From 1ba05a0f0fa0cfcab605cff1d0f7da51ddaf96b6 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Wed, 3 Apr 2019 13:49:55 +0900 Subject: [PATCH] tests: factor out tests into classes. --- ChangeLog | 4 + tests/card_test_kdf_full.py | 36 +++ tests/card_test_kdf_single.py | 35 +++ tests/card_test_keygen.py | 84 ++++++ tests/card_test_personalize_admin_less.py | 312 ++++++++++++++++++++++ tests/card_test_personalize_card.py | 277 +++++++++++++++++++ tests/card_test_personalize_reset.py | 82 ++++++ tests/card_test_remove_keys.py | 45 ++++ tests/card_test_reset_pw3.py | 46 ++++ tests/test_001_personalize_card.py | 277 +------------------ tests/test_002_personalize_reset.py | 82 +----- tests/test_003_remove_keys.py | 44 +-- tests/test_004_reset_pw3.py | 46 +--- tests/test_005_personalize_admin_less.py | 294 +------------------- tests/test_006_personalize_reset.py | 1 - tests/test_007_remove_keys.py | 1 - tests/test_008_reset_pw3.py | 1 - tests/test_009_keygen.py | 65 +---- tests/test_010_remove_keys.py | 1 - tests/test_011_kdf_full.py | 19 +- tests/test_012_personalize_card.py | 1 - tests/test_013_personalize_reset.py | 1 - tests/test_014_remove_keys.py | 1 - tests/test_015_reset_pw3.py | 1 - tests/test_016_kdf_single.py | 19 +- tests/test_017_personalize_card.py | 1 - tests/test_018_personalize_reset.py | 1 - tests/test_019_remove_keys.py | 1 - tests/test_020_reset_pw3.py | 1 - tests/test_021_personalize_admin_less.py | 2 +- tests/test_022_personalize_reset.py | 1 - tests/test_023_remove_keys.py | 1 - tests/test_024_reset_pw3.py | 1 - 33 files changed, 946 insertions(+), 838 deletions(-) create mode 100644 tests/card_test_kdf_full.py create mode 100644 tests/card_test_kdf_single.py create mode 100644 tests/card_test_keygen.py create mode 100644 tests/card_test_personalize_admin_less.py create mode 100644 tests/card_test_personalize_card.py create mode 100644 tests/card_test_personalize_reset.py create mode 100644 tests/card_test_remove_keys.py create mode 100644 tests/card_test_reset_pw3.py delete mode 120000 tests/test_006_personalize_reset.py delete mode 120000 tests/test_007_remove_keys.py delete mode 120000 tests/test_008_reset_pw3.py delete mode 120000 tests/test_010_remove_keys.py delete mode 120000 tests/test_012_personalize_card.py delete mode 120000 tests/test_013_personalize_reset.py delete mode 120000 tests/test_014_remove_keys.py delete mode 120000 tests/test_015_reset_pw3.py delete mode 120000 tests/test_017_personalize_card.py delete mode 120000 tests/test_018_personalize_reset.py delete mode 120000 tests/test_019_remove_keys.py delete mode 120000 tests/test_020_reset_pw3.py mode change 120000 => 100644 tests/test_021_personalize_admin_less.py delete mode 120000 tests/test_022_personalize_reset.py delete mode 120000 tests/test_023_remove_keys.py delete mode 120000 tests/test_024_reset_pw3.py diff --git a/ChangeLog b/ChangeLog index 386fad9..b2f2855 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2019-04-03 NIIBE Yutaka + + * tests: Factor out tests into classes. + 2019-03-04 NIIBE Yutaka * VERSION: 1.2.14. diff --git a/tests/card_test_kdf_full.py b/tests/card_test_kdf_full.py new file mode 100644 index 0000000..97a4304 --- /dev/null +++ b/tests/card_test_kdf_full.py @@ -0,0 +1,36 @@ +""" +card_test_kdf_full.py - test KDF data object + +Copyright (C) 2018, 2019 g10 Code GmbH +Author: NIIBE Yutaka + +This file is a part of Gnuk, a GnuPG USB Token implementation. + +Gnuk is free software: you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +Gnuk is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public +License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . +""" + +from card_const import * +from constants_for_test import * + +class Test_Card_KDF_full(object): + + def test_verify_pw3(self, card): + v = card.verify(3, FACTORY_PASSPHRASE_PW3) + assert v + + def test_kdf_put_full(self, card): + r = card.cmd_put_data(0x00, 0xf9, KDF_FULL) + if r: + card.configure_with_kdf() + assert r diff --git a/tests/card_test_kdf_single.py b/tests/card_test_kdf_single.py new file mode 100644 index 0000000..53d08fc --- /dev/null +++ b/tests/card_test_kdf_single.py @@ -0,0 +1,35 @@ +""" +card_test_kdf_single.py - test KDF data object + +Copyright (C) 2018, 2019 g10 Code GmbH +Author: NIIBE Yutaka + +This file is a part of Gnuk, a GnuPG USB Token implementation. + +Gnuk is free software: you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +Gnuk is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public +License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . +""" + +from card_const import * +from constants_for_test import * + +class Test_Card_KDF_Single(object): + def test_verify_pw3(self, card): + v = card.verify(3, FACTORY_PASSPHRASE_PW3) + assert v + + def test_kdf_put_single(self, card): + r = card.cmd_put_data(0x00, 0xf9, KDF_SINGLE) + if r: + card.configure_with_kdf() + assert r diff --git a/tests/card_test_keygen.py b/tests/card_test_keygen.py new file mode 100644 index 0000000..ecfcf5f --- /dev/null +++ b/tests/card_test_keygen.py @@ -0,0 +1,84 @@ +""" +card_test_keygen.py - test key generation + +Copyright (C) 2018, 2019 g10 Code GmbH +Author: NIIBE Yutaka + +This file is a part of Gnuk, a GnuPG USB Token implementation. + +Gnuk is free software: you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +Gnuk is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public +License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . +""" + +from binascii import hexlify +import rsa_keys +from card_const import * + +class Test_Card_Keygen(object): + def test_keygen_1(self, card): + pk = card.cmd_genkey(1) + fpr_date = rsa_keys.calc_fpr(pk[0], pk[1]) + r = card.cmd_put_data(0x00, 0xc7, fpr_date[0]) + if r: + r = card.cmd_put_data(0x00, 0xce, fpr_date[1]) + assert r + + def test_keygen_2(self, card): + pk = card.cmd_genkey(2) + fpr_date = rsa_keys.calc_fpr(pk[0], pk[1]) + r = card.cmd_put_data(0x00, 0xc8, fpr_date[0]) + if r: + r = card.cmd_put_data(0x00, 0xcf, fpr_date[1]) + assert r + + def test_keygen_3(self, card): + pk = card.cmd_genkey(3) + fpr_date = rsa_keys.calc_fpr(pk[0], pk[1]) + r = card.cmd_put_data(0x00, 0xc9, fpr_date[0]) + if r: + r = card.cmd_put_data(0x00, 0xd0, fpr_date[1]) + assert r + + def test_verify_pw1(self, card): + v = card.cmd_verify(1, FACTORY_PASSPHRASE_PW1) + assert v + + def test_signature_sigkey(self, card): + msg = b"Sign me please" + pk = card.cmd_get_public_key(1) + pk_info = (pk[9:9+256], pk[9+256+2:9+256+2+3]) + digest = rsa_keys.compute_digestinfo(msg) + sig = int(hexlify(card.cmd_pso(0x9e, 0x9a, digest)),16) + r = rsa_keys.verify_signature(pk_info, digest, sig) + assert r + + def test_verify_pw1_2(self, card): + v = card.cmd_verify(2, FACTORY_PASSPHRASE_PW1) + assert v + + def test_decryption(self, card): + msg = b"encrypt me please" + pk = card.cmd_get_public_key(2) + pk_info = (pk[9:9+256], pk[9+256+2:9+256+2+3]) + ciphertext = rsa_keys.encrypt_with_pubkey(pk_info, msg) + r = card.cmd_pso(0x80, 0x86, ciphertext) + assert r == msg + + def test_signature_authkey(self, card): + msg = b"Sign me please to authenticate" + pk = card.cmd_get_public_key(3) + pk_info = (pk[9:9+256], pk[9+256+2:9+256+2+3]) + digest = rsa_keys.compute_digestinfo(msg) + sig = int(hexlify(card.cmd_internal_authenticate(digest)),16) + r = rsa_keys.verify_signature(pk_info, digest, sig) + assert r diff --git a/tests/card_test_personalize_admin_less.py b/tests/card_test_personalize_admin_less.py new file mode 100644 index 0000000..73219ba --- /dev/null +++ b/tests/card_test_personalize_admin_less.py @@ -0,0 +1,312 @@ +""" +card_test_personalize_admin_less.py - test admin-less mode + +Copyright (C) 2016, 2018, 2019 g10 Code GmbH +Author: NIIBE Yutaka + +This file is a part of Gnuk, a GnuPG USB Token implementation. + +Gnuk is free software: you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +Gnuk is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public +License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . +""" + +from struct import pack +from re import match, DOTALL +from util import * +import rsa_keys +from card_const import * +from constants_for_test import * + +class Test_Card_Personalize_Adminless(object): + def test_verify_pw3_0(self, card): + v = card.verify(3, FACTORY_PASSPHRASE_PW3) + assert v + + def test_rsa_import_key_1(self, card): + t = rsa_keys.build_privkey_template(1, 0) + r = card.cmd_put_data_odd(0x3f, 0xff, t) + assert r + + def test_rsa_import_key_2(self, card): + t = rsa_keys.build_privkey_template(2, 1) + r = card.cmd_put_data_odd(0x3f, 0xff, t) + assert r + + def test_rsa_import_key_3(self, card): + t = rsa_keys.build_privkey_template(3, 2) + r = card.cmd_put_data_odd(0x3f, 0xff, t) + assert r + + def test_fingerprint_1_put(self, card): + fpr1 = rsa_keys.fpr[0] + r = card.cmd_put_data(0x00, 0xc7, fpr1) + assert r + + def test_fingerprint_2_put(self, card): + fpr2 = rsa_keys.fpr[1] + r = card.cmd_put_data(0x00, 0xc8, fpr2) + assert r + + def test_fingerprint_3_put(self, card): + fpr3 = rsa_keys.fpr[2] + r = card.cmd_put_data(0x00, 0xc9, fpr3) + assert r + + def test_timestamp_1_put(self, card): + timestamp1 = rsa_keys.timestamp[0] + r = card.cmd_put_data(0x00, 0xce, timestamp1) + assert r + + def test_timestamp_2_put(self, card): + timestamp2 = rsa_keys.timestamp[1] + r = card.cmd_put_data(0x00, 0xcf, timestamp2) + assert r + + def test_timestamp_3_put(self, card): + timestamp3 = rsa_keys.timestamp[2] + r = card.cmd_put_data(0x00, 0xd0, timestamp3) + assert r + + def test_ds_counter_0(self, card): + c = get_data_object(card, 0x7a) + assert c == b'\x93\x03\x00\x00\x00' + + def test_pw1_status(self, card): + s = get_data_object(card, 0xc4) + assert match(b'\x01...\x03[\x00\x03]\x03', s, DOTALL) + + def test_app_data(self, card): + app_data = get_data_object(card, 0x6e) + hist_len = app_data[20] + # FIXME: parse and check DO of C0, C1, C2, C3, C4, and C6 + assert app_data[0:8] == b"\x4f\x10\xd2\x76\x00\x01\x24\x01" and \ + app_data[18:18+2] == b"\x5f\x52" + + def test_public_key_1(self, card): + pk = card.cmd_get_public_key(1) + assert rsa_keys.key[0][0] == pk[9:9+256] + + def test_public_key_2(self, card): + pk = card.cmd_get_public_key(2) + assert rsa_keys.key[1][0] == pk[9:9+256] + + def test_public_key_3(self, card): + pk = card.cmd_get_public_key(3) + assert rsa_keys.key[2][0] == pk[9:9+256] + + # Changing PW1 to admin-less mode + + def test_setup_pw1_0(self, card): + r = card.change_passwd(1, FACTORY_PASSPHRASE_PW1, PW1_TEST0) + assert r + + # Now, it's admin-less mode, auth-status admin cleared + + def test_verify_pw3_fail_1(self, card): + try: + v = card.verify(3, FACTORY_PASSPHRASE_PW3) + except ValueError as e: + v = False + assert not v + + def test_verify_pw1_0(self, card): + v = card.verify(1, PW1_TEST0) + assert v + + def test_verify_pw1_0_2(self, card): + v = card.verify(2, PW1_TEST0) + assert v + + def test_setup_pw1_1(self, card): + r = card.change_passwd(1, PW1_TEST0, PW1_TEST1) + assert r + + def test_verify_pw1_1(self, card): + v = card.verify(1, PW1_TEST1) + assert v + + def test_verify_pw1_1_2(self, card): + v = card.verify(2, PW1_TEST1) + assert v + + def test_verify_pw3_admin_less_1(self, card): + v = card.verify(3, PW1_TEST1) + assert v + + def test_setup_reset_code(self, card): + r = card.setup_reset_code(RESETCODE_TEST) + assert r + + def test_reset_code(self, card): + r = card.reset_passwd_by_resetcode(RESETCODE_TEST, PW1_TEST2) + assert r + + # Changing PW1, auth status for admin cleared + def test_login_put_fail(self, card): + try: + r = card.cmd_put_data(0x00, 0x5e, b"gpg_user") + except ValueError as e: + r = e.args[0] + assert r == "6982" + + def test_verify_pw1_2(self, card): + v = card.verify(1, PW1_TEST2) + assert v + + def test_verify_pw1_2_2(self, card): + v = card.verify(2, PW1_TEST2) + assert v + + def test_verify_pw3_fail_2(self, card): + try: + v = card.verify(3, FACTORY_PASSPHRASE_PW3) + except ValueError as e: + v = e.args[0] + assert v == "6982" + + def test_sign_0(self, card): + digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT0) + r = card.cmd_pso(0x9e, 0x9a, digestinfo) + sig = rsa_keys.compute_signature(0, digestinfo) + sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big') + assert r == sig_bytes + + # Since forcesig setting, failed + def test_sign_1(self, card): + digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT1) + try: + r = card.cmd_pso(0x9e, 0x9a, digestinfo) + except ValueError as e: + r = e.args[0] + assert r == "6982" + + def test_ds_counter_1(self, card): + c = get_data_object(card, 0x7a) + assert c == b'\x93\x03\x00\x00\x01' + + def test_sign_auth_0(self, card): + digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT0) + r = card.cmd_internal_authenticate(digestinfo) + sig = rsa_keys.compute_signature(2, digestinfo) + sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big') + assert r == sig_bytes + + def test_sign_auth_1(self, card): + digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT1) + r = card.cmd_internal_authenticate(digestinfo) + sig = rsa_keys.compute_signature(2, digestinfo) + sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big') + assert r == sig_bytes + + def test_decrypt_0(self, card): + ciphertext = rsa_keys.encrypt(1, PLAIN_TEXT0) + r = card.cmd_pso(0x80, 0x86, ciphertext) + assert r == PLAIN_TEXT0 + + def test_decrypt_1(self, card): + ciphertext = rsa_keys.encrypt(1, PLAIN_TEXT1) + r = card.cmd_pso(0x80, 0x86, ciphertext) + assert r == PLAIN_TEXT1 + + def test_verify_pw3_admin_less_2(self, card): + v = card.verify(3, PW1_TEST2) + assert v + + def test_login_put(self, card): + r = card.cmd_put_data(0x00, 0x5e, b"gpg_user") + assert r + + def test_name_put(self, card): + r = card.cmd_put_data(0x00, 0x5b, b"GnuPG User") + assert r + + def test_lang_put(self, card): + r = card.cmd_put_data(0x5f, 0x2d, b"ja") + assert r + + def test_sex_put(self, card): + r = card.cmd_put_data(0x5f, 0x35, b"1") + assert r + + def test_url_put(self, card): + r = card.cmd_put_data(0x5f, 0x50, b"https://www.fsij.org/gnuk/") + assert r + + def test_pw1_status_put(self, card): + r = card.cmd_put_data(0x00, 0xc4, b"\x01") + assert r + + def test_login(self, card): + login = get_data_object(card, 0x5e) + assert login == b"gpg_user" + + def test_name_lang_sex(self, card): + name = b"GnuPG User" + lang = b"ja" + sex = b"1" + expected = b'\x5b' + pack('B', len(name)) + name \ + + b'\x5f\x2d' + pack('B', len(lang)) + lang \ + + b'\x5f\x35' + pack('B', len(sex)) + sex + name_lang_sex = get_data_object(card, 0x65) + assert name_lang_sex == expected + + def test_url(self, card): + url = get_data_object(card, 0x5f50) + assert url == b"https://www.fsij.org/gnuk/" + + def test_pw1_status(self, card): + s = get_data_object(card, 0xc4) + assert match(b'\x01...\x03[\x00\x03]\x03', s, DOTALL) + + # Setting PW3, changed to admin-full mode + + def test_setup_pw3_1(self, card): + r = card.change_passwd(3, PW1_TEST2, PW3_TEST1) + assert r + + def test_verify_pw3_1(self, card): + v = card.verify(3, PW3_TEST1) + assert v + + def test_reset_userpass_admin(self, card): + r = card.reset_passwd_by_admin(PW1_TEST3) + assert r + + def test_verify_pw1_3(self, card): + v = card.verify(1, PW1_TEST3) + assert v + + def test_verify_pw1_3_2(self, card): + v = card.verify(2, PW1_TEST3) + assert v + + def test_setup_pw1_4(self, card): + r = card.change_passwd(1, PW1_TEST3, PW1_TEST4) + assert r + + def test_verify_pw1_4(self, card): + v = card.verify(1, PW1_TEST4) + assert v + + def test_verify_pw1_4_2(self, card): + v = card.verify(2, PW1_TEST4) + assert v + + def test_setup_pw3_2(self, card): + r = card.change_passwd(3, PW3_TEST1, PW3_TEST0) + assert r + + def test_verify_pw3_2(self, card): + v = card.verify(3, PW3_TEST0) + assert v + diff --git a/tests/card_test_personalize_card.py b/tests/card_test_personalize_card.py new file mode 100644 index 0000000..d67a2e9 --- /dev/null +++ b/tests/card_test_personalize_card.py @@ -0,0 +1,277 @@ +""" +card_test_personalize_card.py - test personalizing card + +Copyright (C) 2016, 2018, 2019 g10 Code GmbH +Author: NIIBE Yutaka + +This file is a part of Gnuk, a GnuPG USB Token implementation. + +Gnuk is free software: you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +Gnuk is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public +License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . +""" + +from struct import pack +from re import match, DOTALL +from util import * +import rsa_keys +from card_const import * +from constants_for_test import * + +class Test_Card_Personalize_Card(object): + def test_setup_pw3_0(self, card): + r = card.change_passwd(3, FACTORY_PASSPHRASE_PW3, PW3_TEST0) + assert r + + def test_verify_pw3_0(self, card): + v = card.verify(3, PW3_TEST0) + assert v + + def test_login_put(self, card): + r = card.cmd_put_data(0x00, 0x5e, b"gpg_user") + assert r + + def test_name_put(self, card): + r = card.cmd_put_data(0x00, 0x5b, b"GnuPG User") + assert r + + def test_lang_put(self, card): + r = card.cmd_put_data(0x5f, 0x2d, b"ja") + assert r + + def test_sex_put(self, card): + r = card.cmd_put_data(0x5f, 0x35, b"1") + assert r + + def test_url_put(self, card): + r = card.cmd_put_data(0x5f, 0x50, b"https://www.fsij.org/gnuk/") + assert r + + def test_pw1_status_put(self, card): + r = card.cmd_put_data(0x00, 0xc4, b"\x01") + assert r + + def test_login(self, card): + login = get_data_object(card, 0x5e) + assert login == b"gpg_user" + + def test_name_lang_sex(self, card): + name = b"GnuPG User" + lang = b"ja" + sex = b"1" + expected = b'\x5b' + pack('B', len(name)) + name \ + + b'\x5f\x2d' + pack('B', len(lang)) + lang \ + + b'\x5f\x35' + pack('B', len(sex)) + sex + name_lang_sex = get_data_object(card, 0x65) + assert name_lang_sex == expected + + def test_url(self, card): + url = get_data_object(card, 0x5f50) + assert url == b"https://www.fsij.org/gnuk/" + + def test_pw1_status(self, card): + s = get_data_object(card, 0xc4) + assert match(b'\x01...\x03[\x00\x03]\x03', s, DOTALL) + + def test_rsa_import_key_1(self, card): + t = rsa_keys.build_privkey_template(1, 0) + r = card.cmd_put_data_odd(0x3f, 0xff, t) + assert r + + def test_rsa_import_key_2(self, card): + t = rsa_keys.build_privkey_template(2, 1) + r = card.cmd_put_data_odd(0x3f, 0xff, t) + assert r + + def test_rsa_import_key_3(self, card): + t = rsa_keys.build_privkey_template(3, 2) + r = card.cmd_put_data_odd(0x3f, 0xff, t) + assert r + + def test_fingerprint_1_put(self, card): + fpr1 = rsa_keys.fpr[0] + r = card.cmd_put_data(0x00, 0xc7, fpr1) + assert r + + def test_fingerprint_2_put(self, card): + fpr2 = rsa_keys.fpr[1] + r = card.cmd_put_data(0x00, 0xc8, fpr2) + assert r + + def test_fingerprint_3_put(self, card): + fpr3 = rsa_keys.fpr[2] + r = card.cmd_put_data(0x00, 0xc9, fpr3) + assert r + + def test_timestamp_1_put(self, card): + timestamp1 = rsa_keys.timestamp[0] + r = card.cmd_put_data(0x00, 0xce, timestamp1) + assert r + + def test_timestamp_2_put(self, card): + timestamp2 = rsa_keys.timestamp[1] + r = card.cmd_put_data(0x00, 0xcf, timestamp2) + assert r + + def test_timestamp_3_put(self, card): + timestamp3 = rsa_keys.timestamp[2] + r = card.cmd_put_data(0x00, 0xd0, timestamp3) + assert r + + def test_ds_counter_0(self, card): + c = get_data_object(card, 0x7a) + assert c == b'\x93\x03\x00\x00\x00' + + def test_pw1_status(self, card): + s = get_data_object(card, 0xc4) + assert match(b'\x01...\x03[\x00\x03]\x03', s, DOTALL) + + def test_app_data(self, card): + app_data = get_data_object(card, 0x6e) + hist_len = app_data[20] + # FIXME: parse and check DO of C0, C1, C2, C3, C4, and C6 + assert app_data[0:8] == b"\x4f\x10\xd2\x76\x00\x01\x24\x01" and \ + app_data[18:18+2] == b"\x5f\x52" + + def test_public_key_1(self, card): + pk = card.cmd_get_public_key(1) + assert rsa_keys.key[0][0] == pk[9:9+256] + + def test_public_key_2(self, card): + pk = card.cmd_get_public_key(2) + assert rsa_keys.key[1][0] == pk[9:9+256] + + def test_public_key_3(self, card): + pk = card.cmd_get_public_key(3) + assert rsa_keys.key[2][0] == pk[9:9+256] + + def test_setup_pw1_0(self, card): + r = card.change_passwd(1, FACTORY_PASSPHRASE_PW1, PW1_TEST0) + assert r + + def test_verify_pw1_0(self, card): + v = card.verify(1, PW1_TEST0) + assert v + + def test_verify_pw1_0_2(self, card): + v = card.verify(2, PW1_TEST0) + assert v + + def test_setup_pw1_1(self, card): + r = card.change_passwd(1, PW1_TEST0, PW1_TEST1) + assert r + + def test_verify_pw1_1(self, card): + v = card.verify(1, PW1_TEST1) + assert v + + def test_verify_pw1_1_2(self, card): + v = card.verify(2, PW1_TEST1) + assert v + + def test_setup_reset_code(self, card): + r = card.setup_reset_code(RESETCODE_TEST) + assert r + + def test_reset_code(self, card): + r = card.reset_passwd_by_resetcode(RESETCODE_TEST, PW1_TEST2) + assert r + + def test_verify_pw1_2(self, card): + v = card.verify(1, PW1_TEST2) + assert v + + def test_verify_pw1_2_2(self, card): + v = card.verify(2, PW1_TEST2) + assert v + + def test_setup_pw3_1(self, card): + r = card.change_passwd(3, PW3_TEST0, PW3_TEST1) + assert r + + def test_verify_pw3_1(self, card): + v = card.verify(3, PW3_TEST1) + assert v + + def test_reset_userpass_admin(self, card): + r = card.reset_passwd_by_admin(PW1_TEST3) + assert r + + def test_verify_pw1_3(self, card): + v = card.verify(1, PW1_TEST3) + assert v + + def test_verify_pw1_3_2(self, card): + v = card.verify(2, PW1_TEST3) + assert v + + def test_setup_pw1_4(self, card): + r = card.change_passwd(1, PW1_TEST3, PW1_TEST4) + assert r + + def test_verify_pw1_4(self, card): + v = card.verify(1, PW1_TEST4) + assert v + + def test_verify_pw1_4_2(self, card): + v = card.verify(2, PW1_TEST4) + assert v + + def test_setup_pw3_2(self, card): + r = card.change_passwd(3, PW3_TEST1, PW3_TEST0) + assert r + + def test_verify_pw3_2(self, card): + v = card.verify(3, PW3_TEST0) + assert v + + def test_sign_0(self, card): + digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT0) + r = card.cmd_pso(0x9e, 0x9a, digestinfo) + sig = rsa_keys.compute_signature(0, digestinfo) + sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big') + assert r == sig_bytes + + def test_sign_1(self, card): + digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT1) + r = card.cmd_pso(0x9e, 0x9a, digestinfo) + sig = rsa_keys.compute_signature(0, digestinfo) + sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big') + assert r == sig_bytes + + def test_ds_counter_1(self, card): + c = get_data_object(card, 0x7a) + assert c == b'\x93\x03\x00\x00\x02' + + def test_sign_auth_0(self, card): + digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT0) + r = card.cmd_internal_authenticate(digestinfo) + sig = rsa_keys.compute_signature(2, digestinfo) + sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big') + assert r == sig_bytes + + def test_sign_auth_1(self, card): + digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT1) + r = card.cmd_internal_authenticate(digestinfo) + sig = rsa_keys.compute_signature(2, digestinfo) + sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big') + assert r == sig_bytes + + def test_decrypt_0(self, card): + ciphertext = rsa_keys.encrypt(1, PLAIN_TEXT0) + r = card.cmd_pso(0x80, 0x86, ciphertext) + assert r == PLAIN_TEXT0 + + def test_decrypt_1(self, card): + ciphertext = rsa_keys.encrypt(1, PLAIN_TEXT1) + r = card.cmd_pso(0x80, 0x86, ciphertext) + assert r == PLAIN_TEXT1 diff --git a/tests/card_test_personalize_reset.py b/tests/card_test_personalize_reset.py new file mode 100644 index 0000000..37e2cd5 --- /dev/null +++ b/tests/card_test_personalize_reset.py @@ -0,0 +1,82 @@ +""" +card_test_personalize_reset.py - test resetting personalization of card + +Copyright (C) 2016, 2018, 2019 g10 Code GmbH +Author: NIIBE Yutaka + +This file is a part of Gnuk, a GnuPG USB Token implementation. + +Gnuk is free software: you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +Gnuk is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public +License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . +""" + +from struct import pack +from re import match, DOTALL +from util import * +import rsa_keys +from card_const import * +from constants_for_test import * + +class Test_Personalize_Reset(object): + def test_login_put(self, card): + r = card.cmd_put_data(0x00, 0x5e, b"") + assert r + + def test_name_put(self, card): + r = card.cmd_put_data(0x00, 0x5b, b"") + assert r + + def test_lang_put(self, card): + r = card.cmd_put_data(0x5f, 0x2d, b"") + assert r + + def test_sex_put(self, card): + try: + # Gnuk + r = card.cmd_put_data(0x5f, 0x35, b"") + except ValueError: + # OpenPGP card which doesn't allow b"" + r = card.cmd_put_data(0x5f, 0x35, b"9") + assert r + + def test_url_put(self, card): + r = card.cmd_put_data(0x5f, 0x50, b"") + assert r + + def test_pw1_status_put(self, card): + r = card.cmd_put_data(0x00, 0xc4, b"\x00") + assert r + + def test_setup_pw3_0(self, card): + r = card.change_passwd(3, PW3_TEST0, FACTORY_PASSPHRASE_PW3) + assert r + + def test_verify_pw3_0(self, card): + v = card.verify(3, FACTORY_PASSPHRASE_PW3) + assert v + + def test_setup_pw1_0(self, card): + r = card.change_passwd(1, PW1_TEST4, FACTORY_PASSPHRASE_PW1) + assert r + + def test_verify_pw1_0(self, card): + v = card.verify(1, FACTORY_PASSPHRASE_PW1) + assert v + + def test_verify_pw1_0_2(self, card): + v = card.verify(2, FACTORY_PASSPHRASE_PW1) + assert v + + def test_delete_reset_code(self, card): + r = card.cmd_put_data(0x00, 0xd3, b"") + assert r diff --git a/tests/card_test_remove_keys.py b/tests/card_test_remove_keys.py new file mode 100644 index 0000000..3f52ee2 --- /dev/null +++ b/tests/card_test_remove_keys.py @@ -0,0 +1,45 @@ +""" +card_test_remove_keys.py - test removing keys on card + +Copyright (C) 2016, 2018, 2019 g10 Code GmbH +Author: NIIBE Yutaka + +This file is a part of Gnuk, a GnuPG USB Token implementation. + +Gnuk is free software: you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +Gnuk is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public +License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . +""" + +# Remove a key material on card by changing algorithm attributes of the key + +from card_const import * + +class Test_Remove_Keys(object): + + def test_rsa_keyattr_change_1(self, card): + r = card.cmd_put_data(0x00, 0xc1, KEY_ATTRIBUTES_RSA4K) + if r: + r = card.cmd_put_data(0x00, 0xc1, KEY_ATTRIBUTES_RSA2K) + assert r + + def test_rsa_keyattr_change_2(self, card): + r = card.cmd_put_data(0x00, 0xc2, KEY_ATTRIBUTES_RSA4K) + if r: + r = card.cmd_put_data(0x00, 0xc2, KEY_ATTRIBUTES_RSA2K) + assert r + + def test_rsa_keyattr_change_3(self, card): + r = card.cmd_put_data(0x00, 0xc3, KEY_ATTRIBUTES_RSA4K) + if r: + r = card.cmd_put_data(0x00, 0xc3, KEY_ATTRIBUTES_RSA2K) + assert r diff --git a/tests/card_test_reset_pw3.py b/tests/card_test_reset_pw3.py new file mode 100644 index 0000000..61ec26f --- /dev/null +++ b/tests/card_test_reset_pw3.py @@ -0,0 +1,46 @@ +""" +card_test_reset_pw3.py - test resetting pw3 + +Copyright (C) 2018, 2019 g10 Code GmbH +Author: NIIBE Yutaka + +This file is a part of Gnuk, a GnuPG USB Token implementation. + +Gnuk is free software: you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +Gnuk is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public +License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . +""" + +from card_const import * +import pytest + +class Test_Reset_PW3(object): + # Gnuk specific feature of clear PW3 + def test_setup_pw3_null(self, card): + if card.is_gnuk: + r = card.change_passwd(3, FACTORY_PASSPHRASE_PW3, None) + assert r + else: + pytest.skip("Gnuk only feature of clearing PW3") + + def test_verify_pw3(self, card): + v = card.verify(3, FACTORY_PASSPHRASE_PW3) + assert v + + # Check PW1 again to see the possiblity of admin-less mode + def test_verify_pw1(self, card): + v = card.verify(1, FACTORY_PASSPHRASE_PW1) + assert v + + def test_verify_pw1_2(self, card): + v = card.verify(2, FACTORY_PASSPHRASE_PW1) + assert v diff --git a/tests/test_001_personalize_card.py b/tests/test_001_personalize_card.py index a798e58..4053172 100644 --- a/tests/test_001_personalize_card.py +++ b/tests/test_001_personalize_card.py @@ -1,276 +1 @@ -""" -test_personalize_card.py - test personalizing card - -Copyright (C) 2016, 2018 g10 Code GmbH -Author: NIIBE Yutaka - -This file is a part of Gnuk, a GnuPG USB Token implementation. - -Gnuk is free software: you can redistribute it and/or modify it -under the terms of the GNU General Public License as published by -the Free Software Foundation, either version 3 of the License, or -(at your option) any later version. - -Gnuk is distributed in the hope that it will be useful, but WITHOUT -ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public -License for more details. - -You should have received a copy of the GNU General Public License -along with this program. If not, see . -""" - -from struct import pack -from re import match, DOTALL -from util import * -import rsa_keys -from card_const import * -from constants_for_test import * - -def test_setup_pw3_0(card): - r = card.change_passwd(3, FACTORY_PASSPHRASE_PW3, PW3_TEST0) - assert r - -def test_verify_pw3_0(card): - v = card.verify(3, PW3_TEST0) - assert v - -def test_login_put(card): - r = card.cmd_put_data(0x00, 0x5e, b"gpg_user") - assert r - -def test_name_put(card): - r = card.cmd_put_data(0x00, 0x5b, b"GnuPG User") - assert r - -def test_lang_put(card): - r = card.cmd_put_data(0x5f, 0x2d, b"ja") - assert r - -def test_sex_put(card): - r = card.cmd_put_data(0x5f, 0x35, b"1") - assert r - -def test_url_put(card): - r = card.cmd_put_data(0x5f, 0x50, b"https://www.fsij.org/gnuk/") - assert r - -def test_pw1_status_put(card): - r = card.cmd_put_data(0x00, 0xc4, b"\x01") - assert r - -def test_login(card): - login = get_data_object(card, 0x5e) - assert login == b"gpg_user" - -def test_name_lang_sex(card): - name = b"GnuPG User" - lang = b"ja" - sex = b"1" - expected = b'\x5b' + pack('B', len(name)) + name \ - + b'\x5f\x2d' + pack('B', len(lang)) + lang \ - + b'\x5f\x35' + pack('B', len(sex)) + sex - name_lang_sex = get_data_object(card, 0x65) - assert name_lang_sex == expected - -def test_url(card): - url = get_data_object(card, 0x5f50) - assert url == b"https://www.fsij.org/gnuk/" - -def test_pw1_status(card): - s = get_data_object(card, 0xc4) - assert match(b'\x01...\x03[\x00\x03]\x03', s, DOTALL) - -def test_rsa_import_key_1(card): - t = rsa_keys.build_privkey_template(1, 0) - r = card.cmd_put_data_odd(0x3f, 0xff, t) - assert r - -def test_rsa_import_key_2(card): - t = rsa_keys.build_privkey_template(2, 1) - r = card.cmd_put_data_odd(0x3f, 0xff, t) - assert r - -def test_rsa_import_key_3(card): - t = rsa_keys.build_privkey_template(3, 2) - r = card.cmd_put_data_odd(0x3f, 0xff, t) - assert r - -def test_fingerprint_1_put(card): - fpr1 = rsa_keys.fpr[0] - r = card.cmd_put_data(0x00, 0xc7, fpr1) - assert r - -def test_fingerprint_2_put(card): - fpr2 = rsa_keys.fpr[1] - r = card.cmd_put_data(0x00, 0xc8, fpr2) - assert r - -def test_fingerprint_3_put(card): - fpr3 = rsa_keys.fpr[2] - r = card.cmd_put_data(0x00, 0xc9, fpr3) - assert r - -def test_timestamp_1_put(card): - timestamp1 = rsa_keys.timestamp[0] - r = card.cmd_put_data(0x00, 0xce, timestamp1) - assert r - -def test_timestamp_2_put(card): - timestamp2 = rsa_keys.timestamp[1] - r = card.cmd_put_data(0x00, 0xcf, timestamp2) - assert r - -def test_timestamp_3_put(card): - timestamp3 = rsa_keys.timestamp[2] - r = card.cmd_put_data(0x00, 0xd0, timestamp3) - assert r - -def test_ds_counter_0(card): - c = get_data_object(card, 0x7a) - assert c == b'\x93\x03\x00\x00\x00' - -def test_pw1_status(card): - s = get_data_object(card, 0xc4) - assert match(b'\x01...\x03[\x00\x03]\x03', s, DOTALL) - -def test_app_data(card): - app_data = get_data_object(card, 0x6e) - hist_len = app_data[20] - # FIXME: parse and check DO of C0, C1, C2, C3, C4, and C6 - assert app_data[0:8] == b"\x4f\x10\xd2\x76\x00\x01\x24\x01" and \ - app_data[18:18+2] == b"\x5f\x52" - -def test_public_key_1(card): - pk = card.cmd_get_public_key(1) - assert rsa_keys.key[0][0] == pk[9:9+256] - -def test_public_key_2(card): - pk = card.cmd_get_public_key(2) - assert rsa_keys.key[1][0] == pk[9:9+256] - -def test_public_key_3(card): - pk = card.cmd_get_public_key(3) - assert rsa_keys.key[2][0] == pk[9:9+256] - -def test_setup_pw1_0(card): - r = card.change_passwd(1, FACTORY_PASSPHRASE_PW1, PW1_TEST0) - assert r - -def test_verify_pw1_0(card): - v = card.verify(1, PW1_TEST0) - assert v - -def test_verify_pw1_0_2(card): - v = card.verify(2, PW1_TEST0) - assert v - -def test_setup_pw1_1(card): - r = card.change_passwd(1, PW1_TEST0, PW1_TEST1) - assert r - -def test_verify_pw1_1(card): - v = card.verify(1, PW1_TEST1) - assert v - -def test_verify_pw1_1_2(card): - v = card.verify(2, PW1_TEST1) - assert v - -def test_setup_reset_code(card): - r = card.setup_reset_code(RESETCODE_TEST) - assert r - -def test_reset_code(card): - r = card.reset_passwd_by_resetcode(RESETCODE_TEST, PW1_TEST2) - assert r - -def test_verify_pw1_2(card): - v = card.verify(1, PW1_TEST2) - assert v - -def test_verify_pw1_2_2(card): - v = card.verify(2, PW1_TEST2) - assert v - -def test_setup_pw3_1(card): - r = card.change_passwd(3, PW3_TEST0, PW3_TEST1) - assert r - -def test_verify_pw3_1(card): - v = card.verify(3, PW3_TEST1) - assert v - -def test_reset_userpass_admin(card): - r = card.reset_passwd_by_admin(PW1_TEST3) - assert r - -def test_verify_pw1_3(card): - v = card.verify(1, PW1_TEST3) - assert v - -def test_verify_pw1_3_2(card): - v = card.verify(2, PW1_TEST3) - assert v - -def test_setup_pw1_4(card): - r = card.change_passwd(1, PW1_TEST3, PW1_TEST4) - assert r - -def test_verify_pw1_4(card): - v = card.verify(1, PW1_TEST4) - assert v - -def test_verify_pw1_4_2(card): - v = card.verify(2, PW1_TEST4) - assert v - -def test_setup_pw3_2(card): - r = card.change_passwd(3, PW3_TEST1, PW3_TEST0) - assert r - -def test_verify_pw3_2(card): - v = card.verify(3, PW3_TEST0) - assert v - -def test_sign_0(card): - digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT0) - r = card.cmd_pso(0x9e, 0x9a, digestinfo) - sig = rsa_keys.compute_signature(0, digestinfo) - sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big') - assert r == sig_bytes - -def test_sign_1(card): - digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT1) - r = card.cmd_pso(0x9e, 0x9a, digestinfo) - sig = rsa_keys.compute_signature(0, digestinfo) - sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big') - assert r == sig_bytes - -def test_ds_counter_1(card): - c = get_data_object(card, 0x7a) - assert c == b'\x93\x03\x00\x00\x02' - -def test_sign_auth_0(card): - digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT0) - r = card.cmd_internal_authenticate(digestinfo) - sig = rsa_keys.compute_signature(2, digestinfo) - sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big') - assert r == sig_bytes - -def test_sign_auth_1(card): - digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT1) - r = card.cmd_internal_authenticate(digestinfo) - sig = rsa_keys.compute_signature(2, digestinfo) - sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big') - assert r == sig_bytes - -def test_decrypt_0(card): - ciphertext = rsa_keys.encrypt(1, PLAIN_TEXT0) - r = card.cmd_pso(0x80, 0x86, ciphertext) - assert r == PLAIN_TEXT0 - -def test_decrypt_1(card): - ciphertext = rsa_keys.encrypt(1, PLAIN_TEXT1) - r = card.cmd_pso(0x80, 0x86, ciphertext) - assert r == PLAIN_TEXT1 +from card_test_personalize_card import * diff --git a/tests/test_002_personalize_reset.py b/tests/test_002_personalize_reset.py index 276a249..dfacdeb 100644 --- a/tests/test_002_personalize_reset.py +++ b/tests/test_002_personalize_reset.py @@ -1,81 +1 @@ -""" -test_personalize_reset.py - test resetting personalization of card - -Copyright (C) 2016, 2018 g10 Code GmbH -Author: NIIBE Yutaka - -This file is a part of Gnuk, a GnuPG USB Token implementation. - -Gnuk is free software: you can redistribute it and/or modify it -under the terms of the GNU General Public License as published by -the Free Software Foundation, either version 3 of the License, or -(at your option) any later version. - -Gnuk is distributed in the hope that it will be useful, but WITHOUT -ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public -License for more details. - -You should have received a copy of the GNU General Public License -along with this program. If not, see . -""" - -from struct import pack -from re import match, DOTALL -from util import * -import rsa_keys -from card_const import * -from constants_for_test import * - -def test_login_put(card): - r = card.cmd_put_data(0x00, 0x5e, b"") - assert r - -def test_name_put(card): - r = card.cmd_put_data(0x00, 0x5b, b"") - assert r - -def test_lang_put(card): - r = card.cmd_put_data(0x5f, 0x2d, b"") - assert r - -def test_sex_put(card): - try: - # Gnuk - r = card.cmd_put_data(0x5f, 0x35, b"") - except ValueError: - # OpenPGP card which doesn't allow b"" - r = card.cmd_put_data(0x5f, 0x35, b"9") - assert r - -def test_url_put(card): - r = card.cmd_put_data(0x5f, 0x50, b"") - assert r - -def test_pw1_status_put(card): - r = card.cmd_put_data(0x00, 0xc4, b"\x00") - assert r - -def test_setup_pw3_0(card): - r = card.change_passwd(3, PW3_TEST0, FACTORY_PASSPHRASE_PW3) - assert r - -def test_verify_pw3_0(card): - v = card.verify(3, FACTORY_PASSPHRASE_PW3) - assert v - -def test_setup_pw1_0(card): - r = card.change_passwd(1, PW1_TEST4, FACTORY_PASSPHRASE_PW1) - assert r - -def test_verify_pw1_0(card): - v = card.verify(1, FACTORY_PASSPHRASE_PW1) - assert v - -def test_verify_pw1_0_2(card): - v = card.verify(2, FACTORY_PASSPHRASE_PW1) - assert v - -def test_delete_reset_code(card): - r = card.cmd_put_data(0x00, 0xd3, b"") - assert r +from card_test_personalize_reset import * diff --git a/tests/test_003_remove_keys.py b/tests/test_003_remove_keys.py index 59b584a..bcd8313 100644 --- a/tests/test_003_remove_keys.py +++ b/tests/test_003_remove_keys.py @@ -1,43 +1 @@ -""" -test_remove_keys.py - test removing keys on card - -Copyright (C) 2016, 2018 g10 Code GmbH -Author: NIIBE Yutaka - -This file is a part of Gnuk, a GnuPG USB Token implementation. - -Gnuk is free software: you can redistribute it and/or modify it -under the terms of the GNU General Public License as published by -the Free Software Foundation, either version 3 of the License, or -(at your option) any later version. - -Gnuk is distributed in the hope that it will be useful, but WITHOUT -ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public -License for more details. - -You should have received a copy of the GNU General Public License -along with this program. If not, see . -""" - -# Remove a key material on card by changing algorithm attributes of the key - -from card_const import * - -def test_rsa_keyattr_change_1(card): - r = card.cmd_put_data(0x00, 0xc1, KEY_ATTRIBUTES_RSA4K) - if r: - r = card.cmd_put_data(0x00, 0xc1, KEY_ATTRIBUTES_RSA2K) - assert r - -def test_rsa_keyattr_change_2(card): - r = card.cmd_put_data(0x00, 0xc2, KEY_ATTRIBUTES_RSA4K) - if r: - r = card.cmd_put_data(0x00, 0xc2, KEY_ATTRIBUTES_RSA2K) - assert r - -def test_rsa_keyattr_change_3(card): - r = card.cmd_put_data(0x00, 0xc3, KEY_ATTRIBUTES_RSA4K) - if r: - r = card.cmd_put_data(0x00, 0xc3, KEY_ATTRIBUTES_RSA2K) - assert r +from card_test_remove_keys import * diff --git a/tests/test_004_reset_pw3.py b/tests/test_004_reset_pw3.py index 4a2f7b8..dc43309 100644 --- a/tests/test_004_reset_pw3.py +++ b/tests/test_004_reset_pw3.py @@ -1,45 +1 @@ -""" -test_004_reset_pw3.py - test resetting pw3 - -Copyright (C) 2018, 2019 g10 Code GmbH -Author: NIIBE Yutaka - -This file is a part of Gnuk, a GnuPG USB Token implementation. - -Gnuk is free software: you can redistribute it and/or modify it -under the terms of the GNU General Public License as published by -the Free Software Foundation, either version 3 of the License, or -(at your option) any later version. - -Gnuk is distributed in the hope that it will be useful, but WITHOUT -ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public -License for more details. - -You should have received a copy of the GNU General Public License -along with this program. If not, see . -""" - -from card_const import * -import pytest - -# Gnuk specific feature of clear PW3 -def test_setup_pw3_null(card): - if card.is_gnuk: - r = card.change_passwd(3, FACTORY_PASSPHRASE_PW3, None) - assert r - else: - pytest.skip("Gnuk only feature of clearing PW3") - -def test_verify_pw3(card): - v = card.verify(3, FACTORY_PASSPHRASE_PW3) - assert v - -# Check PW1 again to see the possiblity of admin-less mode -def test_verify_pw1(card): - v = card.verify(1, FACTORY_PASSPHRASE_PW1) - assert v - -def test_verify_pw1_2(card): - v = card.verify(2, FACTORY_PASSPHRASE_PW1) - assert v +from card_test_reset_pw3 import * diff --git a/tests/test_005_personalize_admin_less.py b/tests/test_005_personalize_admin_less.py index 44d03b7..be47b0f 100644 --- a/tests/test_005_personalize_admin_less.py +++ b/tests/test_005_personalize_admin_less.py @@ -1,7 +1,7 @@ """ test_005_personalize_admin_less.py - test admin-less mode -Copyright (C) 2016, 2018 g10 Code GmbH +Copyright (C) 2016, 2018, 2019 g10 Code GmbH Author: NIIBE Yutaka This file is a part of Gnuk, a GnuPG USB Token implementation. @@ -20,291 +20,7 @@ You should have received a copy of the GNU General Public License along with this program. If not, see . """ -from struct import pack -from re import match, DOTALL -from util import * -import rsa_keys -from card_const import * -from constants_for_test import * - -def test_verify_pw3_0(card): - v = card.verify(3, FACTORY_PASSPHRASE_PW3) - assert v - -def test_rsa_import_key_1(card): - t = rsa_keys.build_privkey_template(1, 0) - r = card.cmd_put_data_odd(0x3f, 0xff, t) - assert r - -def test_rsa_import_key_2(card): - t = rsa_keys.build_privkey_template(2, 1) - r = card.cmd_put_data_odd(0x3f, 0xff, t) - assert r - -def test_rsa_import_key_3(card): - t = rsa_keys.build_privkey_template(3, 2) - r = card.cmd_put_data_odd(0x3f, 0xff, t) - assert r - -def test_fingerprint_1_put(card): - fpr1 = rsa_keys.fpr[0] - r = card.cmd_put_data(0x00, 0xc7, fpr1) - assert r - -def test_fingerprint_2_put(card): - fpr2 = rsa_keys.fpr[1] - r = card.cmd_put_data(0x00, 0xc8, fpr2) - assert r - -def test_fingerprint_3_put(card): - fpr3 = rsa_keys.fpr[2] - r = card.cmd_put_data(0x00, 0xc9, fpr3) - assert r - -def test_timestamp_1_put(card): - timestamp1 = rsa_keys.timestamp[0] - r = card.cmd_put_data(0x00, 0xce, timestamp1) - assert r - -def test_timestamp_2_put(card): - timestamp2 = rsa_keys.timestamp[1] - r = card.cmd_put_data(0x00, 0xcf, timestamp2) - assert r - -def test_timestamp_3_put(card): - timestamp3 = rsa_keys.timestamp[2] - r = card.cmd_put_data(0x00, 0xd0, timestamp3) - assert r - -def test_ds_counter_0(card): - c = get_data_object(card, 0x7a) - assert c == b'\x93\x03\x00\x00\x00' - -def test_pw1_status(card): - s = get_data_object(card, 0xc4) - assert match(b'\x01...\x03[\x00\x03]\x03', s, DOTALL) - -def test_app_data(card): - app_data = get_data_object(card, 0x6e) - hist_len = app_data[20] - # FIXME: parse and check DO of C0, C1, C2, C3, C4, and C6 - assert app_data[0:8] == b"\x4f\x10\xd2\x76\x00\x01\x24\x01" and \ - app_data[18:18+2] == b"\x5f\x52" - -def test_public_key_1(card): - pk = card.cmd_get_public_key(1) - assert rsa_keys.key[0][0] == pk[9:9+256] - -def test_public_key_2(card): - pk = card.cmd_get_public_key(2) - assert rsa_keys.key[1][0] == pk[9:9+256] - -def test_public_key_3(card): - pk = card.cmd_get_public_key(3) - assert rsa_keys.key[2][0] == pk[9:9+256] - -# Changing PW1 to admin-less mode - -def test_setup_pw1_0(card): - r = card.change_passwd(1, FACTORY_PASSPHRASE_PW1, PW1_TEST0) - assert r - -# Now, it's admin-less mode, auth-status admin cleared - -def test_verify_pw3_fail_1(card): - try: - v = card.verify(3, FACTORY_PASSPHRASE_PW3) - except ValueError as e: - v = False - assert not v - -def test_verify_pw1_0(card): - v = card.verify(1, PW1_TEST0) - assert v - -def test_verify_pw1_0_2(card): - v = card.verify(2, PW1_TEST0) - assert v - -def test_setup_pw1_1(card): - r = card.change_passwd(1, PW1_TEST0, PW1_TEST1) - assert r - -def test_verify_pw1_1(card): - v = card.verify(1, PW1_TEST1) - assert v - -def test_verify_pw1_1_2(card): - v = card.verify(2, PW1_TEST1) - assert v - -def test_verify_pw3_admin_less_1(card): - v = card.verify(3, PW1_TEST1) - assert v - -def test_setup_reset_code(card): - r = card.setup_reset_code(RESETCODE_TEST) - assert r - -def test_reset_code(card): - r = card.reset_passwd_by_resetcode(RESETCODE_TEST, PW1_TEST2) - assert r - -# Changing PW1, auth status for admin cleared -def test_login_put_fail(card): - try: - r = card.cmd_put_data(0x00, 0x5e, b"gpg_user") - except ValueError as e: - r = e.args[0] - assert r == "6982" - -def test_verify_pw1_2(card): - v = card.verify(1, PW1_TEST2) - assert v - -def test_verify_pw1_2_2(card): - v = card.verify(2, PW1_TEST2) - assert v - -def test_verify_pw3_fail_2(card): - try: - v = card.verify(3, FACTORY_PASSPHRASE_PW3) - except ValueError as e: - v = e.args[0] - assert v == "6982" - -def test_sign_0(card): - digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT0) - r = card.cmd_pso(0x9e, 0x9a, digestinfo) - sig = rsa_keys.compute_signature(0, digestinfo) - sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big') - assert r == sig_bytes - -# Since forcesig setting, failed -def test_sign_1(card): - digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT1) - try: - r = card.cmd_pso(0x9e, 0x9a, digestinfo) - except ValueError as e: - r = e.args[0] - assert r == "6982" - -def test_ds_counter_1(card): - c = get_data_object(card, 0x7a) - assert c == b'\x93\x03\x00\x00\x01' - -def test_sign_auth_0(card): - digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT0) - r = card.cmd_internal_authenticate(digestinfo) - sig = rsa_keys.compute_signature(2, digestinfo) - sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big') - assert r == sig_bytes - -def test_sign_auth_1(card): - digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT1) - r = card.cmd_internal_authenticate(digestinfo) - sig = rsa_keys.compute_signature(2, digestinfo) - sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big') - assert r == sig_bytes - -def test_decrypt_0(card): - ciphertext = rsa_keys.encrypt(1, PLAIN_TEXT0) - r = card.cmd_pso(0x80, 0x86, ciphertext) - assert r == PLAIN_TEXT0 - -def test_decrypt_1(card): - ciphertext = rsa_keys.encrypt(1, PLAIN_TEXT1) - r = card.cmd_pso(0x80, 0x86, ciphertext) - assert r == PLAIN_TEXT1 - -def test_verify_pw3_admin_less_2(card): - v = card.verify(3, PW1_TEST2) - assert v - -def test_login_put(card): - r = card.cmd_put_data(0x00, 0x5e, b"gpg_user") - assert r - -def test_name_put(card): - r = card.cmd_put_data(0x00, 0x5b, b"GnuPG User") - assert r - -def test_lang_put(card): - r = card.cmd_put_data(0x5f, 0x2d, b"ja") - assert r - -def test_sex_put(card): - r = card.cmd_put_data(0x5f, 0x35, b"1") - assert r - -def test_url_put(card): - r = card.cmd_put_data(0x5f, 0x50, b"https://www.fsij.org/gnuk/") - assert r - -def test_pw1_status_put(card): - r = card.cmd_put_data(0x00, 0xc4, b"\x01") - assert r - -def test_login(card): - login = get_data_object(card, 0x5e) - assert login == b"gpg_user" - -def test_name_lang_sex(card): - name = b"GnuPG User" - lang = b"ja" - sex = b"1" - expected = b'\x5b' + pack('B', len(name)) + name \ - + b'\x5f\x2d' + pack('B', len(lang)) + lang \ - + b'\x5f\x35' + pack('B', len(sex)) + sex - name_lang_sex = get_data_object(card, 0x65) - assert name_lang_sex == expected - -def test_url(card): - url = get_data_object(card, 0x5f50) - assert url == b"https://www.fsij.org/gnuk/" - -def test_pw1_status(card): - s = get_data_object(card, 0xc4) - assert match(b'\x01...\x03[\x00\x03]\x03', s, DOTALL) - -# Setting PW3, changed to admin-full mode - -def test_setup_pw3_1(card): - r = card.change_passwd(3, PW1_TEST2, PW3_TEST1) - assert r - -def test_verify_pw3_1(card): - v = card.verify(3, PW3_TEST1) - assert v - -def test_reset_userpass_admin(card): - r = card.reset_passwd_by_admin(PW1_TEST3) - assert r - -def test_verify_pw1_3(card): - v = card.verify(1, PW1_TEST3) - assert v - -def test_verify_pw1_3_2(card): - v = card.verify(2, PW1_TEST3) - assert v - -def test_setup_pw1_4(card): - r = card.change_passwd(1, PW1_TEST3, PW1_TEST4) - assert r - -def test_verify_pw1_4(card): - v = card.verify(1, PW1_TEST4) - assert v - -def test_verify_pw1_4_2(card): - v = card.verify(2, PW1_TEST4) - assert v - -def test_setup_pw3_2(card): - r = card.change_passwd(3, PW3_TEST1, PW3_TEST0) - assert r - -def test_verify_pw3_2(card): - v = card.verify(3, PW3_TEST0) - assert v +from card_test_personalize_admin_less import * +from card_test_personalize_reset import * +from card_test_remove_keys import * +from card_test_reset_pw3 import * diff --git a/tests/test_006_personalize_reset.py b/tests/test_006_personalize_reset.py deleted file mode 120000 index f0c73cf..0000000 --- a/tests/test_006_personalize_reset.py +++ /dev/null @@ -1 +0,0 @@ -test_002_personalize_reset.py \ No newline at end of file diff --git a/tests/test_007_remove_keys.py b/tests/test_007_remove_keys.py deleted file mode 120000 index 2a388b5..0000000 --- a/tests/test_007_remove_keys.py +++ /dev/null @@ -1 +0,0 @@ -test_003_remove_keys.py \ No newline at end of file diff --git a/tests/test_008_reset_pw3.py b/tests/test_008_reset_pw3.py deleted file mode 120000 index 4775d14..0000000 --- a/tests/test_008_reset_pw3.py +++ /dev/null @@ -1 +0,0 @@ -test_004_reset_pw3.py \ No newline at end of file diff --git a/tests/test_009_keygen.py b/tests/test_009_keygen.py index ef1b431..36fb39f 100644 --- a/tests/test_009_keygen.py +++ b/tests/test_009_keygen.py @@ -1,7 +1,7 @@ """ test_005_keygen.py - test key generation -Copyright (C) 2018 g10 Code GmbH +Copyright (C) 2018, 2019 g10 Code GmbH Author: NIIBE Yutaka This file is a part of Gnuk, a GnuPG USB Token implementation. @@ -20,64 +20,5 @@ You should have received a copy of the GNU General Public License along with this program. If not, see . """ -from binascii import hexlify -import rsa_keys -from card_const import * - -def test_keygen_1(card): - pk = card.cmd_genkey(1) - fpr_date = rsa_keys.calc_fpr(pk[0], pk[1]) - r = card.cmd_put_data(0x00, 0xc7, fpr_date[0]) - if r: - r = card.cmd_put_data(0x00, 0xce, fpr_date[1]) - assert r - -def test_keygen_2(card): - pk = card.cmd_genkey(2) - fpr_date = rsa_keys.calc_fpr(pk[0], pk[1]) - r = card.cmd_put_data(0x00, 0xc8, fpr_date[0]) - if r: - r = card.cmd_put_data(0x00, 0xcf, fpr_date[1]) - assert r - -def test_keygen_3(card): - pk = card.cmd_genkey(3) - fpr_date = rsa_keys.calc_fpr(pk[0], pk[1]) - r = card.cmd_put_data(0x00, 0xc9, fpr_date[0]) - if r: - r = card.cmd_put_data(0x00, 0xd0, fpr_date[1]) - assert r - -def test_verify_pw1(card): - v = card.cmd_verify(1, FACTORY_PASSPHRASE_PW1) - assert v - -def test_signature_sigkey(card): - msg = b"Sign me please" - pk = card.cmd_get_public_key(1) - pk_info = (pk[9:9+256], pk[9+256+2:9+256+2+3]) - digest = rsa_keys.compute_digestinfo(msg) - sig = int(hexlify(card.cmd_pso(0x9e, 0x9a, digest)),16) - r = rsa_keys.verify_signature(pk_info, digest, sig) - assert r - -def test_verify_pw1_2(card): - v = card.cmd_verify(2, FACTORY_PASSPHRASE_PW1) - assert v - -def test_decryption(card): - msg = b"encrypt me please" - pk = card.cmd_get_public_key(2) - pk_info = (pk[9:9+256], pk[9+256+2:9+256+2+3]) - ciphertext = rsa_keys.encrypt_with_pubkey(pk_info, msg) - r = card.cmd_pso(0x80, 0x86, ciphertext) - assert r == msg - -def test_signature_authkey(card): - msg = b"Sign me please to authenticate" - pk = card.cmd_get_public_key(3) - pk_info = (pk[9:9+256], pk[9+256+2:9+256+2+3]) - digest = rsa_keys.compute_digestinfo(msg) - sig = int(hexlify(card.cmd_internal_authenticate(digest)),16) - r = rsa_keys.verify_signature(pk_info, digest, sig) - assert r +from card_test_keygen import * +from card_test_remove_keys import * diff --git a/tests/test_010_remove_keys.py b/tests/test_010_remove_keys.py deleted file mode 120000 index 2a388b5..0000000 --- a/tests/test_010_remove_keys.py +++ /dev/null @@ -1 +0,0 @@ -test_003_remove_keys.py \ No newline at end of file diff --git a/tests/test_011_kdf_full.py b/tests/test_011_kdf_full.py index e5e4efc..3481625 100644 --- a/tests/test_011_kdf_full.py +++ b/tests/test_011_kdf_full.py @@ -1,7 +1,7 @@ """ test_007_kdf_full.py - test KDF data object -Copyright (C) 2018 g10 Code GmbH +Copyright (C) 2018, 2019 g10 Code GmbH Author: NIIBE Yutaka This file is a part of Gnuk, a GnuPG USB Token implementation. @@ -20,15 +20,8 @@ You should have received a copy of the GNU General Public License along with this program. If not, see . """ -from card_const import * -from constants_for_test import * - -def test_verify_pw3(card): - v = card.verify(3, FACTORY_PASSPHRASE_PW3) - assert v - -def test_kdf_put_full(card): - r = card.cmd_put_data(0x00, 0xf9, KDF_FULL) - if r: - card.configure_with_kdf() - assert r +from card_test_kdf_full import * +from card_test_personalize_card import * +from card_test_personalize_reset import * +from card_test_remove_keys import * +from card_test_reset_pw3 import * diff --git a/tests/test_012_personalize_card.py b/tests/test_012_personalize_card.py deleted file mode 120000 index 05a4b09..0000000 --- a/tests/test_012_personalize_card.py +++ /dev/null @@ -1 +0,0 @@ -test_001_personalize_card.py \ No newline at end of file diff --git a/tests/test_013_personalize_reset.py b/tests/test_013_personalize_reset.py deleted file mode 120000 index f0c73cf..0000000 --- a/tests/test_013_personalize_reset.py +++ /dev/null @@ -1 +0,0 @@ -test_002_personalize_reset.py \ No newline at end of file diff --git a/tests/test_014_remove_keys.py b/tests/test_014_remove_keys.py deleted file mode 120000 index 2a388b5..0000000 --- a/tests/test_014_remove_keys.py +++ /dev/null @@ -1 +0,0 @@ -test_003_remove_keys.py \ No newline at end of file diff --git a/tests/test_015_reset_pw3.py b/tests/test_015_reset_pw3.py deleted file mode 120000 index 4775d14..0000000 --- a/tests/test_015_reset_pw3.py +++ /dev/null @@ -1 +0,0 @@ -test_004_reset_pw3.py \ No newline at end of file diff --git a/tests/test_016_kdf_single.py b/tests/test_016_kdf_single.py index 9a28803..ee04fa5 100644 --- a/tests/test_016_kdf_single.py +++ b/tests/test_016_kdf_single.py @@ -1,7 +1,7 @@ """ test_012_kdf_single.py - test KDF data object -Copyright (C) 2018 g10 Code GmbH +Copyright (C) 2018, 2019 g10 Code GmbH Author: NIIBE Yutaka This file is a part of Gnuk, a GnuPG USB Token implementation. @@ -20,15 +20,8 @@ You should have received a copy of the GNU General Public License along with this program. If not, see . """ -from card_const import * -from constants_for_test import * - -def test_verify_pw3(card): - v = card.verify(3, FACTORY_PASSPHRASE_PW3) - assert v - -def test_kdf_put_single(card): - r = card.cmd_put_data(0x00, 0xf9, KDF_SINGLE) - if r: - card.configure_with_kdf() - assert r +from card_test_kdf_single import * +from card_test_personalize_card import * +from card_test_personalize_reset import * +from card_test_remove_keys import * +from card_test_reset_pw3 import * diff --git a/tests/test_017_personalize_card.py b/tests/test_017_personalize_card.py deleted file mode 120000 index 05a4b09..0000000 --- a/tests/test_017_personalize_card.py +++ /dev/null @@ -1 +0,0 @@ -test_001_personalize_card.py \ No newline at end of file diff --git a/tests/test_018_personalize_reset.py b/tests/test_018_personalize_reset.py deleted file mode 120000 index f0c73cf..0000000 --- a/tests/test_018_personalize_reset.py +++ /dev/null @@ -1 +0,0 @@ -test_002_personalize_reset.py \ No newline at end of file diff --git a/tests/test_019_remove_keys.py b/tests/test_019_remove_keys.py deleted file mode 120000 index 2a388b5..0000000 --- a/tests/test_019_remove_keys.py +++ /dev/null @@ -1 +0,0 @@ -test_003_remove_keys.py \ No newline at end of file diff --git a/tests/test_020_reset_pw3.py b/tests/test_020_reset_pw3.py deleted file mode 120000 index 4775d14..0000000 --- a/tests/test_020_reset_pw3.py +++ /dev/null @@ -1 +0,0 @@ -test_004_reset_pw3.py \ No newline at end of file diff --git a/tests/test_021_personalize_admin_less.py b/tests/test_021_personalize_admin_less.py deleted file mode 120000 index 801678d..0000000 --- a/tests/test_021_personalize_admin_less.py +++ /dev/null @@ -1 +0,0 @@ -test_005_personalize_admin_less.py \ No newline at end of file diff --git a/tests/test_021_personalize_admin_less.py b/tests/test_021_personalize_admin_less.py new file mode 100644 index 0000000..317b572 --- /dev/null +++ b/tests/test_021_personalize_admin_less.py @@ -0,0 +1 @@ +from test_005_personalize_admin_less import * diff --git a/tests/test_022_personalize_reset.py b/tests/test_022_personalize_reset.py deleted file mode 120000 index f0c73cf..0000000 --- a/tests/test_022_personalize_reset.py +++ /dev/null @@ -1 +0,0 @@ -test_002_personalize_reset.py \ No newline at end of file diff --git a/tests/test_023_remove_keys.py b/tests/test_023_remove_keys.py deleted file mode 120000 index 2a388b5..0000000 --- a/tests/test_023_remove_keys.py +++ /dev/null @@ -1 +0,0 @@ -test_003_remove_keys.py \ No newline at end of file diff --git a/tests/test_024_reset_pw3.py b/tests/test_024_reset_pw3.py deleted file mode 120000 index 4775d14..0000000 --- a/tests/test_024_reset_pw3.py +++ /dev/null @@ -1 +0,0 @@ -test_004_reset_pw3.py \ No newline at end of file