From b47bd693ba7f274e0cdcfb55f42aaec272ca391d Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Wed, 4 Apr 2018 17:42:14 +0900
Subject: [PATCH] More tests (3).

---
 tests/openpgp_card.py               | 31 +++++++++++++++++++++++
 tests/test_001_personalize_card.py  | 32 ++++++++++++------------
 tests/test_002_personalize_reset.py | 10 ++++----
 tests/test_004_reset_pw3.py         |  6 ++---
 tests/test_007_kdf_full.py          | 28 ++-------------------
 tests/test_008_personalize_card.py  |  1 +
 tests/test_009_personalize_reset.py |  1 +
 tests/test_010_remove_keys.py       |  1 +
 tests/test_011_reset_pw3.py         |  1 +
 tests/test_012_kdf_single.py        | 34 ++++++++++++++++++++++++++
 tests/test_013_personalize_card.py  |  1 +
 tests/test_014_personalize_reset.py |  1 +
 tests/test_015_remove_keys.py       |  1 +
 tests/test_016_reset_pw3.py         |  1 +
 tests/test_017_kdf_none.py          | 38 +++++++++++++++++++++++++++++
 15 files changed, 137 insertions(+), 50 deletions(-)
 create mode 120000 tests/test_008_personalize_card.py
 create mode 120000 tests/test_009_personalize_reset.py
 create mode 120000 tests/test_010_remove_keys.py
 create mode 120000 tests/test_011_reset_pw3.py
 create mode 100644 tests/test_012_kdf_single.py
 create mode 120000 tests/test_013_personalize_card.py
 create mode 120000 tests/test_014_personalize_reset.py
 create mode 120000 tests/test_015_remove_keys.py
 create mode 120000 tests/test_016_reset_pw3.py
 create mode 100644 tests/test_017_kdf_none.py

diff --git a/tests/openpgp_card.py b/tests/openpgp_card.py
index 6dc0c73..0e7cc8b 100644
--- a/tests/openpgp_card.py
+++ b/tests/openpgp_card.py
@@ -102,6 +102,37 @@ class OpenPGP_Card(object):
                 passwd_new = b""
             return self.cmd_change_reference_data(who, passwd_old + passwd_new)
 
+    # Higher layer SETUP_RESET_CODE possibly using KDF Data Object
+    def setup_reset_code(self, resetcode):
+        if self.__kdf_iters:
+            salt = self.__kdf_salt_user
+            if self.__kdf_salt_reset:
+                    salt = self.__kdf_salt_user
+            reset_hash = kdf_calc(resetcode, salt, self.__kdf_iters)
+            return self.cmd_put_data(0x00, 0xd3, reset_hash)
+        else:
+            return self.cmd_put_data(0x00, 0xd3, resetcode)
+
+    # Higher layer reset passwd possibly using KDF Data Object
+    def reset_passwd_by_resetcode(self, resetcode, pw1):
+        if self.__kdf_iters:
+            salt = self.__kdf_salt_user
+            if self.__kdf_salt_reset:
+                    salt = self.__kdf_salt_user
+            reset_hash = kdf_calc(resetcode, salt, self.__kdf_iters)
+            pw1_hash = kdf_calc(pw1, self.__kdf_salt_user, self.__kdf_iters)
+            return self.cmd_reset_retry_counter(0, 0x81, reset_hash + pw1_hash)
+        else:
+            return self.cmd_reset_retry_counter(0, 0x81, resetcode + pw1)
+
+    # Higher layer reset passwd possibly using KDF Data Object
+    def reset_passwd_by_admin(self, pw1):
+        if self.__kdf_iters:
+            pw1_hash = kdf_calc(pw1, self.__kdf_salt_user, self.__kdf_iters)
+            return self.cmd_reset_retry_counter(2, 0x81, pw1_hash)
+        else:
+            return self.cmd_reset_retry_counter(2, 0x81, pw1)
+
     def cmd_get_response(self, expected_len):
         result = b""
         while True:
diff --git a/tests/test_001_personalize_card.py b/tests/test_001_personalize_card.py
index c168c98..a5de0c3 100644
--- a/tests/test_001_personalize_card.py
+++ b/tests/test_001_personalize_card.py
@@ -32,7 +32,7 @@ def test_setup_pw3_0(card):
     assert r
 
 def test_verify_pw3_0(card):
-    v = card.cmd_verify(3, PW3_TEST0)
+    v = card.verify(3, PW3_TEST0)
     assert v
 
 def test_login_put(card):
@@ -158,11 +158,11 @@ def test_setup_pw1_0(card):
     assert r
 
 def test_verify_pw1_0(card):
-    v = card.cmd_verify(1, PW1_TEST0)
+    v = card.verify(1, PW1_TEST0)
     assert v
 
 def test_verify_pw1_0_2(card):
-    v = card.cmd_verify(2, PW1_TEST0)
+    v = card.verify(2, PW1_TEST0)
     assert v
 
 def test_setup_pw1_1(card):
@@ -170,27 +170,27 @@ def test_setup_pw1_1(card):
     assert r
 
 def test_verify_pw1_1(card):
-    v = card.cmd_verify(1, PW1_TEST1)
+    v = card.verify(1, PW1_TEST1)
     assert v
 
 def test_verify_pw1_1_2(card):
-    v = card.cmd_verify(2, PW1_TEST1)
+    v = card.verify(2, PW1_TEST1)
     assert v
 
 def test_setup_reset_code(card):
-    r = card.cmd_put_data(0x00, 0xd3, RESETCODE_TEST)
+    r = card.setup_reset_code(RESETCODE_TEST)
     assert r
 
 def test_reset_code(card):
-    r = card.cmd_reset_retry_counter(0, 0x81, RESETCODE_TEST + PW1_TEST2)
+    r = card.reset_passwd_by_resetcode(RESETCODE_TEST, PW1_TEST2)
     assert r
 
 def test_verify_pw1_2(card):
-    v = card.cmd_verify(1, PW1_TEST2)
+    v = card.verify(1, PW1_TEST2)
     assert v
 
 def test_verify_pw1_2_2(card):
-    v = card.cmd_verify(2, PW1_TEST2)
+    v = card.verify(2, PW1_TEST2)
     assert v
 
 def test_setup_pw3_1(card):
@@ -198,19 +198,19 @@ def test_setup_pw3_1(card):
     assert r
 
 def test_verify_pw3_1(card):
-    v = card.cmd_verify(3, PW3_TEST1)
+    v = card.verify(3, PW3_TEST1)
     assert v
 
 def test_reset_userpass_admin(card):
-    r = card.cmd_reset_retry_counter(2, 0x81, PW1_TEST3)
+    r = card.reset_passwd_by_admin(PW1_TEST3)
     assert r
 
 def test_verify_pw1_3(card):
-    v = card.cmd_verify(1, PW1_TEST3)
+    v = card.verify(1, PW1_TEST3)
     assert v
 
 def test_verify_pw1_3_2(card):
-    v = card.cmd_verify(2, PW1_TEST3)
+    v = card.verify(2, PW1_TEST3)
     assert v
 
 def test_setup_pw1_4(card):
@@ -218,11 +218,11 @@ def test_setup_pw1_4(card):
     assert r
 
 def test_verify_pw1_4(card):
-    v = card.cmd_verify(1, PW1_TEST4)
+    v = card.verify(1, PW1_TEST4)
     assert v
 
 def test_verify_pw1_4_2(card):
-    v = card.cmd_verify(2, PW1_TEST4)
+    v = card.verify(2, PW1_TEST4)
     assert v
 
 def test_setup_pw3_2(card):
@@ -230,7 +230,7 @@ def test_setup_pw3_2(card):
     assert r
 
 def test_verify_pw3_2(card):
-    v = card.cmd_verify(3, PW3_TEST0)
+    v = card.verify(3, PW3_TEST0)
     assert v
 
 def test_sign_0(card):
diff --git a/tests/test_002_personalize_reset.py b/tests/test_002_personalize_reset.py
index 91e0ba3..2a0eeac 100644
--- a/tests/test_002_personalize_reset.py
+++ b/tests/test_002_personalize_reset.py
@@ -57,23 +57,23 @@ def test_pw1_status_put(card):
     assert r
 
 def test_setup_pw3_0(card):
-    r = card.cmd_change_reference_data(3, PW3_TEST0 + FACTORY_PASSPHRASE_PW3)
+    r = card.change_passwd(3, PW3_TEST0, FACTORY_PASSPHRASE_PW3)
     assert r
 
 def test_verify_pw3_0(card):
-    v = card.cmd_verify(3, FACTORY_PASSPHRASE_PW3)
+    v = card.verify(3, FACTORY_PASSPHRASE_PW3)
     assert v
 
 def test_setup_pw1_0(card):
-    r = card.cmd_change_reference_data(1, PW1_TEST4 + FACTORY_PASSPHRASE_PW1)
+    r = card.change_passwd(1, PW1_TEST4, FACTORY_PASSPHRASE_PW1)
     assert r
 
 def test_verify_pw1_0(card):
-    v = card.cmd_verify(1, FACTORY_PASSPHRASE_PW1)
+    v = card.verify(1, FACTORY_PASSPHRASE_PW1)
     assert v
 
 def test_verify_pw1_0_2(card):
-    v = card.cmd_verify(2, FACTORY_PASSPHRASE_PW1)
+    v = card.verify(2, FACTORY_PASSPHRASE_PW1)
     assert v
 
 def test_setup_reset_code(card):
diff --git a/tests/test_004_reset_pw3.py b/tests/test_004_reset_pw3.py
index 7477d8a..cca37ff 100644
--- a/tests/test_004_reset_pw3.py
+++ b/tests/test_004_reset_pw3.py
@@ -28,14 +28,14 @@ def test_setup_pw3_null(card):
     assert r
 
 def test_verify_pw3(card):
-    v = card.cmd_verify(3, FACTORY_PASSPHRASE_PW3)
+    v = card.verify(3, FACTORY_PASSPHRASE_PW3)
     assert v
 
 # Check PW1 again to see the possiblity of admin-less mode
 def test_verify_pw1(card):
-    v = card.cmd_verify(1, FACTORY_PASSPHRASE_PW1)
+    v = card.verify(1, FACTORY_PASSPHRASE_PW1)
     assert v
 
 def test_verify_pw1_2(card):
-    v = card.cmd_verify(2, FACTORY_PASSPHRASE_PW1)
+    v = card.verify(2, FACTORY_PASSPHRASE_PW1)
     assert v
diff --git a/tests/test_007_kdf_full.py b/tests/test_007_kdf_full.py
index e587c82..e5e4efc 100644
--- a/tests/test_007_kdf_full.py
+++ b/tests/test_007_kdf_full.py
@@ -1,5 +1,5 @@
 """
-test_007_kdf.py - test KDF data object
+test_007_kdf_full.py - test KDF data object
 
 Copyright (C) 2018  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
@@ -23,7 +23,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from card_const import *
 from constants_for_test import *
 
-def test_verify_pw3_0(card):
+def test_verify_pw3(card):
     v = card.verify(3, FACTORY_PASSPHRASE_PW3)
     assert v
 
@@ -32,27 +32,3 @@ def test_kdf_put_full(card):
     if r:
         card.configure_with_kdf()
     assert r
-
-def test_verify_pw3_1(card):
-    v = card.verify(3, FACTORY_PASSPHRASE_PW3)
-    assert v
-
-def test_kdf_put_single(card):
-    r = card.cmd_put_data(0x00, 0xf9, KDF_SINGLE)
-    if r:
-        card.configure_with_kdf()
-    assert r
-
-def test_verify_pw3_2(card):
-    v = card.verify(3, FACTORY_PASSPHRASE_PW3)
-    assert v
-
-def test_kdf_put_none(card):
-    r = card.cmd_put_data(0x00, 0xf9, b"")
-    if r:
-        card.configure_with_kdf()
-    assert r
-
-def test_verify_pw3_3(card):
-    v = card.verify(3, FACTORY_PASSPHRASE_PW3)
-    assert v
diff --git a/tests/test_008_personalize_card.py b/tests/test_008_personalize_card.py
new file mode 120000
index 0000000..05a4b09
--- /dev/null
+++ b/tests/test_008_personalize_card.py
@@ -0,0 +1 @@
+test_001_personalize_card.py
\ No newline at end of file
diff --git a/tests/test_009_personalize_reset.py b/tests/test_009_personalize_reset.py
new file mode 120000
index 0000000..f0c73cf
--- /dev/null
+++ b/tests/test_009_personalize_reset.py
@@ -0,0 +1 @@
+test_002_personalize_reset.py
\ No newline at end of file
diff --git a/tests/test_010_remove_keys.py b/tests/test_010_remove_keys.py
new file mode 120000
index 0000000..2a388b5
--- /dev/null
+++ b/tests/test_010_remove_keys.py
@@ -0,0 +1 @@
+test_003_remove_keys.py
\ No newline at end of file
diff --git a/tests/test_011_reset_pw3.py b/tests/test_011_reset_pw3.py
new file mode 120000
index 0000000..4775d14
--- /dev/null
+++ b/tests/test_011_reset_pw3.py
@@ -0,0 +1 @@
+test_004_reset_pw3.py
\ No newline at end of file
diff --git a/tests/test_012_kdf_single.py b/tests/test_012_kdf_single.py
new file mode 100644
index 0000000..9a28803
--- /dev/null
+++ b/tests/test_012_kdf_single.py
@@ -0,0 +1,34 @@
+"""
+test_012_kdf_single.py - test KDF data object
+
+Copyright (C) 2018  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from card_const import *
+from constants_for_test import *
+
+def test_verify_pw3(card):
+    v = card.verify(3, FACTORY_PASSPHRASE_PW3)
+    assert v
+
+def test_kdf_put_single(card):
+    r = card.cmd_put_data(0x00, 0xf9, KDF_SINGLE)
+    if r:
+        card.configure_with_kdf()
+    assert r
diff --git a/tests/test_013_personalize_card.py b/tests/test_013_personalize_card.py
new file mode 120000
index 0000000..05a4b09
--- /dev/null
+++ b/tests/test_013_personalize_card.py
@@ -0,0 +1 @@
+test_001_personalize_card.py
\ No newline at end of file
diff --git a/tests/test_014_personalize_reset.py b/tests/test_014_personalize_reset.py
new file mode 120000
index 0000000..f0c73cf
--- /dev/null
+++ b/tests/test_014_personalize_reset.py
@@ -0,0 +1 @@
+test_002_personalize_reset.py
\ No newline at end of file
diff --git a/tests/test_015_remove_keys.py b/tests/test_015_remove_keys.py
new file mode 120000
index 0000000..2a388b5
--- /dev/null
+++ b/tests/test_015_remove_keys.py
@@ -0,0 +1 @@
+test_003_remove_keys.py
\ No newline at end of file
diff --git a/tests/test_016_reset_pw3.py b/tests/test_016_reset_pw3.py
new file mode 120000
index 0000000..4775d14
--- /dev/null
+++ b/tests/test_016_reset_pw3.py
@@ -0,0 +1 @@
+test_004_reset_pw3.py
\ No newline at end of file
diff --git a/tests/test_017_kdf_none.py b/tests/test_017_kdf_none.py
new file mode 100644
index 0000000..4cf3d7f
--- /dev/null
+++ b/tests/test_017_kdf_none.py
@@ -0,0 +1,38 @@
+"""
+test_017_kdf_none.py - test KDF data object
+
+Copyright (C) 2018  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from card_const import *
+from constants_for_test import *
+
+def test_verify_pw3(card):
+    v = card.verify(3, FACTORY_PASSPHRASE_PW3)
+    assert v
+
+def test_kdf_put_none(card):
+    r = card.cmd_put_data(0x00, 0xf9, b"")
+    if r:
+        card.configure_with_kdf()
+    assert r
+
+def test_verify_pw3_1(card):
+    v = card.verify(3, FACTORY_PASSPHRASE_PW3)
+    assert v