless_kdfnone.py
+++ b/tests/010_kdfnone/test_045_adminless_kdfnone.py
@@ -0,0 +1,25 @@
 """
 test_005_adminless_kdfnone.py - test admin-less mode
 Copyright (C) 2016, 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from skip_if_kdfreq import *
 from skip_gnuk_only_tests import *
 from card_test_remove_keys import *
--- a/tests/010_kdfnone/test_046_adminless_kdfnone.py
+++ b/tests/010_kdfnone/test_046_adminless_kdfnone.py
@@ -0,0 +1,25 @@
 """
 test_005_adminless_kdfnone.py - test admin-less mode
 Copyright (C) 2016, 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from skip_if_kdfreq import *
 from skip_gnuk_only_tests import *
 from card_test_reset_pw3 import *
--- a/tests/020_kdffull/01_initial_check/test_050_adminfull_kdffull.py
+++ b/tests/020_kdffull/01_initial_check/test_050_adminfull_kdffull.py
@@ -0,0 +1,23 @@
 """
 test_011_adminfull_kdffull.py - test KDF data object
 Copyright (C) 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from card_test_kdf_full import *
--- a/tests/020_kdffull/02_personalization/test_051_adminfull_kdffull.py
+++ b/tests/020_kdffull/02_personalization/test_051_adminfull_kdffull.py
@@ -0,0 +1,23 @@
 """
 test_011_adminfull_kdffull.py - test KDF data object
 Copyright (C) 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from card_test_personalize_card_1 import *
--- a/tests/020_kdffull/03_key_import/001_rsa2k/test_rsa2k_import.py
+++ b/tests/020_kdffull/03_key_import/001_rsa2k/test_rsa2k_import.py
@@ -0,0 +1 @@
 from card_test_ki_pko_dsc_rsa2k import *
--- a/tests/020_kdffull/03_key_import/002_nistp256r1/test_nistp256r1_import.py
+++ b/tests/020_kdffull/03_key_import/002_nistp256r1/test_nistp256r1_import.py
@@ -0,0 +1 @@
 from card_test_ki_pko_dsc_nistp256r1 import *
--- a/tests/020_kdffull/03_key_import/003_brainpoolp256r1/test_brainpoolp256r1_import.py
+++ b/tests/020_kdffull/03_key_import/003_brainpoolp256r1/test_brainpoolp256r1_import.py
@@ -0,0 +1 @@
 from card_test_ki_pko_dsc_brainpoolp256r1 import *
--- a/tests/020_kdffull/03_key_import/004_secp256k1/test_secp256k1_import.py
+++ b/tests/020_kdffull/03_key_import/004_secp256k1/test_secp256k1_import.py
@@ -0,0 +1 @@
 from card_test_ki_pko_dsc_secp256k1 import *
--- a/tests/020_kdffull/03_key_import/005_nistp384r1/test_nistp384r1_import.py
+++ b/tests/020_kdffull/03_key_import/005_nistp384r1/test_nistp384r1_import.py
@@ -0,0 +1 @@
 from card_test_ki_pko_dsc_nistp384r1 import *
--- a/tests/020_kdffull/03_key_import/006_brainpoolp384r1/test_brainpoolp384r1_import.py
+++ b/tests/020_kdffull/03_key_import/006_brainpoolp384r1/test_brainpoolp384r1_import.py
@@ -0,0 +1 @@
 from card_test_ki_pko_dsc_brainpoolp384r1 import *
--- a/tests/020_kdffull/03_key_import/008_nistp521r1/test_nistp521r1_import.py
+++ b/tests/020_kdffull/03_key_import/008_nistp521r1/test_nistp521r1_import.py
@@ -0,0 +1 @@
 from card_test_ki_pko_dsc_nistp521r1 import *
--- a/tests/020_kdffull/03_key_import/009_brainpoolp512r1/test_brainpoolp521r1_import.py
+++ b/tests/020_kdffull/03_key_import/009_brainpoolp512r1/test_brainpoolp521r1_import.py
@@ -0,0 +1 @@
 from card_test_ki_pko_dsc_brainpoolp512r1 import *
--- a/tests/020_kdffull/03_key_import/010_curve25519/test_curve25519_import.py
+++ b/tests/020_kdffull/03_key_import/010_curve25519/test_curve25519_import.py
@@ -0,0 +1 @@
 from card_test_ki_pko_dsc_curve25519 import *
--- a/tests/020_kdffull/04_keygen/001_rsa2k/test_rsa2k_keygen.py
+++ b/tests/020_kdffull/04_keygen/001_rsa2k/test_rsa2k_keygen.py
@@ -0,0 +1 @@
 from card_test_kg_pko_dsc_rsa2k import *
--- a/tests/020_kdffull/04_keygen/002_nistp256r1/test_nistp256r1_keygen.py
+++ b/tests/020_kdffull/04_keygen/002_nistp256r1/test_nistp256r1_keygen.py
@@ -0,0 +1 @@
 from card_test_ki_pko_dsc_nistp256r1 import *
--- a/tests/020_kdffull/04_keygen/003_brainpoolp256r1/test_brainpoolp256r1_keygen.py
+++ b/tests/020_kdffull/04_keygen/003_brainpoolp256r1/test_brainpoolp256r1_keygen.py
@@ -0,0 +1 @@
 from card_test_kg_pko_dsc_brainpoolp256r1 import *
--- a/tests/020_kdffull/04_keygen/004_secp256k1/test_secp256k1_keygen.py
+++ b/tests/020_kdffull/04_keygen/004_secp256k1/test_secp256k1_keygen.py
@@ -0,0 +1 @@
 from card_test_kg_pko_dsc_secp256k1 import *
--- a/tests/020_kdffull/04_keygen/005_nistp384r1/test_nistp384r1_keygen.py
+++ b/tests/020_kdffull/04_keygen/005_nistp384r1/test_nistp384r1_keygen.py
@@ -0,0 +1 @@
 from card_test_kg_pko_dsc_nistp384r1 import *
--- a/tests/020_kdffull/04_keygen/006_brainpoolp384r1/test_brainpoolp384r1_keygen.py
+++ b/tests/020_kdffull/04_keygen/006_brainpoolp384r1/test_brainpoolp384r1_keygen.py
@@ -0,0 +1 @@
 from card_test_kg_pko_dsc_brainpoolp384r1 import *
--- a/tests/020_kdffull/04_keygen/008_nistp521r1/test_nistp521r1_keygen.py
+++ b/tests/020_kdffull/04_keygen/008_nistp521r1/test_nistp521r1_keygen.py
@@ -0,0 +1 @@
 from card_test_kg_pko_dsc_nistp521r1 import *
--- a/tests/020_kdffull/04_keygen/009_brainpoolp512r1/test_brainpoolp521r1_keygen.py
+++ b/tests/020_kdffull/04_keygen/009_brainpoolp512r1/test_brainpoolp521r1_keygen.py
@@ -0,0 +1 @@
 from card_test_kg_pko_dsc_brainpoolp512r1 import *
--- a/tests/020_kdffull/04_keygen/010_curve25519/test_curve25519_keygen.py
+++ b/tests/020_kdffull/04_keygen/010_curve25519/test_curve25519_keygen.py
@@ -0,0 +1 @@
 from card_test_ki_pko_dsc_curve25519 import *
--- a/tests/020_kdffull/05_finalize/test_000_reset_to_TEST4.py
+++ b/tests/020_kdffull/05_finalize/test_000_reset_to_TEST4.py
@@ -0,0 +1,15 @@
 import pytest
 from card_const import *
 from constants_for_test import *
 def test_setup_pw1_4(card):
    r = card.change_passwd(1, FACTORY_PASSPHRASE_PW1, PW1_TEST4)
    assert r
 def test_verify_pw1_4(card):
    v = card.verify(1, PW1_TEST4)
    assert v
 def test_verify_pw1_4_2(card):
    v = card.verify(2, PW1_TEST4)
    assert v
--- a/tests/020_kdffull/05_finalize/test_057_adminfull_kdffull.py
+++ b/tests/020_kdffull/05_finalize/test_057_adminfull_kdffull.py
@@ -0,0 +1,23 @@
 """
 test_011_adminfull_kdffull.py - test KDF data object
 Copyright (C) 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from card_test_personalize_reset import *
--- a/tests/020_kdffull/05_finalize/test_058_adminfull_kdffull.py
+++ b/tests/020_kdffull/05_finalize/test_058_adminfull_kdffull.py
@@ -0,0 +1,23 @@
 """
 test_011_adminfull_kdffull.py - test KDF data object
 Copyright (C) 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from card_test_remove_keys import *
--- a/tests/020_kdffull/05_finalize/test_059_adminfull_kdffull.py
+++ b/tests/020_kdffull/05_finalize/test_059_adminfull_kdffull.py
@@ -0,0 +1,23 @@
 """
 test_011_adminfull_kdffull.py - test KDF data object
 Copyright (C) 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from card_test_reset_pw3 import *
--- a/tests/020_kdffull/conftest.py
+++ b/tests/020_kdffull/conftest.py
@@ -0,0 +1 @@
 from skip_if_no_kdf_support import *
--- a/tests/030_kdfsingle/test_060_adminfull_kdfsingle.py
+++ b/tests/030_kdfsingle/test_060_adminfull_kdfsingle.py
@@ -0,0 +1,24 @@
 """
 test_016_adminfull_kdfsingle.py - test KDF data object
 Copyright (C) 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from skip_gnuk_only_tests import *
 from card_test_kdf_single import *
--- a/tests/030_kdfsingle/test_061_adminfull_kdfsingle.py
+++ b/tests/030_kdfsingle/test_061_adminfull_kdfsingle.py
@@ -0,0 +1,25 @@
 """
 test_016_adminfull_kdfsingle.py - test KDF data object
 Copyright (C) 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from skip_gnuk_only_tests import *
 from card_test_personalize_card_1 import *
 from card_test_personalize_card_2 import *
--- a/tests/030_kdfsingle/test_062_adminfull_kdfsingle.py
+++ b/tests/030_kdfsingle/test_062_adminfull_kdfsingle.py
@@ -0,0 +1,24 @@
 """
 test_016_adminfull_kdfsingle.py - test KDF data object
 Copyright (C) 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from skip_gnuk_only_tests import *
 from card_test_public_key_operations import *
--- a/tests/030_kdfsingle/test_063_adminfull_kdfsingle.py
+++ b/tests/030_kdfsingle/test_063_adminfull_kdfsingle.py
@@ -0,0 +1,24 @@
 """
 test_016_adminfull_kdfsingle.py - test KDF data object
 Copyright (C) 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from skip_gnuk_only_tests import *
 from card_test_ds_counter2 import *
--- a/tests/030_kdfsingle/test_064_adminfull_kdfsingle.py
+++ b/tests/030_kdfsingle/test_064_adminfull_kdfsingle.py
@@ -0,0 +1,24 @@
 """
 test_016_adminfull_kdfsingle.py - test KDF data object
 Copyright (C) 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from skip_gnuk_only_tests import *
 from card_test_personalize_reset import *
--- a/tests/030_kdfsingle/test_065_adminfull_kdfsingle.py
+++ b/tests/030_kdfsingle/test_065_adminfull_kdfsingle.py
@@ -0,0 +1,24 @@
 """
 test_016_adminfull_kdfsingle.py - test KDF data object
 Copyright (C) 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from skip_gnuk_only_tests import *
 from card_test_remove_keys import *
--- a/tests/030_kdfsingle/test_066_adminfull_kdfsingle.py
+++ b/tests/030_kdfsingle/test_066_adminfull_kdfsingle.py
@@ -0,0 +1,24 @@
 """
 test_016_adminfull_kdfsingle.py - test KDF data object
 Copyright (C) 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from skip_gnuk_only_tests import *
 from card_test_reset_pw3 import *
--- a/tests/030_kdfsingle/test_070_adminless_kdfsingle.py
+++ b/tests/030_kdfsingle/test_070_adminless_kdfsingle.py
@@ -0,0 +1,2 @@
 from skip_gnuk_only_tests import *
 from card_test_personalize_admin_less_1 import *
--- a/tests/030_kdfsingle/test_071_adminless_kdfsingle.py
+++ b/tests/030_kdfsingle/test_071_adminless_kdfsingle.py
@@ -0,0 +1,2 @@
 from skip_gnuk_only_tests import *
 from card_test_public_key_operations_alt import *
--- a/tests/030_kdfsingle/test_072_adminless_kdfsingle.py
+++ b/tests/030_kdfsingle/test_072_adminless_kdfsingle.py
@@ -0,0 +1,2 @@
 from skip_gnuk_only_tests import *
 from card_test_ds_counter1 import *
--- a/tests/030_kdfsingle/test_073_adminless_kdfsingle.py
+++ b/tests/030_kdfsingle/test_073_adminless_kdfsingle.py
@@ -0,0 +1,2 @@
 from skip_gnuk_only_tests import *
 from card_test_personalize_admin_less_2 import *
--- a/tests/030_kdfsingle/test_074_adminless_kdfsingle.py
+++ b/tests/030_kdfsingle/test_074_adminless_kdfsingle.py
@@ -0,0 +1,2 @@
 from skip_gnuk_only_tests import *
 from card_test_personalize_reset import *
--- a/tests/030_kdfsingle/test_075_adminless_kdfsingle.py
+++ b/tests/030_kdfsingle/test_075_adminless_kdfsingle.py
@@ -0,0 +1,2 @@
 from skip_gnuk_only_tests import *
 from card_test_remove_keys import *
--- a/tests/030_kdfsingle/test_076_adminless_kdfsingle.py
+++ b/tests/030_kdfsingle/test_076_adminless_kdfsingle.py
@@ -0,0 +1,2 @@
 from skip_gnuk_only_tests import *
 from card_test_reset_pw3 import *
--- a/tests/090_finalize/test_080_kdf_none.py
+++ b/tests/090_finalize/test_080_kdf_none.py
@@ -0,0 +1,42 @@
 """
 test_025_kdf_none.py - test KDF data object
 Copyright (C) 2018  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from skip_if_no_kdf_support import *
 from card_const import *
 from constants_for_test import *
 def test_verify_pw3(card):
    v = card.verify(3, FACTORY_PASSPHRASE_PW3)
    assert v
 def test_kdf_put_none(card):
    if card.is_yubikey:
        KDF_SETUP_NONE=b"\x81\x01\x00"
    else:
        KDF_SETUP_NONE=b""
    r = card.configure_kdf(KDF_SETUP_NONE)
    assert r
 def test_verify_pw3_1(card):
    v = card.verify(3, FACTORY_PASSPHRASE_PW3)
    assert v
--- a/tests/090_finalize/test_091_reset_attr.py
+++ b/tests/090_finalize/test_091_reset_attr.py
@@ -0,0 +1,23 @@
 """
 test_091_reset_attr.py - test resetting key attributes
 Copyright (C) 2021  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from card_test_reset_attr import *
--- a/tests/brainpoolp256r1_keys.py
+++ b/tests/brainpoolp256r1_keys.py
@@ -0,0 +1,148 @@
 from time import time
 from struct import pack
 from hashlib import sha1, sha256
 from pk_signed_mpi_with_libgcrypt import PK_libgcrypt
 from card_const import KEY_ATTRIBUTES_ECDH_BRAINPOOLP256R1, KEY_ATTRIBUTES_ECDSA_BRAINPOOLP256R1
 lg_bp256 = PK_libgcrypt(32, "brainpoolP256r1")
 class PK_Crypto(object):
    @staticmethod
    def pk_from_pk_info(pk_info):
        return pk_info[5:]
    @staticmethod
    def compute_digestinfo(msg):
        return sha256(msg).digest()
    @staticmethod
    def enc_data(enc_info):
        return b'\xa6\x46\x7f\x49\x43\x86\x41' + enc_info[1]
    @staticmethod
    def enc_check(enc_info, s):
        point = enc_info[0]
        # It's 04 || X || Y, extract X
        return point[1:33] == s
    def __init__(self, keyno=None, pk_info=None, data=None):
        if keyno == None:
            # Just for name space
            return
        self.keyno = keyno
        self.for_encryption = (self.keyno == 1)
        self.timestamp = pack('>I', int(time()))
        if pk_info:
            # Public part only (no private data) from card
            self.q = pk_info[5:]
        else:
            # Private part (in big endian)
            self.d = data[0]
            self.q = data[1]
        self.fpr = self.calc_fpr()
    def calc_fpr(self):
        m_len = 6 + 2 + 65
        ver = b'\x04'
        algo = b'\x12' if self.for_encryption else b'\x16'
        m = b'\x99' + pack('>H', m_len) + ver + self.timestamp + algo \
            + pack('>H', 512+3) + self.q
        return sha1(m).digest()
    def build_privkey_template(self, is_yubikey):
        openpgp_keyno = self.keyno + 1
        if openpgp_keyno == 1:
            keyspec = b'\xb6'
        elif openpgp_keyno == 2:
            keyspec = b'\xb8'
        else:
            keyspec = b'\xa4'
        key_template = b'\x92\x20'
        exthdr = keyspec + b'\x00' + b'\x7f\x48' + b'\x02' + key_template
        suffix = b'\x5f\x48' + b'\x20'
        return b'\x4d' + b'\x2a' + exthdr + suffix + self.d
    def compute_signature(self, digestinfo):
        return lg_bp256.call_pk_sign(self.d, digestinfo)
    def verify_signature(self, digestinfo, sig):
        return lg_bp256.call_pk_verify(self.q, digestinfo, sig)
    def encrypt(self, plaintext):
        # Do ECDH
        return lg_bp256.call_pk_encrypt(self.q, plaintext)
    def get_fpr(self):
        return self.fpr
    def get_timestamp(self):
        return self.timestamp
    def get_pk(self):
        return self.q
 key = [ None, None, None ]
 # https://datatracker.ietf.org/doc/html/rfc6932#appendix-A.2
 bp256_data0 = (
    b'\x04\x1e\xb8\xb1\xe2\xbc\x68\x1b\xce\x8e\x39\x96\x3b\x2e\x9f\xc4'
    b'\x15\xb0\x52\x83\x31\x3d\xd1\xa8\xbc\xc0\x55\xf1\x1a\xe4\x96\x99',
    b'\x04'
    b'\x78\x02\x84\x96\xb5\xec\xaa\xb3\xc8\xb6\xc1\x2e\x45\xdb\x1e\x02'
    b'\xc9\xe4\xd2\x6b\x41\x13\xbc\x4f\x01\x5f\x60\xc5\xcc\xc0\xd2\x06'
    b'\xa2\xae\x17\x62\xa3\x83\x1c\x1d\x20\xf0\x3f\x8d\x1e\x3c\x0c\x39'
    b'\xaf\xe6\xf0\x9b\x4d\x44\xbb\xe8\x0c\xd1\x00\x98\x7b\x05\xf9\x2b'
 )
 bp256_data2 = (
    b'\x06\xf5\x24\x0e\xac\xdb\x98\x37\xbc\x96\xd4\x82\x74\xc8\xaa\x83'
    b'\x4b\x6c\x87\xba\x9c\xc3\xee\xdd\x81\xf9\x9a\x16\xb8\xd8\x04\xd3',
    b'\x04'
    b'\x8e\x07\xe2\x19\xba\x58\x89\x16\xc5\xb0\x6a\xa3\x0a\x2f\x46\x4c'
    b'\x2f\x2a\xcf\xc1\x61\x0a\x3b\xe2\xfb\x24\x0b\x63\x53\x41\xf0\xdb'
    b'\x14\x8e\xa1\xd7\xd1\xe7\xe5\x4b\x95\x55\xb6\xc9\xac\x90\x62\x9c'
    b'\x18\xb6\x3b\xee\x5d\x7a\xa6\x94\x9e\xbb\xf4\x7b\x24\xfd\xe4\x0d'
 )
 # https://tools.ietf.org/html/rfc7027#appendix-A.1
 bp256_data1 = (
    b'\x81\xdb\x1e\xe1\x00\x15\x0f\xf2\xea\x33\x8d\x70\x82\x71\xbe\x38'
    b'\x30\x0c\xb5\x42\x41\xd7\x99\x50\xf7\x7b\x06\x30\x39\x80\x4f\x1d',
    b'\x04'
    b'\x44\x10\x6e\x91\x3f\x92\xbc\x02\xa1\x70\x5d\x99\x53\xa8\x41\x4d'
    b'\xb9\x5e\x1a\xaa\x49\xe8\x1d\x9e\x85\xf9\x29\xa8\xe3\x10\x0b\xe5'
    b'\x8a\xb4\x84\x6f\x11\xca\xcc\xb7\x3c\xe4\x9c\xbd\xd1\x20\xf5\xa9'
    b'\x00\xa6\x9f\xd3\x2c\x27\x22\x23\xf7\x89\xef\x10\xeb\x08\x9b\xdc'
 )
 key[0] = PK_Crypto(0, data=bp256_data0)
 key[1] = PK_Crypto(1, data=bp256_data1)
 key[2] = PK_Crypto(2, data=bp256_data2)
 PLAIN_TEXT0=b"In this test, we verify card generated result by libgcrypt."
 PLAIN_TEXT1=b"Signature is non-deterministic (it uses nonce K internally)."
 PLAIN_TEXT2=b"We don't use brainpoolp256r1 test vectors (it specifies K of ECDSA)."
 PLAIN_TEXT3=b"NOTE: Our test is not for ECDSA implementation itself."
 ENCRYPT_TEXT0 = sha256(b"encrypt me please").digest()
 ENCRYPT_TEXT1 = sha256(b"encrypt me please, another").digest()
 ENCRYPT_TEXT2 = sha256(b"encrypt me please, the other").digest()
 test_vector = {
    'sign_0' : PLAIN_TEXT0,
    'sign_1' : PLAIN_TEXT1,
    'auth_0' : PLAIN_TEXT2,
    'auth_1' : PLAIN_TEXT3,
    'decrypt_0' : ENCRYPT_TEXT0,
    'decrypt_1' : ENCRYPT_TEXT1,
    'encrypt_0' : ENCRYPT_TEXT2,
 }
 brainpoolp256r1_pk = PK_Crypto()
 brainpoolp256r1_pk.test_vector = test_vector
 brainpoolp256r1_pk.key_list = key
 brainpoolp256r1_pk.key_attr_list = [KEY_ATTRIBUTES_ECDSA_BRAINPOOLP256R1, KEY_ATTRIBUTES_ECDH_BRAINPOOLP256R1, KEY_ATTRIBUTES_ECDSA_BRAINPOOLP256R1]
 brainpoolp256r1_pk.PK_Crypto = PK_Crypto
--- a/tests/brainpoolp384r1_keys.py
+++ b/tests/brainpoolp384r1_keys.py
@@ -0,0 +1,157 @@
 from time import time
 from struct import pack
 from hashlib import sha1, sha384
 from pk_signed_mpi_with_libgcrypt import PK_libgcrypt
 from card_const import KEY_ATTRIBUTES_ECDH_BRAINPOOLP384R1, KEY_ATTRIBUTES_ECDSA_BRAINPOOLP384R1
 lg_bp384 = PK_libgcrypt(48, "brainpoolP384r1")
 class PK_Crypto(object):
    @staticmethod
    def pk_from_pk_info(pk_info):
        return pk_info[5:]
    @staticmethod
    def compute_digestinfo(msg):
        return sha384(msg).digest()
    @staticmethod
    def enc_data(enc_info):
        return b'\xa6\x66\x7f\x49\x63\x86\x61' + enc_info[1]
    @staticmethod
    def enc_check(enc_info, s):
        point = enc_info[0]
        # It's 04 || X || Y, extract X
        return point[1:49] == s
    def __init__(self, keyno=None, pk_info=None, data=None):
        if keyno == None:
            # Just for name space
            return
        self.keyno = keyno
        self.for_encryption = (self.keyno == 1)
        self.timestamp = pack('>I', int(time()))
        if pk_info:
            # Public part only (no private data) from card
            self.q = pk_info[5:]
        else:
            # Private part (in big endian)
            self.d = data[0]
            self.q = data[1]
        self.fpr = self.calc_fpr()
    def calc_fpr(self):
        m_len = 6 + 2 + 97
        ver = b'\x04'
        algo = b'\x12' if self.for_encryption else b'\x16'
        m = b'\x99' + pack('>H', m_len) + ver + self.timestamp + algo \
            + pack('>H', 768+3) + self.q
        return sha1(m).digest()
    def build_privkey_template(self, is_yubikey):
        openpgp_keyno = self.keyno + 1
        if openpgp_keyno == 1:
            keyspec = b'\xb6'
        elif openpgp_keyno == 2:
            keyspec = b'\xb8'
        else:
            keyspec = b'\xa4'
        key_template = b'\x92\x30'
        exthdr = keyspec + b'\x00' + b'\x7f\x48' + b'\x02' + key_template
        suffix = b'\x5f\x48' + b'\x30'
        return b'\x4d' + b'\x3a' + exthdr + suffix + self.d
    def compute_signature(self, digestinfo):
        return lg_bp384.call_pk_sign(self.d, digestinfo)
    def verify_signature(self, digestinfo, sig):
        return lg_bp384.call_pk_verify(self.q, digestinfo, sig)
    def encrypt(self, plaintext):
        # Do ECDH
        return lg_bp384.call_pk_encrypt(self.q, plaintext)
    def get_fpr(self):
        return self.fpr
    def get_timestamp(self):
        return self.timestamp
    def get_pk(self):
        return self.q
 key = [ None, None, None ]
 # https://datatracker.ietf.org/doc/html/rfc6932#appendix-A.3
 bp384_data0 = (
    b'\x01\x4e\xc0\x75\x5b\x78\x59\x4b\xa4\x7f\xb0\xa5\x6f\x61\x73\x04'
    b'\x5b\x43\x31\xe7\x4b\xa1\xa6\xf4\x73\x22\xe7\x0d\x79\xd8\x28\xd9'
    b'\x7e\x09\x58\x84\xca\x72\xb7\x3f\xda\xbd\x59\x10\xdf\x0f\xa7\x6a',
    b'\x04'
    b'\x45\xcb\x26\xe4\x38\x4d\xaf\x6f\xb7\x76\x88\x53\x07\xb9\xa3\x8b'
    b'\x7a\xd1\xb5\xc6\x92\xe0\xc3\x2f\x01\x25\x33\x27\x78\xf3\xb8\xd3'
    b'\xf5\x0c\xa3\x58\x09\x9b\x30\xde\xb5\xee\x69\xa9\x5c\x05\x8b\x4e'
    b'\x81\x73\xa1\xc5\x4a\xff\xa7\xe7\x81\xd0\xe1\xe1\xd1\x2c\x0d\xc2'
    b'\xb7\x4f\x4d\xf5\x8e\x4a\x4e\x3a\xf7\x02\x6c\x5d\x32\xdc\x53\x0a'
    b'\x2c\xd8\x9c\x85\x9b\xb4\xb4\xb7\x68\x49\x7f\x49\xab\x8c\xc8\x59'
 )
 bp384_data2 = (
    b'\x6b\x46\x1c\xb7\x9b\xd0\xea\x51\x9a\x87\xd6\x82\x88\x15\xd8\xce'
    b'\x7c\xd9\xb3\xca\xa0\xb5\xa8\x26\x2c\xbc\xd5\x50\xa0\x15\xc9\x00'
    b'\x95\xb9\x76\xf3\x52\x99\x57\x50\x6e\x12\x24\xa8\x61\x71\x1d\x54',
    b'\x04'
    b'\x01\xbf\x92\xa9\x2e\xe4\xbe\x8d\xed\x1a\x91\x11\x25\xc2\x09\xb0'
    b'\x3f\x99\xe3\x16\x1c\xfc\xc9\x86\xdc\x77\x11\x38\x3f\xc3\x0a\xf9'
    b'\xce\x28\xca\x33\x86\xd5\x9e\x2c\x8d\x72\xce\x1e\x7b\x46\x66\xe8'
    b'\x32\x89\xc4\xa3\xa4\xfe\xe0\x35\xe3\x9b\xdb\x88\x5d\x50\x9d\x22'
    b'\x4a\x14\x2f\xf9\xfb\xcc\x5c\xfe\x5c\xcb\xb3\x02\x68\xee\x47\x48'
    b'\x7e\xd8\x04\x48\x58\xd3\x1d\x84\x8f\x7a\x95\xc6\x35\xa3\x47\xac'
 )
 # https://tools.ietf.org/html/rfc7027#appendix-A.2
 bp384_data1 = (
    b'\x1e\x20\xf5\xe0\x48\xa5\x88\x6f\x1f\x15\x7c\x74\xe9\x1b\xde\x2b'
    b'\x98\xc8\xb5\x2d\x58\xe5\x00\x3d\x57\x05\x3f\xc4\xb0\xbd\x65\xd6'
    b'\xf1\x5e\xb5\xd1\xee\x16\x10\xdf\x87\x07\x95\x14\x36\x27\xd0\x42',
    b'\x04'
    b'\x68\xb6\x65\xdd\x91\xc1\x95\x80\x06\x50\xcd\xd3\x63\xc6\x25\xf4'
    b'\xe7\x42\xe8\x13\x46\x67\xb7\x67\xb1\xb4\x76\x79\x35\x88\xf8\x85'
    b'\xab\x69\x8c\x85\x2d\x4a\x6e\x77\xa2\x52\xd6\x38\x0f\xca\xf0\x68'
    b'\x55\xbc\x91\xa3\x9c\x9e\xc0\x1d\xee\x36\x01\x7b\x7d\x67\x3a\x93'
    b'\x12\x36\xd2\xf1\xf5\xc8\x39\x42\xd0\x49\xe3\xfa\x20\x60\x74\x93'
    b'\xe0\xd0\x38\xff\x2f\xd3\x0c\x2a\xb6\x7d\x15\xc8\x5f\x7f\xaa\x59'
 )
 key[0] = PK_Crypto(0, data=bp384_data0)
 key[1] = PK_Crypto(1, data=bp384_data1)
 key[2] = PK_Crypto(2, data=bp384_data2)
 PLAIN_TEXT0=b"In this test, we verify card generated result by libgcrypt."
 PLAIN_TEXT1=b"Signature is non-deterministic (it uses nonce K internally)."
 PLAIN_TEXT2=b"We don't use brainpoolp384r1 test vectors (it specifies K of ECDSA)."
 PLAIN_TEXT3=b"NOTE: Our test is not for ECDSA implementation itself."
 ENCRYPT_TEXT0 = sha384(b"encrypt me please").digest()
 ENCRYPT_TEXT1 = sha384(b"encrypt me please, another").digest()
 ENCRYPT_TEXT2 = sha384(b"encrypt me please, the other").digest()
 test_vector = {
    'sign_0' : PLAIN_TEXT0,
    'sign_1' : PLAIN_TEXT1,
    'auth_0' : PLAIN_TEXT2,
    'auth_1' : PLAIN_TEXT3,
    'decrypt_0' : ENCRYPT_TEXT0,
    'decrypt_1' : ENCRYPT_TEXT1,
    'encrypt_0' : ENCRYPT_TEXT2,
 }
 brainpoolp384r1_pk = PK_Crypto()
 brainpoolp384r1_pk.test_vector = test_vector
 brainpoolp384r1_pk.key_list = key
 brainpoolp384r1_pk.key_attr_list = [KEY_ATTRIBUTES_ECDSA_BRAINPOOLP384R1, KEY_ATTRIBUTES_ECDH_BRAINPOOLP384R1, KEY_ATTRIBUTES_ECDSA_BRAINPOOLP384R1]
 brainpoolp384r1_pk.PK_Crypto = PK_Crypto
--- a/tests/brainpoolp512r1_keys.py
+++ b/tests/brainpoolp512r1_keys.py
@@ -0,0 +1,166 @@
 from time import time
 from struct import pack
 from hashlib import sha1, sha512
 from pk_signed_mpi_with_libgcrypt import PK_libgcrypt
 from card_const import KEY_ATTRIBUTES_ECDH_BRAINPOOLP512R1, KEY_ATTRIBUTES_ECDSA_BRAINPOOLP512R1
 lg_bp512 = PK_libgcrypt(64, "brainpoolP512r1")
 class PK_Crypto(object):
    @staticmethod
    def pk_from_pk_info(pk_info):
        return pk_info[7:]
    @staticmethod
    def compute_digestinfo(msg):
        return sha512(msg).digest()
    @staticmethod
    def enc_data(enc_info):
        return b'\xa6\x81\x88\x7f\x49\x81\x84\x86\x81\x81' + enc_info[1]
    @staticmethod
    def enc_check(enc_info, s):
        point = enc_info[0]
        # It's 04 || X || Y, extract X
        return point[1:65] == s
    def __init__(self, keyno=None, pk_info=None, data=None):
        if keyno == None:
            # Just for name space
            return
        self.keyno = keyno
        self.for_encryption = (self.keyno == 1)
        self.timestamp = pack('>I', int(time()))
        if pk_info:
            # Public part only (no private data) from card
            self.q = pk_info[7:]
        else:
            # Private part (in big endian)
            self.d = data[0]
            self.q = data[1]
        self.fpr = self.calc_fpr()
    def calc_fpr(self):
        m_len = 6 + 2 + 129
        ver = b'\x04'
        algo = b'\x12' if self.for_encryption else b'\x16'
        m = b'\x99' + pack('>H', m_len) + ver + self.timestamp + algo \
            + pack('>H', 1024+3) + self.q
        return sha1(m).digest()
    def build_privkey_template(self, is_yubikey):
        openpgp_keyno = self.keyno + 1
        if openpgp_keyno == 1:
            keyspec = b'\xb6'
        elif openpgp_keyno == 2:
            keyspec = b'\xb8'
        else:
            keyspec = b'\xa4'
        key_template = b'\x92\x40'
        exthdr = keyspec + b'\x00' + b'\x7f\x48' + b'\x02' + key_template
        suffix = b'\x5f\x48' + b'\x40'
        return b'\x4d' + b'\x4a' + exthdr + suffix + self.d
    def compute_signature(self, digestinfo):
        return lg_bp512.call_pk_sign(self.d, digestinfo)
    def verify_signature(self, digestinfo, sig):
        return lg_bp512.call_pk_verify(self.q, digestinfo, sig)
    def encrypt(self, plaintext):
        # Do ECDH
        return lg_bp512.call_pk_encrypt(self.q, plaintext)
    def get_fpr(self):
        return self.fpr
    def get_timestamp(self):
        return self.timestamp
    def get_pk(self):
        return self.q
 key = [ None, None, None ]
 # https://datatracker.ietf.org/doc/html/rfc6932#appendix-A.4
 bp512_data0 = (
    b'\x63\x6b\x6b\xe0\x48\x2a\x6c\x1c\x41\xaa\x7a\xe7\xb2\x45\xe9\x83'
    b'\x39\x2d\xb9\x4c\xec\xea\x26\x60\xa3\x79\xcf\xe1\x59\x55\x9e\x35'
    b'\x75\x81\x82\x53\x91\x17\x5f\xc1\x95\xd2\x8b\xac\x0c\xf0\x3a\x78'
    b'\x41\xa3\x83\xb9\x5c\x26\x2b\x98\x37\x82\x87\x4c\xce\x6f\xe3\x33',
    b'\x04'
    b'\x05\x62\xe6\x8b\x9a\xf7\xcb\xfd\x55\x65\xc6\xb1\x68\x83\xb7\x77'
    b'\xff\x11\xc1\x99\x16\x1e\xcc\x42\x7a\x39\xd1\x7e\xc2\x16\x64\x99'
    b'\x38\x95\x71\xd6\xa9\x94\x97\x7c\x56\xad\x82\x52\x65\x8b\xa8\xa1'
    b'\xb7\x2a\xe4\x2f\x4f\xb7\x53\x21\x51\xaf\xc3\xef\x09\x71\xcc\xda'
    b'\xa7\xca\x2d\x81\x91\xe2\x17\x76\xa8\x98\x60\xaf\xbc\x1f\x58\x2f'
    b'\xaa\x30\x8d\x55\x1c\x1d\xc6\x13\x3a\xf9\xf9\xc3\xca\xd5\x99\x98'
    b'\xd7\x00\x79\x54\x81\x40\xb9\x0b\x1f\x31\x1a\xfb\x37\x8a\xa8\x1f'
    b'\x51\xb2\x75\xb2\xbe\x6b\x7d\xee\x97\x8e\xfc\x73\x43\xea\x64\x2e'
 )
 bp512_data2 = (
    b'\x0a\xf4\xe7\xf6\xd5\x2e\xdd\x52\x90\x7b\xb8\xdb\xab\x39\x92\xa0'
    b'\xbb\x69\x6e\xc1\x0d\xf1\x18\x92\xff\x20\x5b\x66\xd3\x81\xec\xe7'
    b'\x23\x14\xe6\xa6\xea\x07\x9c\xea\x06\x96\x1d\xba\x5a\xe6\x42\x2e'
    b'\xf2\xe9\xee\x80\x3a\x1f\x23\x6f\xb9\x6a\x17\x99\xb8\x6e\x5c\x8b',
    b'\x04'
    b'\x5a\x79\x54\xe3\x26\x63\xdf\xf1\x1a\xe2\x47\x12\xd8\x74\x19\xf2'
    b'\x6b\x70\x8a\xc2\xb9\x28\x77\xd6\xbf\xee\x2b\xfc\x43\x71\x4d\x89'
    b'\xbb\xdb\x6d\x24\xd8\x07\xbb\xd3\xae\xb7\xf0\xc3\x25\xf8\x62\xe8'
    b'\xba\xde\x4f\x74\x63\x6b\x97\xea\xac\xe7\x39\xe1\x17\x20\xd3\x23'
    b'\x96\xd1\x46\x21\xa9\x28\x3a\x1b\xed\x84\xde\x8d\xd6\x48\x36\xb2'
    b'\xc0\x75\x8b\x11\x44\x11\x79\xdc\x0c\x54\xc0\xd4\x9a\x47\xc0\x38'
    b'\x07\xd1\x71\xdd\x54\x4b\x72\xca\xae\xf7\xb7\xce\x01\xc7\x75\x3e'
    b'\x2c\xad\x1a\x86\x1e\xca\x55\xa7\x19\x54\xee\x1b\xa3\x5e\x04\xbe'
 )
 # https://tools.ietf.org/html/rfc7027#appendix-A.3
 bp512_data1 = (
    b'\x16\x30\x2f\xf0\xdb\xbb\x5a\x8d\x73\x3d\xab\x71\x41\xc1\xb4\x5a'
    b'\xcb\xc8\x71\x59\x39\x67\x7f\x6a\x56\x85\x0a\x38\xbd\x87\xbd\x59'
    b'\xb0\x9e\x80\x27\x96\x09\xff\x33\x3e\xb9\xd4\xc0\x61\x23\x1f\xb2'
    b'\x6f\x92\xee\xb0\x49\x82\xa5\xf1\xd1\x76\x4c\xad\x57\x66\x54\x22',
    b'\x04'
    b'\x0a\x42\x05\x17\xe4\x06\xaa\xc0\xac\xdc\xe9\x0f\xcd\x71\x48\x77'
    b'\x18\xd3\xb9\x53\xef\xd7\xfb\xec\x5f\x7f\x27\xe2\x8c\x61\x49\x99'
    b'\x93\x97\xe9\x1e\x02\x9e\x06\x45\x7d\xb2\xd3\xe6\x40\x66\x8b\x39'
    b'\x2c\x2a\x7e\x73\x7a\x7f\x0b\xf0\x44\x36\xd1\x16\x40\xfd\x09\xfd'
    b'\x72\xe6\x88\x2e\x8d\xb2\x8a\xad\x36\x23\x7c\xd2\x5d\x58\x0d\xb2'
    b'\x37\x83\x96\x1c\x8d\xc5\x2d\xfa\x2e\xc1\x38\xad\x47\x2a\x0f\xce'
    b'\xf3\x88\x7c\xf6\x2b\x62\x3b\x2a\x87\xde\x5c\x58\x83\x01\xea\x3e'
    b'\x5f\xc2\x69\xb3\x73\xb6\x07\x24\xf5\xe8\x2a\x6a\xd1\x47\xfd\xe7'
 )
 key[0] = PK_Crypto(0, data=bp512_data0)
 key[1] = PK_Crypto(1, data=bp512_data1)
 key[2] = PK_Crypto(2, data=bp512_data2)
 PLAIN_TEXT0=b"In this test, we verify card generated result by libgcrypt."
 PLAIN_TEXT1=b"Signature is non-deterministic (it uses nonce K internally)."
 PLAIN_TEXT2=b"We don't use brainpoolp512r1 test vectors (it specifies K of ECDSA)."
 PLAIN_TEXT3=b"NOTE: Our test is not for ECDSA implementation itself."
 ENCRYPT_TEXT0 = sha512(b"encrypt me please").digest()
 ENCRYPT_TEXT1 = sha512(b"encrypt me please, another").digest()
 ENCRYPT_TEXT2 = sha512(b"encrypt me please, the other").digest()
 test_vector = {
    'sign_0' : PLAIN_TEXT0,
    'sign_1' : PLAIN_TEXT1,
    'auth_0' : PLAIN_TEXT2,
    'auth_1' : PLAIN_TEXT3,
    'decrypt_0' : ENCRYPT_TEXT0,
    'decrypt_1' : ENCRYPT_TEXT1,
    'encrypt_0' : ENCRYPT_TEXT2,
 }
 brainpoolp512r1_pk = PK_Crypto()
 brainpoolp512r1_pk.test_vector = test_vector
 brainpoolp512r1_pk.key_list = key
 brainpoolp512r1_pk.key_attr_list = [KEY_ATTRIBUTES_ECDSA_BRAINPOOLP512R1, KEY_ATTRIBUTES_ECDH_BRAINPOOLP512R1, KEY_ATTRIBUTES_ECDSA_BRAINPOOLP512R1]
 brainpoolp512r1_pk.PK_Crypto = PK_Crypto
--- a/tests/build-in-docker.sh
+++ b/tests/build-in-docker.sh
@@ -0,0 +1,7 @@
 #!/bin/bash -eu
 source tests/docker_env.sh
 #run_in_docker rm -rf CMakeFiles
 run_in_docker mkdir -p build_in_docker
 run_in_docker -w "$PWD/build_in_docker" cmake -DENABLE_EMULATION=1 ..
 run_in_docker -w "$PWD/build_in_docker" make -j ${NUM_PROC}
--- a/tests/card_const.py
+++ b/tests/card_const.py
@@ -0,0 +1,46 @@
 FACTORY_PASSPHRASE_PW1=b"123456"
 FACTORY_PASSPHRASE_PW3=b"12345678"
 KEY_ATTRIBUTES_RSA4K=b"\x01\x10\x00\x00\x20\x00"
 KEY_ATTRIBUTES_RSA2K=b"\x01\x08\x00\x00\x20\x00"
 KEY_ATTRIBUTES_RSA2K_ALT=b"\x01\x08\x00\x00\x11\x00"
 KEY_ATTRIBUTES_ECDH_NISTP256R1=b"\x12\x2a\x86\x48\xce\x3d\x03\x01\x07"
 KEY_ATTRIBUTES_ECDH_NISTP384R1=b"\x12\x2b\x81\x04\x00\x22"
 KEY_ATTRIBUTES_ECDH_NISTP521R1=b"\x12\x2b\x81\x04\x00\x23"
 KEY_ATTRIBUTES_ECDH_BRAINPOOLP256R1=b"\x12\x2b\x24\x03\x03\x02\x08\x01\x01\x07"
 KEY_ATTRIBUTES_ECDH_BRAINPOOLP384R1=b"\x12\x2b\x24\x03\x03\x02\x08\x01\x01\x0b"
 KEY_ATTRIBUTES_ECDH_BRAINPOOLP512R1=b"\x12\x2b\x24\x03\x03\x02\x08\x01\x01\x0d"
 KEY_ATTRIBUTES_ECDSA_NISTP256R1=b"\x13\x2a\x86\x48\xce\x3d\x03\x01\x07"
 KEY_ATTRIBUTES_ECDSA_NISTP384R1=b"\x13\x2b\x81\x04\x00\x22"
 KEY_ATTRIBUTES_ECDSA_NISTP521R1=b"\x13\x2b\x81\x04\x00\x23"
 KEY_ATTRIBUTES_ECDSA_BRAINPOOLP256R1=b"\x13\x2b\x24\x03\x03\x02\x08\x01\x01\x07"
 KEY_ATTRIBUTES_ECDSA_BRAINPOOLP384R1=b"\x13\x2b\x24\x03\x03\x02\x08\x01\x01\x0b"
 KEY_ATTRIBUTES_ECDSA_BRAINPOOLP512R1=b"\x13\x2b\x24\x03\x03\x02\x08\x01\x01\x0d"
 KEY_ATTRIBUTES_CV25519=b"\x12\x2b\x06\x01\x04\x01\x97\x55\x01\x05\x01"
 KEY_ATTRIBUTES_ED25519=b"\x16\x2b\x06\x01\x04\x01\xda\x47\x0f\x01"
 KEY_ATTRIBUTES_ECDH_SECP256K1=b"\x12\x2b\x81\x04\x00\x0a"
 KEY_ATTRIBUTES_ECDSA_SECP256K1=b"\x13\x2b\x81\x04\x00\x0a"
 def default_key(card, is_for_encr):
    if card.is_gnuk:
        if is_for_encr:
            return KEY_ATTRIBUTES_CV25519
        else:
            return KEY_ATTRIBUTES_ED25519
    else:
        # if is_for_encr:
        #     return KEY_ATTRIBUTES_ECDH_BRAINPOOLP512R1
        # else:
        #     return KEY_ATTRIBUTES_ECDSA_BRAINPOOLP512R1
        return KEY_ATTRIBUTES_RSA2K
 def alt_key(card, is_for_encr):
    if card.is_gnuk or card.is_yubikey:
        if is_for_encr:
            return KEY_ATTRIBUTES_ECDH_SECP256K1
        else:
            return KEY_ATTRIBUTES_ECDSA_SECP256K1
    else:
        if is_for_encr:
            return KEY_ATTRIBUTES_ECDH_BRAINPOOLP256R1
        else:
            return KEY_ATTRIBUTES_ECDSA_BRAINPOOLP256R1
--- a/tests/card_reader.py
+++ b/tests/card_reader.py
@@ -0,0 +1,67 @@
 """
 card_reader.py - a library for smartcard reader
 Copyright (C) 2016, 2017, 2019  Free Software Initiative of Japan
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from struct import pack
 from binascii import hexlify
 import sys
 try:
    from smartcard.CardType import AnyCardType
    from smartcard.CardRequest import CardRequest
    from smartcard.Exceptions import CardRequestTimeoutException, CardConnectionException
 except ModuleNotFoundError:
    print('ERROR: smarctard module not found! Install pyscard package.\nTry with `pip install pyscard`')
    sys.exit(-1)
 class CardReader(object):
    def __init__(self):
        """
        __init__() -> None
        Initialize the reader
        device: usb.core.Device object.
        """
        cardtype = AnyCardType()
        try:
            # request card insertion
            cardrequest = CardRequest(timeout=10, cardType=cardtype)
            self.__card = cardrequest.waitforcard()
            # connect to the card and perform a few transmits
            self.__card.connection.connect()
        except CardRequestTimeoutException:
            raise Exception('time-out: no card inserted during last 10s')
    def reset_device(self):
        self.__card.connection.reconnect()
    def send_cmd(self, cmd):
        response, sw1, sw2 = self.__card.connection.transmit(list(bytearray(cmd)))
        return bytes(response + [sw1,sw2])
    def ccid_power_off(self):
        self.__card.connection.disconnect()
 def get_ccid_device():
    return CardReader()
--- a/tests/card_test_0_set_attr.py
+++ b/tests/card_test_0_set_attr.py
@@ -0,0 +1,41 @@
 """
 card_test_set_attr.py - test setting key attributes
 Copyright (C) 2021  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from card_const import *
 import pytest
 class Test_Set_ATTRS(object):
    #def test_verify_pw3(self, card):
    #    v = card.verify(3, FACTORY_PASSPHRASE_PW3)
    #    assert v
    def test_keyattr_set_1(self, card, pk):
        r = card.cmd_put_data(0x00, 0xc1, pk.key_attr_list[0])
        assert r
    def test_keyattr_set_2(self, card, pk):
        r = card.cmd_put_data(0x00, 0xc2, pk.key_attr_list[1])
        assert r
    def test_keyattr_set_3(self, card, pk):
        r = card.cmd_put_data(0x00, 0xc3, pk.key_attr_list[2])
        assert r
--- a/tests/card_test_1_import_keys.py
+++ b/tests/card_test_1_import_keys.py
@@ -0,0 +1,184 @@
 """
 card_test_personalize_card.py - test personalizing card
 Copyright (C) 2016, 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from struct import pack
 from re import match, DOTALL
 from util import *
 from card_const import *
 from constants_for_test import *
 import pytest
 class Test_Card_Personalize_Card_2(object):
    def test_import_key_1(self, card, pk):
        t = pk.key_list[0].build_privkey_template(card.is_yubikey)
        r = card.cmd_put_data_odd(0x3f, 0xff, t)
        assert r
    def test_import_key_2(self, card, pk):
        t = pk.key_list[1].build_privkey_template(card.is_yubikey)
        r = card.cmd_put_data_odd(0x3f, 0xff, t)
        assert r
    def test_import_key_3(self, card, pk):
        t = pk.key_list[2].build_privkey_template(card.is_yubikey)
        r = card.cmd_put_data_odd(0x3f, 0xff, t)
        assert r
    def test_fingerprint_1_put(self, card, pk):
        fpr1 = pk.key_list[0].get_fpr()
        r = card.cmd_put_data(0x00, 0xc7, fpr1)
        assert r
    def test_fingerprint_2_put(self, card, pk):
        fpr2 = pk.key_list[1].get_fpr()
        r = card.cmd_put_data(0x00, 0xc8, fpr2)
        assert r
    def test_fingerprint_3_put(self, card, pk):
        fpr3 = pk.key_list[2].get_fpr()
        r = card.cmd_put_data(0x00, 0xc9, fpr3)
        assert r
    def test_timestamp_1_put(self, card, pk):
        timestamp1 = pk.key_list[0].get_timestamp()
        r = card.cmd_put_data(0x00, 0xce, timestamp1)
        assert r
    def test_timestamp_2_put(self, card, pk):
        timestamp2 = pk.key_list[1].get_timestamp()
        r = card.cmd_put_data(0x00, 0xcf, timestamp2)
        assert r
    def test_timestamp_3_put(self, card, pk):
        timestamp3 = pk.key_list[2].get_timestamp()
        r = card.cmd_put_data(0x00, 0xd0, timestamp3)
        assert r
    def test_ds_counter_0(self, card):
        c = get_data_object(card, 0x7a)
        assert c == b'\x93\x03\x00\x00\x00'
    def test_pw1_status(self, card):
        s = get_data_object(card, 0xc4)
        assert match(b'\x01...\x03[\x00\x03]\x03', s, DOTALL)
    def test_app_data(self, card):
        if card.is_yubikey:
            pytest.skip("Yubikey raises 6e82 error for composed data object 6E")
        else:
            app_data = get_data_object(card, 0x6e)
            hist_len = app_data[20]
            # FIXME: parse and check DO of C0, C1, C2, C3, C4, and C6
            assert app_data[0:8] == b"\x4f\x10\xd2\x76\x00\x01\x24\x01" and \
                app_data[18:18+2] == b"\x5f\x52"
    def test_public_key_1(self, card, pk):
        pk_info = card.cmd_get_public_key(1)
        assert pk.key_list[0].get_pk() == pk.pk_from_pk_info(pk_info)
    def test_public_key_2(self, card, pk):
        pk_info = card.cmd_get_public_key(2)
        assert pk.key_list[1].get_pk() == pk.pk_from_pk_info(pk_info)
    def test_public_key_3(self, card, pk):
        pk_info = card.cmd_get_public_key(3)
        assert pk.key_list[2].get_pk() == pk.pk_from_pk_info(pk_info)
    def test_setup_pw1_0(self, card):
        r = card.change_passwd(1, FACTORY_PASSPHRASE_PW1, PW1_TEST0)
        assert r
    def test_verify_pw1_0(self, card):
        v = card.verify(1, PW1_TEST0)
        assert v
    def test_verify_pw1_0_2(self, card):
        v = card.verify(2, PW1_TEST0)
        assert v
    def test_setup_pw1_1(self, card):
        r = card.change_passwd(1, PW1_TEST0, PW1_TEST1)
        assert r
    def test_verify_pw1_1(self, card):
        v = card.verify(1, PW1_TEST1)
        assert v
    def test_verify_pw1_1_2(self, card):
        v = card.verify(2, PW1_TEST1)
        assert v
    def test_setup_reset_code(self, card):
        r = card.setup_reset_code(RESETCODE_TEST)
        assert r
    def test_reset_code(self, card):
        r = card.reset_passwd_by_resetcode(RESETCODE_TEST, PW1_TEST2)
        assert r
    def test_verify_pw1_2(self, card):
        v = card.verify(1, PW1_TEST2)
        assert v
    def test_verify_pw1_2_2(self, card):
        v = card.verify(2, PW1_TEST2)
        assert v
    def test_setup_pw3_1(self, card):
        r = card.change_passwd(3, PW3_TEST0, PW3_TEST1)
        assert r
    def test_verify_pw3_1(self, card):
        v = card.verify(3, PW3_TEST1)
        assert v
    def test_reset_userpass_admin(self, card):
        r = card.reset_passwd_by_admin(PW1_TEST3)
        assert r
    def test_verify_pw1_3(self, card):
        v = card.verify(1, PW1_TEST3)
        assert v
    def test_verify_pw1_3_2(self, card):
        v = card.verify(2, PW1_TEST3)
        assert v
    def test_setup_pw1_4(self, card):
        r = card.change_passwd(1, PW1_TEST3, FACTORY_PASSPHRASE_PW1)
        assert r
    def test_verify_pw1_4(self, card):
        v = card.verify(1, FACTORY_PASSPHRASE_PW1)
        assert v
    def test_verify_pw1_4_2(self, card):
        v = card.verify(2, FACTORY_PASSPHRASE_PW1)
        assert v
    def test_setup_pw3_2(self, card):
        r = card.change_passwd(3, PW3_TEST1, PW3_TEST0)
        assert r
    def test_verify_pw3_2(self, card):
        v = card.verify(3, PW3_TEST0)
        assert v
--- a/tests/card_test_1_keygen.py
+++ b/tests/card_test_1_keygen.py
@@ -0,0 +1,99 @@
 """
 card_test_keygen.py - test key generation
 Copyright (C) 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from binascii import hexlify
 from card_const import *
 from constants_for_test import *
 import pytest
 class Test_Card_Keygen(object):
    def test_000_setup_pw1_0(self, card):
        if card.is_gnuk:
            pytest.skip("Gnuk doesn't support passphrase with no key")
        else:
            r = card.change_passwd(1, FACTORY_PASSPHRASE_PW1, PW1_TEST4)
            assert r
    def test_verify_pw1_0_1(self, card):
        if card.is_gnuk:
            pytest.skip("Gnuk doesn't support passphrase with no key")
        else:
            v = card.verify(1, PW1_TEST4)
            assert v
    def test_verify_pw1_0_2(self, card):
        if card.is_gnuk:
            pytest.skip("Gnuk doesn't support passphrase with no key")
        else:
            v = card.verify(2, PW1_TEST4)
            assert v
    def test_keygen_1(self, card, pk):
        pk_info = card.cmd_genkey(1)
        k = pk.PK_Crypto(keyno=0, pk_info=pk_info)
        r = card.cmd_put_data(0x00, 0xc7, k.get_fpr())
        if r:
            r = card.cmd_put_data(0x00, 0xce, k.get_timestamp())
        assert r
    def test_keygen_2(self, card, pk):
        pk_info = card.cmd_genkey(2)
        k = pk.PK_Crypto(keyno=1, pk_info=pk_info)
        r = card.cmd_put_data(0x00, 0xc8, k.get_fpr())
        if r:
            r = card.cmd_put_data(0x00, 0xcf, k.get_timestamp())
        assert r
    def test_keygen_3(self, card, pk):
        pk_info = card.cmd_genkey(3)
        k = pk.PK_Crypto(keyno=2, pk_info=pk_info)
        r = card.cmd_put_data(0x00, 0xc9, k.get_fpr())
        if r:
            r = card.cmd_put_data(0x00, 0xd0, k.get_timestamp())
        assert r
    def test_setup_pw1_0(self, card):
        if card.is_gnuk:
            r = card.change_passwd(1, FACTORY_PASSPHRASE_PW1, PW1_TEST4)
            assert r
        else:
            pytest.skip("Gnuk resets passphrase on keygen, so, change passwd")
    def test_verify_pw1(self, card):
        v = card.verify(1, PW1_TEST4)
        assert v
    def test_verify_pw1_2(self, card):
        v = card.verify(2, PW1_TEST4)
        assert v
    def test_setup_pw1_reset(self, card):
        r = card.change_passwd(1, PW1_TEST4, FACTORY_PASSPHRASE_PW1)
        assert r
    def test_verify_pw1_reset_1(self, card):
        v = card.verify(1, FACTORY_PASSPHRASE_PW1)
        assert v
    def test_verify_pw1_reset_2(self, card):
        v = card.verify(2, FACTORY_PASSPHRASE_PW1)
        assert v
--- a/tests/card_test_2_pkop.py
+++ b/tests/card_test_2_pkop.py
@@ -0,0 +1,62 @@
 """
 card_test_public_key_operations.py - test the sign/dec/auth
 Copyright (C) 2021  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from struct import pack
 from re import match, DOTALL
 from util import *
 from card_const import *
 from constants_for_test import *
 class Test_Card_PK_OPs(object):
    def test_sign_0(self, card, pk):
        digestinfo = pk.compute_digestinfo(pk.test_vector['sign_0'])
        sig = card.cmd_pso(0x9e, 0x9a, digestinfo)
        r = pk.key_list[0].verify_signature(digestinfo, sig)
        assert r
    def test_sign_1(self, card, pk):
        digestinfo = pk.compute_digestinfo(pk.test_vector['sign_1'])
        sig = card.cmd_pso(0x9e, 0x9a, digestinfo)
        r = pk.key_list[0].verify_signature(digestinfo, sig)
        assert r
    def test_decrypt_0(self, card, pk):
        encrypted_data = pk.key_list[1].encrypt(pk.test_vector['decrypt_0'])
        r = card.cmd_pso(0x80, 0x86, pk.enc_data(encrypted_data))
        assert pk.enc_check(encrypted_data, r)
    def test_decrypt_1(self, card, pk):
        encrypted_data = pk.key_list[1].encrypt(pk.test_vector['decrypt_1'])
        r = card.cmd_pso(0x80, 0x86, pk.enc_data(encrypted_data))
        assert pk.enc_check(encrypted_data, r)
    def test_auth_0(self, card, pk):
        digestinfo = pk.compute_digestinfo(pk.test_vector['auth_0'])
        sig = card.cmd_internal_authenticate(digestinfo)
        r = pk.key_list[2].verify_signature(digestinfo, sig)
        assert r
    def test_auth_1(self, card, pk):
        digestinfo = pk.compute_digestinfo(pk.test_vector['auth_1'])
        sig = card.cmd_internal_authenticate(digestinfo)
        r = pk.key_list[2].verify_signature(digestinfo, sig)
        assert r
--- a/tests/card_test_2_pkop_kg.py
+++ b/tests/card_test_2_pkop_kg.py
@@ -0,0 +1,51 @@
 """
 card_test_public_key_operations_kg.py - test the sign/dec/auth
 Copyright (C) 2021  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from struct import pack
 from re import match, DOTALL
 from util import *
 from card_const import *
 from constants_for_test import *
 class Test_Card_PK_OPs_KG(object):
    def test_signature_sigkey(self, card, pk):
        pk_info = card.cmd_get_public_key(1)
        k = pk.PK_Crypto(keyno=0, pk_info=pk_info)
        digestinfo = pk.compute_digestinfo(pk.test_vector['sign_0'])
        sig_bytes = card.cmd_pso(0x9e, 0x9a, digestinfo)
        r = k.verify_signature(digestinfo, sig_bytes)
        assert r
    def test_decryption(self, card, pk):
        pk_info = card.cmd_get_public_key(2)
        k = pk.PK_Crypto(keyno=1, pk_info=pk_info)
        encrypted_data = k.encrypt(pk.test_vector['encrypt_0'])
        r = card.cmd_pso(0x80, 0x86, pk.enc_data(encrypted_data))
        assert pk.enc_check(encrypted_data, r)
    def test_signature_authkey(self, card, pk):
        pk_info = card.cmd_get_public_key(3)
        k = pk.PK_Crypto(2, pk_info=pk_info)
        digestinfo = pk.compute_digestinfo(pk.test_vector['sign_0'])
        sig_bytes = card.cmd_internal_authenticate(digestinfo)
        r = k.verify_signature(digestinfo, sig_bytes)
        assert r
--- a/tests/card_test_3_ds_counter1.py
+++ b/tests/card_test_3_ds_counter1.py
@@ -0,0 +1,31 @@
 """
 card_test_ds_counter.py - test the result of DS counter
 Copyright (C) 2021  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from struct import pack
 from re import match, DOTALL
 from util import *
 from constants_for_test import *
 class Test_Card_DS_Counter(object):
    def test_ds_counter_1(self, card):
        c = get_data_object(card, 0x7a)
        assert c == b'\x93\x03\x00\x00\x01'
--- a/tests/card_test_3_ds_counter2.py
+++ b/tests/card_test_3_ds_counter2.py
@@ -0,0 +1,31 @@
 """
 card_test_ds_counter.py - test the result of DS counter
 Copyright (C) 2021  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from struct import pack
 from re import match, DOTALL
 from util import *
 from constants_for_test import *
 class Test_Card_DS_Counter(object):
    def test_ds_counter_2(self, card):
        c = get_data_object(card, 0x7a)
        assert c == b'\x93\x03\x00\x00\x02'
--- a/tests/card_test_check_card.py
+++ b/tests/card_test_check_card.py
@@ -0,0 +1,80 @@
 """
 card_test_check_card.py - test configuration of card
 Copyright (C) 2021  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from binascii import hexlify
 from util import *
 from card_const import *
 import pytest
 def print_key_attr(keyno, p):
    algo = p[0]
    if algo == 0x01 and len(p) >= 6:
        # RSA
        nbits = (p[1] << 8) | p[2]
        ebits = (p[3] << 8) | p[4]
        flags = p[5]
        print(keyno)
        print("RSA")
        print(nbits)
        print(ebits)
        print(flags)
    elif len(p) >= 2 and (algo == 0x12 or algo == 0x13 or algo == 0x16):
        # ECC
        if p[-1] == 0x00 or p[-1] == 0x00:
            flag = True # Pubkey required
            curve = p[1:-1]
        else:
            flag = False # Pubkey is not required
            curve = p[1:]
        print(keyno)
        print("ECDSA" if algo == 0x13 else "ECDH" if algo == 0x12 else "EDDSA")
        print(curve)
        print(flag)
    else:
        print("Unknown algo attr")
 def parse_list_of_key_attributes(card, p, printout=False):
    while True:
        if len(p) < 2:
            break
        tag = p[0]
        length = p[1]
        if tag < 0xc1:
            p = p[2:]
            continue
        if tag == 0xda:
            keyno = 0x81
        else:
            keyno = tag - 0xc1 + 1
        if len(p) - 2 < length:
            break
        attr = p[2:2+length]
        if printout:
            print_key_attr(keyno, attr)
        p = p[2+length:]
        if keyno >= 1 and keyno <= 3:
            card.add_to_key_attrlist(keyno - 1, attr)
 def test_list_of_key_attributes(card):
    a = get_data_object(card, 0xfa)
    parse_list_of_key_attributes(card, a, True)
--- a/tests/card_test_ds_counter1.py
+++ b/tests/card_test_ds_counter1.py
@@ -0,0 +1,31 @@
 """
 card_test_ds_counter.py - test the result of DS counter
 Copyright (C) 2021  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from struct import pack
 from re import match, DOTALL
 from util import *
 from constants_for_test import *
 class Test_Card_DS_Counter(object):
    def test_ds_counter_1(self, card):
        c = get_data_object(card, 0x7a)
        assert c == b'\x93\x03\x00\x00\x01'
--- a/tests/card_test_ds_counter2.py
+++ b/tests/card_test_ds_counter2.py
@@ -0,0 +1,31 @@
 """
 card_test_ds_counter.py - test the result of DS counter
 Copyright (C) 2021  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from struct import pack
 from re import match, DOTALL
 from util import *
 from constants_for_test import *
 class Test_Card_DS_Counter(object):
    def test_ds_counter_2(self, card):
        c = get_data_object(card, 0x7a)
        assert c == b'\x93\x03\x00\x00\x02'
--- a/tests/card_test_empty_card.py
+++ b/tests/card_test_empty_card.py
@@ -0,0 +1,272 @@
 """
 test_empty_card.py - test empty card
 Copyright (C) 2016, 2018  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from binascii import hexlify
 from re import match, DOTALL
 from struct import pack
 from util import *
 from card_const import *
 import pytest
 EMPTY_60=bytes(60)
 def test_login(card):
    login = get_data_object(card, 0x5e)
    assert check_null(login)
 """
 def test_name(card):
    name = get_data_object(card, 0x5b)
    assert check_null(name)
 def test_lang(card):
    lang = get_data_object(card, 0x5f2d)
    assert check_null(lang)
 def test_sex(card):
    sex = get_data_object(card, 0x5f35)
    assert check_null(sex)
 """
 def test_name_lang_sex(card):
    name = b""
    lang = b""
    lang_de = b"de"
    sex = b"9"
    sex_alt = b"0"
    expected = b'\x5b' + pack('B', len(name)) + name \
               +  b'\x5f\x2d' + pack('B', len(lang)) + lang \
               + b'\x5f\x35' + pack('B', len(sex)) + sex_alt
    expected_de = b'\x5b' + pack('B', len(name)) + name \
               +  b'\x5f\x2d' + pack('B', len(lang_de)) + lang_de \
               + b'\x5f\x35' + pack('B', len(sex)) + sex
    expected_de_alt = b'\x5b' + pack('B', len(name)) + name \
               +  b'\x5f\x2d' + pack('B', len(lang_de)) + lang_de \
               + b'\x5f\x35' + pack('B', len(sex_alt)) + sex_alt
    name_lang_sex = get_data_object(card, 0x65)
    assert name_lang_sex == b'' or name_lang_sex == expected \
        or name_lang_sex == expected_de or name_lang_sex == expected_de_alt
 def test_app_data(card):
    if card.is_yubikey:
        pytest.skip("Yubikey raises 6e82 error for composed data object 6E")
    else:
        app_data = get_data_object(card, 0x6e)
        hist_len = app_data[20]
        # FIXME: parse and check DO of C0, C1, C2, C3, C4, and C6
        assert app_data[0:8] == b"\x4f\x10\xd2\x76\x00\x01\x24\x01" and \
            app_data[18:18+2] == b"\x5f\x52"
 def test_url(card):
    url = get_data_object(card, 0x5f50)
    assert check_null(url)
 def test_ds_counter(card):
    c = get_data_object(card, 0x7a)
    assert c == b'\x93\x03\x00\x00\x00'
 def test_pw1_status(card):
    s = get_data_object(card, 0xc4)
    assert match(b'....\x03[\x00\x03]\x03', s, DOTALL)
 def test_fingerprint_all(card):
    if card.is_yubikey:
        pytest.skip("Yubikey returns 6B00 when no key")
    else:
        fprlist = get_data_object(card, 0xC5)
    assert fprlist == None or fprlist == EMPTY_60
 def test_fingerprint_1(card):
    if card.is_yubikey:
        pytest.skip("Yubikey returns 6B00 when no key")
    else:
        fpr = get_data_object(card, 0xC7)
    assert check_null(fpr)
 def test_fingerprint_2(card):
    if card.is_yubikey:
        pytest.skip("Yubikey returns 6B00 when no key")
    else:
        fpr = get_data_object(card, 0xC8)
    assert check_null(fpr)
 def test_fingerprint_3(card):
    if card.is_yubikey:
        pytest.skip("Yubikey returns 6B00 when no key")
    else:
        fpr = get_data_object(card, 0xC9)
    assert check_null(fpr)
 def test_ca_fingerprint_all(card):
    if card.is_yubikey:
        pytest.skip("Yubikey returns 6B00 when no key")
    else:
        cafprlist = get_data_object(card, 0xC6)
    assert cafprlist == None or cafprlist == EMPTY_60
 def test_ca_fingerprint_1(card):
    if card.is_yubikey:
        pytest.skip("Yubikey returns 6B00 when no key")
    else:
        cafp = get_data_object(card, 0xCA)
    assert check_null(cafp)
 def test_ca_fingerprint_2(card):
    if card.is_yubikey:
        pytest.skip("Yubikey returns 6B00 when no key")
    else:
        cafp = get_data_object(card, 0xCB)
    assert check_null(cafp)
 def test_ca_fingerprint_3(card):
    if card.is_yubikey:
        pytest.skip("Yubikey returns 6B00 when no key")
    else:
        cafp = get_data_object(card, 0xCC)
    assert check_null(cafp)
 def test_timestamp_all(card):
    if card.is_yubikey:
        pytest.skip("Yubikey returns 6B00 when no key")
    else:
        t = get_data_object(card, 0xCD)
    assert t == None or t == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
 def test_timestamp_1(card):
    if card.is_yubikey:
        pytest.skip("Yubikey returns 6B00 when no key")
    else:
        t = get_data_object(card, 0xCE)
    assert check_null(t)
 def test_timestamp_2(card):
    if card.is_yubikey:
        pytest.skip("Yubikey returns 6B00 when no key")
    else:
        t = get_data_object(card, 0xCF)
    assert check_null(t)
 def test_timestamp_3(card):
    if card.is_yubikey:
        pytest.skip("Yubikey returns 6B00 when no key")
    else:
        t = get_data_object(card, 0xD0)
    assert check_null(t)
 def test_verify_pw1_1(card):
    v = card.cmd_verify(1, FACTORY_PASSPHRASE_PW1)
    assert v
 def test_verify_pw1_2(card):
    v = card.cmd_verify(2, FACTORY_PASSPHRASE_PW1)
    assert v
 def test_verify_pw3(card):
    v = card.cmd_verify(3, FACTORY_PASSPHRASE_PW3)
    assert v
 def test_historical_bytes(card):
    h = get_data_object(card, 0x5f52)
    if card.is_yubikey:
        assert h == b'\x00\x73\x00\x00\x80\x05\x90\x00' or \
            h == b'\x00\x73\x00\x00\xe0\x05\x90\x00'
    else:
        assert h == b'\x001\xc5s\xc0\x01@\x05\x90\x00' or \
            h == b'\x00\x31\x84\x73\x80\x01\x80\x00\x90\x00' or \
            h == b'\x00\x31\x84\x73\x80\x01\x80\x05\x90\x00' or \
            h == b'\x00\x31\xf5\x73\xc0\x01\x60\x05\x90\x00' or \
            h == b'\x00\x31\x84\x73\x80\x01\xC0\x05\x90\x00'
 def test_extended_capabilities(card):
    if card.is_yubikey:
        pytest.skip("Yubikey returns 6B00 when no key")
    else:
        a = get_data_object(card, 0xc0)
        assert a == None or match(b'[\x70\x74\x75\x77]\x00\x00.[\x00\x08]\x00\x00\xff[\x00\x01][\x00\x01]', a)
 def test_key_attributes_1(card):
    if card.is_yubikey:
        a = None
    else:
        a = get_data_object(card, 0xc1)
        assert a == None or a == b'\x01\x08\x00\x00\x20\x00' or a == b'\x16\x2b\x06\x01\x04\x01\xda\x47\x0f\x01'
    if not a:
        a = KEY_ATTRIBUTES_RSA2K
    card.save_algo_attribute(1, a)
    if card.is_yubikey:
        pytest.skip("Yubikey returns 6B00 when no key")
 def test_key_attributes_2(card):
    if card.is_yubikey:
        a = None
    else:
        a = get_data_object(card, 0xc2)
        assert a == None or a == b'\x01\x08\x00\x00\x20\x00' or a == b'\x12\x2b\x06\x01\x04\x01\x97\x55\x01\x05\x01'
    if not a:
        a = KEY_ATTRIBUTES_RSA2K
    card.save_algo_attribute(2, a)
    if card.is_yubikey:
        pytest.skip("Yubikey returns 6B00 when no key")
 def test_key_attributes_3(card):
    if card.is_yubikey:
        a = None
    else:
        a = get_data_object(card, 0xc3)
        assert a == None or a == b'\x01\x08\x00\x00\x20\x00' or a == b'\x16\x2b\x06\x01\x04\x01\xda\x47\x0f\x01'
    if not a:
        a = KEY_ATTRIBUTES_RSA2K
    card.save_algo_attribute(3, a)
    if card.is_yubikey:
        pytest.skip("Yubikey returns 6B00 when no key")
 def test_public_key_1(card):
    with pytest.raises(Exception) as excinfo:
        pk = card.cmd_get_public_key(1)
    if card.is_yubikey:
        assert excinfo.value.args[0] == "6581"
    else:
        assert excinfo.value.args[0] == "6a88"
 def test_public_key_2(card):
    with pytest.raises(Exception) as excinfo:
        pk = card.cmd_get_public_key(2)
    if card.is_yubikey:
        assert excinfo.value.args[0] == "6581"
    else:
        assert excinfo.value.args[0] == "6a88"
 def test_public_key_3(card):
    with pytest.raises(Exception) as excinfo:
        pk = card.cmd_get_public_key(3)
    if card.is_yubikey:
        assert excinfo.value.args[0] == "6581"
    else:
        assert excinfo.value.args[0] == "6a88"
 def test_AID(card):
    a = get_data_object(card, 0x4f)
    print()
    print("OpenPGP card version: %d.%d" % (a[6], a[7]))
    print("Card Manufacturer:  ", hexlify(a[8:10]).decode("UTF-8"))
    print("Card serial:    ", hexlify(a[10:14]).decode("UTF-8"))
    assert match(b'\xd2\x76\x00\x01\\$\x01........\x00\x00', a, DOTALL)
--- a/tests/card_test_kdf_full.py
+++ b/tests/card_test_kdf_full.py
@@ -0,0 +1,34 @@
 """
 card_test_kdf_full.py - test KDF data object
 Copyright (C) 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from card_const import *
 from constants_for_test import *
 class Test_Card_KDF_full(object):
    def test_verify_pw3(self, card):
        v = card.verify(3, FACTORY_PASSPHRASE_PW3)
        assert v
    def test_kdf_put_full(self, card):
        r = card.configure_kdf(KDF_FULL)
        assert r
--- a/tests/card_test_kdf_single.py
+++ b/tests/card_test_kdf_single.py
@@ -0,0 +1,33 @@
 """
 card_test_kdf_single.py - test KDF data object
 Copyright (C) 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from card_const import *
 from constants_for_test import *
 class Test_Card_KDF_Single(object):
    def test_verify_pw3(self, card):
        v = card.verify(3, FACTORY_PASSPHRASE_PW3)
        assert v
    def test_kdf_put_single(self, card):
        r = card.configure_kdf(KDF_SINGLE)
        assert r
--- a/tests/card_test_keygen.py
+++ b/tests/card_test_keygen.py
@@ -0,0 +1,74 @@
 """
 card_test_keygen.py - test key generation
 Copyright (C) 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 from binascii import hexlify
 from pubkey_crypto import get_PK_Crypto
 from card_const import *
 from constants_for_test import *
 import pytest
 class Test_Card_Keygen(object):
    def test_verify_pw3_0(self, card):
        v = card.verify(3, PW3_TEST0)
        assert v
    def test_keygen_1(self, card):
        PK_Crypto = get_PK_Crypto(card)
        pk_info = card.cmd_genkey(1)
        k = PK_Crypto(0, pk_info=pk_info)
        r = card.cmd_put_data(0x00, 0xc7, k.get_fpr())
        if r:
            r = card.cmd_put_data(0x00, 0xce, k.get_timestamp())
        assert r
    def test_keygen_2(self, card):
        PK_Crypto = get_PK_Crypto(card)
        pk_info = card.cmd_genkey(2)
        k = PK_Crypto(1, pk_info=pk_info)
        r = card.cmd_put_data(0x00, 0xc8, k.get_fpr())
        if r:
            r = card.cmd_put_data(0x00, 0xcf, k.get_timestamp())
        assert r
    def test_keygen_3(self, card):
        PK_Crypto = get_PK_Crypto(card)
        pk_info = card.cmd_genkey(3)
        k = PK_Crypto(2, pk_info=pk_info)
        r = card.cmd_put_data(0x00, 0xc9, k.get_fpr())
        if r:
            r = card.cmd_put_data(0x00, 0xd0, k.get_timestamp())
        assert r
    def test_setup_pw1_0(self, card):
        if card.is_gnuk:
            r = card.change_passwd(1, FACTORY_PASSPHRASE_PW1, PW1_TEST4)
            assert r
        else:
            pytest.skip("Gnuk resets passphrase on keygen, so, change passwd")
    def test_verify_pw1(self, card):
        v = card.verify(1, PW1_TEST4)
        assert v
    def test_verify_pw1_2(self, card):
        v = card.verify(2, PW1_TEST4)
        assert v
--- a/tests/card_test_kg_pko_dsc_brainpoolp256r1.py
+++ b/tests/card_test_kg_pko_dsc_brainpoolp256r1.py
@@ -0,0 +1,40 @@
 """
 card_test_kg_pko_dsc.py - test personalizing card
 Copyright (C) 2021  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 import pytest
 from card_const import KEY_ATTRIBUTES_ECDH_BRAINPOOLP256R1
 from brainpoolp256r1_keys import brainpoolp256r1_pk
@pytest.fixture(scope="module",autouse=True)
 def check_brainpoolp256r1(card):
    if not KEY_ATTRIBUTES_ECDSA_BRAINPOOLP256R1 in card.supported_key_attrlist[0]:
        pytest.skip("Test for brainpoolP256r1", allow_module_level=True)
@pytest.fixture(scope="module")
 def pk(card):
    print("Select brainpoolP256r1 for testing key generation")
    return brainpoolp256r1_pk
 from card_test_0_set_attr import *
 from card_test_1_keygen import *
 from card_test_2_pkop_kg import *
 from card_test_3_ds_counter1 import *
--- a/tests/card_test_kg_pko_dsc_brainpoolp384r1.py
+++ b/tests/card_test_kg_pko_dsc_brainpoolp384r1.py
@@ -0,0 +1,40 @@
 """
 card_test_kg_pko_dsc.py - test personalizing card
 Copyright (C) 2021  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 This file is a part of Gnuk, a GnuPG USB Token implementation.
 Gnuk is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 Gnuk is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 import pytest
 from card_const import KEY_ATTRIBUTES_ECDH_BRAINPOOLP384R1
 from brainpoolp384r1_keys import brainpoolp384r1_pk
@pytest.fixture(scope="module",autouse=True)
 def check_brainpoolp384r1(card):
    if not KEY_ATTRIBUTES_ECDSA_BRAINPOOLP384R1 in card.supported_key_attrlist[0]:
        pytest.skip("Test for brainpoolP384r1", allow_module_level=True)
@pytest.fixture(scope="module")
 def pk(card):
    print("Select brainpoolP384r1 for testing key generation")
    return brainpoolp384r1_pk
 from card_test_0_set_attr import *
 from card_test_1_keygen import *
 from card_test_2_pkop_kg import *
 from card_test_3_ds_counter1 import *
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1,2 @@`
							`from skip_if_kdfreq import *`
							`from card_test_personalize_card_1 import *`
		`@@ -0,0 +1,2 @@`
							`from skip_if_kdfreq import *`
							`from card_test_personalize_card_2 import *`
		`@@ -0,0 +1,2 @@`
							`from skip_if_kdfreq import *`
							`from card_test_public_key_operations import *`
		`@@ -0,0 +1,2 @@`
							`from skip_if_kdfreq import *`
							`from card_test_ds_counter2 import *`
		`@@ -0,0 +1,2 @@`
							`from skip_if_kdfreq import *`
							`from card_test_personalize_reset import *`
		`@@ -0,0 +1,2 @@`
							`from skip_if_kdfreq import *`
							`from card_test_remove_keys import *`
		`@@ -0,0 +1,2 @@`
							`from skip_if_kdfreq import *`
							`from card_test_reset_pw3 import *`
		`@@ -0,0 +1 @@`
							`from card_test_ki_pko_dsc_nistp256r1 import *`
		`@@ -0,0 +1 @@`
							`from card_test_ki_pko_dsc_brainpoolp256r1 import *`
		`@@ -0,0 +1 @@`
							`from card_test_ki_pko_dsc_secp256k1 import *`