Upgrade to v1.10

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>

.github/workflows/codeql.yml

@@ -0,0 +1,72 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '23 5 * * 4'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'cpp', 'python' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    # - name: Autobuild
+    #  uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines.
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    - run: |
+       echo "Run, Build Application using script"
+       ./workflows/autobuild.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

.github/workflows/test.yml

@@ -0,0 +1,37 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "Emulation and test"
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '23 5 * * 4'
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository and submodules
+      uses: actions/checkout@v3
+      with:
+        submodules: recursive
+    - name: Build in container
+      run: ./tests/build-in-docker.sh
+    - name: Start emulation and test
+      run: ./tests/run-test-in-docker.sh

CMakeLists.txt

@@ -17,36 +17,63 @@
 
 cmake_minimum_required(VERSION 3.13)
 
+if(ENABLE_EMULATION)
+else()
 include(pico_sdk_import.cmake)
+endif()
 
 project(pico_openpgp C CXX ASM)
 
 set(CMAKE_C_STANDARD 11)
 set(CMAKE_CXX_STANDARD 17)
 
+if(ENABLE_EMULATION)
+else()
 pico_sdk_init()
+endif()
 
 add_executable(pico_openpgp)
 
-target_sources(pico_openpgp PUBLIC
+set(SOURCES ${SOURCES}
         ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/openpgp.c
         ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/files.c
         )
 
-target_include_directories(pico_openpgp PUBLIC
+set(INCLUDES ${INCLUDES}
         ${CMAKE_CURRENT_LIST_DIR}/src/openpgp
         )
 
-set(HSM_DRIVER "ccid")
+set(USB_ITF_CCID 1)
 include(pico-hsm-sdk/pico_hsm_sdk_import.cmake)
 
+target_sources(pico_openpgp PUBLIC ${SOURCES})
+target_include_directories(pico_openpgp PUBLIC ${INCLUDES})
+
 target_compile_options(pico_openpgp PUBLIC
     -Wall
     -Werror
 )
 
+if(ENABLE_EMULATION)
+
+target_compile_options(pico_openpgp PUBLIC
+        -fdata-sections
+        -ffunction-sections
+        )
+if(APPLE)
+target_link_options(pico_openpgp PUBLIC
+        -Wl,-dead_strip
+        )
+else()
+target_link_options(pico_openpgp PUBLIC
+        -Wl,--gc-sections
+        )
+endif (APPLE)
+else()
+
 pico_add_extra_outputs(pico_openpgp)
 
 #target_compile_definitions(pico_openpgp PRIVATE MBEDTLS_ECDSA_DETERMINISTIC=1)
 
 target_link_libraries(pico_openpgp PRIVATE pico_hsm_sdk pico_stdlib tinyusb_device tinyusb_board pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc)
+endif()

VERSION

@@ -1 +1 @@
-Version=1.4
+Version=1.10

build_pico_openpgp.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 VERSION_MAJOR="1"
-VERSION_MINOR="8"
+VERSION_MINOR="10"
 
 rm -rf release/*
 cd build_release

src/openpgp/files.c

@@ -1,17 +1,17 @@
-/* 
+/*
  * This file is part of the Pico OpenPGP distribution (https://github.com/polhenarejos/pico-openpgp).
  * Copyright (c) 2022 Pol Henarejos.
- * 
- * This program is free software: you can redistribute it and/or modify  
- * it under the terms of the GNU General Public License as published by  
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation, version 3.
  *
- * This program is distributed in the hope that it will be useful, but 
- * WITHOUT ANY WARRANTY; without even the implied warranty of 
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  * General Public License for more details.
  *
- * You should have received a copy of the GNU General Public License 
+ * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
@@ -96,7 +96,7 @@ file_t file_entries[] = {
     /* 10 */ { .fid = EF_CH_CERT, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *)parse_ch_cert, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
     /* 11 */ { .fid = EF_EXLEN_INFO, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = exlen_info, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
     /* 12 */ { .fid = EF_GFM, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = feature_mngmnt, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
-    /* 13 */ { .fid = EF_SIG_COUNT, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
+    /* 13 */ { .fid = EF_SIG_COUNT, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
     /* 14 */ { .fid = EF_EXT_CAP, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = extended_capabilities, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
     /* 15 */ { .fid = EF_ALGO_SIG, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *)parse_algoinfo, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
     /* 16 */ { .fid = EF_ALGO_DEC, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *)parse_algoinfo, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
@@ -122,7 +122,6 @@ file_t file_entries[] = {
     /* 36 */ { .fid = EF_ALGO_INFO, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *)parse_algoinfo, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
     /* 37 */ { .fid = EF_APP_DATA, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *)parse_app_data, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
     /* 38 */ { .fid = EF_DISCRETE_DO, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *)parse_discrete_do, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
-    
     /* 39 */ { .fid = EF_PW1, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
     /* 40 */ { .fid = EF_RC, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
     /* 41 */ { .fid = EF_PW3, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_WP },
@@ -141,7 +140,7 @@ file_t file_entries[] = {
     /* 54 */ { .fid = EF_CH_1, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_NONE },
     /* 55 */ { .fid = EF_CH_2, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_NONE },
     /* 56 */ { .fid = EF_CH_3, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_NONE },
-    
+
     /* 57 */ { .fid = 0x0000, .parent = 0, .name = openpgp_aid, .type = FILE_TYPE_WORKING_EF, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
     /* 58 */ { .fid = 0x0000, .parent = 0xff, .name = NULL, .type = FILE_TYPE_UNKNOWN, .data = NULL, .ef_structure = 0, .acl = ACL_NONE } //end
 };

src/openpgp/openpgp.c

@@ -28,12 +28,14 @@
 #include "mbedtls/asn1.h"
 #include "asn1.h"
 #include "usb.h"
-#include "ccid.h"
+#include "ccid/ccid.h"
 
 bool has_pw1 = false;
 bool has_pw2 = false;
 bool has_pw3 = false;
+bool has_rc = false;
 uint8_t session_pw1[32];
+uint8_t session_rc[32];
 uint8_t session_pw3[32];
 static uint8_t dek[IV_SIZE+32];
 static uint16_t algo_dec = EF_ALGO_PRIV2, algo_aut = EF_ALGO_PRIV3, pk_dec = EF_PK_DEC, pk_aut = EF_PK_AUT;
@@ -60,8 +62,9 @@ int openpgp_process_apdu();
 extern uint32_t board_button_read(void);
 
 static bool wait_button_pressed(uint16_t fid) {
-    file_t *ef = search_by_fid(fid, NULL, SPECIFY_ANY);
     uint32_t val = EV_PRESS_BUTTON;
+#ifndef ENABLE_EMULATION
+    file_t *ef = search_by_fid(fid, NULL, SPECIFY_ANY);
     if (ef && ef->data && file_get_data(ef)[0] > 0) {
         queue_try_add(&card_to_usb_q, &val);
         do {
@@ -69,6 +72,7 @@ static bool wait_button_pressed(uint16_t fid) {
         }
         while (val != EV_BUTTON_PRESSED && val != EV_BUTTON_TIMEOUT);
     }
+#endif
     return val == EV_BUTTON_TIMEOUT;
 }
 
@@ -160,7 +164,11 @@ void scan_files() {
     file_t *ef;
     if ((ef = search_by_fid(EF_FULL_AID, NULL, SPECIFY_ANY))) {
         ef->data = openpgp_aid_full;
+#ifndef ENABLE_EMULATION
         pico_get_unique_board_id_string((char *)ef->data+12, 4);
+#else
+        memset((char *)ef->data + 12, 0, 4);
+#endif
     }
     if ((ef = search_by_fid(EF_PW1, NULL, SPECIFY_ANY))) {
         if (!ef->data) {
@@ -214,7 +222,7 @@ void scan_files() {
             const uint8_t def1[6] = { 0x31,0x32,0x33,0x34,0x35,0x36 };
             const uint8_t def3[8] = { 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38 };
 
-            uint8_t def[IV_SIZE+32+32];
+            uint8_t def[IV_SIZE+32+32+32];
             const uint8_t *dek = random_bytes_get(IV_SIZE+32);
             memcpy(def, dek, IV_SIZE+32);
             memcpy(def+IV_SIZE+32, dek+IV_SIZE, 32);
@@ -224,7 +232,8 @@ void scan_files() {
 
             hash_multi(def3, sizeof(def3), session_pw3);
             aes_encrypt_cfb_256(session_pw3, def, def+IV_SIZE+32, 32);
-            memset(session_pw1, 0, sizeof(session_pw1));
+            aes_encrypt_cfb_256(session_pw3, def, def+IV_SIZE+32+32, 32);
+            memset(session_pw3, 0, sizeof(session_pw3));
             flash_write_data_to_file(ef, def, sizeof(def));
         }
     }
@@ -256,6 +265,14 @@ void scan_files() {
             flash_write_data_to_file(ef, def, sizeof(def));
         }
     }
+
+    if ((ef = search_by_fid(EF_SEX, NULL, SPECIFY_ANY))) {
+        if (!ef->data) {
+            printf("Sex is empty. Initializing to default\r\n");
+            const uint8_t def[] = { 0x30 };
+            flash_write_data_to_file(ef, def, sizeof(def));
+        }
+    }
     low_flash_available();
 }
 
@@ -272,7 +289,7 @@ int load_dek() {
     }
     else if (has_pw3) {
         memcpy(dek, file_get_data(tf), IV_SIZE);
-        memcpy(dek+IV_SIZE, file_get_data(tf)+IV_SIZE+32, 32);
+        memcpy(dek+IV_SIZE, file_get_data(tf)+IV_SIZE+32+32, 32);
         r = aes_decrypt_cfb_256(session_pw3, dek, dek+IV_SIZE, 32);
     }
     if (r != 0)
@@ -325,14 +342,18 @@ int openpgp_unload() {
 
 extern char __StackLimit;
 int heapLeft() {
+#ifndef ENABLE_EMULATION
     char *p = malloc(256);   // try to avoid undue fragmentation
     int left = &__StackLimit - p;
     free(p);
+#else
+    int left = 1024*1024;
+#endif
     return left;
 }
 
-app_t *openpgp_select_aid(app_t *a) {
-    if (!memcmp(apdu.data, openpgp_aid+1, openpgp_aid[0])) {
+app_t *openpgp_select_aid(app_t *a, const uint8_t *aid, uint8_t aid_len) {
+    if (!memcmp(aid, openpgp_aid+1, MIN(aid_len,openpgp_aid[0]))) {
         a->aid = openpgp_aid;
         a->process_apdu = openpgp_process_apdu;
         a->unload = openpgp_unload;
@@ -346,6 +367,7 @@ app_t *openpgp_select_aid(app_t *a) {
         res_APDU[res_APDU_size++] = ((heap_left >> 8) & 0xff);
         res_APDU[res_APDU_size++] = ((heap_left >> 0) & 0xff);
         res_APDU[1] += 8;
+        apdu.ne = res_APDU_size;
         return a;
     }
     return NULL;
@@ -476,19 +498,19 @@ int parse_ch_cert(const file_t *f, int mode) {
 int parse_fp(const file_t *f, int mode) {
     res_APDU[res_APDU_size++] = EF_FP & 0xff;
     res_APDU[res_APDU_size++] = 60;
-    return parse_trium(EF_FP_SIG, 3, 20);
+    return parse_trium(EF_FP_SIG, 3, 20) + 2;
 }
 
 int parse_cafp(const file_t *f, int mode) {
     res_APDU[res_APDU_size++] = EF_CA_FP & 0xff;
     res_APDU[res_APDU_size++] = 60;
-    return parse_trium(EF_FP_CA1, 3, 20);
+    return parse_trium(EF_FP_CA1, 3, 20) + 2;
 }
 
 int parse_ts(const file_t *f, int mode) {
     res_APDU[res_APDU_size++] = EF_TS_ALL & 0xff;
     res_APDU[res_APDU_size++] = 12;
-    return parse_trium(EF_TS_SIG, 3, 4);
+    return parse_trium(EF_TS_SIG, 3, 4) + 2;
 }
 
 int parse_keyinfo(const file_t *f, int mode) {
@@ -652,11 +674,12 @@ int parse_algo(const uint8_t *algo, uint16_t tag) {
 }
 
 int parse_algoinfo(const file_t *f, int mode) {
-    uint8_t datalen = 0;
+    int datalen = 0;
     if (f->fid == EF_ALGO_INFO) {
         res_APDU[res_APDU_size++] = EF_ALGO_INFO & 0xff;
-        uint8_t *lp = res_APDU+res_APDU_size;
-        res_APDU_size++;
+        res_APDU[res_APDU_size++] = 0x82;
+        uint8_t *lp = res_APDU + res_APDU_size;
+        res_APDU_size += 2;
         datalen += parse_algo(algorithm_attr_rsa1k, EF_ALGO_SIG);
         datalen += parse_algo(algorithm_attr_rsa2k, EF_ALGO_SIG);
         datalen += parse_algo(algorithm_attr_rsa3k, EF_ALGO_SIG);
@@ -691,11 +714,13 @@ int parse_algoinfo(const file_t *f, int mode) {
         datalen += parse_algo(algorithm_attr_p256r1, EF_ALGO_AUT);
         datalen += parse_algo(algorithm_attr_p384r1, EF_ALGO_AUT);
         datalen += parse_algo(algorithm_attr_p521r1, EF_ALGO_AUT);
-        datalen += parse_algo(algorithm_attr_bp256r1, EF_ALGO_SIG);
-        datalen += parse_algo(algorithm_attr_bp384r1, EF_ALGO_SIG);
-        datalen += parse_algo(algorithm_attr_bp512r1, EF_ALGO_SIG);
-        *lp = res_APDU+res_APDU_size-lp-1;
-        datalen = *lp;
+        datalen += parse_algo(algorithm_attr_bp256r1, EF_ALGO_AUT);
+        datalen += parse_algo(algorithm_attr_bp384r1, EF_ALGO_AUT);
+        datalen += parse_algo(algorithm_attr_bp512r1, EF_ALGO_AUT);
+        uint16_t lpdif = res_APDU+res_APDU_size-lp-2;
+        *lp++ = lpdif >> 8;
+        *lp++ = lpdif & 0xff;
+        datalen = lpdif+4;
     }
     else if (f->fid == EF_ALGO_SIG || f->fid == EF_ALGO_DEC || f->fid == EF_ALGO_AUT) {
         uint16_t fid = 0x1000 | f->fid;
@@ -767,8 +792,23 @@ static int cmd_get_data() {
     if (ef->data) {
         uint16_t fids[] = {1,fid};
         uint16_t data_len = parse_do(fids, 1);
-        if (apdu.ne > data_len)
-            apdu.ne = data_len;
+        uint8_t *p = NULL;
+        uint16_t tg = 0;
+        size_t tg_len = 0;
+        if (walk_tlv(res_APDU, data_len, &p, &tg, &tg_len, NULL)) {
+            uint8_t dec = 2;
+            if ((tg & 0x1f) == 0x1f)
+                dec++;
+            if ((res_APDU[dec-1] & 0xF0) == 0x80)
+                dec += (res_APDU[dec - 1] & 0x0F);
+            if (tg_len + dec == data_len) {
+                memmove(res_APDU, res_APDU + dec, data_len - dec);
+                data_len -= dec;
+                res_APDU_size -= dec;
+            }
+        }
+        //if (apdu.ne > data_len)
+        //    apdu.ne = data_len;
     }
     return SW_OK();
 }
@@ -909,7 +949,28 @@ static int cmd_put_data() {
         ef = currentEF;
     }
     if (apdu.nc > 0 && (ef->type & FILE_DATA_FLASH)) {
-        int r = flash_write_data_to_file(ef, apdu.data, apdu.nc);
+        int r = 0;
+        if (fid == EF_RC) {
+            has_rc = false;
+            if ((r = load_dek()) != CCID_OK)
+                return SW_EXEC_ERROR();
+            uint8_t dhash[33];
+            dhash[0] = apdu.nc;
+            double_hash_pin(apdu.data, apdu.nc, dhash+1);
+            r = flash_write_data_to_file(ef, dhash, sizeof(dhash));
+
+            file_t *tf = search_by_fid(EF_DEK, NULL, SPECIFY_EF);
+            if (!tf)
+                return SW_REFERENCE_NOT_FOUND();
+            uint8_t def[IV_SIZE+32+32+32];
+            memcpy(def, file_get_data(tf), file_get_size(tf));
+            hash_multi(apdu.data, apdu.nc, session_rc);
+            memcpy(def + IV_SIZE + 32, dek + IV_SIZE, 32);
+            aes_encrypt_cfb_256(session_rc, def, def + IV_SIZE + 32, 32);
+            r = flash_write_data_to_file(tf, def, sizeof(def));
+        }
+        else
+            r = flash_write_data_to_file(ef, apdu.data, apdu.nc);
         if (r != CCID_OK)
             return SW_MEMORY_FAILURE();
         low_flash_available();
@@ -925,13 +986,33 @@ static int cmd_change_pin() {
     if (!(pw = search_by_fid(fid, NULL, SPECIFY_EF)))
         return SW_REFERENCE_NOT_FOUND();
     uint8_t pin_len = file_get_data(pw)[0];
-    uint16_t r = check_pin(pw, apdu.data, pin_len);
+    uint16_t r = 0;
+    if ((r = load_dek()) != CCID_OK)
+        return SW_EXEC_ERROR();
+    r = check_pin(pw, apdu.data, pin_len);
     if (r != 0x9000)
         return r;
     uint8_t dhash[33];
     dhash[0] = apdu.nc-pin_len;
     double_hash_pin(apdu.data+pin_len, apdu.nc-pin_len, dhash+1);
     flash_write_data_to_file(pw, dhash, sizeof(dhash));
+
+    file_t *tf = search_by_fid(EF_DEK, NULL, SPECIFY_EF);
+    if (!tf)
+        return SW_REFERENCE_NOT_FOUND();
+    uint8_t def[IV_SIZE+32+32+32];
+    memcpy(def, file_get_data(tf), file_get_size(tf));
+    if (P2(apdu) == 0x81) {
+        hash_multi(apdu.data+pin_len, apdu.nc-pin_len, session_pw1);
+        memcpy(def + IV_SIZE, dek + IV_SIZE, 32);
+        aes_encrypt_cfb_256(session_pw1, def, def + IV_SIZE, 32);
+    }
+    else if (P2(apdu) == 0x83) {
+        hash_multi(apdu.data+pin_len, apdu.nc-pin_len, session_pw3);
+        memcpy(def + IV_SIZE + 32 + 32, dek + IV_SIZE, 32);
+        aes_encrypt_cfb_256(session_pw3, def, def+IV_SIZE+32+32, 32);
+    }
+    flash_write_data_to_file(tf, def, sizeof(def));
     low_flash_available();
     return SW_OK();
 }
@@ -942,6 +1023,7 @@ static int cmd_reset_retry() {
     if (P1(apdu) == 0x0 || P1(apdu) == 0x2) {
         int newpin_len = 0;
         file_t *pw = NULL;
+        has_pw1 = false;
         if (!(pw = search_by_fid(EF_PW1, NULL, SPECIFY_EF)))
             return SW_REFERENCE_NOT_FOUND();
         if (P1(apdu) == 0x0) {
@@ -955,12 +1037,27 @@ static int cmd_reset_retry() {
             if (r != 0x9000)
                 return r;
             newpin_len = apdu.nc-pin_len;
+            has_rc = true;
+            hash_multi(apdu.data, pin_len, session_rc);
         }
         else if (P1(apdu) == 0x2) {
             if (!has_pw3)
                 return SW_CONDITIONS_NOT_SATISFIED();
             newpin_len = apdu.nc;
         }
+        int r = 0;
+        if ((r = load_dek()) != CCID_OK)
+            return SW_EXEC_ERROR();
+        file_t *tf = search_by_fid(EF_DEK, NULL, SPECIFY_EF);
+        if (!tf)
+            return SW_REFERENCE_NOT_FOUND();
+        uint8_t def[IV_SIZE+32+32+32];
+        memcpy(def, file_get_data(tf), file_get_size(tf));
+        hash_multi(apdu.data+(apdu.nc-newpin_len), newpin_len, session_pw1);
+        memcpy(def + IV_SIZE, dek + IV_SIZE, 32);
+        aes_encrypt_cfb_256(session_pw1, def, def + IV_SIZE, 32);
+        r = flash_write_data_to_file(tf, def, sizeof(def));
+
         uint8_t dhash[33];
         dhash[0] = newpin_len;
         double_hash_pin(apdu.data+(apdu.nc-newpin_len), newpin_len, dhash+1);
@@ -1116,16 +1213,20 @@ void make_rsa_response(mbedtls_rsa_context *rsa) {
 }
 
 void make_ecdsa_response(mbedtls_ecdsa_context *ecdsa) {
-    size_t plen = mbedtls_mpi_size(&ecdsa->grp.P);
-    memcpy(res_APDU, "\x7f\x49\x81\x00", 4);
-    res_APDU_size = 4;
+    uint8_t pt[MBEDTLS_ECP_MAX_PT_LEN];
+    size_t plen = 0;
+    mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &plen, pt, sizeof(pt));
+    res_APDU[res_APDU_size++] = 0x7f;
+    res_APDU[res_APDU_size++] = 0x49;
+    if (plen >= 128)
+        res_APDU[res_APDU_size++] = 0x81;
+    res_APDU[res_APDU_size++] = plen + (plen >= 128 ? 3 : 2);
     res_APDU[res_APDU_size++] = 0x86;
-    res_APDU[res_APDU_size++] = 0x81;
-    res_APDU[res_APDU_size++] = 2*plen+1;
-    res_APDU[res_APDU_size++] = 0x04;
-    mbedtls_mpi_write_binary(&ecdsa->Q.X, res_APDU+res_APDU_size, plen); res_APDU_size += plen;
-    mbedtls_mpi_write_binary(&ecdsa->Q.Y, res_APDU+res_APDU_size, plen); res_APDU_size += plen;
-    res_APDU[3] = res_APDU_size-4;
+    if (plen >= 128)
+        res_APDU[res_APDU_size++] = 0x81;
+    res_APDU[res_APDU_size++] = plen;
+    memcpy(res_APDU + res_APDU_size, pt, plen);
+    res_APDU_size += plen;
 }
 
 static int cmd_keypair_gen() {
@@ -1280,7 +1381,6 @@ int rsa_sign(mbedtls_rsa_context *ctx, const uint8_t *data, size_t data_len, uin
         free(signature);
     }
     *out_len = key_size;
-    inc_sig_count();
     return r;
 }
 
@@ -1290,14 +1390,13 @@ int ecdsa_sign(mbedtls_ecdsa_context *ctx, const uint8_t *data, size_t data_len,
     mbedtls_mpi_init(&si);
     int r = mbedtls_ecdsa_sign(&ctx->grp, &ri, &si, &ctx->d, data, data_len, random_gen, NULL);
     if (r == 0) {
-        mbedtls_mpi_write_binary(&ri, out, mbedtls_mpi_size(&ri));
-        *out_len = mbedtls_mpi_size(&ri);
-        mbedtls_mpi_write_binary(&si, out+*out_len, mbedtls_mpi_size(&si));
-        *out_len += mbedtls_mpi_size(&si);
+        size_t plen = (ctx->grp.nbits + 7) / 8;
+        mbedtls_mpi_write_binary(&ri, out, plen);
+        mbedtls_mpi_write_binary(&si, out + plen, plen);
+        *out_len = 2*plen;
     }
     mbedtls_mpi_free(&ri);
     mbedtls_mpi_free(&si);
-    inc_sig_count();
     return r;
 }
 
@@ -1380,6 +1479,7 @@ static int cmd_pso() {
                 return SW_EXEC_ERROR();
             res_APDU_size = olen;
             //apdu.ne = key_size;
+            inc_sig_count();
         }
         else if (P1(apdu) == 0x80 && P2(apdu) == 0x86) {
             if (apdu.nc < key_size) //needs padding
@@ -1408,6 +1508,7 @@ static int cmd_pso() {
             if (r != 0)
                 return SW_EXEC_ERROR();
             res_APDU_size = olen;
+            inc_sig_count();
         }
         else if (P1(apdu) == 0x80 && P2(apdu) == 0x86) {
             mbedtls_ecdh_context ctx;
@@ -1420,8 +1521,8 @@ static int cmd_pso() {
                 return SW_WRONG_DATA();
             if (mbedtls_asn1_get_tag(&data, end, &len, 0x49) != 0 || mbedtls_asn1_get_tag(&data, end, &len, 0x86) != 0)
                 return SW_WRONG_DATA();
-            if (len != 2*key_size-1)
-                return SW_WRONG_LENGTH();
+            //if (len != 2*key_size-1)
+            //    return SW_WRONG_LENGTH();
             memcpy(kdata, file_get_data(ef), key_size);
             if (dek_decrypt(kdata, key_size) != 0) {
                 return SW_EXEC_ERROR();
@@ -1457,7 +1558,7 @@ static int cmd_pso() {
 }
 
 static int cmd_terminate_df() {
-    if (P1(apdu) != 0x0 && P2(apdu) != 0x0)
+    if (P1(apdu) != 0x0 || P2(apdu) != 0x0)
         return SW_INCORRECT_P1P2();
     file_t *retries;
     if (!(retries = search_by_fid(EF_PW_PRIV, NULL, SPECIFY_EF)))
@@ -1563,6 +1664,18 @@ static int cmd_mse() {
     return SW_OK();
 }
 
+size_t tag_len(uint8_t **data) {
+    size_t len = *(*data)++;
+    if (len == 0x82) {
+        len = *(*data)++ << 8;
+        len |= *(*data)++;
+    }
+    else if (len == 0x81) {
+        len = *(*data)++;
+    }
+    return len;
+}
+
 static int cmd_import_data() {
     file_t *ef = NULL;
     uint16_t fid = 0x0;
@@ -1570,39 +1683,44 @@ static int cmd_import_data() {
         return SW_WRONG_P1P2();
     if (apdu.nc < 5)
         return SW_WRONG_LENGTH();
-    if (apdu.data[0] != 0x4D || (apdu.data[2] != 0xB6 && apdu.data[2] != 0xB8 && apdu.data[2] != 0xA4))
+    uint8_t *start = apdu.data;
+    if (*start++ != 0x4D)
         return SW_WRONG_DATA();
-    if (apdu.data[2] == 0xB6)
+    size_t tgl = tag_len(&start);
+    if (*start != 0xB6 && *start != 0xB8 && *start != 0xA4)
+        return SW_WRONG_DATA();
+    if (*start == 0xB6)
         fid = EF_PK_SIG;
-    else if (apdu.data[2] != 0xB8)
+    else if (*start == 0xB8)
         fid = EF_PK_DEC;
-    else if (apdu.data[2] != 0xA4)
+    else if (*start == 0xA4)
         fid = EF_PK_AUT;
     else
         return SW_WRONG_DATA();
+    start++;
     if (!(ef = search_by_fid(fid, NULL, SPECIFY_EF)))
         return SW_REFERENCE_NOT_FOUND();
     if (!authenticate_action(ef, ACL_OP_UPDATE_ERASE)) {
         return SW_SECURITY_STATUS_NOT_SATISFIED();
     }
-
-    uint8_t *start = apdu.data + 4 + apdu.data[3];
+    start += (*start + 1);
     if (*start++ != 0x7F || *start++ != 0x48)
         return SW_WRONG_DATA();
-    uint8_t tag_len = *start++, *end = start+tag_len, len[9] = {0}, *p[9] = {NULL};
+    tgl = tag_len(&start);
+    uint8_t *end = start + tgl, len[9] = {0}, *p[9] = {0};
     while (start < end) {
         uint8_t tag = *start++;
         if ((tag >= 0x91 && tag <= 0x97) || tag == 0x99) {
-            len[tag-0x91] = *start++;
+            len[tag-0x91] = tag_len(&start);
         }
         else
             return SW_WRONG_DATA();
     }
     if (*start++ != 0x5F || *start++ != 0x48)
         return SW_WRONG_DATA();
-    tag_len = *start++;
-    end = start+tag_len;
-    for (int t = 0; start < end; t++) {
+    tgl = tag_len(&start);
+    end = start+tgl;
+    for (int t = 0; start < end && t < 9; t++) {
         if (len[t] > 0) {
             p[t] = start;
             start += len[t];
@@ -1655,6 +1773,7 @@ static int cmd_import_data() {
             return SW_EXEC_ERROR();
         }
         r = store_keys(&rsa, ALGO_RSA, fid);
+        make_rsa_response(&rsa);
         mbedtls_rsa_free(&rsa);
         if (r != CCID_OK)
             return SW_EXEC_ERROR();
@@ -1672,13 +1791,26 @@ static int cmd_import_data() {
             mbedtls_ecdsa_free(&ecdsa);
             return SW_EXEC_ERROR();
         }
+        r = mbedtls_ecp_mul(&ecdsa.grp, &ecdsa.Q, &ecdsa.d, &ecdsa.grp.G, random_gen, NULL);
+        if (r != 0) {
+            mbedtls_ecdsa_free(&ecdsa);
+            return SW_EXEC_ERROR();
+        }
         r = store_keys(&ecdsa, ALGO_ECDSA, fid);
+        make_ecdsa_response(&ecdsa);
         mbedtls_ecdsa_free(&ecdsa);
         if (r != CCID_OK)
             return SW_EXEC_ERROR();
     }
     if (fid == EF_PK_SIG)
         reset_sig_count();
+    file_t *pbef = search_by_fid(fid+3, NULL, SPECIFY_EF);
+    if (!pbef)
+        return SW_REFERENCE_NOT_FOUND();
+    r = flash_write_data_to_file(pbef, res_APDU, res_APDU_size);
+    if (r != CCID_OK)
+        return SW_EXEC_ERROR();
+    res_APDU_size = 0; //make_*_response sets a response. we need to overwrite
     return SW_OK();
 }
 
@@ -1738,12 +1870,6 @@ static int cmd_get_next_data() {
     return cmd_get_data();
 }
 
-typedef struct cmd
-{
-  uint8_t ins;
-  int (*cmd_handler)();
-} cmd_t;
-
 #define INS_VERIFY          0x20
 #define INS_MSE             0x22
 #define INS_CHANGE_PIN      0x24

src/openpgp/openpgp.h

@@ -19,7 +19,9 @@
 #define __OPENPGP_H_
 
 #include "stdlib.h"
+#ifndef ENABLE_EMULATION
 #include <pico/stdlib.h>
+#endif
 
 #include "hsm.h"
 #include "apdu.h"

src/openpgp/version.h

@@ -24,7 +24,7 @@
 #define OPGP_VERSION_MINOR (OPGP_VERSION & 0xff)
 
 
-#define PIPGP_VERSION 0x0108
+#define PIPGP_VERSION 0x010A
 
 #define PIPGP_VERSION_MAJOR ((PIPGP_VERSION >> 8) & 0xff)
 #define PIPGP_VERSION_MINOR (PIPGP_VERSION & 0xff)

tests/000_config/test_000_config_card.py

@@ -0,0 +1 @@
+from card_test_check_card import *

tests/001_initial_check/test_000_initial_card.py

@@ -0,0 +1 @@
+from card_test_empty_card import *

tests/001_initial_check/test_001_initial_card.py

@@ -0,0 +1 @@
+from card_test_set_attr import *

tests/010_kdfnone/test_010_adminfull_kdfnone.py

@@ -0,0 +1,2 @@
+from skip_if_kdfreq import *
+from card_test_personalize_card_1 import *

tests/010_kdfnone/test_011_adminfull_kdfnone.py

@@ -0,0 +1,2 @@
+from skip_if_kdfreq import *
+from card_test_personalize_card_2 import *

tests/010_kdfnone/test_012_adminfull_kdfnone.py

@@ -0,0 +1,2 @@
+from skip_if_kdfreq import *
+from card_test_public_key_operations import *

tests/010_kdfnone/test_013_adminfull_kdfnone.py

@@ -0,0 +1,2 @@
+from skip_if_kdfreq import *
+from card_test_ds_counter2 import *

tests/010_kdfnone/test_014_keygen_kdfnone.py

@@ -0,0 +1,24 @@
+"""
+test_005_keygen.py - test key generation
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from skip_if_kdfreq import *
+from card_test_keygen import *

tests/010_kdfnone/test_015_keygen_kdfnone.py

@@ -0,0 +1,24 @@
+"""
+test_005_keygen.py - test key generation
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from skip_if_kdfreq import *
+from card_test_public_key_operations_kg import *

tests/010_kdfnone/test_016_keygen_kdfnone.py

@@ -0,0 +1,24 @@
+"""
+test_005_keygen.py - test key generation
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from skip_if_kdfreq import *
+from card_test_ds_counter1 import *

tests/010_kdfnone/test_017_adminfull_kdfnone.py

@@ -0,0 +1,2 @@
+from skip_if_kdfreq import *
+from card_test_personalize_reset import *

tests/010_kdfnone/test_018_adminfull_kdfnone.py

@@ -0,0 +1,2 @@
+from skip_if_kdfreq import *
+from card_test_remove_keys import *

tests/010_kdfnone/test_019_adminfull_kdfnone.py

@@ -0,0 +1,2 @@
+from skip_if_kdfreq import *
+from card_test_reset_pw3 import *

tests/010_kdfnone/test_040_adminless_kdfnone.py

@@ -0,0 +1,25 @@
+"""
+test_005_adminless_kdfnone.py - test admin-less mode
+
+Copyright (C) 2016, 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from skip_if_kdfreq import *
+from skip_gnuk_only_tests import *
+from card_test_personalize_admin_less_1 import *

tests/010_kdfnone/test_041_adminless_kdfnone.py

@@ -0,0 +1,25 @@
+"""
+test_005_adminless_kdfnone.py - test admin-less mode
+
+Copyright (C) 2016, 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from skip_if_kdfreq import *
+from skip_gnuk_only_tests import *
+from card_test_public_key_operations_alt import *

tests/010_kdfnone/test_042_adminless_kdfnone.py

@@ -0,0 +1,25 @@
+"""
+test_005_adminless_kdfnone.py - test admin-less mode
+
+Copyright (C) 2016, 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from skip_if_kdfreq import *
+from skip_gnuk_only_tests import *
+from card_test_ds_counter1 import *

tests/010_kdfnone/test_043_adminless_kdfnone.py

@@ -0,0 +1,25 @@
+"""
+test_005_adminless_kdfnone.py - test admin-less mode
+
+Copyright (C) 2016, 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from skip_if_kdfreq import *
+from skip_gnuk_only_tests import *
+from card_test_personalize_admin_less_2 import *

tests/010_kdfnone/test_044_adminless_kdfnone.py

@@ -0,0 +1,25 @@
+"""
+test_005_adminless_kdfnone.py - test admin-less mode
+
+Copyright (C) 2016, 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from skip_if_kdfreq import *
+from skip_gnuk_only_tests import *
+from card_test_personalize_reset import *

tests/010_kdfnone/test_045_adminless_kdfnone.py

@@ -0,0 +1,25 @@
+"""
+test_005_adminless_kdfnone.py - test admin-less mode
+
+Copyright (C) 2016, 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from skip_if_kdfreq import *
+from skip_gnuk_only_tests import *
+from card_test_remove_keys import *

tests/010_kdfnone/test_046_adminless_kdfnone.py

@@ -0,0 +1,25 @@
+"""
+test_005_adminless_kdfnone.py - test admin-less mode
+
+Copyright (C) 2016, 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from skip_if_kdfreq import *
+from skip_gnuk_only_tests import *
+from card_test_reset_pw3 import *

tests/020_kdffull/01_initial_check/test_050_adminfull_kdffull.py

@@ -0,0 +1,23 @@
+"""
+test_011_adminfull_kdffull.py - test KDF data object
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from card_test_kdf_full import *

tests/020_kdffull/02_personalization/test_051_adminfull_kdffull.py

@@ -0,0 +1,23 @@
+"""
+test_011_adminfull_kdffull.py - test KDF data object
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from card_test_personalize_card_1 import *

tests/020_kdffull/03_key_import/001_rsa2k/test_rsa2k_import.py

@@ -0,0 +1 @@
+from card_test_ki_pko_dsc_rsa2k import *

tests/020_kdffull/03_key_import/002_nistp256r1/test_nistp256r1_import.py

@@ -0,0 +1 @@
+from card_test_ki_pko_dsc_nistp256r1 import *

tests/020_kdffull/03_key_import/003_brainpoolp256r1/test_brainpoolp256r1_import.py

@@ -0,0 +1 @@
+from card_test_ki_pko_dsc_brainpoolp256r1 import *

tests/020_kdffull/03_key_import/004_secp256k1/test_secp256k1_import.py

@@ -0,0 +1 @@
+from card_test_ki_pko_dsc_secp256k1 import *

tests/020_kdffull/03_key_import/005_nistp384r1/test_nistp384r1_import.py

@@ -0,0 +1 @@
+from card_test_ki_pko_dsc_nistp384r1 import *

tests/020_kdffull/03_key_import/006_brainpoolp384r1/test_brainpoolp384r1_import.py

@@ -0,0 +1 @@
+from card_test_ki_pko_dsc_brainpoolp384r1 import *

tests/020_kdffull/03_key_import/008_nistp521r1/test_nistp521r1_import.py

@@ -0,0 +1 @@
+from card_test_ki_pko_dsc_nistp521r1 import *

tests/020_kdffull/03_key_import/009_brainpoolp512r1/test_brainpoolp521r1_import.py

@@ -0,0 +1 @@
+from card_test_ki_pko_dsc_brainpoolp512r1 import *

tests/020_kdffull/03_key_import/010_curve25519/test_curve25519_import.py

@@ -0,0 +1 @@
+from card_test_ki_pko_dsc_curve25519 import *

tests/020_kdffull/04_keygen/001_rsa2k/test_rsa2k_keygen.py

@@ -0,0 +1 @@
+from card_test_kg_pko_dsc_rsa2k import *

tests/020_kdffull/04_keygen/002_nistp256r1/test_nistp256r1_keygen.py

@@ -0,0 +1 @@
+from card_test_ki_pko_dsc_nistp256r1 import *

tests/020_kdffull/04_keygen/003_brainpoolp256r1/test_brainpoolp256r1_keygen.py

@@ -0,0 +1 @@
+from card_test_kg_pko_dsc_brainpoolp256r1 import *

tests/020_kdffull/04_keygen/004_secp256k1/test_secp256k1_keygen.py

@@ -0,0 +1 @@
+from card_test_kg_pko_dsc_secp256k1 import *

tests/020_kdffull/04_keygen/005_nistp384r1/test_nistp384r1_keygen.py

@@ -0,0 +1 @@
+from card_test_kg_pko_dsc_nistp384r1 import *

tests/020_kdffull/04_keygen/006_brainpoolp384r1/test_brainpoolp384r1_keygen.py

@@ -0,0 +1 @@
+from card_test_kg_pko_dsc_brainpoolp384r1 import *

tests/020_kdffull/04_keygen/008_nistp521r1/test_nistp521r1_keygen.py

@@ -0,0 +1 @@
+from card_test_kg_pko_dsc_nistp521r1 import *

tests/020_kdffull/04_keygen/009_brainpoolp512r1/test_brainpoolp521r1_keygen.py

@@ -0,0 +1 @@
+from card_test_kg_pko_dsc_brainpoolp512r1 import *

tests/020_kdffull/04_keygen/010_curve25519/test_curve25519_keygen.py

@@ -0,0 +1 @@
+from card_test_ki_pko_dsc_curve25519 import *

tests/020_kdffull/05_finalize/test_000_reset_to_TEST4.py

@@ -0,0 +1,15 @@
+import pytest
+from card_const import *
+from constants_for_test import *
+
+def test_setup_pw1_4(card):
+    r = card.change_passwd(1, FACTORY_PASSPHRASE_PW1, PW1_TEST4)
+    assert r
+
+def test_verify_pw1_4(card):
+    v = card.verify(1, PW1_TEST4)
+    assert v
+
+def test_verify_pw1_4_2(card):
+    v = card.verify(2, PW1_TEST4)
+    assert v

tests/020_kdffull/05_finalize/test_057_adminfull_kdffull.py

@@ -0,0 +1,23 @@
+"""
+test_011_adminfull_kdffull.py - test KDF data object
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from card_test_personalize_reset import *

tests/020_kdffull/05_finalize/test_058_adminfull_kdffull.py

@@ -0,0 +1,23 @@
+"""
+test_011_adminfull_kdffull.py - test KDF data object
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from card_test_remove_keys import *

tests/020_kdffull/05_finalize/test_059_adminfull_kdffull.py

@@ -0,0 +1,23 @@
+"""
+test_011_adminfull_kdffull.py - test KDF data object
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from card_test_reset_pw3 import *

tests/020_kdffull/conftest.py

@@ -0,0 +1 @@
+from skip_if_no_kdf_support import *

tests/030_kdfsingle/test_060_adminfull_kdfsingle.py

@@ -0,0 +1,24 @@
+"""
+test_016_adminfull_kdfsingle.py - test KDF data object
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from skip_gnuk_only_tests import *
+from card_test_kdf_single import *

tests/030_kdfsingle/test_061_adminfull_kdfsingle.py

@@ -0,0 +1,25 @@
+"""
+test_016_adminfull_kdfsingle.py - test KDF data object
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from skip_gnuk_only_tests import *
+from card_test_personalize_card_1 import *
+from card_test_personalize_card_2 import *

tests/030_kdfsingle/test_062_adminfull_kdfsingle.py

@@ -0,0 +1,24 @@
+"""
+test_016_adminfull_kdfsingle.py - test KDF data object
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from skip_gnuk_only_tests import *
+from card_test_public_key_operations import *

tests/030_kdfsingle/test_063_adminfull_kdfsingle.py

@@ -0,0 +1,24 @@
+"""
+test_016_adminfull_kdfsingle.py - test KDF data object
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from skip_gnuk_only_tests import *
+from card_test_ds_counter2 import *

tests/030_kdfsingle/test_064_adminfull_kdfsingle.py

@@ -0,0 +1,24 @@
+"""
+test_016_adminfull_kdfsingle.py - test KDF data object
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from skip_gnuk_only_tests import *
+from card_test_personalize_reset import *

tests/030_kdfsingle/test_065_adminfull_kdfsingle.py

@@ -0,0 +1,24 @@
+"""
+test_016_adminfull_kdfsingle.py - test KDF data object
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from skip_gnuk_only_tests import *
+from card_test_remove_keys import *

tests/030_kdfsingle/test_066_adminfull_kdfsingle.py

@@ -0,0 +1,24 @@
+"""
+test_016_adminfull_kdfsingle.py - test KDF data object
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from skip_gnuk_only_tests import *
+from card_test_reset_pw3 import *

tests/030_kdfsingle/test_070_adminless_kdfsingle.py

@@ -0,0 +1,2 @@
+from skip_gnuk_only_tests import *
+from card_test_personalize_admin_less_1 import *

tests/030_kdfsingle/test_071_adminless_kdfsingle.py

@@ -0,0 +1,2 @@
+from skip_gnuk_only_tests import *
+from card_test_public_key_operations_alt import *

tests/030_kdfsingle/test_072_adminless_kdfsingle.py

@@ -0,0 +1,2 @@
+from skip_gnuk_only_tests import *
+from card_test_ds_counter1 import *

tests/030_kdfsingle/test_073_adminless_kdfsingle.py

@@ -0,0 +1,2 @@
+from skip_gnuk_only_tests import *
+from card_test_personalize_admin_less_2 import *

tests/030_kdfsingle/test_074_adminless_kdfsingle.py

@@ -0,0 +1,2 @@
+from skip_gnuk_only_tests import *
+from card_test_personalize_reset import *

tests/030_kdfsingle/test_075_adminless_kdfsingle.py

@@ -0,0 +1,2 @@
+from skip_gnuk_only_tests import *
+from card_test_remove_keys import *

tests/030_kdfsingle/test_076_adminless_kdfsingle.py

@@ -0,0 +1,2 @@
+from skip_gnuk_only_tests import *
+from card_test_reset_pw3 import *

tests/090_finalize/test_080_kdf_none.py

@@ -0,0 +1,42 @@
+"""
+test_025_kdf_none.py - test KDF data object
+
+Copyright (C) 2018  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from skip_if_no_kdf_support import *
+
+from card_const import *
+from constants_for_test import *
+
+def test_verify_pw3(card):
+    v = card.verify(3, FACTORY_PASSPHRASE_PW3)
+    assert v
+
+def test_kdf_put_none(card):
+    if card.is_yubikey:
+        KDF_SETUP_NONE=b"\x81\x01\x00"
+    else:
+        KDF_SETUP_NONE=b""
+    r = card.configure_kdf(KDF_SETUP_NONE)
+    assert r
+
+def test_verify_pw3_1(card):
+    v = card.verify(3, FACTORY_PASSPHRASE_PW3)
+    assert v

tests/090_finalize/test_091_reset_attr.py

@@ -0,0 +1,23 @@
+"""
+test_091_reset_attr.py - test resetting key attributes
+
+Copyright (C) 2021  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from card_test_reset_attr import *

tests/brainpoolp256r1_keys.py

@@ -0,0 +1,148 @@
+from time import time
+from struct import pack
+from hashlib import sha1, sha256
+from pk_signed_mpi_with_libgcrypt import PK_libgcrypt
+from card_const import KEY_ATTRIBUTES_ECDH_BRAINPOOLP256R1, KEY_ATTRIBUTES_ECDSA_BRAINPOOLP256R1
+lg_bp256 = PK_libgcrypt(32, "brainpoolP256r1")
+
+
+class PK_Crypto(object):
+    @staticmethod
+    def pk_from_pk_info(pk_info):
+        return pk_info[5:]
+
+    @staticmethod
+    def compute_digestinfo(msg):
+        return sha256(msg).digest()
+
+    @staticmethod
+    def enc_data(enc_info):
+        return b'\xa6\x46\x7f\x49\x43\x86\x41' + enc_info[1]
+
+    @staticmethod
+    def enc_check(enc_info, s):
+        point = enc_info[0]
+        # It's 04 || X || Y, extract X
+        return point[1:33] == s
+
+
+    def __init__(self, keyno=None, pk_info=None, data=None):
+        if keyno == None:
+            # Just for name space
+            return
+
+        self.keyno = keyno
+        self.for_encryption = (self.keyno == 1)
+        self.timestamp = pack('>I', int(time()))
+        if pk_info:
+            # Public part only (no private data) from card
+            self.q = pk_info[5:]
+        else:
+            # Private part (in big endian)
+            self.d = data[0]
+            self.q = data[1]
+        self.fpr = self.calc_fpr()
+
+    def calc_fpr(self):
+        m_len = 6 + 2 + 65
+        ver = b'\x04'
+        algo = b'\x12' if self.for_encryption else b'\x16'
+        m = b'\x99' + pack('>H', m_len) + ver + self.timestamp + algo \
+            + pack('>H', 512+3) + self.q
+        return sha1(m).digest()
+
+    def build_privkey_template(self, is_yubikey):
+        openpgp_keyno = self.keyno + 1
+        if openpgp_keyno == 1:
+            keyspec = b'\xb6'
+        elif openpgp_keyno == 2:
+            keyspec = b'\xb8'
+        else:
+            keyspec = b'\xa4'
+        key_template = b'\x92\x20'
+        exthdr = keyspec + b'\x00' + b'\x7f\x48' + b'\x02' + key_template
+        suffix = b'\x5f\x48' + b'\x20'
+        return b'\x4d' + b'\x2a' + exthdr + suffix + self.d
+
+    def compute_signature(self, digestinfo):
+        return lg_bp256.call_pk_sign(self.d, digestinfo)
+
+    def verify_signature(self, digestinfo, sig):
+        return lg_bp256.call_pk_verify(self.q, digestinfo, sig)
+
+    def encrypt(self, plaintext):
+        # Do ECDH
+        return lg_bp256.call_pk_encrypt(self.q, plaintext)
+
+    def get_fpr(self):
+        return self.fpr
+
+    def get_timestamp(self):
+        return self.timestamp
+
+    def get_pk(self):
+        return self.q
+
+key = [ None, None, None ]
+
+# https://datatracker.ietf.org/doc/html/rfc6932#appendix-A.2
+
+bp256_data0 = (
+    b'\x04\x1e\xb8\xb1\xe2\xbc\x68\x1b\xce\x8e\x39\x96\x3b\x2e\x9f\xc4'
+    b'\x15\xb0\x52\x83\x31\x3d\xd1\xa8\xbc\xc0\x55\xf1\x1a\xe4\x96\x99',
+    b'\x04'
+    b'\x78\x02\x84\x96\xb5\xec\xaa\xb3\xc8\xb6\xc1\x2e\x45\xdb\x1e\x02'
+    b'\xc9\xe4\xd2\x6b\x41\x13\xbc\x4f\x01\x5f\x60\xc5\xcc\xc0\xd2\x06'
+    b'\xa2\xae\x17\x62\xa3\x83\x1c\x1d\x20\xf0\x3f\x8d\x1e\x3c\x0c\x39'
+    b'\xaf\xe6\xf0\x9b\x4d\x44\xbb\xe8\x0c\xd1\x00\x98\x7b\x05\xf9\x2b'
+)
+
+bp256_data2 = (
+    b'\x06\xf5\x24\x0e\xac\xdb\x98\x37\xbc\x96\xd4\x82\x74\xc8\xaa\x83'
+    b'\x4b\x6c\x87\xba\x9c\xc3\xee\xdd\x81\xf9\x9a\x16\xb8\xd8\x04\xd3',
+    b'\x04'
+    b'\x8e\x07\xe2\x19\xba\x58\x89\x16\xc5\xb0\x6a\xa3\x0a\x2f\x46\x4c'
+    b'\x2f\x2a\xcf\xc1\x61\x0a\x3b\xe2\xfb\x24\x0b\x63\x53\x41\xf0\xdb'
+    b'\x14\x8e\xa1\xd7\xd1\xe7\xe5\x4b\x95\x55\xb6\xc9\xac\x90\x62\x9c'
+    b'\x18\xb6\x3b\xee\x5d\x7a\xa6\x94\x9e\xbb\xf4\x7b\x24\xfd\xe4\x0d'
+)
+
+# https://tools.ietf.org/html/rfc7027#appendix-A.1
+bp256_data1 = (
+    b'\x81\xdb\x1e\xe1\x00\x15\x0f\xf2\xea\x33\x8d\x70\x82\x71\xbe\x38'
+    b'\x30\x0c\xb5\x42\x41\xd7\x99\x50\xf7\x7b\x06\x30\x39\x80\x4f\x1d',
+    b'\x04'
+    b'\x44\x10\x6e\x91\x3f\x92\xbc\x02\xa1\x70\x5d\x99\x53\xa8\x41\x4d'
+    b'\xb9\x5e\x1a\xaa\x49\xe8\x1d\x9e\x85\xf9\x29\xa8\xe3\x10\x0b\xe5'
+    b'\x8a\xb4\x84\x6f\x11\xca\xcc\xb7\x3c\xe4\x9c\xbd\xd1\x20\xf5\xa9'
+    b'\x00\xa6\x9f\xd3\x2c\x27\x22\x23\xf7\x89\xef\x10\xeb\x08\x9b\xdc'
+)
+
+key[0] = PK_Crypto(0, data=bp256_data0)
+key[1] = PK_Crypto(1, data=bp256_data1)
+key[2] = PK_Crypto(2, data=bp256_data2)
+
+PLAIN_TEXT0=b"In this test, we verify card generated result by libgcrypt."
+PLAIN_TEXT1=b"Signature is non-deterministic (it uses nonce K internally)."
+PLAIN_TEXT2=b"We don't use brainpoolp256r1 test vectors (it specifies K of ECDSA)."
+PLAIN_TEXT3=b"NOTE: Our test is not for ECDSA implementation itself."
+
+ENCRYPT_TEXT0 = sha256(b"encrypt me please").digest()
+ENCRYPT_TEXT1 = sha256(b"encrypt me please, another").digest()
+ENCRYPT_TEXT2 = sha256(b"encrypt me please, the other").digest()
+
+test_vector = {
+    'sign_0' : PLAIN_TEXT0,
+    'sign_1' : PLAIN_TEXT1,
+    'auth_0' : PLAIN_TEXT2,
+    'auth_1' : PLAIN_TEXT3,
+    'decrypt_0' : ENCRYPT_TEXT0,
+    'decrypt_1' : ENCRYPT_TEXT1,
+    'encrypt_0' : ENCRYPT_TEXT2,
+}
+
+brainpoolp256r1_pk = PK_Crypto()
+brainpoolp256r1_pk.test_vector = test_vector
+brainpoolp256r1_pk.key_list = key
+brainpoolp256r1_pk.key_attr_list = [KEY_ATTRIBUTES_ECDSA_BRAINPOOLP256R1, KEY_ATTRIBUTES_ECDH_BRAINPOOLP256R1, KEY_ATTRIBUTES_ECDSA_BRAINPOOLP256R1]
+brainpoolp256r1_pk.PK_Crypto = PK_Crypto

tests/brainpoolp384r1_keys.py

@@ -0,0 +1,157 @@
+from time import time
+from struct import pack
+from hashlib import sha1, sha384
+from pk_signed_mpi_with_libgcrypt import PK_libgcrypt
+from card_const import KEY_ATTRIBUTES_ECDH_BRAINPOOLP384R1, KEY_ATTRIBUTES_ECDSA_BRAINPOOLP384R1
+
+lg_bp384 = PK_libgcrypt(48, "brainpoolP384r1")
+
+class PK_Crypto(object):
+    @staticmethod
+    def pk_from_pk_info(pk_info):
+        return pk_info[5:]
+
+    @staticmethod
+    def compute_digestinfo(msg):
+        return sha384(msg).digest()
+
+    @staticmethod
+    def enc_data(enc_info):
+        return b'\xa6\x66\x7f\x49\x63\x86\x61' + enc_info[1]
+
+    @staticmethod
+    def enc_check(enc_info, s):
+        point = enc_info[0]
+        # It's 04 || X || Y, extract X
+        return point[1:49] == s
+
+
+    def __init__(self, keyno=None, pk_info=None, data=None):
+        if keyno == None:
+            # Just for name space
+            return
+
+        self.keyno = keyno
+        self.for_encryption = (self.keyno == 1)
+        self.timestamp = pack('>I', int(time()))
+        if pk_info:
+            # Public part only (no private data) from card
+            self.q = pk_info[5:]
+        else:
+            # Private part (in big endian)
+            self.d = data[0]
+            self.q = data[1]
+        self.fpr = self.calc_fpr()
+
+    def calc_fpr(self):
+        m_len = 6 + 2 + 97
+        ver = b'\x04'
+        algo = b'\x12' if self.for_encryption else b'\x16'
+        m = b'\x99' + pack('>H', m_len) + ver + self.timestamp + algo \
+            + pack('>H', 768+3) + self.q
+        return sha1(m).digest()
+
+    def build_privkey_template(self, is_yubikey):
+        openpgp_keyno = self.keyno + 1
+        if openpgp_keyno == 1:
+            keyspec = b'\xb6'
+        elif openpgp_keyno == 2:
+            keyspec = b'\xb8'
+        else:
+            keyspec = b'\xa4'
+        key_template = b'\x92\x30'
+        exthdr = keyspec + b'\x00' + b'\x7f\x48' + b'\x02' + key_template
+        suffix = b'\x5f\x48' + b'\x30'
+        return b'\x4d' + b'\x3a' + exthdr + suffix + self.d
+
+    def compute_signature(self, digestinfo):
+        return lg_bp384.call_pk_sign(self.d, digestinfo)
+
+    def verify_signature(self, digestinfo, sig):
+        return lg_bp384.call_pk_verify(self.q, digestinfo, sig)
+
+    def encrypt(self, plaintext):
+        # Do ECDH
+        return lg_bp384.call_pk_encrypt(self.q, plaintext)
+
+    def get_fpr(self):
+        return self.fpr
+
+    def get_timestamp(self):
+        return self.timestamp
+
+    def get_pk(self):
+        return self.q
+
+key = [ None, None, None ]
+
+# https://datatracker.ietf.org/doc/html/rfc6932#appendix-A.3
+
+bp384_data0 = (
+    b'\x01\x4e\xc0\x75\x5b\x78\x59\x4b\xa4\x7f\xb0\xa5\x6f\x61\x73\x04'
+    b'\x5b\x43\x31\xe7\x4b\xa1\xa6\xf4\x73\x22\xe7\x0d\x79\xd8\x28\xd9'
+    b'\x7e\x09\x58\x84\xca\x72\xb7\x3f\xda\xbd\x59\x10\xdf\x0f\xa7\x6a',
+    b'\x04'
+    b'\x45\xcb\x26\xe4\x38\x4d\xaf\x6f\xb7\x76\x88\x53\x07\xb9\xa3\x8b'
+    b'\x7a\xd1\xb5\xc6\x92\xe0\xc3\x2f\x01\x25\x33\x27\x78\xf3\xb8\xd3'
+    b'\xf5\x0c\xa3\x58\x09\x9b\x30\xde\xb5\xee\x69\xa9\x5c\x05\x8b\x4e'
+    b'\x81\x73\xa1\xc5\x4a\xff\xa7\xe7\x81\xd0\xe1\xe1\xd1\x2c\x0d\xc2'
+    b'\xb7\x4f\x4d\xf5\x8e\x4a\x4e\x3a\xf7\x02\x6c\x5d\x32\xdc\x53\x0a'
+    b'\x2c\xd8\x9c\x85\x9b\xb4\xb4\xb7\x68\x49\x7f\x49\xab\x8c\xc8\x59'
+)
+
+bp384_data2 = (
+    b'\x6b\x46\x1c\xb7\x9b\xd0\xea\x51\x9a\x87\xd6\x82\x88\x15\xd8\xce'
+    b'\x7c\xd9\xb3\xca\xa0\xb5\xa8\x26\x2c\xbc\xd5\x50\xa0\x15\xc9\x00'
+    b'\x95\xb9\x76\xf3\x52\x99\x57\x50\x6e\x12\x24\xa8\x61\x71\x1d\x54',
+    b'\x04'
+    b'\x01\xbf\x92\xa9\x2e\xe4\xbe\x8d\xed\x1a\x91\x11\x25\xc2\x09\xb0'
+    b'\x3f\x99\xe3\x16\x1c\xfc\xc9\x86\xdc\x77\x11\x38\x3f\xc3\x0a\xf9'
+    b'\xce\x28\xca\x33\x86\xd5\x9e\x2c\x8d\x72\xce\x1e\x7b\x46\x66\xe8'
+    b'\x32\x89\xc4\xa3\xa4\xfe\xe0\x35\xe3\x9b\xdb\x88\x5d\x50\x9d\x22'
+    b'\x4a\x14\x2f\xf9\xfb\xcc\x5c\xfe\x5c\xcb\xb3\x02\x68\xee\x47\x48'
+    b'\x7e\xd8\x04\x48\x58\xd3\x1d\x84\x8f\x7a\x95\xc6\x35\xa3\x47\xac'
+)
+
+# https://tools.ietf.org/html/rfc7027#appendix-A.2
+bp384_data1 = (
+    b'\x1e\x20\xf5\xe0\x48\xa5\x88\x6f\x1f\x15\x7c\x74\xe9\x1b\xde\x2b'
+    b'\x98\xc8\xb5\x2d\x58\xe5\x00\x3d\x57\x05\x3f\xc4\xb0\xbd\x65\xd6'
+    b'\xf1\x5e\xb5\xd1\xee\x16\x10\xdf\x87\x07\x95\x14\x36\x27\xd0\x42',
+    b'\x04'
+    b'\x68\xb6\x65\xdd\x91\xc1\x95\x80\x06\x50\xcd\xd3\x63\xc6\x25\xf4'
+    b'\xe7\x42\xe8\x13\x46\x67\xb7\x67\xb1\xb4\x76\x79\x35\x88\xf8\x85'
+    b'\xab\x69\x8c\x85\x2d\x4a\x6e\x77\xa2\x52\xd6\x38\x0f\xca\xf0\x68'
+    b'\x55\xbc\x91\xa3\x9c\x9e\xc0\x1d\xee\x36\x01\x7b\x7d\x67\x3a\x93'
+    b'\x12\x36\xd2\xf1\xf5\xc8\x39\x42\xd0\x49\xe3\xfa\x20\x60\x74\x93'
+    b'\xe0\xd0\x38\xff\x2f\xd3\x0c\x2a\xb6\x7d\x15\xc8\x5f\x7f\xaa\x59'
+)
+
+key[0] = PK_Crypto(0, data=bp384_data0)
+key[1] = PK_Crypto(1, data=bp384_data1)
+key[2] = PK_Crypto(2, data=bp384_data2)
+
+PLAIN_TEXT0=b"In this test, we verify card generated result by libgcrypt."
+PLAIN_TEXT1=b"Signature is non-deterministic (it uses nonce K internally)."
+PLAIN_TEXT2=b"We don't use brainpoolp384r1 test vectors (it specifies K of ECDSA)."
+PLAIN_TEXT3=b"NOTE: Our test is not for ECDSA implementation itself."
+
+ENCRYPT_TEXT0 = sha384(b"encrypt me please").digest()
+ENCRYPT_TEXT1 = sha384(b"encrypt me please, another").digest()
+ENCRYPT_TEXT2 = sha384(b"encrypt me please, the other").digest()
+
+test_vector = {
+    'sign_0' : PLAIN_TEXT0,
+    'sign_1' : PLAIN_TEXT1,
+    'auth_0' : PLAIN_TEXT2,
+    'auth_1' : PLAIN_TEXT3,
+    'decrypt_0' : ENCRYPT_TEXT0,
+    'decrypt_1' : ENCRYPT_TEXT1,
+    'encrypt_0' : ENCRYPT_TEXT2,
+}
+
+brainpoolp384r1_pk = PK_Crypto()
+brainpoolp384r1_pk.test_vector = test_vector
+brainpoolp384r1_pk.key_list = key
+brainpoolp384r1_pk.key_attr_list = [KEY_ATTRIBUTES_ECDSA_BRAINPOOLP384R1, KEY_ATTRIBUTES_ECDH_BRAINPOOLP384R1, KEY_ATTRIBUTES_ECDSA_BRAINPOOLP384R1]
+brainpoolp384r1_pk.PK_Crypto = PK_Crypto

tests/brainpoolp512r1_keys.py

@@ -0,0 +1,166 @@
+from time import time
+from struct import pack
+from hashlib import sha1, sha512
+from pk_signed_mpi_with_libgcrypt import PK_libgcrypt
+from card_const import KEY_ATTRIBUTES_ECDH_BRAINPOOLP512R1, KEY_ATTRIBUTES_ECDSA_BRAINPOOLP512R1
+
+lg_bp512 = PK_libgcrypt(64, "brainpoolP512r1")
+
+class PK_Crypto(object):
+    @staticmethod
+    def pk_from_pk_info(pk_info):
+        return pk_info[7:]
+
+    @staticmethod
+    def compute_digestinfo(msg):
+        return sha512(msg).digest()
+
+    @staticmethod
+    def enc_data(enc_info):
+        return b'\xa6\x81\x88\x7f\x49\x81\x84\x86\x81\x81' + enc_info[1]
+
+    @staticmethod
+    def enc_check(enc_info, s):
+        point = enc_info[0]
+        # It's 04 || X || Y, extract X
+        return point[1:65] == s
+
+
+    def __init__(self, keyno=None, pk_info=None, data=None):
+        if keyno == None:
+            # Just for name space
+            return
+
+        self.keyno = keyno
+        self.for_encryption = (self.keyno == 1)
+        self.timestamp = pack('>I', int(time()))
+        if pk_info:
+            # Public part only (no private data) from card
+            self.q = pk_info[7:]
+        else:
+            # Private part (in big endian)
+            self.d = data[0]
+            self.q = data[1]
+        self.fpr = self.calc_fpr()
+
+    def calc_fpr(self):
+        m_len = 6 + 2 + 129
+        ver = b'\x04'
+        algo = b'\x12' if self.for_encryption else b'\x16'
+        m = b'\x99' + pack('>H', m_len) + ver + self.timestamp + algo \
+            + pack('>H', 1024+3) + self.q
+        return sha1(m).digest()
+
+    def build_privkey_template(self, is_yubikey):
+        openpgp_keyno = self.keyno + 1
+        if openpgp_keyno == 1:
+            keyspec = b'\xb6'
+        elif openpgp_keyno == 2:
+            keyspec = b'\xb8'
+        else:
+            keyspec = b'\xa4'
+        key_template = b'\x92\x40'
+        exthdr = keyspec + b'\x00' + b'\x7f\x48' + b'\x02' + key_template
+        suffix = b'\x5f\x48' + b'\x40'
+        return b'\x4d' + b'\x4a' + exthdr + suffix + self.d
+
+    def compute_signature(self, digestinfo):
+        return lg_bp512.call_pk_sign(self.d, digestinfo)
+
+    def verify_signature(self, digestinfo, sig):
+        return lg_bp512.call_pk_verify(self.q, digestinfo, sig)
+
+    def encrypt(self, plaintext):
+        # Do ECDH
+        return lg_bp512.call_pk_encrypt(self.q, plaintext)
+
+    def get_fpr(self):
+        return self.fpr
+
+    def get_timestamp(self):
+        return self.timestamp
+
+    def get_pk(self):
+        return self.q
+
+key = [ None, None, None ]
+
+# https://datatracker.ietf.org/doc/html/rfc6932#appendix-A.4
+
+bp512_data0 = (
+    b'\x63\x6b\x6b\xe0\x48\x2a\x6c\x1c\x41\xaa\x7a\xe7\xb2\x45\xe9\x83'
+    b'\x39\x2d\xb9\x4c\xec\xea\x26\x60\xa3\x79\xcf\xe1\x59\x55\x9e\x35'
+    b'\x75\x81\x82\x53\x91\x17\x5f\xc1\x95\xd2\x8b\xac\x0c\xf0\x3a\x78'
+    b'\x41\xa3\x83\xb9\x5c\x26\x2b\x98\x37\x82\x87\x4c\xce\x6f\xe3\x33',
+    b'\x04'
+    b'\x05\x62\xe6\x8b\x9a\xf7\xcb\xfd\x55\x65\xc6\xb1\x68\x83\xb7\x77'
+    b'\xff\x11\xc1\x99\x16\x1e\xcc\x42\x7a\x39\xd1\x7e\xc2\x16\x64\x99'
+    b'\x38\x95\x71\xd6\xa9\x94\x97\x7c\x56\xad\x82\x52\x65\x8b\xa8\xa1'
+    b'\xb7\x2a\xe4\x2f\x4f\xb7\x53\x21\x51\xaf\xc3\xef\x09\x71\xcc\xda'
+    b'\xa7\xca\x2d\x81\x91\xe2\x17\x76\xa8\x98\x60\xaf\xbc\x1f\x58\x2f'
+    b'\xaa\x30\x8d\x55\x1c\x1d\xc6\x13\x3a\xf9\xf9\xc3\xca\xd5\x99\x98'
+    b'\xd7\x00\x79\x54\x81\x40\xb9\x0b\x1f\x31\x1a\xfb\x37\x8a\xa8\x1f'
+    b'\x51\xb2\x75\xb2\xbe\x6b\x7d\xee\x97\x8e\xfc\x73\x43\xea\x64\x2e'
+)
+
+bp512_data2 = (
+    b'\x0a\xf4\xe7\xf6\xd5\x2e\xdd\x52\x90\x7b\xb8\xdb\xab\x39\x92\xa0'
+    b'\xbb\x69\x6e\xc1\x0d\xf1\x18\x92\xff\x20\x5b\x66\xd3\x81\xec\xe7'
+    b'\x23\x14\xe6\xa6\xea\x07\x9c\xea\x06\x96\x1d\xba\x5a\xe6\x42\x2e'
+    b'\xf2\xe9\xee\x80\x3a\x1f\x23\x6f\xb9\x6a\x17\x99\xb8\x6e\x5c\x8b',
+    b'\x04'
+    b'\x5a\x79\x54\xe3\x26\x63\xdf\xf1\x1a\xe2\x47\x12\xd8\x74\x19\xf2'
+    b'\x6b\x70\x8a\xc2\xb9\x28\x77\xd6\xbf\xee\x2b\xfc\x43\x71\x4d\x89'
+    b'\xbb\xdb\x6d\x24\xd8\x07\xbb\xd3\xae\xb7\xf0\xc3\x25\xf8\x62\xe8'
+    b'\xba\xde\x4f\x74\x63\x6b\x97\xea\xac\xe7\x39\xe1\x17\x20\xd3\x23'
+    b'\x96\xd1\x46\x21\xa9\x28\x3a\x1b\xed\x84\xde\x8d\xd6\x48\x36\xb2'
+    b'\xc0\x75\x8b\x11\x44\x11\x79\xdc\x0c\x54\xc0\xd4\x9a\x47\xc0\x38'
+    b'\x07\xd1\x71\xdd\x54\x4b\x72\xca\xae\xf7\xb7\xce\x01\xc7\x75\x3e'
+    b'\x2c\xad\x1a\x86\x1e\xca\x55\xa7\x19\x54\xee\x1b\xa3\x5e\x04\xbe'
+)
+
+# https://tools.ietf.org/html/rfc7027#appendix-A.3
+bp512_data1 = (
+    b'\x16\x30\x2f\xf0\xdb\xbb\x5a\x8d\x73\x3d\xab\x71\x41\xc1\xb4\x5a'
+    b'\xcb\xc8\x71\x59\x39\x67\x7f\x6a\x56\x85\x0a\x38\xbd\x87\xbd\x59'
+    b'\xb0\x9e\x80\x27\x96\x09\xff\x33\x3e\xb9\xd4\xc0\x61\x23\x1f\xb2'
+    b'\x6f\x92\xee\xb0\x49\x82\xa5\xf1\xd1\x76\x4c\xad\x57\x66\x54\x22',
+    b'\x04'
+    b'\x0a\x42\x05\x17\xe4\x06\xaa\xc0\xac\xdc\xe9\x0f\xcd\x71\x48\x77'
+    b'\x18\xd3\xb9\x53\xef\xd7\xfb\xec\x5f\x7f\x27\xe2\x8c\x61\x49\x99'
+    b'\x93\x97\xe9\x1e\x02\x9e\x06\x45\x7d\xb2\xd3\xe6\x40\x66\x8b\x39'
+    b'\x2c\x2a\x7e\x73\x7a\x7f\x0b\xf0\x44\x36\xd1\x16\x40\xfd\x09\xfd'
+    b'\x72\xe6\x88\x2e\x8d\xb2\x8a\xad\x36\x23\x7c\xd2\x5d\x58\x0d\xb2'
+    b'\x37\x83\x96\x1c\x8d\xc5\x2d\xfa\x2e\xc1\x38\xad\x47\x2a\x0f\xce'
+    b'\xf3\x88\x7c\xf6\x2b\x62\x3b\x2a\x87\xde\x5c\x58\x83\x01\xea\x3e'
+    b'\x5f\xc2\x69\xb3\x73\xb6\x07\x24\xf5\xe8\x2a\x6a\xd1\x47\xfd\xe7'
+)
+
+key[0] = PK_Crypto(0, data=bp512_data0)
+key[1] = PK_Crypto(1, data=bp512_data1)
+key[2] = PK_Crypto(2, data=bp512_data2)
+
+PLAIN_TEXT0=b"In this test, we verify card generated result by libgcrypt."
+PLAIN_TEXT1=b"Signature is non-deterministic (it uses nonce K internally)."
+PLAIN_TEXT2=b"We don't use brainpoolp512r1 test vectors (it specifies K of ECDSA)."
+PLAIN_TEXT3=b"NOTE: Our test is not for ECDSA implementation itself."
+
+ENCRYPT_TEXT0 = sha512(b"encrypt me please").digest()
+ENCRYPT_TEXT1 = sha512(b"encrypt me please, another").digest()
+ENCRYPT_TEXT2 = sha512(b"encrypt me please, the other").digest()
+
+test_vector = {
+    'sign_0' : PLAIN_TEXT0,
+    'sign_1' : PLAIN_TEXT1,
+    'auth_0' : PLAIN_TEXT2,
+    'auth_1' : PLAIN_TEXT3,
+    'decrypt_0' : ENCRYPT_TEXT0,
+    'decrypt_1' : ENCRYPT_TEXT1,
+    'encrypt_0' : ENCRYPT_TEXT2,
+}
+
+brainpoolp512r1_pk = PK_Crypto()
+brainpoolp512r1_pk.test_vector = test_vector
+brainpoolp512r1_pk.key_list = key
+brainpoolp512r1_pk.key_attr_list = [KEY_ATTRIBUTES_ECDSA_BRAINPOOLP512R1, KEY_ATTRIBUTES_ECDH_BRAINPOOLP512R1, KEY_ATTRIBUTES_ECDSA_BRAINPOOLP512R1]
+brainpoolp512r1_pk.PK_Crypto = PK_Crypto

tests/build-in-docker.sh

@@ -0,0 +1,7 @@
+#!/bin/bash -eu
+
+source tests/docker_env.sh
+#run_in_docker rm -rf CMakeFiles
+run_in_docker mkdir -p build_in_docker
+run_in_docker -w "$PWD/build_in_docker" cmake -DENABLE_EMULATION=1 ..
+run_in_docker -w "$PWD/build_in_docker" make -j ${NUM_PROC}

tests/card_const.py

@@ -0,0 +1,46 @@
+FACTORY_PASSPHRASE_PW1=b"123456"
+FACTORY_PASSPHRASE_PW3=b"12345678"
+KEY_ATTRIBUTES_RSA4K=b"\x01\x10\x00\x00\x20\x00"
+KEY_ATTRIBUTES_RSA2K=b"\x01\x08\x00\x00\x20\x00"
+KEY_ATTRIBUTES_RSA2K_ALT=b"\x01\x08\x00\x00\x11\x00"
+KEY_ATTRIBUTES_ECDH_NISTP256R1=b"\x12\x2a\x86\x48\xce\x3d\x03\x01\x07"
+KEY_ATTRIBUTES_ECDH_NISTP384R1=b"\x12\x2b\x81\x04\x00\x22"
+KEY_ATTRIBUTES_ECDH_NISTP521R1=b"\x12\x2b\x81\x04\x00\x23"
+KEY_ATTRIBUTES_ECDH_BRAINPOOLP256R1=b"\x12\x2b\x24\x03\x03\x02\x08\x01\x01\x07"
+KEY_ATTRIBUTES_ECDH_BRAINPOOLP384R1=b"\x12\x2b\x24\x03\x03\x02\x08\x01\x01\x0b"
+KEY_ATTRIBUTES_ECDH_BRAINPOOLP512R1=b"\x12\x2b\x24\x03\x03\x02\x08\x01\x01\x0d"
+KEY_ATTRIBUTES_ECDSA_NISTP256R1=b"\x13\x2a\x86\x48\xce\x3d\x03\x01\x07"
+KEY_ATTRIBUTES_ECDSA_NISTP384R1=b"\x13\x2b\x81\x04\x00\x22"
+KEY_ATTRIBUTES_ECDSA_NISTP521R1=b"\x13\x2b\x81\x04\x00\x23"
+KEY_ATTRIBUTES_ECDSA_BRAINPOOLP256R1=b"\x13\x2b\x24\x03\x03\x02\x08\x01\x01\x07"
+KEY_ATTRIBUTES_ECDSA_BRAINPOOLP384R1=b"\x13\x2b\x24\x03\x03\x02\x08\x01\x01\x0b"
+KEY_ATTRIBUTES_ECDSA_BRAINPOOLP512R1=b"\x13\x2b\x24\x03\x03\x02\x08\x01\x01\x0d"
+KEY_ATTRIBUTES_CV25519=b"\x12\x2b\x06\x01\x04\x01\x97\x55\x01\x05\x01"
+KEY_ATTRIBUTES_ED25519=b"\x16\x2b\x06\x01\x04\x01\xda\x47\x0f\x01"
+KEY_ATTRIBUTES_ECDH_SECP256K1=b"\x12\x2b\x81\x04\x00\x0a"
+KEY_ATTRIBUTES_ECDSA_SECP256K1=b"\x13\x2b\x81\x04\x00\x0a"
+
+def default_key(card, is_for_encr):
+    if card.is_gnuk:
+        if is_for_encr:
+            return KEY_ATTRIBUTES_CV25519
+        else:
+            return KEY_ATTRIBUTES_ED25519
+    else:
+        # if is_for_encr:
+        #     return KEY_ATTRIBUTES_ECDH_BRAINPOOLP512R1
+        # else:
+        #     return KEY_ATTRIBUTES_ECDSA_BRAINPOOLP512R1
+        return KEY_ATTRIBUTES_RSA2K
+
+def alt_key(card, is_for_encr):
+    if card.is_gnuk or card.is_yubikey:
+        if is_for_encr:
+            return KEY_ATTRIBUTES_ECDH_SECP256K1
+        else:
+            return KEY_ATTRIBUTES_ECDSA_SECP256K1
+    else:
+        if is_for_encr:
+            return KEY_ATTRIBUTES_ECDH_BRAINPOOLP256R1
+        else:
+            return KEY_ATTRIBUTES_ECDSA_BRAINPOOLP256R1

tests/card_reader.py

@@ -0,0 +1,67 @@
+"""
+card_reader.py - a library for smartcard reader
+
+Copyright (C) 2016, 2017, 2019  Free Software Initiative of Japan
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from struct import pack
+from binascii import hexlify
+import sys
+
+try:
+    from smartcard.CardType import AnyCardType
+    from smartcard.CardRequest import CardRequest
+    from smartcard.Exceptions import CardRequestTimeoutException, CardConnectionException
+except ModuleNotFoundError:
+    print('ERROR: smarctard module not found! Install pyscard package.\nTry with `pip install pyscard`')
+    sys.exit(-1)
+
+class CardReader(object):
+    def __init__(self):
+        """
+        __init__() -> None
+        Initialize the reader
+        device: usb.core.Device object.
+        """
+
+        cardtype = AnyCardType()
+        try:
+            # request card insertion
+            cardrequest = CardRequest(timeout=10, cardType=cardtype)
+            self.__card = cardrequest.waitforcard()
+
+            # connect to the card and perform a few transmits
+            self.__card.connection.connect()
+
+        except CardRequestTimeoutException:
+            raise Exception('time-out: no card inserted during last 10s')
+
+    def reset_device(self):
+        self.__card.connection.reconnect()
+
+    def send_cmd(self, cmd):
+        response, sw1, sw2 = self.__card.connection.transmit(list(bytearray(cmd)))
+        return bytes(response + [sw1,sw2])
+
+    def ccid_power_off(self):
+        self.__card.connection.disconnect()
+
+def get_ccid_device():
+    return CardReader()
+

tests/card_test_0_set_attr.py

@@ -0,0 +1,41 @@
+"""
+card_test_set_attr.py - test setting key attributes
+
+Copyright (C) 2021  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from card_const import *
+import pytest
+
+class Test_Set_ATTRS(object):
+    #def test_verify_pw3(self, card):
+    #    v = card.verify(3, FACTORY_PASSPHRASE_PW3)
+    #    assert v
+
+    def test_keyattr_set_1(self, card, pk):
+        r = card.cmd_put_data(0x00, 0xc1, pk.key_attr_list[0])
+        assert r
+
+    def test_keyattr_set_2(self, card, pk):
+        r = card.cmd_put_data(0x00, 0xc2, pk.key_attr_list[1])
+        assert r
+
+    def test_keyattr_set_3(self, card, pk):
+        r = card.cmd_put_data(0x00, 0xc3, pk.key_attr_list[2])
+        assert r

tests/card_test_1_import_keys.py

@@ -0,0 +1,184 @@
+"""
+card_test_personalize_card.py - test personalizing card
+
+Copyright (C) 2016, 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from struct import pack
+from re import match, DOTALL
+from util import *
+from card_const import *
+from constants_for_test import *
+import pytest
+
+class Test_Card_Personalize_Card_2(object):
+    def test_import_key_1(self, card, pk):
+        t = pk.key_list[0].build_privkey_template(card.is_yubikey)
+        r = card.cmd_put_data_odd(0x3f, 0xff, t)
+        assert r
+
+    def test_import_key_2(self, card, pk):
+        t = pk.key_list[1].build_privkey_template(card.is_yubikey)
+        r = card.cmd_put_data_odd(0x3f, 0xff, t)
+        assert r
+
+    def test_import_key_3(self, card, pk):
+        t = pk.key_list[2].build_privkey_template(card.is_yubikey)
+        r = card.cmd_put_data_odd(0x3f, 0xff, t)
+        assert r
+
+    def test_fingerprint_1_put(self, card, pk):
+        fpr1 = pk.key_list[0].get_fpr()
+        r = card.cmd_put_data(0x00, 0xc7, fpr1)
+        assert r
+
+    def test_fingerprint_2_put(self, card, pk):
+        fpr2 = pk.key_list[1].get_fpr()
+        r = card.cmd_put_data(0x00, 0xc8, fpr2)
+        assert r
+
+    def test_fingerprint_3_put(self, card, pk):
+        fpr3 = pk.key_list[2].get_fpr()
+        r = card.cmd_put_data(0x00, 0xc9, fpr3)
+        assert r
+
+    def test_timestamp_1_put(self, card, pk):
+        timestamp1 = pk.key_list[0].get_timestamp()
+        r = card.cmd_put_data(0x00, 0xce, timestamp1)
+        assert r
+
+    def test_timestamp_2_put(self, card, pk):
+        timestamp2 = pk.key_list[1].get_timestamp()
+        r = card.cmd_put_data(0x00, 0xcf, timestamp2)
+        assert r
+
+    def test_timestamp_3_put(self, card, pk):
+        timestamp3 = pk.key_list[2].get_timestamp()
+        r = card.cmd_put_data(0x00, 0xd0, timestamp3)
+        assert r
+
+    def test_ds_counter_0(self, card):
+        c = get_data_object(card, 0x7a)
+        assert c == b'\x93\x03\x00\x00\x00'
+
+    def test_pw1_status(self, card):
+        s = get_data_object(card, 0xc4)
+        assert match(b'\x01...\x03[\x00\x03]\x03', s, DOTALL)
+
+    def test_app_data(self, card):
+        if card.is_yubikey:
+            pytest.skip("Yubikey raises 6e82 error for composed data object 6E")
+        else:
+            app_data = get_data_object(card, 0x6e)
+            hist_len = app_data[20]
+            # FIXME: parse and check DO of C0, C1, C2, C3, C4, and C6
+            assert app_data[0:8] == b"\x4f\x10\xd2\x76\x00\x01\x24\x01" and \
+                app_data[18:18+2] == b"\x5f\x52"
+
+    def test_public_key_1(self, card, pk):
+        pk_info = card.cmd_get_public_key(1)
+        assert pk.key_list[0].get_pk() == pk.pk_from_pk_info(pk_info)
+
+    def test_public_key_2(self, card, pk):
+        pk_info = card.cmd_get_public_key(2)
+        assert pk.key_list[1].get_pk() == pk.pk_from_pk_info(pk_info)
+
+    def test_public_key_3(self, card, pk):
+        pk_info = card.cmd_get_public_key(3)
+        assert pk.key_list[2].get_pk() == pk.pk_from_pk_info(pk_info)
+
+    def test_setup_pw1_0(self, card):
+        r = card.change_passwd(1, FACTORY_PASSPHRASE_PW1, PW1_TEST0)
+        assert r
+
+    def test_verify_pw1_0(self, card):
+        v = card.verify(1, PW1_TEST0)
+        assert v
+
+    def test_verify_pw1_0_2(self, card):
+        v = card.verify(2, PW1_TEST0)
+        assert v
+
+    def test_setup_pw1_1(self, card):
+        r = card.change_passwd(1, PW1_TEST0, PW1_TEST1)
+        assert r
+
+    def test_verify_pw1_1(self, card):
+        v = card.verify(1, PW1_TEST1)
+        assert v
+
+    def test_verify_pw1_1_2(self, card):
+        v = card.verify(2, PW1_TEST1)
+        assert v
+
+    def test_setup_reset_code(self, card):
+        r = card.setup_reset_code(RESETCODE_TEST)
+        assert r
+
+    def test_reset_code(self, card):
+        r = card.reset_passwd_by_resetcode(RESETCODE_TEST, PW1_TEST2)
+        assert r
+
+    def test_verify_pw1_2(self, card):
+        v = card.verify(1, PW1_TEST2)
+        assert v
+
+    def test_verify_pw1_2_2(self, card):
+        v = card.verify(2, PW1_TEST2)
+        assert v
+
+    def test_setup_pw3_1(self, card):
+        r = card.change_passwd(3, PW3_TEST0, PW3_TEST1)
+        assert r
+
+    def test_verify_pw3_1(self, card):
+        v = card.verify(3, PW3_TEST1)
+        assert v
+
+    def test_reset_userpass_admin(self, card):
+        r = card.reset_passwd_by_admin(PW1_TEST3)
+        assert r
+
+    def test_verify_pw1_3(self, card):
+        v = card.verify(1, PW1_TEST3)
+        assert v
+
+    def test_verify_pw1_3_2(self, card):
+        v = card.verify(2, PW1_TEST3)
+        assert v
+
+    def test_setup_pw1_4(self, card):
+        r = card.change_passwd(1, PW1_TEST3, FACTORY_PASSPHRASE_PW1)
+        assert r
+
+    def test_verify_pw1_4(self, card):
+        v = card.verify(1, FACTORY_PASSPHRASE_PW1)
+        assert v
+
+    def test_verify_pw1_4_2(self, card):
+        v = card.verify(2, FACTORY_PASSPHRASE_PW1)
+        assert v
+
+    def test_setup_pw3_2(self, card):
+        r = card.change_passwd(3, PW3_TEST1, PW3_TEST0)
+        assert r
+
+    def test_verify_pw3_2(self, card):
+        v = card.verify(3, PW3_TEST0)
+        assert v

tests/card_test_1_keygen.py

@@ -0,0 +1,99 @@
+"""
+card_test_keygen.py - test key generation
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from binascii import hexlify
+from card_const import *
+from constants_for_test import *
+import pytest
+
+class Test_Card_Keygen(object):
+    def test_000_setup_pw1_0(self, card):
+        if card.is_gnuk:
+            pytest.skip("Gnuk doesn't support passphrase with no key")
+        else:
+            r = card.change_passwd(1, FACTORY_PASSPHRASE_PW1, PW1_TEST4)
+            assert r
+
+    def test_verify_pw1_0_1(self, card):
+        if card.is_gnuk:
+            pytest.skip("Gnuk doesn't support passphrase with no key")
+        else:
+            v = card.verify(1, PW1_TEST4)
+            assert v
+
+    def test_verify_pw1_0_2(self, card):
+        if card.is_gnuk:
+            pytest.skip("Gnuk doesn't support passphrase with no key")
+        else:
+            v = card.verify(2, PW1_TEST4)
+            assert v
+
+    def test_keygen_1(self, card, pk):
+        pk_info = card.cmd_genkey(1)
+        k = pk.PK_Crypto(keyno=0, pk_info=pk_info)
+        r = card.cmd_put_data(0x00, 0xc7, k.get_fpr())
+        if r:
+            r = card.cmd_put_data(0x00, 0xce, k.get_timestamp())
+        assert r
+
+    def test_keygen_2(self, card, pk):
+        pk_info = card.cmd_genkey(2)
+        k = pk.PK_Crypto(keyno=1, pk_info=pk_info)
+        r = card.cmd_put_data(0x00, 0xc8, k.get_fpr())
+        if r:
+            r = card.cmd_put_data(0x00, 0xcf, k.get_timestamp())
+        assert r
+
+    def test_keygen_3(self, card, pk):
+        pk_info = card.cmd_genkey(3)
+        k = pk.PK_Crypto(keyno=2, pk_info=pk_info)
+        r = card.cmd_put_data(0x00, 0xc9, k.get_fpr())
+        if r:
+            r = card.cmd_put_data(0x00, 0xd0, k.get_timestamp())
+        assert r
+
+    def test_setup_pw1_0(self, card):
+        if card.is_gnuk:
+            r = card.change_passwd(1, FACTORY_PASSPHRASE_PW1, PW1_TEST4)
+            assert r
+        else:
+            pytest.skip("Gnuk resets passphrase on keygen, so, change passwd")
+
+    def test_verify_pw1(self, card):
+        v = card.verify(1, PW1_TEST4)
+        assert v
+
+    def test_verify_pw1_2(self, card):
+        v = card.verify(2, PW1_TEST4)
+        assert v
+
+    def test_setup_pw1_reset(self, card):
+        r = card.change_passwd(1, PW1_TEST4, FACTORY_PASSPHRASE_PW1)
+        assert r
+
+    def test_verify_pw1_reset_1(self, card):
+        v = card.verify(1, FACTORY_PASSPHRASE_PW1)
+        assert v
+
+    def test_verify_pw1_reset_2(self, card):
+        v = card.verify(2, FACTORY_PASSPHRASE_PW1)
+        assert v

tests/card_test_2_pkop.py

@@ -0,0 +1,62 @@
+"""
+card_test_public_key_operations.py - test the sign/dec/auth
+
+Copyright (C) 2021  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from struct import pack
+from re import match, DOTALL
+from util import *
+from card_const import *
+from constants_for_test import *
+
+class Test_Card_PK_OPs(object):
+    def test_sign_0(self, card, pk):
+        digestinfo = pk.compute_digestinfo(pk.test_vector['sign_0'])
+        sig = card.cmd_pso(0x9e, 0x9a, digestinfo)
+        r = pk.key_list[0].verify_signature(digestinfo, sig)
+        assert r
+
+    def test_sign_1(self, card, pk):
+        digestinfo = pk.compute_digestinfo(pk.test_vector['sign_1'])
+        sig = card.cmd_pso(0x9e, 0x9a, digestinfo)
+        r = pk.key_list[0].verify_signature(digestinfo, sig)
+        assert r
+
+    def test_decrypt_0(self, card, pk):
+        encrypted_data = pk.key_list[1].encrypt(pk.test_vector['decrypt_0'])
+        r = card.cmd_pso(0x80, 0x86, pk.enc_data(encrypted_data))
+        assert pk.enc_check(encrypted_data, r)
+
+    def test_decrypt_1(self, card, pk):
+        encrypted_data = pk.key_list[1].encrypt(pk.test_vector['decrypt_1'])
+        r = card.cmd_pso(0x80, 0x86, pk.enc_data(encrypted_data))
+        assert pk.enc_check(encrypted_data, r)
+
+    def test_auth_0(self, card, pk):
+        digestinfo = pk.compute_digestinfo(pk.test_vector['auth_0'])
+        sig = card.cmd_internal_authenticate(digestinfo)
+        r = pk.key_list[2].verify_signature(digestinfo, sig)
+        assert r
+
+    def test_auth_1(self, card, pk):
+        digestinfo = pk.compute_digestinfo(pk.test_vector['auth_1'])
+        sig = card.cmd_internal_authenticate(digestinfo)
+        r = pk.key_list[2].verify_signature(digestinfo, sig)
+        assert r

tests/card_test_2_pkop_kg.py

@@ -0,0 +1,51 @@
+"""
+card_test_public_key_operations_kg.py - test the sign/dec/auth
+
+Copyright (C) 2021  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from struct import pack
+from re import match, DOTALL
+from util import *
+from card_const import *
+from constants_for_test import *
+
+class Test_Card_PK_OPs_KG(object):
+    def test_signature_sigkey(self, card, pk):
+        pk_info = card.cmd_get_public_key(1)
+        k = pk.PK_Crypto(keyno=0, pk_info=pk_info)
+        digestinfo = pk.compute_digestinfo(pk.test_vector['sign_0'])
+        sig_bytes = card.cmd_pso(0x9e, 0x9a, digestinfo)
+        r = k.verify_signature(digestinfo, sig_bytes)
+        assert r
+
+    def test_decryption(self, card, pk):
+        pk_info = card.cmd_get_public_key(2)
+        k = pk.PK_Crypto(keyno=1, pk_info=pk_info)
+        encrypted_data = k.encrypt(pk.test_vector['encrypt_0'])
+        r = card.cmd_pso(0x80, 0x86, pk.enc_data(encrypted_data))
+        assert pk.enc_check(encrypted_data, r)
+
+    def test_signature_authkey(self, card, pk):
+        pk_info = card.cmd_get_public_key(3)
+        k = pk.PK_Crypto(2, pk_info=pk_info)
+        digestinfo = pk.compute_digestinfo(pk.test_vector['sign_0'])
+        sig_bytes = card.cmd_internal_authenticate(digestinfo)
+        r = k.verify_signature(digestinfo, sig_bytes)
+        assert r

tests/card_test_3_ds_counter1.py

@@ -0,0 +1,31 @@
+"""
+card_test_ds_counter.py - test the result of DS counter
+
+Copyright (C) 2021  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from struct import pack
+from re import match, DOTALL
+from util import *
+from constants_for_test import *
+
+class Test_Card_DS_Counter(object):
+    def test_ds_counter_1(self, card):
+        c = get_data_object(card, 0x7a)
+        assert c == b'\x93\x03\x00\x00\x01'

tests/card_test_3_ds_counter2.py

@@ -0,0 +1,31 @@
+"""
+card_test_ds_counter.py - test the result of DS counter
+
+Copyright (C) 2021  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from struct import pack
+from re import match, DOTALL
+from util import *
+from constants_for_test import *
+
+class Test_Card_DS_Counter(object):
+    def test_ds_counter_2(self, card):
+        c = get_data_object(card, 0x7a)
+        assert c == b'\x93\x03\x00\x00\x02'

tests/card_test_check_card.py

@@ -0,0 +1,80 @@
+"""
+card_test_check_card.py - test configuration of card
+
+Copyright (C) 2021  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from binascii import hexlify
+from util import *
+from card_const import *
+import pytest
+
+def print_key_attr(keyno, p):
+    algo = p[0]
+    if algo == 0x01 and len(p) >= 6:
+        # RSA
+        nbits = (p[1] << 8) | p[2]
+        ebits = (p[3] << 8) | p[4]
+        flags = p[5]
+        print(keyno)
+        print("RSA")
+        print(nbits)
+        print(ebits)
+        print(flags)
+    elif len(p) >= 2 and (algo == 0x12 or algo == 0x13 or algo == 0x16):
+        # ECC
+        if p[-1] == 0x00 or p[-1] == 0x00:
+            flag = True # Pubkey required
+            curve = p[1:-1]
+        else:
+            flag = False # Pubkey is not required
+            curve = p[1:]
+        print(keyno)
+        print("ECDSA" if algo == 0x13 else "ECDH" if algo == 0x12 else "EDDSA")
+        print(curve)
+        print(flag)
+    else:
+        print("Unknown algo attr")
+
+
+def parse_list_of_key_attributes(card, p, printout=False):
+    while True:
+        if len(p) < 2:
+            break
+        tag = p[0]
+        length = p[1]
+        if tag < 0xc1:
+            p = p[2:]
+            continue
+        if tag == 0xda:
+            keyno = 0x81
+        else:
+            keyno = tag - 0xc1 + 1
+        if len(p) - 2 < length:
+            break
+        attr = p[2:2+length]
+        if printout:
+            print_key_attr(keyno, attr)
+        p = p[2+length:]
+        if keyno >= 1 and keyno <= 3:
+            card.add_to_key_attrlist(keyno - 1, attr)
+
+def test_list_of_key_attributes(card):
+    a = get_data_object(card, 0xfa)
+    parse_list_of_key_attributes(card, a, True)

tests/card_test_ds_counter1.py

@@ -0,0 +1,31 @@
+"""
+card_test_ds_counter.py - test the result of DS counter
+
+Copyright (C) 2021  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from struct import pack
+from re import match, DOTALL
+from util import *
+from constants_for_test import *
+
+class Test_Card_DS_Counter(object):
+    def test_ds_counter_1(self, card):
+        c = get_data_object(card, 0x7a)
+        assert c == b'\x93\x03\x00\x00\x01'

tests/card_test_ds_counter2.py

@@ -0,0 +1,31 @@
+"""
+card_test_ds_counter.py - test the result of DS counter
+
+Copyright (C) 2021  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from struct import pack
+from re import match, DOTALL
+from util import *
+from constants_for_test import *
+
+class Test_Card_DS_Counter(object):
+    def test_ds_counter_2(self, card):
+        c = get_data_object(card, 0x7a)
+        assert c == b'\x93\x03\x00\x00\x02'

tests/card_test_empty_card.py

@@ -0,0 +1,272 @@
+"""
+test_empty_card.py - test empty card
+
+Copyright (C) 2016, 2018  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from binascii import hexlify
+from re import match, DOTALL
+from struct import pack
+from util import *
+from card_const import *
+import pytest
+
+EMPTY_60=bytes(60)
+
+def test_login(card):
+    login = get_data_object(card, 0x5e)
+    assert check_null(login)
+
+"""
+def test_name(card):
+    name = get_data_object(card, 0x5b)
+    assert check_null(name)
+
+def test_lang(card):
+    lang = get_data_object(card, 0x5f2d)
+    assert check_null(lang)
+
+def test_sex(card):
+    sex = get_data_object(card, 0x5f35)
+    assert check_null(sex)
+"""
+
+def test_name_lang_sex(card):
+    name = b""
+    lang = b""
+    lang_de = b"de"
+    sex = b"9"
+    sex_alt = b"0"
+    expected = b'\x5b' + pack('B', len(name)) + name \
+               +  b'\x5f\x2d' + pack('B', len(lang)) + lang \
+               + b'\x5f\x35' + pack('B', len(sex)) + sex_alt
+    expected_de = b'\x5b' + pack('B', len(name)) + name \
+               +  b'\x5f\x2d' + pack('B', len(lang_de)) + lang_de \
+               + b'\x5f\x35' + pack('B', len(sex)) + sex
+    expected_de_alt = b'\x5b' + pack('B', len(name)) + name \
+               +  b'\x5f\x2d' + pack('B', len(lang_de)) + lang_de \
+               + b'\x5f\x35' + pack('B', len(sex_alt)) + sex_alt
+    name_lang_sex = get_data_object(card, 0x65)
+    assert name_lang_sex == b'' or name_lang_sex == expected \
+        or name_lang_sex == expected_de or name_lang_sex == expected_de_alt
+
+def test_app_data(card):
+    if card.is_yubikey:
+        pytest.skip("Yubikey raises 6e82 error for composed data object 6E")
+    else:
+        app_data = get_data_object(card, 0x6e)
+        hist_len = app_data[20]
+        # FIXME: parse and check DO of C0, C1, C2, C3, C4, and C6
+        assert app_data[0:8] == b"\x4f\x10\xd2\x76\x00\x01\x24\x01" and \
+            app_data[18:18+2] == b"\x5f\x52"
+
+def test_url(card):
+    url = get_data_object(card, 0x5f50)
+    assert check_null(url)
+
+def test_ds_counter(card):
+    c = get_data_object(card, 0x7a)
+    assert c == b'\x93\x03\x00\x00\x00'
+
+def test_pw1_status(card):
+    s = get_data_object(card, 0xc4)
+    assert match(b'....\x03[\x00\x03]\x03', s, DOTALL)
+
+def test_fingerprint_all(card):
+    if card.is_yubikey:
+        pytest.skip("Yubikey returns 6B00 when no key")
+    else:
+        fprlist = get_data_object(card, 0xC5)
+    assert fprlist == None or fprlist == EMPTY_60
+
+def test_fingerprint_1(card):
+    if card.is_yubikey:
+        pytest.skip("Yubikey returns 6B00 when no key")
+    else:
+        fpr = get_data_object(card, 0xC7)
+    assert check_null(fpr)
+
+def test_fingerprint_2(card):
+    if card.is_yubikey:
+        pytest.skip("Yubikey returns 6B00 when no key")
+    else:
+        fpr = get_data_object(card, 0xC8)
+    assert check_null(fpr)
+
+def test_fingerprint_3(card):
+    if card.is_yubikey:
+        pytest.skip("Yubikey returns 6B00 when no key")
+    else:
+        fpr = get_data_object(card, 0xC9)
+    assert check_null(fpr)
+
+def test_ca_fingerprint_all(card):
+    if card.is_yubikey:
+        pytest.skip("Yubikey returns 6B00 when no key")
+    else:
+        cafprlist = get_data_object(card, 0xC6)
+    assert cafprlist == None or cafprlist == EMPTY_60
+
+def test_ca_fingerprint_1(card):
+    if card.is_yubikey:
+        pytest.skip("Yubikey returns 6B00 when no key")
+    else:
+        cafp = get_data_object(card, 0xCA)
+    assert check_null(cafp)
+
+def test_ca_fingerprint_2(card):
+    if card.is_yubikey:
+        pytest.skip("Yubikey returns 6B00 when no key")
+    else:
+        cafp = get_data_object(card, 0xCB)
+    assert check_null(cafp)
+
+def test_ca_fingerprint_3(card):
+    if card.is_yubikey:
+        pytest.skip("Yubikey returns 6B00 when no key")
+    else:
+        cafp = get_data_object(card, 0xCC)
+    assert check_null(cafp)
+
+def test_timestamp_all(card):
+    if card.is_yubikey:
+        pytest.skip("Yubikey returns 6B00 when no key")
+    else:
+        t = get_data_object(card, 0xCD)
+    assert t == None or t == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
+
+def test_timestamp_1(card):
+    if card.is_yubikey:
+        pytest.skip("Yubikey returns 6B00 when no key")
+    else:
+        t = get_data_object(card, 0xCE)
+    assert check_null(t)
+
+def test_timestamp_2(card):
+    if card.is_yubikey:
+        pytest.skip("Yubikey returns 6B00 when no key")
+    else:
+        t = get_data_object(card, 0xCF)
+    assert check_null(t)
+
+def test_timestamp_3(card):
+    if card.is_yubikey:
+        pytest.skip("Yubikey returns 6B00 when no key")
+    else:
+        t = get_data_object(card, 0xD0)
+    assert check_null(t)
+
+def test_verify_pw1_1(card):
+    v = card.cmd_verify(1, FACTORY_PASSPHRASE_PW1)
+    assert v
+
+def test_verify_pw1_2(card):
+    v = card.cmd_verify(2, FACTORY_PASSPHRASE_PW1)
+    assert v
+
+def test_verify_pw3(card):
+    v = card.cmd_verify(3, FACTORY_PASSPHRASE_PW3)
+    assert v
+
+def test_historical_bytes(card):
+    h = get_data_object(card, 0x5f52)
+    if card.is_yubikey:
+        assert h == b'\x00\x73\x00\x00\x80\x05\x90\x00' or \
+            h == b'\x00\x73\x00\x00\xe0\x05\x90\x00'
+    else:
+        assert h == b'\x001\xc5s\xc0\x01@\x05\x90\x00' or \
+            h == b'\x00\x31\x84\x73\x80\x01\x80\x00\x90\x00' or \
+            h == b'\x00\x31\x84\x73\x80\x01\x80\x05\x90\x00' or \
+            h == b'\x00\x31\xf5\x73\xc0\x01\x60\x05\x90\x00' or \
+            h == b'\x00\x31\x84\x73\x80\x01\xC0\x05\x90\x00'
+
+def test_extended_capabilities(card):
+    if card.is_yubikey:
+        pytest.skip("Yubikey returns 6B00 when no key")
+    else:
+        a = get_data_object(card, 0xc0)
+        assert a == None or match(b'[\x70\x74\x75\x77]\x00\x00.[\x00\x08]\x00\x00\xff[\x00\x01][\x00\x01]', a)
+
+def test_key_attributes_1(card):
+    if card.is_yubikey:
+        a = None
+    else:
+        a = get_data_object(card, 0xc1)
+        assert a == None or a == b'\x01\x08\x00\x00\x20\x00' or a == b'\x16\x2b\x06\x01\x04\x01\xda\x47\x0f\x01'
+    if not a:
+        a = KEY_ATTRIBUTES_RSA2K
+    card.save_algo_attribute(1, a)
+    if card.is_yubikey:
+        pytest.skip("Yubikey returns 6B00 when no key")
+
+def test_key_attributes_2(card):
+    if card.is_yubikey:
+        a = None
+    else:
+        a = get_data_object(card, 0xc2)
+        assert a == None or a == b'\x01\x08\x00\x00\x20\x00' or a == b'\x12\x2b\x06\x01\x04\x01\x97\x55\x01\x05\x01'
+    if not a:
+        a = KEY_ATTRIBUTES_RSA2K
+    card.save_algo_attribute(2, a)
+    if card.is_yubikey:
+        pytest.skip("Yubikey returns 6B00 when no key")
+
+def test_key_attributes_3(card):
+    if card.is_yubikey:
+        a = None
+    else:
+        a = get_data_object(card, 0xc3)
+        assert a == None or a == b'\x01\x08\x00\x00\x20\x00' or a == b'\x16\x2b\x06\x01\x04\x01\xda\x47\x0f\x01'
+    if not a:
+        a = KEY_ATTRIBUTES_RSA2K
+    card.save_algo_attribute(3, a)
+    if card.is_yubikey:
+        pytest.skip("Yubikey returns 6B00 when no key")
+
+def test_public_key_1(card):
+    with pytest.raises(Exception) as excinfo:
+        pk = card.cmd_get_public_key(1)
+    if card.is_yubikey:
+        assert excinfo.value.args[0] == "6581"
+    else:
+        assert excinfo.value.args[0] == "6a88"
+
+def test_public_key_2(card):
+    with pytest.raises(Exception) as excinfo:
+        pk = card.cmd_get_public_key(2)
+    if card.is_yubikey:
+        assert excinfo.value.args[0] == "6581"
+    else:
+        assert excinfo.value.args[0] == "6a88"
+
+def test_public_key_3(card):
+    with pytest.raises(Exception) as excinfo:
+        pk = card.cmd_get_public_key(3)
+    if card.is_yubikey:
+        assert excinfo.value.args[0] == "6581"
+    else:
+        assert excinfo.value.args[0] == "6a88"
+
+def test_AID(card):
+    a = get_data_object(card, 0x4f)
+    print()
+    print("OpenPGP card version: %d.%d" % (a[6], a[7]))
+    print("Card Manufacturer:  ", hexlify(a[8:10]).decode("UTF-8"))
+    print("Card serial:    ", hexlify(a[10:14]).decode("UTF-8"))
+    assert match(b'\xd2\x76\x00\x01\\$\x01........\x00\x00', a, DOTALL)

tests/card_test_kdf_full.py

@@ -0,0 +1,34 @@
+"""
+card_test_kdf_full.py - test KDF data object
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from card_const import *
+from constants_for_test import *
+
+class Test_Card_KDF_full(object):
+
+    def test_verify_pw3(self, card):
+        v = card.verify(3, FACTORY_PASSPHRASE_PW3)
+        assert v
+
+    def test_kdf_put_full(self, card):
+        r = card.configure_kdf(KDF_FULL)
+        assert r

tests/card_test_kdf_single.py

@@ -0,0 +1,33 @@
+"""
+card_test_kdf_single.py - test KDF data object
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from card_const import *
+from constants_for_test import *
+
+class Test_Card_KDF_Single(object):
+    def test_verify_pw3(self, card):
+        v = card.verify(3, FACTORY_PASSPHRASE_PW3)
+        assert v
+
+    def test_kdf_put_single(self, card):
+        r = card.configure_kdf(KDF_SINGLE)
+        assert r

tests/card_test_keygen.py

@@ -0,0 +1,74 @@
+"""
+card_test_keygen.py - test key generation
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from binascii import hexlify
+from pubkey_crypto import get_PK_Crypto
+from card_const import *
+from constants_for_test import *
+import pytest
+
+class Test_Card_Keygen(object):
+    def test_verify_pw3_0(self, card):
+        v = card.verify(3, PW3_TEST0)
+        assert v
+
+    def test_keygen_1(self, card):
+        PK_Crypto = get_PK_Crypto(card)
+        pk_info = card.cmd_genkey(1)
+        k = PK_Crypto(0, pk_info=pk_info)
+        r = card.cmd_put_data(0x00, 0xc7, k.get_fpr())
+        if r:
+            r = card.cmd_put_data(0x00, 0xce, k.get_timestamp())
+        assert r
+
+    def test_keygen_2(self, card):
+        PK_Crypto = get_PK_Crypto(card)
+        pk_info = card.cmd_genkey(2)
+        k = PK_Crypto(1, pk_info=pk_info)
+        r = card.cmd_put_data(0x00, 0xc8, k.get_fpr())
+        if r:
+            r = card.cmd_put_data(0x00, 0xcf, k.get_timestamp())
+        assert r
+
+    def test_keygen_3(self, card):
+        PK_Crypto = get_PK_Crypto(card)
+        pk_info = card.cmd_genkey(3)
+        k = PK_Crypto(2, pk_info=pk_info)
+        r = card.cmd_put_data(0x00, 0xc9, k.get_fpr())
+        if r:
+            r = card.cmd_put_data(0x00, 0xd0, k.get_timestamp())
+        assert r
+
+    def test_setup_pw1_0(self, card):
+        if card.is_gnuk:
+            r = card.change_passwd(1, FACTORY_PASSPHRASE_PW1, PW1_TEST4)
+            assert r
+        else:
+            pytest.skip("Gnuk resets passphrase on keygen, so, change passwd")
+
+    def test_verify_pw1(self, card):
+        v = card.verify(1, PW1_TEST4)
+        assert v
+
+    def test_verify_pw1_2(self, card):
+        v = card.verify(2, PW1_TEST4)
+        assert v

tests/card_test_kg_pko_dsc_brainpoolp256r1.py

@@ -0,0 +1,40 @@
+"""
+card_test_kg_pko_dsc.py - test personalizing card
+
+Copyright (C) 2021  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+import pytest
+from card_const import KEY_ATTRIBUTES_ECDH_BRAINPOOLP256R1
+from brainpoolp256r1_keys import brainpoolp256r1_pk
+
+@pytest.fixture(scope="module",autouse=True)
+def check_brainpoolp256r1(card):
+    if not KEY_ATTRIBUTES_ECDSA_BRAINPOOLP256R1 in card.supported_key_attrlist[0]:
+        pytest.skip("Test for brainpoolP256r1", allow_module_level=True)
+
+@pytest.fixture(scope="module")
+def pk(card):
+    print("Select brainpoolP256r1 for testing key generation")
+    return brainpoolp256r1_pk
+
+from card_test_0_set_attr import *
+from card_test_1_keygen import *
+from card_test_2_pkop_kg import *
+from card_test_3_ds_counter1 import *

tests/card_test_kg_pko_dsc_brainpoolp384r1.py

@@ -0,0 +1,40 @@
+"""
+card_test_kg_pko_dsc.py - test personalizing card
+
+Copyright (C) 2021  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+import pytest
+from card_const import KEY_ATTRIBUTES_ECDH_BRAINPOOLP384R1
+from brainpoolp384r1_keys import brainpoolp384r1_pk
+
+@pytest.fixture(scope="module",autouse=True)
+def check_brainpoolp384r1(card):
+    if not KEY_ATTRIBUTES_ECDSA_BRAINPOOLP384R1 in card.supported_key_attrlist[0]:
+        pytest.skip("Test for brainpoolP384r1", allow_module_level=True)
+
+@pytest.fixture(scope="module")
+def pk(card):
+    print("Select brainpoolP384r1 for testing key generation")
+    return brainpoolp384r1_pk
+
+from card_test_0_set_attr import *
+from card_test_1_keygen import *
+from card_test_2_pkop_kg import *
+from card_test_3_ds_counter1 import *

tests/card_test_kg_pko_dsc_brainpoolp512r1.py

@@ -0,0 +1,40 @@
+"""
+card_test_kg_pko_dsc.py - test personalizing card
+
+Copyright (C) 2021  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+import pytest
+from card_const import KEY_ATTRIBUTES_ECDH_BRAINPOOLP512R1
+from brainpoolp512r1_keys import brainpoolp512r1_pk
+
+@pytest.fixture(scope="module",autouse=True)
+def check_brainpoolp512r1(card):
+    if not KEY_ATTRIBUTES_ECDSA_BRAINPOOLP512R1 in card.supported_key_attrlist[0]:
+        pytest.skip("Test for brainpoolP512r1", allow_module_level=True)
+
+@pytest.fixture(scope="module")
+def pk(card):
+    print("Select brainpoolP512r1 for testing key generation")
+    return brainpoolp512r1_pk
+
+from card_test_0_set_attr import *
+from card_test_1_keygen import *
+from card_test_2_pkop_kg import *
+from card_test_3_ds_counter1 import *

tests/card_test_kg_pko_dsc_curve25519.py

@@ -0,0 +1,40 @@
+"""
+card_test_kg_pko_dsc.py - test personalizing card
+
+Copyright (C) 2021  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+import pytest
+from card_const import KEY_ATTRIBUTES_CV25519
+from curve25519_keys import curve25519_pk
+
+@pytest.fixture(scope="module",autouse=True)
+def check_curve25519(card):
+    if not KEY_ATTRIBUTES_ED25519 in card.supported_key_attrlist[0]:
+        pytest.skip("Test for Ed25519/Cv25519", allow_module_level=True)
+
+@pytest.fixture(scope="module")
+def pk(card):
+    print("Select Ed25519/Cv25519 for testing key import")
+    return curve25519_pk
+
+from card_test_0_set_attr import *
+from card_test_1_keygen import *
+from card_test_2_pkop_kg import *
+from card_test_3_ds_counter1 import *

tests/card_test_kg_pko_dsc_nistp256r1.py

@@ -0,0 +1,40 @@
+"""
+card_test_kg_pko_dsc.py - test keygeneration card
+
+Copyright (C) 2021  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+import pytest
+from card_const import KEY_ATTRIBUTES_ECDH_NISTP256R1
+from nistp256r1_keys import nistp256r1_pk
+
+@pytest.fixture(scope="module",autouse=True)
+def check_nistp256r1(card):
+    if not KEY_ATTRIBUTES_ECDSA_NISTP256R1 in card.supported_key_attrlist[0]:
+        pytest.skip("Test for NIST P-256", allow_module_level=True)
+
+@pytest.fixture(scope="module")
+def pk(card):
+    print("Select NIST P-256 for testing key import")
+    return nistp256r1_pk
+
+from card_test_0_set_attr import *
+from card_test_1_keygen import *
+from card_test_2_pkop_kg import *
+from card_test_3_ds_counter1 import *

tests/card_test_kg_pko_dsc_nistp384r1.py

@@ -0,0 +1,40 @@
+"""
+card_test_kg_pko_dsc.py - test personalizing card
+
+Copyright (C) 2021  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+import pytest
+from card_const import KEY_ATTRIBUTES_ECDH_NISTP384R1
+from nistp384r1_keys import nistp384r1_pk
+
+@pytest.fixture(scope="module",autouse=True)
+def check_nistp384r1(card):
+    if not KEY_ATTRIBUTES_ECDSA_NISTP384R1 in card.supported_key_attrlist[0]:
+        pytest.skip("Test for NIST P-384", allow_module_level=True)
+
+@pytest.fixture(scope="module")
+def pk(card):
+    print("Select NIST P-384 for testing key generation")
+    return nistp384r1_pk
+
+from card_test_0_set_attr import *
+from card_test_1_keygen import *
+from card_test_2_pkop_kg import *
+from card_test_3_ds_counter1 import *

tests/card_test_kg_pko_dsc_nistp521r1.py

@@ -0,0 +1,40 @@
+"""
+card_test_kg_pko_dsc.py - test personalizing card
+
+Copyright (C) 2021  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+import pytest
+from card_const import KEY_ATTRIBUTES_ECDH_NISTP521R1
+from nistp521r1_keys import nistp521r1_pk
+
+@pytest.fixture(scope="module",autouse=True)
+def check_nistp521r1(card):
+    if not KEY_ATTRIBUTES_ECDSA_NISTP521R1 in card.supported_key_attrlist[0]:
+        pytest.skip("Test for NIST P-521", allow_module_level=True)
+
+@pytest.fixture(scope="module")
+def pk(card):
+    print("Select NIST P-521 for testing key generation")
+    return nistp521r1_pk
+
+from card_test_0_set_attr import *
+from card_test_1_keygen import *
+from card_test_2_pkop_kg import *
+from card_test_3_ds_counter1 import *

tests/card_test_kg_pko_dsc_rsa2k.py

@@ -0,0 +1,41 @@
+"""
+card_test_kg_pko_dsc.py - test keygeneration card
+
+Copyright (C) 2021  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+import pytest
+from card_const import KEY_ATTRIBUTES_RSA2K, KEY_ATTRIBUTES_RSA2K_ALT
+from rsa_keys import rsa_pk
+
+@pytest.fixture(scope="module",autouse=True)
+def check_rsa2k(card):
+    if not (KEY_ATTRIBUTES_RSA2K in card.supported_key_attrlist[0]
+            or KEY_ATTRIBUTES_RSA2K_ALT in card.supported_key_attrlist[0]):
+        pytest.skip("Test for RSA-2048", allow_module_level=True)
+
+@pytest.fixture(scope="module")
+def pk(card):
+    print("Select RSA-2048 for testing key generation")
+    return rsa_pk
+
+from card_test_0_set_attr import *
+from card_test_1_keygen import *
+from card_test_2_pkop_kg import *
+from card_test_3_ds_counter1 import *

tests/card_test_kg_pko_dsc_rsa4k.py

@@ -0,0 +1,13 @@
+import pytest
+from card_const import KEY_ATTRIBUTES_RSA4K
+
+@pytest.fixture(scope="module",autouse=True)
+def check_rsa4k(card):
+    print("RSA-4096 keygen")
+    if not KEY_ATTRIBUTES_RSA4K in card.supported_key_attrlist[0]:
+        pytest.skip("Test for RSA-4096", allow_module_level=True)
+
+from card_test_0_set_attr_rsa4k import *
+from card_test_1_keygen import *
+from card_test_2_pkop_kg import *
+from card_test_3_ds_counter1 import *