add more tests

ChangeLog

@@ -1,5 +1,11 @@
 2012-07-05  Niibe Yutaka  <gniibe@fsij.org>
 
+	More tests.
+	* test/*: Add tests for admin-less mode.
+	* test/features/990_reset_passphrase.feature: This is now for
+	admin-less mode.
+	* test/features/970_key_removal.feature: Ditto.
+
 	* src/openpgp.c (cmd_change_password): Call ac_reset_admin when
 	admin-less mode.
 	(cmd_reset_user_password): Likewise.

test/features/370_key_removal.feature

@@ -0,0 +1,39 @@
+Feature: key removal
+  In order to use a token
+  A token should have keys
+
+  Scenario: remove OPENPGP.1 key (sign)
+     When removing a key OPENPGP.1
+     Then it should get success
+
+  Scenario: remove OPENPGP.2 key (decrypt)
+     When removing a key OPENPGP.2
+     Then it should get success
+
+  Scenario: remove OPENPGP.3 key (authentication)
+     When removing a key OPENPGP.3
+     Then it should get success
+
+  Scenario: remove data object Finger print sig
+     Given cmd_put_data with c7 and ""
+     Then it should get success
+
+  Scenario: remove data object Finger print dec
+     Given cmd_put_data with c8 and ""
+     Then it should get success
+
+  Scenario: remove data object Finger print aut
+     Given cmd_put_data with c9 and ""
+     Then it should get success
+
+  Scenario: remove data object keygeneration data/time sig
+     Given cmd_put_data with ce and ""
+     Then it should get success
+
+  Scenario: remove data object keygeneration data/time dec
+     Given cmd_put_data with cf and ""
+     Then it should get success
+
+  Scenario: remove data object keygeneration data/time aut
+     Given cmd_put_data with d0 and ""
+     Then it should get success

test/features/380_personalization_reset.feature

@@ -0,0 +1,27 @@
+Feature: removal of data objects
+  In order to use a token
+  A token should have personalized data
+
+  Scenario: remove data object Login
+     Given cmd_put_data with 5e and ""
+     Then it should get success
+
+  Scenario: remove data object Name
+     Given cmd_put_data with 5b and ""
+     Then it should get success
+
+  Scenario: remove data object Language preference
+     Given cmd_put_data with 5f2d and ""
+     Then it should get success
+
+  Scenario: remove data object Sex
+     Given cmd_put_data with 5f35 and ""
+     Then it should get success
+
+  Scenario: remove data object URL
+     Given cmd_put_data with 5f50 and ""
+     Then it should get success
+
+  Scenario: remove data object pw1 status bytes
+     Given cmd_put_data with c4 and "\x00"
+     Then it should get success

test/features/390_reset_passphrase.feature

@@ -0,0 +1,7 @@
+Feature: reset pass phrase
+  In order to conform OpenPGP card 2.0 specification
+  A token should support pass phrase: PW1, PW3 and reset code
+
+  Scenario: setup PW3 (admin-full mode)
+     Given cmd_change_reference_data with 3 and "admin pass phrase"
+     Then it should get success

test/features/400_empty_check.feature

@@ -0,0 +1,79 @@
+Feature: confirm empty token
+  In order to start tests
+  A token should be empty (no data, no keys)
+
+  Scenario: data object Login
+     When requesting login data: 5e
+     Then you should get NULL
+
+  Scenario: data object Name
+     When requesting name: 5b
+     Then you should get NULL
+
+  Scenario: data object Language preference
+     When requesting anguage preference: 5f2d
+     Then you should get NULL
+
+  Scenario: data object Sex
+     When requesting sex: 5f35
+     Then you should get NULL
+
+  Scenario: data object URL
+     When requesting URL: 5f50
+     Then you should get NULL
+
+  Scenario: data object ds counter
+     When requesting ds counter: 93
+     Then you should get: \x00\x00\x00
+
+  Scenario: data object pw1 status bytes
+     When requesting pw1 status bytes: c4
+     Then you should get: \x00\x7f\x7f\x7f\x03\x03\x03
+
+  Scenario: data object finger print 0
+     When requesting finger print: c5
+     Then you should get: \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
+
+  Scenario: data object finger print 1
+     When requesting finger print: c7
+     Then you should get NULL
+
+  Scenario: data object finger print 2
+     When requesting finger print: c8
+     Then you should get NULL
+
+  Scenario: data object finger print 3
+     When requesting finger print: c9
+     Then you should get NULL
+
+  Scenario: data object CA finger print 0
+     When requesting finger print: c6
+     Then you should get: \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
+
+  Scenario: data object CA finger print 1
+     When requesting finger print: ca
+     Then you should get NULL
+
+  Scenario: data object CA finger print 2
+     When requesting finger print: cb
+     Then you should get NULL
+
+  Scenario: data object CA finger print 3
+     When requesting finger print: cc
+     Then you should get NULL
+
+  Scenario: data object date/time of key pair 0
+     When requesting date/time of key pair: cd
+     Then you should get: \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
+
+  Scenario: data object date/time of key pair 1
+     When requesting date/time of key pair: ce
+     Then you should get NULL
+
+  Scenario: data object date/time of key pair 2
+     When requesting date/time of key pair: cf
+     Then you should get NULL
+
+  Scenario: data object date/time of key pair 3
+     When requesting date/time of key pair: d0
+     Then you should get NULL

test/features/401_empty_check_passphrase.feature

@@ -0,0 +1,15 @@
+Feature: confirm empty token
+  In order to start tests
+  A token should be empty (no pass phrase)
+
+  Scenario: verify PW1 factory setting (1)
+     Given cmd_verify with 1 and "123456"
+     Then it should get success
+
+  Scenario: verify PW1 factory setting (2)
+     Given cmd_verify with 2 and "123456"
+     Then it should get success
+
+  Scenario: verify PW3 factory setting
+     Given cmd_verify with 3 and "12345678"
+     Then it should get success

test/features/402_get_data_static.feature

@@ -0,0 +1,27 @@
+Feature: command GET DATA
+  In order to conform OpenPGP card 2.0 specification
+  A token should support all mandatory features of the specification
+
+  Scenario: data object historical bytes
+     When requesting historical bytes: 5f52
+     Then you should get: \x00\x31\x84\x73\x80\x01\x80\x00\x90\x00
+
+  Scenario: data object extended capabilities
+     When requesting extended capabilities: c0
+     Then you should get: \x30\x00\x00\x00\x00\x00\x00\xff\x01\x00
+
+  Scenario: data object algorithm attributes 1
+     When requesting algorithm attributes 1: c1
+     Then you should get: \x01\x08\x00\x00\x20\x00
+
+  Scenario: data object algorithm attributes 2
+     When requesting algorithm attributes 2: c2
+     Then you should get: \x01\x08\x00\x00\x20\x00
+
+  Scenario: data object algorithm attributes 3
+     When requesting algorighm attributes 3: c3
+     Then you should get: \x01\x08\x00\x00\x20\x00
+
+  Scenario: data object AID
+     When requesting AID: 4f
+     Then data should match: \xd2\x76\x00\x01\x24\x01\x02\x00......\x00\x00

test/features/410_setup_passphrase.feature

@@ -0,0 +1,55 @@
+Feature: setup pass phrase
+  In order to conform OpenPGP card 2.0 specification
+  A token should support pass phrase: PW1, PW3 and reset code
+
+  Scenario: setup PW1 (admin-less mode)
+     Given cmd_change_reference_data with 1 and "123456user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW1 (1)
+     Given cmd_verify with 1 and "user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW1 (2)
+     Given cmd_verify with 2 and "user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW3 (admin-less mode)
+     Given cmd_verify with 3 and "user pass phrase"
+     Then it should get success
+
+  Scenario: setup reset code (in admin-less mode)
+     Given cmd_put_data with d3 and "example reset code 000"
+     Then it should get success
+
+  Scenario: reset pass phrase by reset code (in admin-less mode)
+     Given cmd_reset_retry_counter with 0 and "example reset code 000new user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW1 (1) again
+     Given cmd_verify with 1 and "new user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW1 (2) again
+     Given cmd_verify with 2 and "new user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW3 (admin-less mode) again
+     Given cmd_verify with 3 and "new user pass phrase"
+     Then it should get success
+
+  Scenario: change PW1
+     Given cmd_change_reference_data with 1 and "new user pass phraseanother user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW1 (1) again
+     Given cmd_verify with 1 and "another user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW1 (2) again
+     Given cmd_verify with 2 and "another user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW3 (admin-less mode) again
+     Given cmd_verify with 3 and "another user pass phrase"
+     Then it should get success

test/features/420_personalization_write.feature

@@ -0,0 +1,27 @@
+Feature: personalize token write
+  In order to use a token
+  A token should be personalized with name, sex, url, etc.
+
+  Scenario: data object Login
+     Given cmd_put_data with 5e and "gpg_user"
+     Then it should get success
+
+  Scenario: data object Name
+     Given cmd_put_data with 5b and "GnuPG User"
+     Then it should get success
+
+  Scenario: data object Language preference
+     Given cmd_put_data with 5f2d and "ja"
+     Then it should get success
+
+  Scenario: data object Sex
+     Given cmd_put_data with 5f35 and "1"
+     Then it should get success
+
+  Scenario: data object URL
+     Given cmd_put_data with 5f50 and "http://www.fsij.org/gnuk/"
+     Then it should get success
+
+  Scenario: data object pw1 status bytes
+     Given cmd_put_data with c4 and "\x01"
+     Then it should get success

test/features/421_personalization_read.feature

@@ -0,0 +1,27 @@
+Feature: personalize token read
+  In order to use a token
+  A token should be personalized with name, sex, url, etc.
+
+  Scenario: data object Login
+     When requesting login data: 5e
+     Then you should get: gpg_user
+
+  Scenario: data object Name
+     When requesting name: 5b
+     Then you should get: GnuPG User
+
+  Scenario: data object Language preference
+     When requesting anguage preference: 5f2d
+     Then you should get: ja
+
+  Scenario: data object Sex
+     When requesting sex: 5f35
+     Then you should get: 1
+
+  Scenario: data object URL
+     When requesting URL: 5f50
+     Then you should get: http://www.fsij.org/gnuk/
+
+  Scenario: data object pw1 status bytes
+     When requesting pw1 status bytes: c4
+     Then you should get: \x01\x7f\x7f\x7f\x03\x03\x03

test/features/430_key_registration.feature

@@ -0,0 +1,56 @@
+Feature: import keys to token 
+  In order to use a token
+  A token should have keys
+
+  Scenario: importing OPENPGP.1 key (sign)
+     Given a RSA key pair 0
+     And importing it to the token as OPENPGP.1
+     Then it should get success
+
+  Scenario: importing OPENPGP.2 key (decrypt)
+     Given a RSA key pair 1
+     And importing it to the token as OPENPGP.2
+     Then it should get success
+
+  Scenario: importing OPENPGP.3 key (authentication)
+     Given a RSA key pair 2
+     And importing it to the token as OPENPGP.3
+     Then it should get success
+
+  Scenario: setup data object Finger print sig
+     Given a fingerprint of OPENPGP.1 key
+     And put the data to c7
+     Then it should get success
+
+  Scenario: setup data object Finger print dec
+     Given a fingerprint of OPENPGP.2 key
+     And put the data to c8
+     Then it should get success
+
+  Scenario: setup data object Finger print aut
+     Given a fingerprint of OPENPGP.3 key
+     And put the data to c9
+     Then it should get success
+
+  Scenario: setup data object keygeneration data/time sig
+     Given a timestamp of OPENPGP.1 key
+     And put the data to ce
+     Then it should get success
+
+  Scenario: setup data object keygeneration data/time dec
+     Given a timestamp of OPENPGP.2 key
+     And put the data to cf
+     Then it should get success
+
+  Scenario: setup data object keygeneration data/time aut
+     Given a timestamp of OPENPGP.3 key
+     And put the data to d0
+     Then it should get success
+
+  Scenario: verify PW1 (1) again
+     Given cmd_verify with 1 and "another user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW1 (2) again
+     Given cmd_verify with 2 and "another user pass phrase"
+     Then it should get success

test/features/440_passphrase_change.feature

@@ -0,0 +1,51 @@
+Feature: change pass phrase
+  In order to conform OpenPGP card 2.0 specification
+  A token should support pass phrase: PW1, PW3 and reset code
+
+  Scenario: change PW1 (in admin-less mode)
+     Given cmd_change_reference_data with 1 and "another user pass phrasePASSPHRASE SHOULD BE LONG"
+     Then it should get success
+
+  Scenario: verify PW1 (1) again
+     Given cmd_verify with 1 and "PASSPHRASE SHOULD BE LONG"
+     Then it should get success
+
+  Scenario: verify PW1 (2) again
+     Given cmd_verify with 2 and "PASSPHRASE SHOULD BE LONG"
+     Then it should get success
+
+  Scenario: verify PW3 (admin-less mode)
+     Given cmd_verify with 3 and "PASSPHRASE SHOULD BE LONG"
+     Then it should get success
+
+  Scenario: setup reset code again (in admin-less mode)
+     Given cmd_put_data with d3 and "example reset code 000"
+     Then it should get success
+
+  Scenario: reset pass phrase by reset code (in admin-less mode)
+     Given cmd_reset_retry_counter with 0 and "example reset code 000new user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW1 (1) again
+     Given cmd_verify with 1 and "new user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW1 (2) again
+     Given cmd_verify with 2 and "new user pass phrase"
+     Then it should get success
+
+  Scenario: change PW1
+     Given cmd_change_reference_data with 1 and "new user pass phraseanother user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW1 (1) again
+     Given cmd_verify with 1 and "another user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW1 (2) again
+     Given cmd_verify with 2 and "another user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW3 (admin-less mode)
+     Given cmd_verify with 3 and "another user pass phrase"
+     Then it should get success

test/features/500_compute_signature.feature

@@ -0,0 +1,31 @@
+Feature: compute digital signature
+  In order to use a token
+  A token should compute digital signature properly
+
+  Scenario: compute digital signature by OPENPGP.1 key (1)
+     Given a message "This is a test message."
+     And let a token compute digital signature
+     And compute digital signature on host with RSA key pair 0
+     Then results should be same
+
+  Scenario: compute digital signature by OPENPGP.1 key (2)
+     Given a message "This is another test message.\nMultiple lines.\n"
+     And let a token compute digital signature
+     And compute digital signature on host with RSA key pair 0
+     Then results should be same
+
+  Scenario: compute digital signature by OPENPGP.3 key (1)
+     Given a message "This is a test message."
+     And let a token authenticate
+     And compute digital signature on host with RSA key pair 2
+     Then results should be same
+
+  Scenario: compute digital signature by OPENPGP.3 key (2)
+     Given a message "This is another test message.\nMultiple lines.\n"
+     And let a token authenticate
+     And compute digital signature on host with RSA key pair 2
+     Then results should be same
+
+  Scenario: data object ds counter
+     When requesting ds counter: 93
+     Then you should get: \x00\x00\x02

test/features/501_decryption.feature

@@ -0,0 +1,16 @@
+Feature: decryption 
+  In order to use a token
+  A token should decrypt encrypted data
+
+  Scenario: decrypt by OPENPGP.2 key (1)
+     Given a plain text "This is a test message."
+     And encrypt it on host with RSA key pair 1
+     And let a token decrypt encrypted data
+     Then decrypted data should be same as a plain text
+
+  Scenario: decrypt by OPENPGP.2 key (2)
+     Given a plain text "RSA decryption is as easy as pie."
+     And encrypt it on host with RSA key pair 1
+     And let a token decrypt encrypted data
+     Then decrypted data should be same as a plain text
+

test/features/600_key_removal.feature

@@ -0,0 +1,44 @@
+@keygen
+Feature: key removal
+  In order to use a token
+  A token should have keys
+
+  Scenario: remove OPENPGP.1 key (sign)
+     When removing a key OPENPGP.1
+     Then it should get success
+
+  Scenario: remove OPENPGP.2 key (decrypt)
+     When removing a key OPENPGP.2
+     Then it should get success
+
+  Scenario: remove OPENPGP.3 key (authentication)
+     When removing a key OPENPGP.3
+     Then it should get success
+
+  Scenario: verify PW3 (admin-less mode)
+     Given cmd_verify with 3 and "12345678"
+     Then it should get success
+
+  Scenario: remove data object Finger print sig
+     Given cmd_put_data with c7 and ""
+     Then it should get success
+
+  Scenario: remove data object Finger print dec
+     Given cmd_put_data with c8 and ""
+     Then it should get success
+
+  Scenario: remove data object Finger print aut
+     Given cmd_put_data with c9 and ""
+     Then it should get success
+
+  Scenario: remove data object keygeneration data/time sig
+     Given cmd_put_data with ce and ""
+     Then it should get success
+
+  Scenario: remove data object keygeneration data/time dec
+     Given cmd_put_data with cf and ""
+     Then it should get success
+
+  Scenario: remove data object keygeneration data/time aut
+     Given cmd_put_data with d0 and ""
+     Then it should get success

test/features/601_setup_passphrase.feature

@@ -0,0 +1,40 @@
+@keygen
+Feature: setup pass phrase
+  In order to conform OpenPGP card 2.0 specification
+  A token should support pass phrase: PW1, PW3 and reset code
+
+  Scenario: setup PW1 (admin-less mode)
+     Given cmd_change_reference_data with 1 and "123456user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW1 (1)
+     Given cmd_verify with 1 and "user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW1 (2)
+     Given cmd_verify with 2 and "user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW3 (admin-less mode)
+     Given cmd_verify with 3 and "user pass phrase"
+     Then it should get success
+
+  Scenario: setup reset code (in admin-less mode)
+     Given cmd_put_data with d3 and "example reset code 000"
+     Then it should get success
+
+  Scenario: reset pass phrase by reset code (in admin-less mode)
+     Given cmd_reset_retry_counter with 0 and "example reset code 000another user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW1 (1) again
+     Given cmd_verify with 1 and "another user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW1 (2) again
+     Given cmd_verify with 2 and "another user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW3 (admin-less mode) again
+     Given cmd_verify with 3 and "another user pass phrase"
+     Then it should get success

test/features/602_keygen.feature

@@ -0,0 +1,30 @@
+@keygen
+Feature: key generation
+  In order to use a token
+  A token should have keys
+
+  Scenario: generate OPENPGP.1 key (sign)
+     When generating a key of OPENPGP.1
+     And put the first data to c7
+     And put the second data to ce
+     Then it should get success
+
+  Scenario: generate OPENPGP.2 key (decrypt)
+     When generating a key of OPENPGP.2
+     And put the first data to c8
+     And put the second data to cf
+     Then it should get success
+
+  Scenario: generate OPENPGP.3 key (authentication)
+     When generating a key of OPENPGP.3
+     And put the first data to c9
+     And put the second data to d0
+     Then it should get success
+
+  Scenario: verify PW1 (1) after keygen
+     Given cmd_verify with 1 and "another user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW1 (2) after keygen
+     Given cmd_verify with 2 and "another user pass phrase"
+     Then it should get success

test/features/603_passphrase_change.feature

@@ -0,0 +1,67 @@
+Feature: change pass phrase
+  In order to conform OpenPGP card 2.0 specification
+  A token should support pass phrase: PW1, PW3 and reset code
+
+  Scenario: change PW1
+     Given cmd_change_reference_data with 1 and "another user pass phrasePASSPHRASE SHOULD BE LONG"
+     Then it should get success
+
+  Scenario: verify PW1 (1) again
+     Given cmd_verify with 1 and "PASSPHRASE SHOULD BE LONG"
+     Then it should get success
+
+  Scenario: verify PW1 (2) again
+     Given cmd_verify with 2 and "PASSPHRASE SHOULD BE LONG"
+     Then it should get success
+
+  Scenario: verify PW3 (admin-less mode)
+     Given cmd_verify with 3 and "PASSPHRASE SHOULD BE LONG"
+     Then it should get success
+
+  Scenario: setup reset code again (in admin-less mode)
+     Given cmd_put_data with d3 and "example reset code 111"
+     Then it should get success
+
+  Scenario: reset pass phrase by reset code (in admin-less mode)
+     Given cmd_reset_retry_counter with 0 and "example reset code 111new user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW1 (1) again
+     Given cmd_verify with 1 and "new user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW1 (2) again
+     Given cmd_verify with 2 and "new user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW3 (admin-less mode)
+     Given cmd_verify with 3 and "new user pass phrase"
+     Then it should get success
+
+  Scenario: reset pass phrase by admin (in admin-less mode)
+     Given cmd_reset_retry_counter with 2 and "new user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW1 (1) again
+     Given cmd_verify with 1 and "new user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW1 (2) again
+     Given cmd_verify with 2 and "new user pass phrase"
+     Then it should get success
+
+  Scenario: change PW1
+     Given cmd_change_reference_data with 1 and "new user pass phraseanother user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW1 (1) again
+     Given cmd_verify with 1 and "another user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW1 (2) again
+     Given cmd_verify with 2 and "another user pass phrase"
+     Then it should get success
+
+  Scenario: verify PW3 (admin-less mode)
+     Given cmd_verify with 3 and "another user pass phrase"
+     Then it should get success

test/features/610_compute_signature.feature

@@ -0,0 +1,36 @@
+@keygen
+Feature: compute digital signature
+  In order to use a token
+  A token should compute digital signature properly
+
+  Scenario: compute digital signature by OPENPGP.1 key (1)
+     Given a message "This is a test message."
+     And a public key from token for OPENPGP.1
+     And let a token compute digital signature
+     And verify signature
+     Then it should get success
+
+  Scenario: compute digital signature by OPENPGP.1 key (2)
+     Given a message "This is another test message.\nMultiple lines.\n"
+     And a public key from token for OPENPGP.1
+     And let a token compute digital signature
+     And verify signature
+     Then it should get success
+
+  Scenario: compute digital signature by OPENPGP.3 key (1)
+     Given a message "This is a test message."
+     And a public key from token for OPENPGP.3
+     And let a token authenticate
+     And verify signature
+     Then it should get success
+
+  Scenario: compute digital signature by OPENPGP.3 key (2)
+     Given a message "This is another test message.\nMultiple lines.\n"
+     And a public key from token for OPENPGP.3
+     And let a token authenticate
+     And verify signature
+     Then it should get success
+
+  Scenario: data object ds counter
+     When requesting ds counter: 93
+     Then you should get: \x00\x00\x02

test/features/611_decryption.feature

@@ -0,0 +1,19 @@
+@keygen
+Feature: decryption 
+  In order to use a token
+  A token should decrypt encrypted data
+
+  Scenario: decrypt by OPENPGP.2 key (1)
+     Given a plain text "This is a test message."
+     And a public key from token for OPENPGP.2
+     And encrypt it on host
+     And let a token decrypt encrypted data
+     Then decrypted data should be same as a plain text
+
+  Scenario: decrypt by OPENPGP.2 key (2)
+     Given a plain text "RSA decryption is as easy as pie."
+     And a public key from token for OPENPGP.2
+     And encrypt it on host
+     And let a token decrypt encrypted data
+     Then decrypted data should be same as a plain text
+

test/features/970_key_removal.feature

@@ -14,6 +14,10 @@ Feature: key removal
      When removing a key OPENPGP.3
      Then it should get success
 
+  Scenario: verify PW3 (admin-less mode)
+     Given cmd_verify with 3 and "12345678"
+     Then it should get success
+
   Scenario: remove data object Finger print sig
      Given cmd_put_data with c7 and ""
      Then it should get success

test/features/990_reset_passphrase.feature

@@ -1,7 +1,7 @@
-Feature: reset pass phrase
+Feature: confirm factory setting pass phrase
   In order to conform OpenPGP card 2.0 specification
   A token should support pass phrase: PW1, PW3 and reset code
 
-  Scenario: setup PW3 (admin-full mode)
+  Scenario: verify PW3 (admin-less mode)
-     Given cmd_change_reference_data with 3 and "admin pass phrase"
+     Given cmd_verify with 3 and "12345678"
      Then it should get success