Version 1.2.17.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

.gitignore

@@ -6,6 +6,7 @@ src/.dep
 src/config.mk
 src/config.h
 src/gnuk.ld
+src/stdaln-sys.ld
 src/board.h
 src/build/*
 src/*.inc
@@ -16,3 +17,4 @@ regnual/regnual.elf
 doc/_build
 tests/.cache
 tests/__pycache__
+tests/.pytest_cache

AUTHORS

@@ -11,6 +11,16 @@ Anthony Romano:
 	src/main.c
 	src/mod.c
 
+Bertrand Jacquin
+    Modified:
+	tool/add_openpgp_authkey_from_gpgssh.py
+	tool/calc_precompute_table_ecc.py
+	tool/dfuse.py
+	tool/dump_mem.py
+	tool/get_raw_public_key.py
+	tool/pageant_proxy_to_gpg.py
+	tool/pinpadtest.py
+
 Jeremy Drake:
     Modified:
 	regnual/regnual.c
@@ -65,3 +75,20 @@ NIIBE Yutaka:
 	src/usb_lld.h
 	*
 	and others.
+
+Peter Lebbing:
+    Modified:
+	src/config.h.in
+	src/configure
+	src/main.c
+	src/Makefile
+    Wrote:
+	src/stdaln-sys.ld.in
+
+Vincent Pelletier:
+    Modified:
+	test/features/202_setup_passphrase.feature
+	test/rsa_keys.py
+	tests/card_reader.py
+	tests/rsa_keys.py
+        tool/gnuk_token.py

ChangeLog

@@ -1,3 +1,238 @@
+2021-02-25  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* VERSION: 1.2.17.
+
+2021-02-22  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/config.h.in (@KDF_DO_REQUIRED_DEFINE@): New.
+
+	* src/configure (KDF_DO_REQUIRED_DEFINE): New for GNU/Linux.
+
+	* src/openpgp-do.c (gpg_do_kdf_check): When LEN==0, check if
+	KDO data object is available.
+	[KDF_DO_REQUIRED] (proc_key_import): Refuse the key import when
+	KDF data object is not available.
+
+	* src/openpgp.c [KDF_DO_REQUIRED] (cmd_pgp_gakp): Refuse key
+	generation when KDF data object is not available.
+
+2021-02-19  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* tool/gnuk-emulation-setup: Remove.
+
+	* tool/upgrade_by_passwd.py (main): Use tobytes.
+	* tool/gnuk_get_random.py: Likewise.
+	* tool/gnuk_remove_keys_libusb.py (main): Likewise.
+	Switch to Python3.
+	* tool/gnuk_put_binary_libusb.py (main): Use tobytes.
+	Switch to Python3.
+	* tool/gnuk_upgrade.py (main): Use tobytes.
+	Switch to Python3.
+
+	* chopstx: Update to 1.19.
+
+2021-02-18  Vincent Pelletier <plr.vincent@gmail.com>
+
+	* test/features/202_setup_passphrase.feature: Fix.
+	* test/rsa_keys.py: Fix escape.
+	* tests/card_reader.py: Extend the timeout.
+	Handle no card.
+	* tests/rsa_keys.py: Fix escape.
+	* tool/gnuk_token.py: Avoid hard-coding the endpoints.
+	Longer timeout.
+
+2021-02-18  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/configure [GNU_LINUX_EMULATION] (def_mhz): Define.
+	(output_vendor_product_serial_strings): Output ARCH.
+
+	* GNUK_USB_DEVICE_ID: Use "Gnuk Token" for emulation, too.
+
+	* src/main.c [GNU_LINUX_EMULATION] (main): Add initialization of
+	the .gnuk-flash-image file.
+	(gnuk_sbrk): Rename from sbrk.
+
+2020-09-10  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* VERSION: 1.2.16.
+
+2020-09-09  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/modp256k1.c (modp256k1_add, modp256k1_sub): Use memcpy with
+	dummy memory area.
+	* src/modp256r1.c (modp256r1_add, modp256r1_sub)
+	(modp256r1_reduce): Likewise.
+
+2020-09-08  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/modp256k1.c (modp256k1_add, modp256k1_reduce): Avoid
+	optimization to remove call of memmove.
+	* src/modp256r1.c (modp256r1_add, modp256r1_sub)
+	(modp256r1_reduce): Likewise.
+
+2020-09-07  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp.c (gpg_get_firmware_update_key): Use an array.
+
+	* src/modp256k1.c (modp256k1_add, modp256k1_sub): Use memmove.
+	* src/modp256r1.c (modp256r1_add, modp256r1_sub)
+	(modp256r1_reduce): Likewise.
+
+2020-09-04  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp-do.c (GPG_DO_ALG_INFO): New.
+	(do_fp_all, do_cafp_all, do_kgtime_all, do_openpgpcard_aid)
+	(do_ds_count): Return nothing.
+	(copy_do): Change the API for DO_PROC_READ.
+	(do_alg_info): New for GPG_DO_ALG_INFO.
+	(gpg_do_table): Add an entry for GPG_DO_ALG_INFO.
+
+2020-09-03  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp.c (cmd_internal_authenticate): Remove checking
+	against EDDSA_HASH_LEN_MAX.
+	(cmd_pso): Likewise.
+
+2020-08-28  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp.c (cmd_reset_user_password): Add passphrase length
+	check.
+
+2020-08-26  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/ac.c (verify_user_0): Fix for a use case of having
+	signing key only.
+	(verify_admin_00): Clean up.
+
+	* tests/test_000_empty_card.py (test_name_lang_sex): Support
+	OpenPGP card version 3.3.
+
+2020-01-24  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* VERSION: 1.2.15.
+
+2020-01-11  Bertrand Jacquin <bertrand@jacquin.bzh>
+
+	* tool/add_openpgp_authkey_from_gpgssh.py: Switch to Python3.
+	* tool/calc_precompute_table_ecc.py: Likewise.
+	* tool/dfuse.py: Likewise.
+	* tool/dump_mem.py: Likewise.
+	* tool/get_raw_public_key.py: Likewise.
+	* tool/pageant_proxy_to_gpg.py: Likewise.
+
+2019-12-30  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* chopstx: Update to 1.18.
+
+2019-06-18  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/bn.c (bn256_random): More portable.
+
+2019-04-03  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* tests: Factor out tests into classes.
+
+2019-03-04  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* VERSION: 1.2.14.
+
+	* chopstx: Update to 1.14.
+
+	* tool/gnuk_token.py: Add 1209:2440.
+
+2019-02-24  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/usb-ccid.c (ccid_thread): Clean up the ack button state
+	at reset (by SET_INTERFACE).
+
+	* tool/gnuk_token.py (gnuk_token.__init__): Add back
+	setAltInterface to issue SET_INTERFACE control transfer.
+
+2019-02-22  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* tool/gnuk_get_random.py: New.
+
+	* src/openpgp.c (cmd_external_authenticate): move
+	ACKBTN_SUPPORT to...
+	(cmd_get_challenge): ... here.
+
+	* src/gnuk.h (EV_*): Change the values.
+
+	* src/usb-ccid.c (GPG_ACK_TIMEOUT): New.
+	(ccid_thread): Implement timout for the user interaction.
+
+2019-02-21  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* GNUK_USB_DEVICE_ID: Add 1209:2440.
+
+2018-12-26  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* VERSION: 1.2.13.
+
+2018-12-22  Peter Lebbing <peter@digitalbrains.com>
+
+	* src/main.c (device_initialize_once): Fill the stack address and
+	reset vector of Gnuk application (was the one of old SYS).
+	Reset the board after updating the first five pages of flash.
+
+2018-12-21  Peter Lebbing <peter@digitalbrains.com>
+
+	* src/main.c [DFU_SUPPORT] (flash_write_any): New.
+	(device_initialize_once): Overwrite DFU bootloader by SYS.
+	(main): Use SYS at ORIGIN_REAL.
+
+	* src/stdaln-sys.ld.in: New.
+
+	* src/Makefile [USE_DFU] (OBJS_ADD): Add standalone SYS object.
+	Add rules for stdaln-sys-bin.o and src/stdaln-sys.ld.
+
+	* src/configure: Generate stdaln-sys.ld.
+	[MAPLE_MINI]: Tweak ORIGIN and FLASH_SIZE.
+	(ORIGIN_DEFINE, ORIGIN_REAL_DEFINE): New macros.
+	(USE_DFU): New make variable.
+
+	* src/config.h.in (ORIGIN_DEFINE, ORIGIN_REAL_DEFINE): New.
+
+2018-12-20  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* chopstx: Update to 1.13.
+
+2018-12-07  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/gnuk.h (EV_EXEC_ACK_REQUIRED): Have precedence
+	than EV_EXEC_FINISHED.
+
+2018-12-06  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/usb-ccid.c (ccid_thread): Priority of handling
+	EV_TX_FINISHED is most important.  Don't handle
+	Ack button event when c->tx_busy = 1.
+
+2018-12-05  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp.c (cmd_external_authenticate): Support
+	ACK button for firmware update.
+
+2018-12-04  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp-do.c (gpg_data_copy): Fix for NR_DO_UIF_SIG.
+
+2018-11-25  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* VERSION: 1.2.12.
+
+2018-11-21  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/usb-ccid.c (ccid_thread): Fix a race condition sending
+	result APDU by ack button, time out, sending time extension block
+	again while tx_busy=1.
+
+2018-11-17  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/main.c (device_initialize_once): Depends on MHZ to
+	distinguish GD32F103.
+	* src/openpgp-do.c (do_openpgpcard_aid): Ditto.
+
 2018-11-12  NIIBE Yutaka  <gniibe@fsij.org>
 
 	* VERSION: 1.2.11.

GNUK_USB_DEVICE_ID

@@ -1,5 +1,6 @@
 # VID:PID	bcdDev	Product_STRING	Vendor_STRING
-0000:0000	0200	Gnuk Emulation	Free Software Initiative of Japan
+0000:0000	0200	Gnuk Token	Free Software Initiative of Japan
 234b:0000	0200	Gnuk Token	Free Software Initiative of Japan
 20a0:4211	0200	Nitrokey Start	Nitrokey
+1209:2440	0200	Gnuk Token	GnuPG e.V.
 ##########<TAB>	##<TAB>	##########<TAB>	#################

NEWS

@@ -1,6 +1,102 @@
 Gnuk NEWS - User visible changes
 
 
+* Major changes in Gnuk 1.2.17
+
+  Released 2021-02-25, by NIIBE Yutaka
+
+** GNU/Linux: KDF Data Object is required before keygen and key import
+For GNU/Linux emulation, KDF Data Object is required before keygen and
+key import.
+
+** GNU/Linux emulation
+Since 1.2.10, it was not build-able because of MHZ definition.  It is
+build-able again, and its USB product string is now "Gnuk Token".  It
+has ACK button support using terminal.  It now has start-up message,
+and its driver show useful information to setup USBIP.  When no file
+for the .gnuk-flash-image file, it is automatically created.
+
+** Removal of tool/gnuk-emulation-setup
+Because it is automatically created, the tool is not needed any more.
+
+** Upgrade of Chopstx
+We use Chopstx 1.19.
+
+
+* Major changes in Gnuk 1.2.16
+
+  Released 2020-09-10, by NIIBE Yutaka
+
+** New Data Object (Algorithm Information) of OpenPGP card v3.4
+The tag is 0x00FA.  This is useful for user interaction to show which
+algorithms are supported by the device.
+
+** Ed25519 signing allowing longer message
+For OpenPGP, it does hashing on host side before requesting signing to
+the device.  Thus, the length of message to be signed is limited and
+determined by the hash algorithm.  That's good feature of OpenPGP.  On
+the other hand, there is a use case, like OpenSSH certificate signing,
+where the length of message is a kind of arbitrary.  Even though Gnuk
+(or OpenPGP card protocol itself) has limitation, we removed the
+length check against EDDSA_HASH_LEN_MAX at cmd_pso.
+
+
+* Major changes in Gnuk 1.2.15
+
+  Released 2020-01-24, by NIIBE Yutaka
+
+** Switch to Python3
+Scripts under tool/ are switched to Python3.
+Thanks to Bertrand Jacquin.
+
+** Upgrade of Chopstx
+We use Chopstx 1.18.
+
+** Tests also support OpenPGPcard
+Now, a test suite under "tests" may be used to OpenPGPcard.
+
+
+* Major changes in Gnuk 1.2.14
+
+  Released 2019-03-05, by NIIBE Yutaka
+
+** Timeout for ACK button support
+When a user doesn't acknowledge (> 15 seconds), the operation
+timeouts, and authentication state is cleared.
+
+** Upgrade of Chopstx
+We use Chopstx 1.14.
+
+
+* Major changes in Gnuk 1.2.13
+
+  Released 2018-12-26, by NIIBE Yutaka
+
+** DFU support and its firmware upgrade fix
+DFU support was not well maintained, and firmware upgrade was not
+possible for boards with DFU.  Now, at least for Maple Mini, it is
+tested.  Note that using Gnuk with DFU on a board is only for an
+experiment, because DFU can access the content of flash ROM.  DFU
+should be killed by upgrading to normal Gnuk, so that you can have
+your private keys.
+
+** Fix for UIF Data Object
+When flash ROM is full and coping to new page, UIF DO was not properly
+copied.  This bug resulted losing the flag for user interaction.  Now,
+it's properly copied, keeping the setting of the feature.
+
+** Upgrade of Chopstx
+We use Chopstx 1.13.
+
+
+* Major changes in Gnuk 1.2.12
+
+  Released 2018-11-25, by NIIBE Yutaka
+
+** FST-01SZ fixes
+Fixes for Ack button support and serial number.
+
+
 * Major changes in Gnuk 1.2.11
 
   Released 2018-11-12, by NIIBE Yutaka

README

@@ -1,24 +1,23 @@
 Gnuk - An Implementation of USB Cryptographic Token for GnuPG
 
-							 Version 1.2.11
-							     2018-11-12
+							 Version 1.2.17
+							     2021-02-25
 							   Niibe Yutaka
 				      Free Software Initiative of Japan
 
 Release Notes
 =============
 
-This is the release of Gnuk, version 1.2.11, which has major
+This is the release of Gnuk, version 1.2.17, which has major
 incompatible changes to Gnuk 1.0.x.  Specifically, it now supports
 overriding key import, but importing keys (or generating keys) results
 password reset.  Also, you need to import private keys before changing
 your password.  Please update your documentation for Gnuk Token, so
 that the instruction of importing keys won't cause any confusion.
 
-It has supports of EdDSA, ECDSA (with NIST P256 and secp256k1), and
-ECDH (with X25519, NIST P256 and secp256k1), but this ECC feature is
-somehow experimental, and it requires modern GnuPG 2.2 with libgcrypt
-1.7.0 or later.
+It has supports of Ed25519 and X25519 (ECDH on Curve25519).  It also
+has experimental support of ECDSA (on NIST P256 and secp256k1) and
+ECDH (on NIST P256 and secp256k1).
 
 It also supports RSA-4096, but users should know that it takes more
 than 8 seconds to sign/decrypt.  Key generation of RSA-4096 just fails,
@@ -29,7 +28,8 @@ experimental.  To use the feature, you need to use newer GnuPG (2.2.6
 or later).  You need to prepare the KDF-DO on your token by the
 card-edit/kdf-setup command.
 
-With FST-01SZ, experimental ack button support is available for test.
+With FST-01SZ and GNU/Linux emulation, experimental ack button support
+is available for test.
 
 
 What's Gnuk?
@@ -54,7 +54,7 @@ FAQ
 ===
 
 Q0: How Gnuk USB Token is superior than other solutions (OpenPGP
-    card 2.0, YubiKey, etc.) ?
+    card 2.0/3.3/3.4, YubiKey, etc.) ?
     https://www.g10code.de/p-card.html
     https://www.yubico.com/
 A0: Good points of Gnuk are:
@@ -75,17 +75,16 @@ A1: Gnuk version 1.0 only supports RSA-2048.
 
 Q2: How long does it take for digital signing?
 A2: It takes a second and a half or so for RSA-2048. 
-    It takes more than 8 secondd for RSA-4096.
+    It takes more than 8 seconds for RSA-4096.
 
 Q3: What's your recommendation for target board?
 A3: Orthodox choice is Olimex STM32-H103.
-    FST-01 (Flying Stone Tiny 01) is available for sale, and it is a
-    kind of the best choice, hopefully.
-    If you have a skill of electronics, STM32 Nucleo F103 is the best
-    choice for experiment.
+    FST-01SZ (Flying Stone Tiny 01 SZ) is available for sale, and it
+    is a kind of the best choice, hopefully.  If you have a skill of
+    electronics, STM32 Nucleo F103 is the best choice for experiment.
 
 Q4: What's version of GnuPG are you using?
-A4: In Debian GNU/Linux system, I use GnuPG modern 2.1.18.
+A4: In Debian GNU/Linux system, I use GnuPG modern 2.2.23.
 
 Q5: What's version of pcscd and libccid are you using?
 A5: I don't use them, pcscd and libccid are optional, you can use Gnuk
@@ -146,14 +145,20 @@ Ac: That's because gnome-keyring-daemon interferes GnuPG.  Please
 Qd: Do you know a good SWD debugger to connect FST-01 or something?
 Ad: ST-Link/V2 is cheap one.  We have a tool/stlinkv2.py as flash ROM
     writer program.  STM32 Nucleo F103 comes with the valiant of
-    ST-Link/V2.  However, the firmware of ST-Link/V2 is proprietary.
-    Now, I develop BBG-SWD, SWD debugger by BeagleBone Green.
+    ST-Link/V2.  Note that the firmware of ST-Link/V2 is proprietary.
+    So, in case of transparency matters, ST-Link/V2 would not be your
+    choice.
+    I care transparency for our process of manufacturing FST-01SZ (and
+    better control by Free Software, in general), thus, I develop
+    BBG-SWD, SWD debugger by BeagleBone Green.
+    I use ST-Link/V2 for daily development.  For serious task like
+    flashing product, I use BBG-SWD.
 
 
 Tested features
 ===============
 
-Gnuk is tested by test suite.  Please see the test directory.
+Gnuk is tested by test suite.  Please see the "tests" directory.
 
 	* Personalization of the card
 	  * Changing Login name, URL, Name, Sex, Language, etc.
@@ -190,16 +195,6 @@ DfuSe is for experiment only, because it is impossible for DfuSe to
 disable read from flash.  For real use, please consider killing DfuSe
 and enabling read protection using JTAG debugger.
 
-For experimental PIN-pad support, I connect a consumer IR receive
-module to FST-01, and use controller for TV.  PIN verification is
-supported by this configuration.  Yes, it is not secure at all, since
-it is very easy to monitor IR output of the controllers.  It is just
-an experiment.  Note that hardware needed for this experiment is only
-a consumer IR receive module which is as cheap as 50 JPY.
-
-Note that you need pinpad support for GnuPG to use PIN-pad enabled
-Gnuk.  The pinpad support for GnuPG is only available in version 2.
-
 
 Build system and Host system
 ============================
@@ -210,9 +205,8 @@ If your bash is not installed as /bin/bash, you need to run configure
 script prepending 'bash' before './configure'.
 
 Some tools are written in Python.  If your Python is not installed as
-/usr/bin/python, please prepend 'python' for your command invocation.
-Python 2.7 and PyUSB 0.4.3 is assumed.  I also use Python 3.5 and
-PyUSB 1.0.0.
+/usr/bin/python, please prepend 'python' or 'python3' for your command
+invocation.  I use Python 3.8 and PyUSB 1.0.2.
 
 
 Source code
@@ -249,7 +243,7 @@ External source code
 
 Gnuk is distributed with external source code.
 
-* chopstx/  -- Chopstx 1.11
+* chopstx/  -- Chopstx 1.19
 
   We use Chopstx as the kernel for Gnuk.
 
@@ -368,13 +362,13 @@ How to compile
 
 You need GNU toolchain and newlib for 'arm-none-eabi' target.
 
-On Debian we can install the packages of gcc-arm-none-eabi,
-gdb-arm-none-eabi and its friends.  I'm using:
+On Debian we can install the packages of gcc-arm-none-eabi
+and its friends.  I'm using:
 
-	binutils-arm-none-eabi	2.31.1-2+10
-	gcc-arm-none-eabi 	15:7-2018-q2-4
-	gdb-arm-none-eabi 	7.12-6+9+b2
-	libnewlib-arm-none-eabi	3.0.0.20180802-2
+	binutils-arm-none-eabi	2.35.1-7+14+b1
+	gcc-arm-none-eabi 	15:8-2019-q3-1+b1
+	libnewlib-arm-none-eabi	3.3.0-1
+	gdb-multiarch 		10.1-1.7
 
 Or else, see https://launchpad.net/gcc-arm-embedded for preparation of
 GNU Toolchain for 'arm-none-eabi' target.
@@ -432,10 +426,12 @@ OpenOCD 0.9.0 now supports ST-Link/V2.  We can use it like:
             -c "program build/gnuk.elf verify reset exit"
 
 
-
 STBee
 -----
 
+Note that this is only for your experiment; Your private key materials
+on the board can be accessed by DfuSe.
+
 Reset the board with "USER" switch pushed.  Type following to write
 to flash:
 
@@ -474,7 +470,7 @@ protect, killing DfuSe and accessing by JTAG debugger is recommended.
 This is completely optional.
 
 For this procedure, you need python and pyscard (python-pyscard
-package in Debian) or PyUSB 0.4.3 (python-usb package in Debian).
+package in Debian) or PyUSB (python-usb package in Debian).
 
 (1) [pyscard] Stop scdaemon
     [PyUSB] Stop the pcsc daemon.
@@ -486,7 +482,7 @@ Exception" by "Sharing violation".
 
 In case of PyUSB tool, you need to stop pcscd.
 
-  # /etc/init.d/pcscd stop
+  # systemctl stop pcscd
 
 
 (2) [Optional] Write fixed serial number
@@ -599,7 +595,7 @@ You can get it by:
     $ git clone https://salsa.debian.org/gnuk-team/gnuk/gnuk.git
 
 It's also available at: www.gniibe.org
-You can browse at: https://git.gniibe.org/gitweb?p=gnuk/gnuk.git;a=summary
+You can browse at: https://git.gniibe.org/cgit/gnuk/gnuk.git/
 
 I put Chopstx as a submodule of Git.  Please do this:
 

THANKS

@@ -35,10 +35,12 @@ Nico Rikken		nico@nicorikken.eu
 NOKUBI Takatsugu	knok@daionet.gr.jp
 Paul Fertser
 Paul Bakker		polarssl_maintainer@polarssl.org
+Peter Lebbing		peter@digitalbrains.com
 Santiago Ruano Rincón	santiago@debian.org
 Shane Coughlan		scoughlan@openinventionnetwork.com
 Stanislas Bach		sbach@0g.re
 Szczepan Zalega		szczepan@nitrokey.com
 Vasily Evseenko
+Vincent Pelletier	plr.vincent@gmail.com
 Werner Koch		wk@gnupg.org
 Yuji Imai		ug@xcast.jp

VERSION

@@ -1 +1 @@
-release/1.2.11
+release/1.2.17

regnual/Makefile

@@ -52,6 +52,7 @@ regnual-no-vidpid.elf: $(OBJS) $(LDSCRIPT)
 	$(CC) $(LDFLAGS) -o regnual-no-vidpid.elf $(OBJS)
 
 clean:
-	-rm -f $(OBJS) regnual.elf regnual.hex regnual.bin *.lst
+	-rm -f $(OBJS) regnual-no-vidpid.elf regnual.elf regnual.hex regnual.bin \
+		*.lst
 
 distclean: clean

src/Makefile

@@ -53,6 +53,10 @@ ifeq ($(CHIP),stm32f103)
 CSRC += mcu-stm32f103.c 
 endif
 
+ifneq ($(USE_DFU),)
+OBJS_ADD += build/stdaln-sys-bin.o
+endif
+
 ###################################
 CC   = $(CROSS)gcc
 LD   = $(CROSS)gcc
@@ -72,9 +76,19 @@ sys.c: board.h
 
 build/bignum.o: OPT = -O3 -g
 
+build/stdaln-sys.elf: build/sys-$(CHIP).o stdaln-sys.ld
+	@echo
+	$(LD) -v $< $(MCFLAGS) -nostartfiles -Tstdaln-sys.ld -Wl,--no-warn-mismatch,--gc-sections $(LLIBDIR) -o $@
+
+build/stdaln-sys-bin.o: build/stdaln-sys.elf
+	@echo
+	$(OBJCOPY) -O binary -j .sys $< build/stdaln-sys.bin
+	$(OBJCOPY) -I binary -O default --rename-section .data=.rodata \
+		build/stdaln-sys.bin $@
+
 distclean: clean
-	-rm -f gnuk.ld config.h board.h config.mk \
-	       usb-strings.c.inc usb-vid-pid-ver.c.inc
+	-rm -f gnuk.ld stdaln-sys.ld config.h board.h config.mk \
+	       usb-strings.c.inc put-vid-pid-ver.sh
 
 ifeq ($(EMULATION),)
 build/gnuk.elf: build/gnuk-no-vidpid.elf binary-edit.sh put-vid-pid-ver.sh

src/ac.c

@@ -63,7 +63,7 @@ verify_user_0 (uint8_t access, const uint8_t *pw, int buf_len, int pw_len_known,
 	       const uint8_t *ks_pw1, int save_ks)
 {
   int pw_len;
-  int r1, r2;
+  int r;
   uint8_t keystring[KEYSTRING_MD_SIZE];
   const uint8_t *salt;
   int salt_len;
@@ -99,21 +99,31 @@ verify_user_0 (uint8_t access, const uint8_t *pw, int buf_len, int pw_len_known,
     memcpy (keystring_md_pw3, keystring, KEYSTRING_MD_SIZE);
 
   if (access == AC_PSO_CDS_AUTHORIZED)
-    {
-      r1 = gpg_do_load_prvkey (GPG_KEY_FOR_SIGNING, BY_USER, keystring);
-      r2 = 0;
-    }
+    r = gpg_do_load_prvkey (GPG_KEY_FOR_SIGNING, BY_USER, keystring);
   else
     {
+      int r1, r2;
+
       r1 = gpg_do_load_prvkey (GPG_KEY_FOR_DECRYPTION, BY_USER, keystring);
       r2 = gpg_do_load_prvkey (GPG_KEY_FOR_AUTHENTICATION, BY_USER, keystring);
+
+      if (r1 < 0 || r2 < 0)
+	r = -1;
+      else if (r1 == 0)
+	{
+	  if (r2 == 0)
+	    /* No encryption/authentication keys, then, check signing key.  */
+	    r = gpg_do_load_prvkey (GPG_KEY_FOR_SIGNING, BY_USER, keystring);
+	  else
+	    r = r2;
+	}
+      else if (r2 == 0)
+	r = r1;
+      else
+	r = 1;
     }
 
-  if (r1 < 0 || r2 < 0
-      || (r1 == 0 && r2 == 0 && ks_pw1 != NULL
-	  && ((ks_pw1[0] & PW_LEN_KEYSTRING_BIT) == 0
-	      || memcmp (KS_GET_KEYSTRING (ks_pw1),
-			 keystring, KEYSTRING_MD_SIZE) != 0)))
+  if (r < 0)
     {
     failure:
       gpg_pw_increment_err_counter (PW_ERR_PW1);
@@ -163,7 +173,7 @@ verify_admin_00 (const uint8_t *pw, int buf_len, int pw_len_known,
 		 const uint8_t *ks, int save_ks)
 {
   int pw_len;
-  int r1, r2;
+  int r;
   uint8_t keystring[KEYSTRING_MD_SIZE];
   const uint8_t *salt;
   int salt_len;
@@ -179,12 +189,11 @@ verify_admin_00 (const uint8_t *pw, int buf_len, int pw_len_known,
   if (save_ks)
     memcpy (keystring_md_pw3, keystring, KEYSTRING_MD_SIZE);
 
-  r1 = gpg_do_load_prvkey (GPG_KEY_FOR_SIGNING, BY_ADMIN, keystring);
-  r2 = 0;
+  r = gpg_do_load_prvkey (GPG_KEY_FOR_SIGNING, BY_ADMIN, keystring);
 
-  if (r1 < 0 || r2 < 0)
+  if (r < 0)
     return -1;
-  else if (r1 == 0 && r2 == 0)
+  else if (r == 0)
     if ((ks[0] & PW_LEN_KEYSTRING_BIT) == 0
 	|| memcmp (KS_GET_KEYSTRING (ks), keystring, KEYSTRING_MD_SIZE) != 0)
       return -1;

src/bn.c

@@ -1,7 +1,8 @@
 /*
  * bn.c -- 256-bit (and 512-bit) bignum calculation
  *
- * Copyright (C) 2011, 2013, 2014 Free Software Initiative of Japan
+ * Copyright (C) 2011, 2013, 2014, 2019
+ *               Free Software Initiative of Japan
  * Author: NIIBE Yutaka <gniibe@fsij.org>
  *
  * This file is a part of Gnuk, a GnuPG USB Token implementation.
@@ -412,17 +413,15 @@ bn256_cmp (const bn256 *A, const bn256 *B)
 void
 bn256_random (bn256 *X)
 {
-  const uint8_t *rand = random_bytes_get ();
+  int i, j;
+  const uint8_t *rand;
 
-  X->word[7] = ((uint32_t *)rand)[7];
-  X->word[6] = ((uint32_t *)rand)[6];
-  X->word[5] = ((uint32_t *)rand)[5];
-  X->word[4] = ((uint32_t *)rand)[4];
-  X->word[3] = ((uint32_t *)rand)[3];
-  X->word[2] = ((uint32_t *)rand)[2];
-  X->word[1] = ((uint32_t *)rand)[1];
-  X->word[0] = ((uint32_t *)rand)[0];
-
-  random_bytes_free (rand);
+  for (i = 0; i < 256/256; i++)
+    {
+      rand = random_bytes_get ();
+      for (j = 0; j < BN256_WORDS; j++)
+	X->word[i*BN256_WORDS+j] = ((uint32_t *)rand)[j];
+      random_bytes_free (rand);
+    }
 }
 #endif

src/config.h.in

@@ -3,6 +3,8 @@
 #define ENABLE_VIRTUAL_COM_PORT 1
 #endif
 @DFU_DEFINE@
+@ORIGIN_DEFINE@
+@ORIGIN_REAL_DEFINE@
 @PINPAD_DEFINE@
 @PINPAD_MORE_DEFINE@
 @CERTDO_DEFINE@
@@ -10,3 +12,4 @@
 @LIFE_CYCLE_MANAGEMENT_DEFINE@
 @ACKBTN_DEFINE@
 @SERIALNO_STR_LEN_DEFINE@
+@KDF_DO_REQUIRED_DEFINE@

src/configure

@@ -6,7 +6,7 @@ nl=$'\n'
 #
 # This file is *NOT* generated by GNU Autoconf, but written by NIIBE Yutaka
 #
-# Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018
+# Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2021
 #               Free Software Initiative of Japan
 #
 # This file is a part of Gnuk, a GnuPG USB Token implementation.
@@ -46,6 +46,7 @@ hid_card_change=no
 factory_reset=no
 ackbtn_support=yes
 flash_override=""
+kdf_do_required=no
 # For emulation
 prefix=/usr/local
 exec_prefix='${prefix}'
@@ -210,26 +211,28 @@ FST_01SZ)
   ;;
 esac
 
+def_mhz="-DMHZ=$MHZ"
 if test "$target" = "GNU_LINUX"; then
   ldscript=""
   chip="gnu-linux"
+  arch="gnu-linux"
   emulation="yes"
   cross=""
   mcu="none"
+  kdf_do_require=yes
   def_emulation="-DGNU_LINUX_EMULATION"
   def_memory_size="-DMEMORY_SIZE=1024"
-  def_mhz=""
   enable_hexoutput=""
   libs="-lpthread"
 else
   ldscript="gnuk.ld"
   chip="stm32f103"
+  arch="cortex-m"
   emulation=""
   cross="arm-none-eabi-"
   mcu="cortex-m3"
   def_emulation=""
   def_memory_size="-DMEMORY_SIZE=$MEMORY_SIZE"
-  def_mhz="-DMHZ=$MHZ"
   enable_hexoutput=yes
   libs=""
 fi
@@ -260,6 +263,8 @@ else
   echo "Debug option disabled"
 fi
 
+ORIGIN_REAL=0x08000000
+ORIGIN_REAL_DEFINE="#define ORIGIN_REAL $ORIGIN_REAL"
 # --with-dfu option
 if test "$with_dfu" = "yes"; then
   if test "$target" = "FST_01" -o "$target" = "FST_01G" \
@@ -268,15 +273,23 @@ if test "$with_dfu" = "yes"; then
       exit 1
   fi
   echo "Configured for DFU"
-  ORIGIN=0x08003000
-  FLASH_SIZE=$((FLASH_SIZE - 12))
+  if test "$target" = "MAPLE_MINI"; then
+    # Note that the default bootloader is too large, need for instance
+    # STM32duino for DFU on Maple Mini
+    ORIGIN=0x08002000
+    FLASH_SIZE=$((FLASH_SIZE - 8))
+  else
+    ORIGIN=0x08003000
+    FLASH_SIZE=$((FLASH_SIZE - 12))
+  fi
   DFU_DEFINE="#define DFU_SUPPORT 1"
 else
   with_dfu=no
   echo "Configured for bare system (no-DFU)"
-  ORIGIN=0x08000000
+  ORIGIN=${ORIGIN_REAL}
   DFU_DEFINE="#undef DFU_SUPPORT"
 fi
+ORIGIN_DEFINE="#define ORIGIN $ORIGIN"
 
 # --enable-pinpad option
 if test "$pinpad" = "no"; then
@@ -327,6 +340,14 @@ else
   echo "Acknowledge button is not supported"
 fi
 
+# KDF Data Object is always required for GNU/Linux emulation
+if test "$kdf_do_required" = "yes"; then
+  KDF_DO_REQUIRED_DEFINE="#define KDF_DO_REQUIRED 1"
+  echo "KDF DO is required before key import/generation"
+else
+  KDF_DO_REQUIRED_DEFINE="#undef KDF_DO_REQUIRED"
+fi
+
 ### !!! Replace following string of "FSIJ" to yours !!! ####
 SERIALNO="FSIJ-$(sed -e 's%^[^/]*/%%' <../VERSION)-"
 
@@ -460,6 +481,7 @@ fi
 
 
 (echo "CHIP=$chip";
+ echo "ARCH=$arch";
  echo "EMULATION=$emulation";
  echo "CROSS=$cross";
  echo "MCU=$mcu";
@@ -473,6 +495,9 @@ fi
  if test "$ackbtn_support" = "yes"; then
    echo "USE_ACKBTN=yes"
  fi
+ if test "$with_dfu" = "yes"; then
+   echo "USE_DFU=yes"
+ fi
  if test "$emulation" = "yes"; then
    echo "prefix=$prefix"
    echo "exec_prefix=$exec_prefix"
@@ -493,8 +518,12 @@ else
       -e "s/@FLASH_PAGE_SIZE@/$FLASH_PAGE_SIZE/" \
 	< gnuk.ld.in > gnuk.ld
 fi
+sed -e "s/@ORIGIN_REAL@/$ORIGIN_REAL/" -e "s/@MEMORY_SIZE@/$MEMORY_SIZE/" \
+	< stdaln-sys.ld.in > stdaln-sys.ld
 sed -e "s/@DEBUG_DEFINE@/$DEBUG_DEFINE/" \
     -e "s/@DFU_DEFINE@/$DFU_DEFINE/" \
+    -e "s/@ORIGIN_DEFINE@/$ORIGIN_DEFINE/" \
+    -e "s/@ORIGIN_REAL_DEFINE@/$ORIGIN_REAL_DEFINE/" \
     -e "s/@PINPAD_DEFINE@/$PINPAD_DEFINE/" \
     -e "s/@PINPAD_MORE_DEFINE@/$PINPAD_MORE_DEFINE/" \
     -e "s/@CERTDO_DEFINE@/$CERTDO_DEFINE/" \
@@ -502,5 +531,6 @@ sed -e "s/@DEBUG_DEFINE@/$DEBUG_DEFINE/" \
     -e "s/@LIFE_CYCLE_MANAGEMENT_DEFINE@/$LIFE_CYCLE_MANAGEMENT_DEFINE/" \
     -e "s/@ACKBTN_DEFINE@/$ACKBTN_DEFINE/" \
     -e "s/@SERIALNO_STR_LEN_DEFINE@/$SERIALNO_STR_LEN_DEFINE/" \
+    -e "s/@KDF_DO_REQUIRED_DEFINE@/$KDF_DO_REQUIRED_DEFINE/" \
 	< config.h.in > config.h
 exit 0

src/gnuk.h

@@ -24,18 +24,18 @@ extern struct apdu apdu;
 void ccid_card_change_signal (int how);
 
 /* CCID thread */
-#define EV_RX_DATA_READY      1 /* USB Rx data available  */
-#define EV_EXEC_ACK_REQUIRED  2 /* OpenPGPcard Execution ACK required*/
-#define EV_EXEC_FINISHED      4 /* OpenPGPcard Execution finished */
-#define EV_TX_FINISHED        8 /* CCID Tx finished  */
-#define EV_CARD_CHANGE       16
+#define EV_CARD_CHANGE        1
+#define EV_TX_FINISHED        2 /* CCID Tx finished  */
+#define EV_EXEC_ACK_REQUIRED  4 /* OpenPGPcard Execution ACK required */
+#define EV_EXEC_FINISHED      8 /* OpenPGPcard Execution finished */
+#define EV_RX_DATA_READY     16 /* USB Rx data available  */
 
 /* OpenPGPcard thread */
-#define EV_PINPAD_INPUT_DONE      1
-#define EV_EXIT                   2
+#define EV_MODIFY_CMD_AVAILABLE   1
+#define EV_VERIFY_CMD_AVAILABLE   2
 #define EV_CMD_AVAILABLE          4
-#define EV_VERIFY_CMD_AVAILABLE   8
-#define EV_MODIFY_CMD_AVAILABLE  16
+#define EV_EXIT                   8
+#define EV_PINPAD_INPUT_DONE     16
 
 /* Maximum cmd apdu data is key import 24+4+256+256 (proc_key_import) */
 #define MAX_CMD_APDU_DATA_SIZE (24+4+256+256) /* without header */

src/main.c

@@ -1,7 +1,7 @@
 /*
  * main.c - main routine of Gnuk
  *
- * Copyright (C) 2010, 2011, 2012, 2013, 2015, 2016, 2017, 2018
+ * Copyright (C) 2010, 2011, 2012, 2013, 2015, 2016, 2017, 2018, 2021
  *               Free Software Initiative of Japan
  * Author: NIIBE Yutaka <gniibe@fsij.org>
  *
@@ -36,6 +36,11 @@
 #include "usb-cdc.h"
 #include "random.h"
 #ifdef GNU_LINUX_EMULATION
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
 #include <stdio.h>
 #include <stdlib.h>
 #define main emulated_main
@@ -51,6 +56,28 @@
 #define LED_TIMEOUT_ONE		(100*1000)
 #define LED_TIMEOUT_STOP	(200*1000)
 
+#ifdef DFU_SUPPORT
+static int
+flash_write_any (uintptr_t dst_addr, const uint8_t *src, size_t len)
+{
+  int status;
+
+  while (len)
+    {
+      uint16_t hw = *src++;
+
+      hw |= (*src++ << 8);
+      status = flash_program_halfword (dst_addr, hw);
+      if (status != 0)
+        return 0;              /* error return */
+
+      dst_addr += 2;
+      len -= 2;
+    }
+
+  return 1;
+}
+#endif
 
 #ifdef GNU_LINUX_EMULATION
 uint8_t *flash_addr_key_storage_start;
@@ -68,7 +95,7 @@ device_initialize_once (void)
        * This is the first time invocation.
        * Setup serial number by unique device ID.
        */
-      const uint8_t *u = unique_device_id () + 8;
+      const uint8_t *u = unique_device_id () + (MHZ < 96 ? 8: 0);
       int i;
 
       for (i = 0; i < 4; i++)
@@ -83,6 +110,55 @@ device_initialize_once (void)
 	  nibble += (nibble >= 10 ? ('A' - 10) : '0');
 	  flash_put_data_internal (&p[i*4+2], nibble);
 	}
+
+#ifdef DFU_SUPPORT
+#define CHIP_ID_REG ((uint32_t *)0xE0042000)
+      /*
+       * Overwrite DFU bootloader with a copy of SYS linked to ORIGIN_REAL.
+       * Then protect flash from readout.
+       */
+      {
+        extern uint8_t _binary_build_stdaln_sys_bin_start;
+        extern uint8_t _binary_build_stdaln_sys_bin_size;
+        size_t stdaln_sys_size = (size_t) &_binary_build_stdaln_sys_bin_size;
+        extern const uint32_t FT0[256], FT1[256], FT2[256];
+        extern handler vector_table[];
+        uintptr_t addr;
+        uint32_t flash_page_size = 1024; /* 1KiB default */
+
+        if (((*CHIP_ID_REG)&0x07) == 0x04) /* High density device.  */
+          flash_page_size = 2048; /* It's 2KiB. */
+
+        /* Kill DFU */
+        for (addr = ORIGIN_REAL; addr < ORIGIN;
+             addr += flash_page_size)
+          flash_erase_page (addr);
+
+        /* Copy SYS */
+        addr = ORIGIN_REAL;
+        flash_write_any(addr, &_binary_build_stdaln_sys_bin_start,
+                        stdaln_sys_size);
+        addr += stdaln_sys_size;
+        flash_write_any(addr, (const uint8_t *) &FT0, sizeof(FT0));
+        addr += sizeof(FT0);
+        flash_write_any(addr, (const uint8_t *) &FT1, sizeof(FT1));
+        addr += sizeof(FT1);
+        flash_write_any(addr, (const uint8_t *) &FT2, sizeof(FT2));
+
+        addr = ORIGIN_REAL + 0x1000;
+        if (addr < ORIGIN) {
+          /* Need to patch top of stack and reset vector there */
+          handler *new_vector = (handler *) addr;
+          flash_write((uintptr_t) &new_vector[0], (const uint8_t *)
+                      &vector_table[0], sizeof(handler));
+          flash_write((uintptr_t) &new_vector[1], (const uint8_t *)
+                      &vector[1], sizeof(handler));
+        }
+
+        flash_protect();
+        nvic_system_reset();
+      }
+#endif
     }
 }
 #endif
@@ -301,6 +377,34 @@ main (int argc, const char *argv[])
   else
     flash_image_path = argv[1];
 
+  if (access (flash_image_path, F_OK) < 0)
+    {
+      int fd;
+      char buf[8192];
+
+      memset (buf, 0xff, sizeof buf);
+      memset (buf+4*1024, 0, 2);
+      fd = open (flash_image_path, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR);
+      if (fd < 0)
+	{
+	  perror ("creating flash file");
+	  exit (1);
+	}
+
+      if (write (fd, buf, sizeof buf) != sizeof buf)
+	{
+	  perror ("initializing flash file");
+	  close (fd);
+	  exit (1);
+	}
+
+      close (fd);
+    }
+
+  puts ("Gnuk (emulation with USBIP), a GnuPG USB Token implementation");
+  puts ("Copyright (C) 2021 Free Software Initiative of Japan");
+  puts ("This is free software under GPLv3+.");
+
   flash_addr = flash_init (flash_image_path);
   flash_addr_key_storage_start = (uint8_t *)flash_addr;
   flash_addr_data_storage_start = (uint8_t *)flash_addr + 4096;
@@ -402,26 +506,10 @@ main (int argc, const char *argv[])
   SCB->VTOR = (uintptr_t)&_regnual_start;
   entry = calculate_regnual_entry_address (&_regnual_start);
 #ifdef DFU_SUPPORT
-#define FLASH_SYS_START_ADDR 0x08000000
-#define FLASH_SYS_END_ADDR (0x08000000+0x1000)
-#define CHIP_ID_REG ((uint32_t *)0xE0042000)
   {
-    extern uint8_t _sys;
-    uintptr_t addr;
-    handler *new_vector = (handler *)FLASH_SYS_START_ADDR;
-    void (*func) (void (*)(void)) = (void (*)(void (*)(void)))new_vector[9];
-    uint32_t flash_page_size = 1024; /* 1KiB default */
-
-   if ((*CHIP_ID_REG)&0x07 == 0x04) /* High dencity device.  */
-     flash_page_size = 2048; /* It's 2KiB. */
-
-    /* Kill DFU */
-    for (addr = FLASH_SYS_START_ADDR; addr < FLASH_SYS_END_ADDR;
-	 addr += flash_page_size)
-      flash_erase_page (addr);
-
-    /* copy system service routines */
-    flash_write (FLASH_SYS_START_ADDR, &_sys, 0x1000);
+    /* Use SYS at ORIGIN_REAL instead of the one at ORIGIN */
+    handler *new_vector = (handler *)ORIGIN_REAL;
+    void (*func) (void (*)(void)) = (void (*)(void (*)(void))) new_vector[9];
 
     /* Leave Gnuk to exec reGNUal */
     (*func) ((void (*)(void))entry);
@@ -508,11 +596,11 @@ gnuk_malloc_init (void)
 }
 
 static void *
-sbrk (size_t size)
+gnuk_sbrk (intptr_t size)
 {
   void *p = (void *)heap_p;
 
-  if ((size_t)(HEAP_END - heap_p) < size)
+  if ((HEAP_END - heap_p) < size)
     return NULL;
 
   heap_p += size;
@@ -548,7 +636,7 @@ gnuk_malloc (size_t size)
     {
       if (m == NULL)
 	{
-	  m = (struct mem_head *)sbrk (size);
+	  m = (struct mem_head *)gnuk_sbrk (size);
 	  if (m)
 	    m->size = size;
 	  break;

src/modp256k1.c

@@ -1,7 +1,7 @@
 /*
  * modp256k1.c -- modulo arithmetic for p256k1
  *
- * Copyright (C) 2014, 2016 Free Software Initiative of Japan
+ * Copyright (C) 2014, 2016, 2020 Free Software Initiative of Japan
  * Author: NIIBE Yutaka <gniibe@fsij.org>
  *
  * This file is a part of Gnuk, a GnuPG USB Token implementation.
@@ -71,14 +71,12 @@ modp256k1_add (bn256 *X, const bn256 *A, const bn256 *B)
 {
   uint32_t cond;
   bn256 tmp[1];
+  bn256 dummy[1];
 
   cond = (bn256_add (X, A, B) == 0);
   cond &= bn256_sub (tmp, X, P256K1);
-  if (cond)
-    /* No-carry AND borrow */
-    memcpy (tmp, tmp, sizeof (bn256));
-  else
-    memcpy (X, tmp, sizeof (bn256));
+  memcpy (cond?dummy:X, tmp, sizeof (bn256));
+  asm ("" : "=m" (dummy) : "m" (dummy) : "memory");
 }
 
 /**
@@ -89,13 +87,12 @@ modp256k1_sub (bn256 *X, const bn256 *A, const bn256 *B)
 {
   uint32_t borrow;
   bn256 tmp[1];
+  bn256 dummy[1];
 
   borrow = bn256_sub (X, A, B);
   bn256_add (tmp, X, P256K1);
-  if (borrow)
-    memcpy (X, tmp, sizeof (bn256));
-  else
-    memcpy (tmp, tmp, sizeof (bn256));
+  memcpy (borrow?X:dummy, tmp, sizeof (bn256));
+  asm ("" : "=m" (dummy) : "m" (dummy) : "memory");
 }
 
 /**

src/modp256r1.c

@@ -1,7 +1,7 @@
 /*
  * modp256r1.c -- modulo arithmetic for p256r1
  *
- * Copyright (C) 2011, 2013, 2014, 2016
+ * Copyright (C) 2011, 2013, 2014, 2016, 2020
  *               Free Software Initiative of Japan
  * Author: NIIBE Yutaka <gniibe@fsij.org>
  *
@@ -66,14 +66,12 @@ modp256r1_add (bn256 *X, const bn256 *A, const bn256 *B)
 {
   uint32_t cond;
   bn256 tmp[1];
+  bn256 dummy[1];
 
   cond = (bn256_add (X, A, B) == 0);
   cond &= bn256_sub (tmp, X, P256R1);
-  if (cond)
-    /* No-carry AND borrow */
-    memcpy (tmp, tmp, sizeof (bn256));
-  else
-    memcpy (X, tmp, sizeof (bn256));
+  memcpy (cond?dummy:X, tmp, sizeof (bn256));
+  asm ("" : "=m" (dummy) : "m" (dummy) : "memory");
 }
 
 /**
@@ -84,13 +82,12 @@ modp256r1_sub (bn256 *X, const bn256 *A, const bn256 *B)
 {
   uint32_t borrow;
   bn256 tmp[1];
+  bn256 dummy[1];
 
   borrow = bn256_sub (X, A, B);
   bn256_add (tmp, X, P256R1);
-  if (borrow)
-    memcpy (X, tmp, sizeof (bn256));
-  else
-    memcpy (tmp, tmp, sizeof (bn256));
+  memcpy (borrow?X:dummy, tmp, sizeof (bn256));
+  asm ("" : "=m" (dummy) : "m" (dummy) : "memory");
 }
 
 /**
@@ -100,6 +97,7 @@ void
 modp256r1_reduce (bn256 *X, const bn512 *A)
 {
   bn256 tmp[1], tmp0[1];
+  bn256 dummy[1];
   uint32_t borrow;
 
 #define S1 X
@@ -121,10 +119,8 @@ modp256r1_reduce (bn256 *X, const bn512 *A)
   S1->word[1] = A->word[1];
   S1->word[0] = A->word[0];
   borrow = bn256_sub (tmp0, S1, P256R1);
-  if (borrow)
-    memcpy (tmp0, tmp0, sizeof (bn256));
-  else
-    memcpy (S1, tmp0, sizeof (bn256));
+  memcpy (borrow?dummy:S1, tmp0, sizeof (bn256));
+  asm ("" : "=m" (dummy) : "m" (dummy) : "memory");
   /* X = S1 */
 
   S2->word[7] = A->word[15];
@@ -165,10 +161,8 @@ modp256r1_reduce (bn256 *X, const bn512 *A)
   S5->word[1] = A->word[10];
   S5->word[0] = A->word[9];
   borrow = bn256_sub (tmp0, S5, P256R1);
-  if (borrow)
-    memcpy (tmp0, tmp0, sizeof (bn256));
-  else
-    memcpy (S5, tmp0, sizeof (bn256));
+  memcpy (borrow?dummy:S5, tmp0, sizeof (bn256));
+  asm ("" : "=m" (dummy) : "m" (dummy) : "memory");
   /* X += S5 */
   modp256r1_add (X, X, S5);
 
@@ -179,10 +173,8 @@ modp256r1_reduce (bn256 *X, const bn512 *A)
   S6->word[1] = A->word[12];
   S6->word[0] = A->word[11];
   borrow = bn256_sub (tmp0, S6, P256R1);
-  if (borrow)
-    memcpy (tmp0, tmp0, sizeof (bn256));
-  else
-    memcpy (S6, tmp0, sizeof (bn256));
+  memcpy (borrow?dummy:S6, tmp0, sizeof (bn256));
+  asm ("" : "=m" (dummy) : "m" (dummy) : "memory");
   /* X -= S6 */
   modp256r1_sub (X, X, S6);
 
@@ -194,10 +186,8 @@ modp256r1_reduce (bn256 *X, const bn512 *A)
   S7->word[1] = A->word[13];
   S7->word[0] = A->word[12];
   borrow = bn256_sub (tmp0, S7, P256R1);
-  if (borrow)
-    memcpy (tmp0, tmp0, sizeof (bn256));
-  else
-    memcpy (S7, tmp0, sizeof (bn256));
+  memcpy (borrow?dummy:S7, tmp0, sizeof (bn256));
+  asm ("" : "=m" (dummy) : "m" (dummy) : "memory");
   /* X -= S7 */
   modp256r1_sub (X, X, S7);
 

src/openpgp-do.c

@@ -1,7 +1,8 @@
 /*
  * openpgp-do.c -- OpenPGP card Data Objects (DO) handling
  *
- * Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018
+ * Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018,
+ *               2020
  *               Free Software Initiative of Japan
  * Author: NIIBE Yutaka <gniibe@fsij.org>
  *
@@ -466,6 +467,7 @@ static const struct do_table_entry *get_do_entry (uint16_t tag);
 #define GPG_DO_UIF_DEC		0x00d7
 #define GPG_DO_UIF_AUT		0x00d8
 #define GPG_DO_KDF		0x00f9
+#define GPG_DO_ALG_INFO		0x00fa
 #define GPG_DO_KEY_IMPORT	0x3fff
 #define GPG_DO_LANGUAGE		0x5f2d
 #define GPG_DO_SEX		0x5f35
@@ -532,7 +534,7 @@ copy_tag (uint16_t tag)
 #define SIZE_FP 20
 #define SIZE_KGTIME 4
 
-static int
+static void
 do_fp_all (uint16_t tag, int with_tag)
 {
   const uint8_t *data;
@@ -563,10 +565,9 @@ do_fp_all (uint16_t tag, int with_tag)
   else
     memset (res_p, 0, SIZE_FP);
   res_p += SIZE_FP;
-  return 1;
 }
 
-static int
+static void
 do_cafp_all (uint16_t tag, int with_tag)
 {
   const uint8_t *data;
@@ -597,10 +598,9 @@ do_cafp_all (uint16_t tag, int with_tag)
   else
     memset (res_p, 0, SIZE_FP);
   res_p += SIZE_FP;
-  return 1;
 }
 
-static int
+static void
 do_kgtime_all (uint16_t tag, int with_tag)
 {
   const uint8_t *data;
@@ -631,7 +631,6 @@ do_kgtime_all (uint16_t tag, int with_tag)
   else
     memset (res_p, 0, SIZE_KGTIME);
   res_p += SIZE_KGTIME;
-  return 1;
 }
 
 const uint8_t openpgpcard_aid[] = {
@@ -643,7 +642,7 @@ const uint8_t openpgpcard_aid[] = {
   0xff, 0xff, 0xff, 0xff,  0xff, 0xff, /* To be overwritten */
 };
 
-static int
+static void
 do_openpgpcard_aid (uint16_t tag, int with_tag)
 {
   const volatile uint8_t *p = openpgpcard_aid;
@@ -657,7 +656,7 @@ do_openpgpcard_aid (uint16_t tag, int with_tag)
 
   if (vid == 0xffff || vid == 0x0000)
     {
-      const uint8_t *u = unique_device_id () + 8;
+      const uint8_t *u = unique_device_id () + (MHZ < 96 ? 8: 0);
 
       memcpy (res_p, openpgpcard_aid, 8);
       res_p += 8;
@@ -679,11 +678,9 @@ do_openpgpcard_aid (uint16_t tag, int with_tag)
 
   *res_p++ = 0;
   *res_p++ = 0;
-
-  return 1;
 }
 
-static int
+static void
 do_ds_count (uint16_t tag, int with_tag)
 {
   if (with_tag)
@@ -695,7 +692,37 @@ do_ds_count (uint16_t tag, int with_tag)
   *res_p++ = (digital_signature_counter >> 16) & 0xff;
   *res_p++ = (digital_signature_counter >> 8) & 0xff;
   *res_p++ = digital_signature_counter & 0xff;
-  return 1;
+}
+
+static void
+do_alg_info (uint16_t tag, int with_tag)
+{
+  uint8_t *len_p = NULL;
+  int i;
+
+  if (with_tag)
+    {
+      copy_tag (tag);
+      len_p = res_p;
+      *res_p++ = 0;	 /* Filled later, assuming length is <= 127 */
+    }
+
+  for (i = 0; i < 3; i++)
+    {
+      uint16_t tag_algo = GPG_DO_ALG_SIG + i;
+
+      copy_do_1 (tag_algo, algorithm_attr_rsa2k, 1);
+      copy_do_1 (tag_algo, algorithm_attr_rsa4k, 1);
+      copy_do_1 (tag_algo, algorithm_attr_p256r1, 1);
+      copy_do_1 (tag_algo, algorithm_attr_p256k1, 1);
+      if (i == 0 || i == 2)
+	copy_do_1 (tag_algo, algorithm_attr_ed25519, 1);
+      if (i == 1)
+	copy_do_1 (tag_algo, algorithm_attr_cv25519, 1);
+    };
+
+  if (len_p)
+    *len_p = res_p - len_p - 1; /* Actually, it's 127-byte long.  */
 }
 
 static int
@@ -959,11 +986,25 @@ rw_kdf (uint16_t tag, int with_tag, const uint8_t *data, int len, int is_write)
     }
 }
 
+
+/*
+ * Check LEN is valid for HOW_MANY of passphrase string.
+ *
+ * HOW_MANY = 1: LEN is valid for a single passphrase string.
+ * HOW_MANY = 2: LEN is valid for two single passphrase strings.
+ *               This is used to change passphrase.
+ *               The second passphrase may be nothing.
+ *
+ * LEN = 0: Check if KDF-DO is available.
+ */
 int
 gpg_do_kdf_check (int len, int how_many)
 {
   const uint8_t *kdf_do = do_ptr[NR_DO_KDF];
 
+  if (len == 0)
+    return kdf_do != NULL;
+
   if (kdf_do)
     {
       const uint8_t *kdf_spec = kdf_do+1;
@@ -1571,6 +1612,13 @@ proc_key_import (const uint8_t *data, int len)
   const uint8_t *p = data;
   uint8_t pubkey[512];
 
+#ifdef KDF_DO_REQUIRED
+  const uint8_t *kdf_do = do_ptr[NR_DO_KDF];
+
+  if (kdf_do == NULL)
+    return 0;		/* Error.  */
+#endif
+
   if (admin_authorized == BY_ADMIN)
     keystring_admin = keystring_md_pw3;
   else
@@ -1735,6 +1783,7 @@ gpg_do_table[] = {
   /* Pseudo DO READ: calculated, not changeable by user */
   { GPG_DO_DS_COUNT, DO_PROC_READ, AC_ALWAYS, AC_NEVER, do_ds_count },
   { GPG_DO_AID, DO_PROC_READ, AC_ALWAYS, AC_NEVER, do_openpgpcard_aid },
+  { GPG_DO_ALG_INFO, DO_PROC_READ, AC_ALWAYS, AC_NEVER, do_alg_info },
   /* Pseudo DO READ/WRITE: calculated */
   { GPG_DO_PW_STATUS, DO_PROC_READWRITE, AC_ALWAYS, AC_ADMIN_AUTHORIZED,
     rw_pw_status },
@@ -1965,9 +2014,9 @@ gpg_data_copy (const uint8_t *p_start)
       }
 
   for (i = 0; i < 3; i++)
-    if ((v = (uif_flags & (3 << (i * 2)))))
+    if ((v = (uif_flags >> (i * 2)) & 3))
       {
-	flash_enum_write_internal (p, NR_DO_UIF_SIG + 1, v);
+	flash_enum_write_internal (p, NR_DO_UIF_SIG + i, v);
 	p += 2;
       }
 
@@ -2084,9 +2133,10 @@ copy_do (const struct do_table_entry *do_p, int with_tag)
       }
     case DO_PROC_READ:
       {
-	int (*do_func)(uint16_t, int) = (int (*)(uint16_t, int))do_p->obj;
+	void (*do_func)(uint16_t, int) = (void (*)(uint16_t, int))do_p->obj;
 
-	return do_func (do_p->tag, with_tag);
+        do_func (do_p->tag, with_tag);
+	return 1;
       }
     case DO_PROC_READWRITE:
       {

src/openpgp.c

@@ -2,6 +2,7 @@
  * openpgp.c -- OpenPGP card protocol support
  *
  * Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018
+ *               2019
  *               Free Software Initiative of Japan
  * Author: NIIBE Yutaka <gniibe@fsij.org>
  *
@@ -560,6 +561,7 @@ cmd_reset_user_password (struct eventflag *ccid_comm)
   uint8_t new_ks0[KEYSTRING_SIZE];
   uint8_t *new_ks = KS_GET_KEYSTRING (new_ks0);
   uint8_t *new_salt = KS_GET_SALT (new_ks0);
+  const uint8_t *ks_pw3 = gpg_do_read_simple (NR_DO_KEYSTRING_PW3);
   const uint8_t *salt;
   int salt_len;
 
@@ -574,7 +576,6 @@ cmd_reset_user_password (struct eventflag *ccid_comm)
     {
       const uint8_t *ks_rc = gpg_do_read_simple (NR_DO_KEYSTRING_RC);
       uint8_t old_ks[KEYSTRING_MD_SIZE];
-      const uint8_t *ks_pw3 = gpg_do_read_simple (NR_DO_KEYSTRING_PW3);
 
       if (gpg_do_kdf_check (len, 2) == 0)
 	{
@@ -664,6 +665,16 @@ cmd_reset_user_password (struct eventflag *ccid_comm)
 
       newpw_len = len;
       newpw = pw;
+
+      /* Check length of new password */
+      if ((ks_pw3 == NULL && newpw_len < ADMIN_PASSWD_MINLEN)
+	  || newpw_len < USER_PASSWD_MINLEN)
+	{
+	  DEBUG_INFO ("new password length is too short.");
+	  GPG_CONDITION_NOT_SATISFIED ();
+	  return;
+	}
+
       random_get_salt (new_salt);
       s2k (new_salt, SALT_SIZE, newpw, newpw_len, new_ks);
       new_ks0[0] = newpw_len;
@@ -727,6 +738,12 @@ cmd_pgp_gakp (struct eventflag *ccid_comm)
     {
       if (!ac_check_status (AC_ADMIN_AUTHORIZED))
 	GPG_SECURITY_FAILURE ();
+#ifdef KDF_DO_REQUIRED
+      else if (!gpg_do_kdf_check (0, 0))
+	GPG_CONDITION_NOT_SATISFIED ();
+#endif
+      else
+	gpg_do_keygen (&apdu.cmd_apdu_data[0]);
       gpg_do_keygen (&apdu.cmd_apdu_data[0]);
     }
 }
@@ -735,10 +752,10 @@ cmd_pgp_gakp (struct eventflag *ccid_comm)
 const uint8_t *
 gpg_get_firmware_update_key (uint8_t keyno)
 {
-  extern uint8_t _updatekey_store;
+  extern uint8_t _updatekey_store[1024];
   const uint8_t *p;
 
-  p = &_updatekey_store + keyno * FIRMWARE_UPDATE_KEY_CONTENT_LEN;
+  p = _updatekey_store + keyno * FIRMWARE_UPDATE_KEY_CONTENT_LEN;
   return p;
 }
 #endif
@@ -994,13 +1011,6 @@ cmd_pso (struct eventflag *ccid_comm)
 	{
 	  uint32_t output[64/4];	/* Require 4-byte alignment. */
 
-	  if (len > EDDSA_HASH_LEN_MAX)
-	    {
-	      DEBUG_INFO ("wrong hash length.");
-	      GPG_CONDITION_NOT_SATISFIED ();
-	      return;
-	    }
-
 	  cs = chopstx_setcancelstate (0);
 	  result_len = EDDSA_SIGNATURE_LENGTH;
 	  r = eddsa_sign_25519 (apdu.cmd_apdu_data, len, output,
@@ -1207,13 +1217,6 @@ cmd_internal_authenticate (struct eventflag *ccid_comm)
     {
       uint32_t output[64/4];	/* Require 4-byte alignment. */
 
-      if (len > EDDSA_HASH_LEN_MAX)
-	{
-	  DEBUG_INFO ("wrong hash length.");
-	  GPG_CONDITION_NOT_SATISFIED ();
-	  return;
-	}
-
       cs = chopstx_setcancelstate (0);
       result_len = EDDSA_SIGNATURE_LENGTH;
       r = eddsa_sign_25519 (apdu.cmd_apdu_data, len, output,
@@ -1425,6 +1428,13 @@ cmd_get_challenge (struct eventflag *ccid_comm)
   if (challenge)
     random_bytes_free (challenge);
 
+#ifdef ACKBTN_SUPPORT
+  if (gpg_do_get_uif (GPG_KEY_FOR_SIGNING)
+      || gpg_do_get_uif (GPG_KEY_FOR_DECRYPTION)
+      || gpg_do_get_uif (GPG_KEY_FOR_AUTHENTICATION))
+    eventflag_signal (ccid_comm, EV_EXEC_ACK_REQUIRED);
+#endif
+
   challenge = random_bytes_get ();
   memcpy (res_APDU, challenge, len);
   res_APDU_size = len;

src/stdaln-sys.ld.in

@@ -0,0 +1,39 @@
+/*
+ * ST32F103 memory setup.
+ */
+MEMORY
+{
+    flash0 : org = @ORIGIN_REAL@, len = 4k
+    ram : org = 0x20000000, len = @MEMORY_SIZE@k
+}
+
+__ram_start__           = ORIGIN(ram);
+__ram_size__            = LENGTH(ram);
+__ram_end__             = __ram_start__ + __ram_size__;
+
+SECTIONS
+{
+    . = 0;
+
+    .sys : ALIGN(4) SUBALIGN(4)
+    {
+	_sys = .;
+	KEEP(*(.vectors))
+	. = ALIGN(16);
+	KEEP(*(.sys.version))
+	KEEP(*(.sys.board_id))
+	KEEP(*(.sys.board_name))
+	build/sys-*.o(.text)
+	build/sys-*.o(.text.*)
+	build/sys-*.o(.rodata)
+	build/sys-*.o(.rodata.*)
+	. = ALIGN(1024);
+    } > flash0
+
+    .aesft : ALIGN(4) SUBALIGN(4)
+    {
+	*(.sys.0)
+	*(.sys.1)
+	*(.sys.2)
+    } > flash0
+}

src/usb-ccid.c

@@ -1,7 +1,8 @@
 /*
  * usb-ccid.c -- USB CCID protocol handling
  *
- * Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018
+ * Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018,
+ *               2019
  *               Free Software Initiative of Japan
  * Author: NIIBE Yutaka <gniibe@fsij.org>
  *
@@ -190,6 +191,7 @@ struct ccid {
   uint32_t state      : 4;
   uint32_t err        : 1;
   uint32_t tx_busy    : 1;
+  uint32_t timeout_cnt: 3;
 
   uint8_t *p;
   size_t len;
@@ -1577,7 +1579,7 @@ ccid_notify_slot_change (struct ccid *c)
 #define USB_CCID_TIMEOUT (1950*1000)
 
 #define GPG_THREAD_TERMINATED 0xffff
-
+#define GPG_ACK_TIMEOUT 0x6600
 
 extern uint32_t bDeviceState;
 extern void usb_device_reset (struct usb_dev *dev);
@@ -1728,6 +1730,7 @@ ccid_thread (void *arg)
   struct usb_dev dev;
   struct ccid *c = &ccid;
   uint32_t *timeout_p;
+  int ackbtn_active = 0;
 
   (void)arg;
 
@@ -1749,6 +1752,13 @@ ccid_thread (void *arg)
     struct ep_out *epo = &endpoint_out;
     struct apdu *a = &apdu;
 
+    if (ackbtn_active)
+      {
+	ackbtn_active = 0;
+	ackbtn_disable ();
+	led_blink (LED_WAIT_FOR_BUTTON);
+      }
+
     epi_init (epi, ENDP1, c);
     epo_init (epo, ENDP1, c);
     apdu_init (a);
@@ -1766,7 +1776,7 @@ ccid_thread (void *arg)
     {
       eventmask_t m;
 
-      if (bDeviceState == USB_DEVICE_STATE_CONFIGURED)
+      if (!c->tx_busy && bDeviceState == USB_DEVICE_STATE_CONFIGURED)
 	timeout_p = &timeout;
       else
 	timeout_p = NULL;
@@ -1774,7 +1784,8 @@ ccid_thread (void *arg)
       eventflag_set_mask (&c->ccid_comm, c->tx_busy ? EV_TX_FINISHED : ~0);
 
 #ifdef ACKBTN_SUPPORT
-      chopstx_poll (timeout_p, CCID_POLL_NUM - c->tx_busy, ccid_poll);
+      chopstx_poll (timeout_p, CCID_POLL_NUM - (c->tx_busy || !ackbtn_active),
+		    ccid_poll);
 #else
       chopstx_poll (timeout_p, CCID_POLL_NUM, ccid_poll);
 #endif
@@ -1800,11 +1811,12 @@ ccid_thread (void *arg)
 	}
 
 #ifdef ACKBTN_SUPPORT
-      if (ack_intr.ready)
+      if (!c->tx_busy && ack_intr.ready)
 	{
+	  ackbtn_active = 0;
 	  ackbtn_disable ();
-	  chopstx_intr_done (&ack_intr);
 	  led_blink (LED_WAIT_FOR_BUTTON);
+	  chopstx_intr_done (&ack_intr);
 	  if (c->ccid_state == CCID_STATE_ACK_REQUIRED_1)
 	    goto exec_done;
 
@@ -1813,7 +1825,11 @@ ccid_thread (void *arg)
 	}
 #endif
 
-      timeout = USB_CCID_TIMEOUT;
+      if (timeout == 0)
+	{
+	  timeout = USB_CCID_TIMEOUT;
+	  c->timeout_cnt++;
+	}
       m = eventflag_get (&c->ccid_comm);
 
       if (m == EV_CARD_CHANGE)
@@ -1836,7 +1852,11 @@ ccid_thread (void *arg)
 	  ccid_notify_slot_change (c);
 	}
       else if (m == EV_RX_DATA_READY)
-	c->ccid_state = ccid_handle_data (c);
+	{
+	  c->ccid_state = ccid_handle_data (c);
+	  timeout = 0;
+	  c->timeout_cnt = 0;
+	}
       else if (m == EV_EXEC_FINISHED)
 	if (c->ccid_state == CCID_STATE_EXECUTE)
 	  {
@@ -1885,6 +1905,7 @@ ccid_thread (void *arg)
 	if (c->ccid_state == CCID_STATE_EXECUTE)
 	  {
 	    ackbtn_enable ();
+	    ackbtn_active = 1;
 	    led_blink (LED_WAIT_FOR_BUTTON);
 	    c->ccid_state = CCID_STATE_ACK_REQUIRED_0;
 	    ccid_send_data_block_time_extension (c);
@@ -1907,7 +1928,20 @@ ccid_thread (void *arg)
 	    ccid_prepare_receive (c);
 	}
       else			/* Timeout */
-	c->ccid_state = ccid_handle_timeout (c);
+	{
+	  if (c->timeout_cnt == 7
+	      && c->ccid_state == CCID_STATE_ACK_REQUIRED_1)
+	    {
+	      ackbtn_active = 0;
+	      ackbtn_disable ();
+	      led_blink (LED_WAIT_FOR_BUTTON);
+	      c->a->sw = GPG_ACK_TIMEOUT;
+	      c->a->res_apdu_data_len = 0;
+	      goto exec_done;
+	    }
+	  else
+	    c->ccid_state = ccid_handle_timeout (c);
+	}
     }
 
   if (c->application)

test/features/202_setup_passphrase.feature

@@ -4,7 +4,7 @@ Feature: setup pass phrase
   A token should support pass phrase: PW1, PW3 and reset code
 
   Scenario: setup PW1 (admin-full mode)
-     Given cmd_change_reference_data with 1 and "123456user pass phrase"
+     Given cmd_change_reference_data with 1 and "another user pass phraseuser pass phrase"
      Then it should get success
 
   Scenario: verify PW1 (1)

test/rsa_keys.py

@@ -70,11 +70,11 @@ def build_privkey_template_for_remove(openpgp_keyno):
         keyspec = b'\xb8'
     else:
         keyspec = b'\xa4'
-    return b'\x4d\02' + keyspec + b'\0x00'
+    return b'\x4d\x02' + keyspec + b'\x00'
 
 def compute_digestinfo(msg):
     digest = sha256(msg).digest()
-    prefix = b'\x30\31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20'
+    prefix = b'\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20'
     return prefix + digest
 
 # egcd and modinv are from wikibooks

tests/card_reader.py

@@ -1,7 +1,7 @@
 """
 card_reader.py - a library for smartcard reader
 
-Copyright (C) 2016, 2017  Free Software Initiative of Japan
+Copyright (C) 2016, 2017, 2019  Free Software Initiative of Japan
 Author: NIIBE Yutaka <gniibe@fsij.org>
 
 This file is a part of Gnuk, a GnuPG USB Token implementation.
@@ -25,6 +25,7 @@ from struct import pack
 from usb.util import find_descriptor, claim_interface, get_string, \
     endpoint_type, endpoint_direction, \
     ENDPOINT_TYPE_BULK, ENDPOINT_OUT, ENDPOINT_IN
+from binascii import hexlify
 
 # USB class, subclass, protocol
 CCID_CLASS = 0x0B
@@ -125,9 +126,12 @@ class CardReader(object):
         #       intf.extra_descriptors[41]
 
         self.__dev = dev
-        self.__timeout = 10000
+        self.__timeout = 100000
         self.__seq = 0
 
+        if self.ccid_get_status() & 0x03 not in (0, 1):
+            raise ValueError("Card absent")
+
     def get_string(self, num):
         return get_string(self.__dev, num)
 
@@ -168,7 +172,7 @@ class CardReader(object):
         return status
 
     def ccid_power_on(self):
-        msg = ccid_compose(0x62, self.__seq, rsv=1) # Vcc=5V
+        msg = ccid_compose(0x62, self.__seq, rsv=2) # Vcc=3.3V
         self.__dev.write(self.__bulkout, msg, self.__timeout)
         self.increment_seq()
         status, chain, data = self.ccid_get_result()
@@ -237,16 +241,21 @@ class CardReader(object):
 
     def send_tpdu(self, info=None, more=0, response_time_ext=0,
                   edc_error=0, no_error=0):
+        rsv = 0
         if info:
             data = compose_i_block(self.ns, info, more)
         elif response_time_ext:
-            # compose S-block
-            data = b"\x00\xE3\x00\xE3"
+            # compose S-block response
+            pcb = 0xe3
+            bwi_byte = bytes([response_time_ext])
+            edc = compute_edc(pcb, bwi_byte)
+            data = bytes([0, pcb, 1]) + bwi_byte + bytes([edc])
+            rsv = response_time_ext
         elif edc_error:
             data = compose_r_block(self.nr, edc_error=1)
         elif no_error:
             data = compose_r_block(self.nr)
-        msg = ccid_compose(0x6f, self.__seq, data=data)
+        msg = ccid_compose(0x6f, self.__seq, rsv=rsv, data=data)
         self.__dev.write(self.__bulkout, msg, self.__timeout)
         self.increment_seq()
 
@@ -277,7 +286,7 @@ class CardReader(object):
         res = b""
         while True:
             if is_s_block_time_ext(blk):
-                self.send_tpdu(response_time_ext=1)
+                self.send_tpdu(response_time_ext=blk[3])
             elif is_i_block_last(blk):
                 self.nr = self.nr ^ 1
                 if is_edc_error(blk):

tests/card_test_kdf_full.py

@@ -0,0 +1,36 @@
+"""
+card_test_kdf_full.py - test KDF data object
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from card_const import *
+from constants_for_test import *
+
+class Test_Card_KDF_full(object):
+
+    def test_verify_pw3(self, card):
+        v = card.verify(3, FACTORY_PASSPHRASE_PW3)
+        assert v
+
+    def test_kdf_put_full(self, card):
+        r = card.cmd_put_data(0x00, 0xf9, KDF_FULL)
+        if r:
+            card.configure_with_kdf()
+        assert r

tests/card_test_kdf_single.py

@@ -0,0 +1,35 @@
+"""
+card_test_kdf_single.py - test KDF data object
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from card_const import *
+from constants_for_test import *
+
+class Test_Card_KDF_Single(object):
+    def test_verify_pw3(self, card):
+        v = card.verify(3, FACTORY_PASSPHRASE_PW3)
+        assert v
+
+    def test_kdf_put_single(self, card):
+        r = card.cmd_put_data(0x00, 0xf9, KDF_SINGLE)
+        if r:
+            card.configure_with_kdf()
+        assert r

tests/card_test_keygen.py

@@ -0,0 +1,84 @@
+"""
+card_test_keygen.py - test key generation
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from binascii import hexlify
+import rsa_keys
+from card_const import *
+
+class Test_Card_Keygen(object):
+    def test_keygen_1(self, card):
+        pk = card.cmd_genkey(1)
+        fpr_date = rsa_keys.calc_fpr(pk[0], pk[1])
+        r = card.cmd_put_data(0x00, 0xc7, fpr_date[0])
+        if r:
+            r = card.cmd_put_data(0x00, 0xce, fpr_date[1])
+        assert r
+
+    def test_keygen_2(self, card):
+        pk = card.cmd_genkey(2)
+        fpr_date = rsa_keys.calc_fpr(pk[0], pk[1])
+        r = card.cmd_put_data(0x00, 0xc8, fpr_date[0])
+        if r:
+            r = card.cmd_put_data(0x00, 0xcf, fpr_date[1])
+        assert r
+
+    def test_keygen_3(self, card):
+        pk = card.cmd_genkey(3)
+        fpr_date = rsa_keys.calc_fpr(pk[0], pk[1])
+        r = card.cmd_put_data(0x00, 0xc9, fpr_date[0])
+        if r:
+            r = card.cmd_put_data(0x00, 0xd0, fpr_date[1])
+        assert r
+
+    def test_verify_pw1(self, card):
+        v = card.cmd_verify(1, FACTORY_PASSPHRASE_PW1)
+        assert v
+
+    def test_signature_sigkey(self, card):
+        msg = b"Sign me please"
+        pk = card.cmd_get_public_key(1)
+        pk_info = (pk[9:9+256], pk[9+256+2:])
+        digest = rsa_keys.compute_digestinfo(msg)
+        sig = int(hexlify(card.cmd_pso(0x9e, 0x9a, digest)),16)
+        r = rsa_keys.verify_signature(pk_info, digest, sig)
+        assert r
+
+    def test_verify_pw1_2(self, card):
+        v = card.cmd_verify(2, FACTORY_PASSPHRASE_PW1)
+        assert v
+
+    def test_decryption(self, card):
+        msg = b"encrypt me please"
+        pk = card.cmd_get_public_key(2)
+        pk_info = (pk[9:9+256], pk[9+256+2:])
+        ciphertext = rsa_keys.encrypt_with_pubkey(pk_info, msg)
+        r = card.cmd_pso(0x80, 0x86, ciphertext)
+        assert r == msg
+
+    def test_signature_authkey(self, card):
+        msg = b"Sign me please to authenticate"
+        pk = card.cmd_get_public_key(3)
+        pk_info = (pk[9:9+256], pk[9+256+2:])
+        digest = rsa_keys.compute_digestinfo(msg)
+        sig = int(hexlify(card.cmd_internal_authenticate(digest)),16)
+        r = rsa_keys.verify_signature(pk_info, digest, sig)
+        assert r

tests/card_test_personalize_admin_less.py

@@ -0,0 +1,312 @@
+"""
+card_test_personalize_admin_less.py - test admin-less mode
+
+Copyright (C) 2016, 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from struct import pack
+from re import match, DOTALL
+from util import *
+import rsa_keys
+from card_const import *
+from constants_for_test import *
+
+class Test_Card_Personalize_Adminless(object):
+    def test_verify_pw3_0(self, card):
+        v = card.verify(3, FACTORY_PASSPHRASE_PW3)
+        assert v
+
+    def test_rsa_import_key_1(self, card):
+        t = rsa_keys.build_privkey_template(1, 0)
+        r = card.cmd_put_data_odd(0x3f, 0xff, t)
+        assert r
+
+    def test_rsa_import_key_2(self, card):
+        t = rsa_keys.build_privkey_template(2, 1)
+        r = card.cmd_put_data_odd(0x3f, 0xff, t)
+        assert r
+
+    def test_rsa_import_key_3(self, card):
+        t = rsa_keys.build_privkey_template(3, 2)
+        r = card.cmd_put_data_odd(0x3f, 0xff, t)
+        assert r
+
+    def test_fingerprint_1_put(self, card):
+        fpr1 = rsa_keys.fpr[0]
+        r = card.cmd_put_data(0x00, 0xc7, fpr1)
+        assert r
+
+    def test_fingerprint_2_put(self, card):
+        fpr2 = rsa_keys.fpr[1]
+        r = card.cmd_put_data(0x00, 0xc8, fpr2)
+        assert r
+
+    def test_fingerprint_3_put(self, card):
+        fpr3 = rsa_keys.fpr[2]
+        r = card.cmd_put_data(0x00, 0xc9, fpr3)
+        assert r
+
+    def test_timestamp_1_put(self, card):
+        timestamp1 = rsa_keys.timestamp[0]
+        r = card.cmd_put_data(0x00, 0xce, timestamp1)
+        assert r
+
+    def test_timestamp_2_put(self, card):
+        timestamp2 = rsa_keys.timestamp[1]
+        r = card.cmd_put_data(0x00, 0xcf, timestamp2)
+        assert r
+
+    def test_timestamp_3_put(self, card):
+        timestamp3 = rsa_keys.timestamp[2]
+        r = card.cmd_put_data(0x00, 0xd0, timestamp3)
+        assert r
+
+    def test_ds_counter_0(self, card):
+        c = get_data_object(card, 0x7a)
+        assert c == b'\x93\x03\x00\x00\x00'
+
+    def test_pw1_status(self, card):
+        s = get_data_object(card, 0xc4)
+        assert match(b'\x01...\x03[\x00\x03]\x03', s, DOTALL)
+
+    def test_app_data(self, card):
+        app_data = get_data_object(card, 0x6e)
+        hist_len = app_data[20]
+        # FIXME: parse and check DO of C0, C1, C2, C3, C4, and C6
+        assert app_data[0:8] == b"\x4f\x10\xd2\x76\x00\x01\x24\x01" and \
+               app_data[18:18+2] == b"\x5f\x52"
+
+    def test_public_key_1(self, card):
+        pk = card.cmd_get_public_key(1)
+        assert rsa_keys.key[0][0] == pk[9:9+256]
+
+    def test_public_key_2(self, card):
+        pk = card.cmd_get_public_key(2)
+        assert rsa_keys.key[1][0] == pk[9:9+256]
+
+    def test_public_key_3(self, card):
+        pk = card.cmd_get_public_key(3)
+        assert rsa_keys.key[2][0] == pk[9:9+256]
+
+    # Changing PW1 to admin-less mode
+
+    def test_setup_pw1_0(self, card):
+        r = card.change_passwd(1, FACTORY_PASSPHRASE_PW1, PW1_TEST0)
+        assert r
+
+    # Now, it's admin-less mode, auth-status admin cleared
+
+    def test_verify_pw3_fail_1(self, card):
+        try:
+            v = card.verify(3, FACTORY_PASSPHRASE_PW3)
+        except ValueError as e:
+            v = False
+        assert not v
+
+    def test_verify_pw1_0(self, card):
+        v = card.verify(1, PW1_TEST0)
+        assert v
+
+    def test_verify_pw1_0_2(self, card):
+        v = card.verify(2, PW1_TEST0)
+        assert v
+
+    def test_setup_pw1_1(self, card):
+        r = card.change_passwd(1, PW1_TEST0, PW1_TEST1)
+        assert r
+
+    def test_verify_pw1_1(self, card):
+        v = card.verify(1, PW1_TEST1)
+        assert v
+
+    def test_verify_pw1_1_2(self, card):
+        v = card.verify(2, PW1_TEST1)
+        assert v
+
+    def test_verify_pw3_admin_less_1(self, card):
+        v = card.verify(3, PW1_TEST1)
+        assert v
+
+    def test_setup_reset_code(self, card):
+        r = card.setup_reset_code(RESETCODE_TEST)
+        assert r
+
+    def test_reset_code(self, card):
+        r = card.reset_passwd_by_resetcode(RESETCODE_TEST, PW1_TEST2)
+        assert r
+
+    # Changing PW1, auth status for admin cleared
+    def test_login_put_fail(self, card):
+        try:
+            r = card.cmd_put_data(0x00, 0x5e, b"gpg_user")
+        except ValueError as e:
+            r = e.args[0]
+        assert r == "6982"
+
+    def test_verify_pw1_2(self, card):
+        v = card.verify(1, PW1_TEST2)
+        assert v
+
+    def test_verify_pw1_2_2(self, card):
+        v = card.verify(2, PW1_TEST2)
+        assert v
+
+    def test_verify_pw3_fail_2(self, card):
+        try:
+            v = card.verify(3, FACTORY_PASSPHRASE_PW3)
+        except ValueError as e:
+            v = e.args[0]
+        assert v == "6982"
+
+    def test_sign_0(self, card):
+        digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT0)
+        r = card.cmd_pso(0x9e, 0x9a, digestinfo)
+        sig = rsa_keys.compute_signature(0, digestinfo)
+        sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big')
+        assert r == sig_bytes
+
+    # Since forcesig setting, failed
+    def test_sign_1(self, card):
+        digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT1)
+        try:
+            r = card.cmd_pso(0x9e, 0x9a, digestinfo)
+        except ValueError as e:
+            r = e.args[0]
+        assert r == "6982"
+
+    def test_ds_counter_1(self, card):
+        c = get_data_object(card, 0x7a)
+        assert c == b'\x93\x03\x00\x00\x01'
+
+    def test_sign_auth_0(self, card):
+        digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT0)
+        r = card.cmd_internal_authenticate(digestinfo)
+        sig = rsa_keys.compute_signature(2, digestinfo)
+        sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big')
+        assert r == sig_bytes
+
+    def test_sign_auth_1(self, card):
+        digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT1)
+        r = card.cmd_internal_authenticate(digestinfo)
+        sig = rsa_keys.compute_signature(2, digestinfo)
+        sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big')
+        assert r == sig_bytes
+
+    def test_decrypt_0(self, card):
+        ciphertext = rsa_keys.encrypt(1, PLAIN_TEXT0)
+        r = card.cmd_pso(0x80, 0x86, ciphertext)
+        assert r == PLAIN_TEXT0
+
+    def test_decrypt_1(self, card):
+        ciphertext = rsa_keys.encrypt(1, PLAIN_TEXT1)
+        r = card.cmd_pso(0x80, 0x86, ciphertext)
+        assert r == PLAIN_TEXT1
+
+    def test_verify_pw3_admin_less_2(self, card):
+        v = card.verify(3, PW1_TEST2)
+        assert v
+
+    def test_login_put(self, card):
+        r = card.cmd_put_data(0x00, 0x5e, b"gpg_user")
+        assert r
+
+    def test_name_put(self, card):
+        r = card.cmd_put_data(0x00, 0x5b, b"GnuPG User")
+        assert r
+
+    def test_lang_put(self, card):
+        r = card.cmd_put_data(0x5f, 0x2d, b"ja")
+        assert r
+
+    def test_sex_put(self, card):
+        r = card.cmd_put_data(0x5f, 0x35, b"1")
+        assert r
+
+    def test_url_put(self, card):
+        r = card.cmd_put_data(0x5f, 0x50, b"https://www.fsij.org/gnuk/")
+        assert r
+
+    def test_pw1_status_put(self, card):
+        r = card.cmd_put_data(0x00, 0xc4, b"\x01")
+        assert r
+
+    def test_login(self, card):
+        login = get_data_object(card, 0x5e)
+        assert login == b"gpg_user"
+
+    def test_name_lang_sex(self, card):
+        name = b"GnuPG User"
+        lang = b"ja"
+        sex = b"1"
+        expected = b'\x5b' + pack('B', len(name)) + name \
+                   +  b'\x5f\x2d' + pack('B', len(lang)) + lang \
+                   + b'\x5f\x35' + pack('B', len(sex)) + sex
+        name_lang_sex = get_data_object(card, 0x65)
+        assert name_lang_sex == expected
+
+    def test_url(self, card):
+        url = get_data_object(card, 0x5f50)
+        assert url == b"https://www.fsij.org/gnuk/"
+
+    def test_pw1_status(self, card):
+        s = get_data_object(card, 0xc4)
+        assert match(b'\x01...\x03[\x00\x03]\x03', s, DOTALL)
+
+    # Setting PW3, changed to admin-full mode
+
+    def test_setup_pw3_1(self, card):
+        r = card.change_passwd(3, PW1_TEST2, PW3_TEST1)
+        assert r
+
+    def test_verify_pw3_1(self, card):
+        v = card.verify(3, PW3_TEST1)
+        assert v
+
+    def test_reset_userpass_admin(self, card):
+        r = card.reset_passwd_by_admin(PW1_TEST3)
+        assert r
+
+    def test_verify_pw1_3(self, card):
+        v = card.verify(1, PW1_TEST3)
+        assert v
+
+    def test_verify_pw1_3_2(self, card):
+        v = card.verify(2, PW1_TEST3)
+        assert v
+
+    def test_setup_pw1_4(self, card):
+        r = card.change_passwd(1, PW1_TEST3, PW1_TEST4)
+        assert r
+
+    def test_verify_pw1_4(self, card):
+        v = card.verify(1, PW1_TEST4)
+        assert v
+
+    def test_verify_pw1_4_2(self, card):
+        v = card.verify(2, PW1_TEST4)
+        assert v
+
+    def test_setup_pw3_2(self, card):
+        r = card.change_passwd(3, PW3_TEST1, PW3_TEST0)
+        assert r
+
+    def test_verify_pw3_2(self, card):
+        v = card.verify(3, PW3_TEST0)
+        assert v
+

tests/card_test_personalize_card.py

@@ -0,0 +1,277 @@
+"""
+card_test_personalize_card.py - test personalizing card
+
+Copyright (C) 2016, 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from struct import pack
+from re import match, DOTALL
+from util import *
+import rsa_keys
+from card_const import *
+from constants_for_test import *
+
+class Test_Card_Personalize_Card(object):
+    def test_setup_pw3_0(self, card):
+        r = card.change_passwd(3, FACTORY_PASSPHRASE_PW3, PW3_TEST0)
+        assert r
+
+    def test_verify_pw3_0(self, card):
+        v = card.verify(3, PW3_TEST0)
+        assert v
+
+    def test_login_put(self, card):
+        r = card.cmd_put_data(0x00, 0x5e, b"gpg_user")
+        assert r
+
+    def test_name_put(self, card):
+        r = card.cmd_put_data(0x00, 0x5b, b"GnuPG User")
+        assert r
+
+    def test_lang_put(self, card):
+        r = card.cmd_put_data(0x5f, 0x2d, b"ja")
+        assert r
+
+    def test_sex_put(self, card):
+        r = card.cmd_put_data(0x5f, 0x35, b"1")
+        assert r
+
+    def test_url_put(self, card):
+        r = card.cmd_put_data(0x5f, 0x50, b"https://www.fsij.org/gnuk/")
+        assert r
+
+    def test_pw1_status_put(self, card):
+        r = card.cmd_put_data(0x00, 0xc4, b"\x01")
+        assert r
+
+    def test_login(self, card):
+        login = get_data_object(card, 0x5e)
+        assert login == b"gpg_user"
+
+    def test_name_lang_sex(self, card):
+        name = b"GnuPG User"
+        lang = b"ja"
+        sex = b"1"
+        expected = b'\x5b' + pack('B', len(name)) + name \
+                   +  b'\x5f\x2d' + pack('B', len(lang)) + lang \
+                   + b'\x5f\x35' + pack('B', len(sex)) + sex
+        name_lang_sex = get_data_object(card, 0x65)
+        assert name_lang_sex == expected
+
+    def test_url(self, card):
+        url = get_data_object(card, 0x5f50)
+        assert url == b"https://www.fsij.org/gnuk/"
+
+    def test_pw1_status(self, card):
+        s = get_data_object(card, 0xc4)
+        assert match(b'\x01...\x03[\x00\x03]\x03', s, DOTALL)
+
+    def test_rsa_import_key_1(self, card):
+        t = rsa_keys.build_privkey_template(1, 0)
+        r = card.cmd_put_data_odd(0x3f, 0xff, t)
+        assert r
+
+    def test_rsa_import_key_2(self, card):
+        t = rsa_keys.build_privkey_template(2, 1)
+        r = card.cmd_put_data_odd(0x3f, 0xff, t)
+        assert r
+
+    def test_rsa_import_key_3(self, card):
+        t = rsa_keys.build_privkey_template(3, 2)
+        r = card.cmd_put_data_odd(0x3f, 0xff, t)
+        assert r
+
+    def test_fingerprint_1_put(self, card):
+        fpr1 = rsa_keys.fpr[0]
+        r = card.cmd_put_data(0x00, 0xc7, fpr1)
+        assert r
+
+    def test_fingerprint_2_put(self, card):
+        fpr2 = rsa_keys.fpr[1]
+        r = card.cmd_put_data(0x00, 0xc8, fpr2)
+        assert r
+
+    def test_fingerprint_3_put(self, card):
+        fpr3 = rsa_keys.fpr[2]
+        r = card.cmd_put_data(0x00, 0xc9, fpr3)
+        assert r
+
+    def test_timestamp_1_put(self, card):
+        timestamp1 = rsa_keys.timestamp[0]
+        r = card.cmd_put_data(0x00, 0xce, timestamp1)
+        assert r
+
+    def test_timestamp_2_put(self, card):
+        timestamp2 = rsa_keys.timestamp[1]
+        r = card.cmd_put_data(0x00, 0xcf, timestamp2)
+        assert r
+
+    def test_timestamp_3_put(self, card):
+        timestamp3 = rsa_keys.timestamp[2]
+        r = card.cmd_put_data(0x00, 0xd0, timestamp3)
+        assert r
+
+    def test_ds_counter_0(self, card):
+        c = get_data_object(card, 0x7a)
+        assert c == b'\x93\x03\x00\x00\x00'
+
+    def test_pw1_status(self, card):
+        s = get_data_object(card, 0xc4)
+        assert match(b'\x01...\x03[\x00\x03]\x03', s, DOTALL)
+
+    def test_app_data(self, card):
+        app_data = get_data_object(card, 0x6e)
+        hist_len = app_data[20]
+        # FIXME: parse and check DO of C0, C1, C2, C3, C4, and C6
+        assert app_data[0:8] == b"\x4f\x10\xd2\x76\x00\x01\x24\x01" and \
+               app_data[18:18+2] == b"\x5f\x52"
+
+    def test_public_key_1(self, card):
+        pk = card.cmd_get_public_key(1)
+        assert rsa_keys.key[0][0] == pk[9:9+256]
+
+    def test_public_key_2(self, card):
+        pk = card.cmd_get_public_key(2)
+        assert rsa_keys.key[1][0] == pk[9:9+256]
+
+    def test_public_key_3(self, card):
+        pk = card.cmd_get_public_key(3)
+        assert rsa_keys.key[2][0] == pk[9:9+256]
+
+    def test_setup_pw1_0(self, card):
+        r = card.change_passwd(1, FACTORY_PASSPHRASE_PW1, PW1_TEST0)
+        assert r
+
+    def test_verify_pw1_0(self, card):
+        v = card.verify(1, PW1_TEST0)
+        assert v
+
+    def test_verify_pw1_0_2(self, card):
+        v = card.verify(2, PW1_TEST0)
+        assert v
+
+    def test_setup_pw1_1(self, card):
+        r = card.change_passwd(1, PW1_TEST0, PW1_TEST1)
+        assert r
+
+    def test_verify_pw1_1(self, card):
+        v = card.verify(1, PW1_TEST1)
+        assert v
+
+    def test_verify_pw1_1_2(self, card):
+        v = card.verify(2, PW1_TEST1)
+        assert v
+
+    def test_setup_reset_code(self, card):
+        r = card.setup_reset_code(RESETCODE_TEST)
+        assert r
+
+    def test_reset_code(self, card):
+        r = card.reset_passwd_by_resetcode(RESETCODE_TEST, PW1_TEST2)
+        assert r
+
+    def test_verify_pw1_2(self, card):
+        v = card.verify(1, PW1_TEST2)
+        assert v
+
+    def test_verify_pw1_2_2(self, card):
+        v = card.verify(2, PW1_TEST2)
+        assert v
+
+    def test_setup_pw3_1(self, card):
+        r = card.change_passwd(3, PW3_TEST0, PW3_TEST1)
+        assert r
+
+    def test_verify_pw3_1(self, card):
+        v = card.verify(3, PW3_TEST1)
+        assert v
+
+    def test_reset_userpass_admin(self, card):
+        r = card.reset_passwd_by_admin(PW1_TEST3)
+        assert r
+
+    def test_verify_pw1_3(self, card):
+        v = card.verify(1, PW1_TEST3)
+        assert v
+
+    def test_verify_pw1_3_2(self, card):
+        v = card.verify(2, PW1_TEST3)
+        assert v
+
+    def test_setup_pw1_4(self, card):
+        r = card.change_passwd(1, PW1_TEST3, PW1_TEST4)
+        assert r
+
+    def test_verify_pw1_4(self, card):
+        v = card.verify(1, PW1_TEST4)
+        assert v
+
+    def test_verify_pw1_4_2(self, card):
+        v = card.verify(2, PW1_TEST4)
+        assert v
+
+    def test_setup_pw3_2(self, card):
+        r = card.change_passwd(3, PW3_TEST1, PW3_TEST0)
+        assert r
+
+    def test_verify_pw3_2(self, card):
+        v = card.verify(3, PW3_TEST0)
+        assert v
+
+    def test_sign_0(self, card):
+        digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT0)
+        r = card.cmd_pso(0x9e, 0x9a, digestinfo)
+        sig = rsa_keys.compute_signature(0, digestinfo)
+        sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big')
+        assert r == sig_bytes
+
+    def test_sign_1(self, card):
+        digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT1)
+        r = card.cmd_pso(0x9e, 0x9a, digestinfo)
+        sig = rsa_keys.compute_signature(0, digestinfo)
+        sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big')
+        assert r == sig_bytes
+
+    def test_ds_counter_1(self, card):
+        c = get_data_object(card, 0x7a)
+        assert c == b'\x93\x03\x00\x00\x02'
+
+    def test_sign_auth_0(self, card):
+        digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT0)
+        r = card.cmd_internal_authenticate(digestinfo)
+        sig = rsa_keys.compute_signature(2, digestinfo)
+        sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big')
+        assert r == sig_bytes
+
+    def test_sign_auth_1(self, card):
+        digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT1)
+        r = card.cmd_internal_authenticate(digestinfo)
+        sig = rsa_keys.compute_signature(2, digestinfo)
+        sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big')
+        assert r == sig_bytes
+
+    def test_decrypt_0(self, card):
+        ciphertext = rsa_keys.encrypt(1, PLAIN_TEXT0)
+        r = card.cmd_pso(0x80, 0x86, ciphertext)
+        assert r == PLAIN_TEXT0
+
+    def test_decrypt_1(self, card):
+        ciphertext = rsa_keys.encrypt(1, PLAIN_TEXT1)
+        r = card.cmd_pso(0x80, 0x86, ciphertext)
+        assert r == PLAIN_TEXT1

tests/card_test_personalize_reset.py

@@ -0,0 +1,82 @@
+"""
+card_test_personalize_reset.py - test resetting personalization of card
+
+Copyright (C) 2016, 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from struct import pack
+from re import match, DOTALL
+from util import *
+import rsa_keys
+from card_const import *
+from constants_for_test import *
+
+class Test_Personalize_Reset(object):
+    def test_login_put(self, card):
+        r = card.cmd_put_data(0x00, 0x5e, b"")
+        assert r
+
+    def test_name_put(self, card):
+        r = card.cmd_put_data(0x00, 0x5b, b"")
+        assert r
+
+    def test_lang_put(self, card):
+        r = card.cmd_put_data(0x5f, 0x2d, b"")
+        assert r
+
+    def test_sex_put(self, card):
+        try:
+            # Gnuk
+            r = card.cmd_put_data(0x5f, 0x35, b"")
+        except ValueError:
+            # OpenPGP card which doesn't allow b""
+            r = card.cmd_put_data(0x5f, 0x35, b"9")
+        assert r
+
+    def test_url_put(self, card):
+        r = card.cmd_put_data(0x5f, 0x50, b"")
+        assert r
+
+    def test_pw1_status_put(self, card):
+        r = card.cmd_put_data(0x00, 0xc4, b"\x00")
+        assert r
+
+    def test_setup_pw3_0(self, card):
+        r = card.change_passwd(3, PW3_TEST0, FACTORY_PASSPHRASE_PW3)
+        assert r
+
+    def test_verify_pw3_0(self, card):
+        v = card.verify(3, FACTORY_PASSPHRASE_PW3)
+        assert v
+
+    def test_setup_pw1_0(self, card):
+        r = card.change_passwd(1, PW1_TEST4, FACTORY_PASSPHRASE_PW1)
+        assert r
+
+    def test_verify_pw1_0(self, card):
+        v = card.verify(1, FACTORY_PASSPHRASE_PW1)
+        assert v
+
+    def test_verify_pw1_0_2(self, card):
+        v = card.verify(2, FACTORY_PASSPHRASE_PW1)
+        assert v
+
+    def test_delete_reset_code(self, card):
+        r = card.cmd_put_data(0x00, 0xd3, b"")
+        assert r

tests/card_test_remove_keys.py

@@ -0,0 +1,45 @@
+"""
+card_test_remove_keys.py - test removing keys on card
+
+Copyright (C) 2016, 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+# Remove a key material on card by changing algorithm attributes of the key
+
+from card_const import *
+
+class Test_Remove_Keys(object):
+
+    def test_rsa_keyattr_change_1(self, card):
+        r = card.cmd_put_data(0x00, 0xc1, KEY_ATTRIBUTES_RSA4K)
+        if r:
+            r = card.cmd_put_data(0x00, 0xc1, KEY_ATTRIBUTES_RSA2K)
+        assert r
+
+    def test_rsa_keyattr_change_2(self, card):
+        r = card.cmd_put_data(0x00, 0xc2, KEY_ATTRIBUTES_RSA4K)
+        if r:
+            r = card.cmd_put_data(0x00, 0xc2, KEY_ATTRIBUTES_RSA2K)
+        assert r
+
+    def test_rsa_keyattr_change_3(self, card):
+        r = card.cmd_put_data(0x00, 0xc3, KEY_ATTRIBUTES_RSA4K)
+        if r:
+            r = card.cmd_put_data(0x00, 0xc3, KEY_ATTRIBUTES_RSA2K)
+        assert r

tests/card_test_reset_pw3.py

@@ -0,0 +1,46 @@
+"""
+card_test_reset_pw3.py - test resetting pw3
+
+Copyright (C) 2018, 2019  g10 Code GmbH
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from card_const import *
+import pytest
+
+class Test_Reset_PW3(object):
+    # Gnuk specific feature of clear PW3
+    def test_setup_pw3_null(self, card):
+        if card.is_gnuk:
+            r = card.change_passwd(3, FACTORY_PASSPHRASE_PW3, None)
+            assert r
+        else:
+            pytest.skip("Gnuk only feature of clearing PW3")
+
+    def test_verify_pw3(self, card):
+        v = card.verify(3, FACTORY_PASSPHRASE_PW3)
+        assert v
+
+    # Check PW1 again to see the possiblity of admin-less mode
+    def test_verify_pw1(self, card):
+        v = card.verify(1, FACTORY_PASSPHRASE_PW1)
+        assert v
+
+    def test_verify_pw1_2(self, card):
+        v = card.verify(2, FACTORY_PASSPHRASE_PW1)
+        assert v

tests/conftest.py

@@ -16,3 +16,4 @@ def card():
     card.cmd_select_openpgp()
     yield card
     del card
+    reader.ccid_power_off()

tests/openpgp_card.py

@@ -1,7 +1,7 @@
 """
 openpgp_card.py - a library for OpenPGP card
 
-Copyright (C) 2011, 2012, 2013, 2015, 2016, 2018
+Copyright (C) 2011, 2012, 2013, 2015, 2016, 2018, 2019
               Free Software Initiative of Japan
 Author: NIIBE Yutaka <gniibe@fsij.org>
 
@@ -59,6 +59,7 @@ class OpenPGP_Card(object):
         self.__kdf_salt_user = None
         self.__kdf_salt_reset = None
         self.__kdf_salt_admin = None
+        self.is_gnuk = (reader.get_string(2) == "Gnuk Token")
 
     def configure_with_kdf(self):
         kdf_data = self.cmd_get_data(0x00, 0xf9)
@@ -338,16 +339,20 @@ class OpenPGP_Card(object):
             data = b'\xb8\x00'
         else:
             data = b'\xa4\x00'
-        cmd_data = iso7816_compose(0x47, 0x80, 0, data)
+        if self.__reader.is_tpdu_reader():
+            cmd_data = iso7816_compose(0x47, 0x80, 0, data, le=512)
+        else:
+            cmd_data = iso7816_compose(0x47, 0x80, 0, data)
         sw = self.__reader.send_cmd(cmd_data)
-        if len(sw) != 2:
+        if len(sw) < 2:
             raise ValueError(sw)
-        if sw[0] == 0x90 and sw[1] == 0x00:
-            return b""
-        elif sw[0] != 0x61:
+        if sw[-2] == 0x61:
+            pk = self.cmd_get_response(sw[1])
+        elif sw[-2] == 0x90 and sw[-1] == 0x00:
+            pk = sw
+        else:
             raise ValueError("%02x%02x" % (sw[0], sw[1]))
-        pk = self.cmd_get_response(sw[1])
-        return (pk[9:9+256], pk[9+256+2:9+256+2+3])
+        return (pk[9:9+256], pk[9+256+2:-2])
 
     def cmd_get_public_key(self, keyno):
         if keyno == 1:
@@ -358,10 +363,9 @@ class OpenPGP_Card(object):
             data = b'\xa4\x00'
         if self.__reader.is_tpdu_reader():
             cmd_data = iso7816_compose(0x47, 0x81, 0, data, le=512)
-            r = self.__reader.send_cmd(cmd_data)
         else:
             cmd_data = iso7816_compose(0x47, 0x81, 0, data)
-            r = self.__reader.send_cmd(cmd_data)
+        r = self.__reader.send_cmd(cmd_data)
         if len(r) < 2:
             raise ValueError(r)
         sw = r[-2:]

tests/rsa_keys.py

@@ -70,11 +70,11 @@ def build_privkey_template_for_remove(openpgp_keyno):
         keyspec = b'\xb8'
     else:
         keyspec = b'\xa4'
-    return b'\x4d\02' + keyspec + b'\0x00'
+    return b'\x4d\x02' + keyspec + b'\x00'
 
 def compute_digestinfo(msg):
     digest = sha256(msg).digest()
-    prefix = b'\x30\31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20'
+    prefix = b'\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20'
     return prefix + digest
 
 # egcd and modinv are from wikibooks

tests/skip_gnuk_only_tests.py

@@ -0,0 +1,6 @@
+import pytest
+
+@pytest.fixture(scope="module",autouse=True)
+def check_gnuk(card):
+    if not card.is_gnuk:
+        pytest.skip("Gnuk only feature", allow_module_level=True)

tests/test_000_empty_card.py

@@ -50,12 +50,21 @@ def test_sex(card):
 def test_name_lang_sex(card):
     name = b""
     lang = b""
+    lang_de = b"de"
     sex = b"9"
+    sex_alt = b"0"
     expected = b'\x5b' + pack('B', len(name)) + name \
                +  b'\x5f\x2d' + pack('B', len(lang)) + lang \
                + b'\x5f\x35' + pack('B', len(sex)) + sex
+    expected_de = b'\x5b' + pack('B', len(name)) + name \
+               +  b'\x5f\x2d' + pack('B', len(lang_de)) + lang_de \
+               + b'\x5f\x35' + pack('B', len(sex)) + sex
+    expected_de_alt = b'\x5b' + pack('B', len(name)) + name \
+               +  b'\x5f\x2d' + pack('B', len(lang_de)) + lang_de \
+               + b'\x5f\x35' + pack('B', len(sex_alt)) + sex_alt
     name_lang_sex = get_data_object(card, 0x65)
-    assert name_lang_sex == b'' or name_lang_sex == expected
+    assert name_lang_sex == b'' or name_lang_sex == expected \
+        or name_lang_sex == expected_de or name_lang_sex == expected_de_alt
 
 def test_app_data(card):
     app_data = get_data_object(card, 0x6e)
@@ -140,7 +149,8 @@ def test_historical_bytes(card):
     h = get_data_object(card, 0x5f52)
     assert h == b'\x001\xc5s\xc0\x01@\x05\x90\x00' or \
            h == b'\x00\x31\x84\x73\x80\x01\x80\x00\x90\x00' or \
-           h == b'\x00\x31\x84\x73\x80\x01\x80\x05\x90\x00'
+           h == b'\x00\x31\x84\x73\x80\x01\x80\x05\x90\x00' or \
+           h == b'\x00\x31\xf5\x73\xc0\x01\x60\x05\x90\x00'
 
 def test_extended_capabilities(card):
     a = get_data_object(card, 0xc0)

tests/test_001_personalize_card.py

@@ -1,276 +1 @@
-"""
-test_personalize_card.py - test personalizing card
-
-Copyright (C) 2016, 2018  g10 Code GmbH
-Author: NIIBE Yutaka <gniibe@fsij.org>
-
-This file is a part of Gnuk, a GnuPG USB Token implementation.
-
-Gnuk is free software: you can redistribute it and/or modify it
-under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-Gnuk is distributed in the hope that it will be useful, but WITHOUT
-ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
-License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-"""
-
-from struct import pack
-from re import match, DOTALL
-from util import *
-import rsa_keys
-from card_const import *
-from constants_for_test import *
-
-def test_setup_pw3_0(card):
-    r = card.change_passwd(3, FACTORY_PASSPHRASE_PW3, PW3_TEST0)
-    assert r
-
-def test_verify_pw3_0(card):
-    v = card.verify(3, PW3_TEST0)
-    assert v
-
-def test_login_put(card):
-    r = card.cmd_put_data(0x00, 0x5e, b"gpg_user")
-    assert r
-
-def test_name_put(card):
-    r = card.cmd_put_data(0x00, 0x5b, b"GnuPG User")
-    assert r
-
-def test_lang_put(card):
-    r = card.cmd_put_data(0x5f, 0x2d, b"ja")
-    assert r
-
-def test_sex_put(card):
-    r = card.cmd_put_data(0x5f, 0x35, b"1")
-    assert r
-
-def test_url_put(card):
-    r = card.cmd_put_data(0x5f, 0x50, b"https://www.fsij.org/gnuk/")
-    assert r
-
-def test_pw1_status_put(card):
-    r = card.cmd_put_data(0x00, 0xc4, b"\x01")
-    assert r
-
-def test_login(card):
-    login = get_data_object(card, 0x5e)
-    assert login == b"gpg_user"
-
-def test_name_lang_sex(card):
-    name = b"GnuPG User"
-    lang = b"ja"
-    sex = b"1"
-    expected = b'\x5b' + pack('B', len(name)) + name \
-               +  b'\x5f\x2d' + pack('B', len(lang)) + lang \
-               + b'\x5f\x35' + pack('B', len(sex)) + sex
-    name_lang_sex = get_data_object(card, 0x65)
-    assert name_lang_sex == expected
-
-def test_url(card):
-    url = get_data_object(card, 0x5f50)
-    assert url == b"https://www.fsij.org/gnuk/"
-
-def test_pw1_status(card):
-    s = get_data_object(card, 0xc4)
-    assert match(b'\x01...\x03[\x00\x03]\x03', s, DOTALL)
-
-def test_rsa_import_key_1(card):
-    t = rsa_keys.build_privkey_template(1, 0)
-    r = card.cmd_put_data_odd(0x3f, 0xff, t)
-    assert r
-
-def test_rsa_import_key_2(card):
-    t = rsa_keys.build_privkey_template(2, 1)
-    r = card.cmd_put_data_odd(0x3f, 0xff, t)
-    assert r
-
-def test_rsa_import_key_3(card):
-    t = rsa_keys.build_privkey_template(3, 2)
-    r = card.cmd_put_data_odd(0x3f, 0xff, t)
-    assert r
-
-def test_fingerprint_1_put(card):
-    fpr1 = rsa_keys.fpr[0]
-    r = card.cmd_put_data(0x00, 0xc7, fpr1)
-    assert r
-
-def test_fingerprint_2_put(card):
-    fpr2 = rsa_keys.fpr[1]
-    r = card.cmd_put_data(0x00, 0xc8, fpr2)
-    assert r
-
-def test_fingerprint_3_put(card):
-    fpr3 = rsa_keys.fpr[2]
-    r = card.cmd_put_data(0x00, 0xc9, fpr3)
-    assert r
-
-def test_timestamp_1_put(card):
-    timestamp1 = rsa_keys.timestamp[0]
-    r = card.cmd_put_data(0x00, 0xce, timestamp1)
-    assert r
-
-def test_timestamp_2_put(card):
-    timestamp2 = rsa_keys.timestamp[1]
-    r = card.cmd_put_data(0x00, 0xcf, timestamp2)
-    assert r
-
-def test_timestamp_3_put(card):
-    timestamp3 = rsa_keys.timestamp[2]
-    r = card.cmd_put_data(0x00, 0xd0, timestamp3)
-    assert r
-
-def test_ds_counter_0(card):
-    c = get_data_object(card, 0x7a)
-    assert c == b'\x93\x03\x00\x00\x00'
-
-def test_pw1_status(card):
-    s = get_data_object(card, 0xc4)
-    assert match(b'\x01...\x03[\x00\x03]\x03', s, DOTALL)
-
-def test_app_data(card):
-    app_data = get_data_object(card, 0x6e)
-    hist_len = app_data[20]
-    # FIXME: parse and check DO of C0, C1, C2, C3, C4, and C6
-    assert app_data[0:8] == b"\x4f\x10\xd2\x76\x00\x01\x24\x01" and \
-           app_data[18:18+2] == b"\x5f\x52"
-
-def test_public_key_1(card):
-    pk = card.cmd_get_public_key(1)
-    assert rsa_keys.key[0][0] == pk[9:9+256]
-
-def test_public_key_2(card):
-    pk = card.cmd_get_public_key(2)
-    assert rsa_keys.key[1][0] == pk[9:9+256]
-
-def test_public_key_3(card):
-    pk = card.cmd_get_public_key(3)
-    assert rsa_keys.key[2][0] == pk[9:9+256]
-
-def test_setup_pw1_0(card):
-    r = card.change_passwd(1, FACTORY_PASSPHRASE_PW1, PW1_TEST0)
-    assert r
-
-def test_verify_pw1_0(card):
-    v = card.verify(1, PW1_TEST0)
-    assert v
-
-def test_verify_pw1_0_2(card):
-    v = card.verify(2, PW1_TEST0)
-    assert v
-
-def test_setup_pw1_1(card):
-    r = card.change_passwd(1, PW1_TEST0, PW1_TEST1)
-    assert r
-
-def test_verify_pw1_1(card):
-    v = card.verify(1, PW1_TEST1)
-    assert v
-
-def test_verify_pw1_1_2(card):
-    v = card.verify(2, PW1_TEST1)
-    assert v
-
-def test_setup_reset_code(card):
-    r = card.setup_reset_code(RESETCODE_TEST)
-    assert r
-
-def test_reset_code(card):
-    r = card.reset_passwd_by_resetcode(RESETCODE_TEST, PW1_TEST2)
-    assert r
-
-def test_verify_pw1_2(card):
-    v = card.verify(1, PW1_TEST2)
-    assert v
-
-def test_verify_pw1_2_2(card):
-    v = card.verify(2, PW1_TEST2)
-    assert v
-
-def test_setup_pw3_1(card):
-    r = card.change_passwd(3, PW3_TEST0, PW3_TEST1)
-    assert r
-
-def test_verify_pw3_1(card):
-    v = card.verify(3, PW3_TEST1)
-    assert v
-
-def test_reset_userpass_admin(card):
-    r = card.reset_passwd_by_admin(PW1_TEST3)
-    assert r
-
-def test_verify_pw1_3(card):
-    v = card.verify(1, PW1_TEST3)
-    assert v
-
-def test_verify_pw1_3_2(card):
-    v = card.verify(2, PW1_TEST3)
-    assert v
-
-def test_setup_pw1_4(card):
-    r = card.change_passwd(1, PW1_TEST3, PW1_TEST4)
-    assert r
-
-def test_verify_pw1_4(card):
-    v = card.verify(1, PW1_TEST4)
-    assert v
-
-def test_verify_pw1_4_2(card):
-    v = card.verify(2, PW1_TEST4)
-    assert v
-
-def test_setup_pw3_2(card):
-    r = card.change_passwd(3, PW3_TEST1, PW3_TEST0)
-    assert r
-
-def test_verify_pw3_2(card):
-    v = card.verify(3, PW3_TEST0)
-    assert v
-
-def test_sign_0(card):
-    digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT0)
-    r = card.cmd_pso(0x9e, 0x9a, digestinfo)
-    sig = rsa_keys.compute_signature(0, digestinfo)
-    sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big')
-    assert r == sig_bytes
-
-def test_sign_1(card):
-    digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT1)
-    r = card.cmd_pso(0x9e, 0x9a, digestinfo)
-    sig = rsa_keys.compute_signature(0, digestinfo)
-    sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big')
-    assert r == sig_bytes
-
-def test_ds_counter_1(card):
-    c = get_data_object(card, 0x7a)
-    assert c == b'\x93\x03\x00\x00\x02'
-
-def test_sign_auth_0(card):
-    digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT0)
-    r = card.cmd_internal_authenticate(digestinfo)
-    sig = rsa_keys.compute_signature(2, digestinfo)
-    sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big')
-    assert r == sig_bytes
-
-def test_sign_auth_1(card):
-    digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT1)
-    r = card.cmd_internal_authenticate(digestinfo)
-    sig = rsa_keys.compute_signature(2, digestinfo)
-    sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big')
-    assert r == sig_bytes
-
-def test_decrypt_0(card):
-    ciphertext = rsa_keys.encrypt(1, PLAIN_TEXT0)
-    r = card.cmd_pso(0x80, 0x86, ciphertext)
-    assert r == PLAIN_TEXT0
-
-def test_decrypt_1(card):
-    ciphertext = rsa_keys.encrypt(1, PLAIN_TEXT1)
-    r = card.cmd_pso(0x80, 0x86, ciphertext)
-    assert r == PLAIN_TEXT1
+from card_test_personalize_card import *

tests/test_002_personalize_reset.py

@@ -1,81 +1 @@
-"""
-test_personalize_reset.py - test resetting personalization of card
-
-Copyright (C) 2016, 2018  g10 Code GmbH
-Author: NIIBE Yutaka <gniibe@fsij.org>
-
-This file is a part of Gnuk, a GnuPG USB Token implementation.
-
-Gnuk is free software: you can redistribute it and/or modify it
-under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-Gnuk is distributed in the hope that it will be useful, but WITHOUT
-ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
-License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-"""
-
-from struct import pack
-from re import match, DOTALL
-from util import *
-import rsa_keys
-from card_const import *
-from constants_for_test import *
-
-def test_login_put(card):
-    r = card.cmd_put_data(0x00, 0x5e, b"")
-    assert r
-
-def test_name_put(card):
-    r = card.cmd_put_data(0x00, 0x5b, b"")
-    assert r
-
-def test_lang_put(card):
-    r = card.cmd_put_data(0x5f, 0x2d, b"")
-    assert r
-
-def test_sex_put(card):
-    try:
-        # Gnuk
-        r = card.cmd_put_data(0x5f, 0x35, b"")
-    except ValueError:
-        # OpenPGP card which doesn't allow b""
-        r = card.cmd_put_data(0x5f, 0x35, b"9")
-    assert r
-
-def test_url_put(card):
-    r = card.cmd_put_data(0x5f, 0x50, b"")
-    assert r
-
-def test_pw1_status_put(card):
-    r = card.cmd_put_data(0x00, 0xc4, b"\x00")
-    assert r
-
-def test_setup_pw3_0(card):
-    r = card.change_passwd(3, PW3_TEST0, FACTORY_PASSPHRASE_PW3)
-    assert r
-
-def test_verify_pw3_0(card):
-    v = card.verify(3, FACTORY_PASSPHRASE_PW3)
-    assert v
-
-def test_setup_pw1_0(card):
-    r = card.change_passwd(1, PW1_TEST4, FACTORY_PASSPHRASE_PW1)
-    assert r
-
-def test_verify_pw1_0(card):
-    v = card.verify(1, FACTORY_PASSPHRASE_PW1)
-    assert v
-
-def test_verify_pw1_0_2(card):
-    v = card.verify(2, FACTORY_PASSPHRASE_PW1)
-    assert v
-
-def test_delete_reset_code(card):
-    r = card.cmd_put_data(0x00, 0xd3, b"")
-    assert r
+from card_test_personalize_reset import *

tests/test_003_remove_keys.py

@@ -1,43 +1 @@
-"""
-test_remove_keys.py - test removing keys on card
-
-Copyright (C) 2016, 2018  g10 Code GmbH
-Author: NIIBE Yutaka <gniibe@fsij.org>
-
-This file is a part of Gnuk, a GnuPG USB Token implementation.
-
-Gnuk is free software: you can redistribute it and/or modify it
-under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-Gnuk is distributed in the hope that it will be useful, but WITHOUT
-ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
-License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-"""
-
-# Remove a key material on card by changing algorithm attributes of the key
-
-from card_const import *
-
-def test_rsa_keyattr_change_1(card):
-    r = card.cmd_put_data(0x00, 0xc1, KEY_ATTRIBUTES_RSA4K)
-    if r:
-        r = card.cmd_put_data(0x00, 0xc1, KEY_ATTRIBUTES_RSA2K)
-    assert r
-
-def test_rsa_keyattr_change_2(card):
-    r = card.cmd_put_data(0x00, 0xc2, KEY_ATTRIBUTES_RSA4K)
-    if r:
-        r = card.cmd_put_data(0x00, 0xc2, KEY_ATTRIBUTES_RSA2K)
-    assert r
-
-def test_rsa_keyattr_change_3(card):
-    r = card.cmd_put_data(0x00, 0xc3, KEY_ATTRIBUTES_RSA4K)
-    if r:
-        r = card.cmd_put_data(0x00, 0xc3, KEY_ATTRIBUTES_RSA2K)
-    assert r
+from card_test_remove_keys import *

tests/test_004_reset_pw3.py

@@ -1,41 +1 @@
-"""
-test_004_reset_pw3.py - test resetting pw3
-
-Copyright (C) 2018  g10 Code GmbH
-Author: NIIBE Yutaka <gniibe@fsij.org>
-
-This file is a part of Gnuk, a GnuPG USB Token implementation.
-
-Gnuk is free software: you can redistribute it and/or modify it
-under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-Gnuk is distributed in the hope that it will be useful, but WITHOUT
-ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
-License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-"""
-
-from card_const import *
-
-# Gnuk specific feature of clear PW3
-def test_setup_pw3_null(card):
-    r = card.change_passwd(3, FACTORY_PASSPHRASE_PW3, None)
-    assert r
-
-def test_verify_pw3(card):
-    v = card.verify(3, FACTORY_PASSPHRASE_PW3)
-    assert v
-
-# Check PW1 again to see the possiblity of admin-less mode
-def test_verify_pw1(card):
-    v = card.verify(1, FACTORY_PASSPHRASE_PW1)
-    assert v
-
-def test_verify_pw1_2(card):
-    v = card.verify(2, FACTORY_PASSPHRASE_PW1)
-    assert v
+from card_test_reset_pw3 import *

tests/test_005_personalize_admin_less.py

@@ -1,7 +1,7 @@
 """
 test_005_personalize_admin_less.py - test admin-less mode
 
-Copyright (C) 2016, 2018  g10 Code GmbH
+Copyright (C) 2016, 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 
 This file is a part of Gnuk, a GnuPG USB Token implementation.
@@ -20,291 +20,9 @@ You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 
-from struct import pack
-from re import match, DOTALL
-from util import *
-import rsa_keys
-from card_const import *
-from constants_for_test import *
+from skip_gnuk_only_tests import *
 
-def test_verify_pw3_0(card):
-    v = card.verify(3, FACTORY_PASSPHRASE_PW3)
-    assert v
-
-def test_rsa_import_key_1(card):
-    t = rsa_keys.build_privkey_template(1, 0)
-    r = card.cmd_put_data_odd(0x3f, 0xff, t)
-    assert r
-
-def test_rsa_import_key_2(card):
-    t = rsa_keys.build_privkey_template(2, 1)
-    r = card.cmd_put_data_odd(0x3f, 0xff, t)
-    assert r
-
-def test_rsa_import_key_3(card):
-    t = rsa_keys.build_privkey_template(3, 2)
-    r = card.cmd_put_data_odd(0x3f, 0xff, t)
-    assert r
-
-def test_fingerprint_1_put(card):
-    fpr1 = rsa_keys.fpr[0]
-    r = card.cmd_put_data(0x00, 0xc7, fpr1)
-    assert r
-
-def test_fingerprint_2_put(card):
-    fpr2 = rsa_keys.fpr[1]
-    r = card.cmd_put_data(0x00, 0xc8, fpr2)
-    assert r
-
-def test_fingerprint_3_put(card):
-    fpr3 = rsa_keys.fpr[2]
-    r = card.cmd_put_data(0x00, 0xc9, fpr3)
-    assert r
-
-def test_timestamp_1_put(card):
-    timestamp1 = rsa_keys.timestamp[0]
-    r = card.cmd_put_data(0x00, 0xce, timestamp1)
-    assert r
-
-def test_timestamp_2_put(card):
-    timestamp2 = rsa_keys.timestamp[1]
-    r = card.cmd_put_data(0x00, 0xcf, timestamp2)
-    assert r
-
-def test_timestamp_3_put(card):
-    timestamp3 = rsa_keys.timestamp[2]
-    r = card.cmd_put_data(0x00, 0xd0, timestamp3)
-    assert r
-
-def test_ds_counter_0(card):
-    c = get_data_object(card, 0x7a)
-    assert c == b'\x93\x03\x00\x00\x00'
-
-def test_pw1_status(card):
-    s = get_data_object(card, 0xc4)
-    assert match(b'\x01...\x03[\x00\x03]\x03', s, DOTALL)
-
-def test_app_data(card):
-    app_data = get_data_object(card, 0x6e)
-    hist_len = app_data[20]
-    # FIXME: parse and check DO of C0, C1, C2, C3, C4, and C6
-    assert app_data[0:8] == b"\x4f\x10\xd2\x76\x00\x01\x24\x01" and \
-           app_data[18:18+2] == b"\x5f\x52"
-
-def test_public_key_1(card):
-    pk = card.cmd_get_public_key(1)
-    assert rsa_keys.key[0][0] == pk[9:9+256]
-
-def test_public_key_2(card):
-    pk = card.cmd_get_public_key(2)
-    assert rsa_keys.key[1][0] == pk[9:9+256]
-
-def test_public_key_3(card):
-    pk = card.cmd_get_public_key(3)
-    assert rsa_keys.key[2][0] == pk[9:9+256]
-
-# Changing PW1 to admin-less mode
-
-def test_setup_pw1_0(card):
-    r = card.change_passwd(1, FACTORY_PASSPHRASE_PW1, PW1_TEST0)
-    assert r
-
-# Now, it's admin-less mode, auth-status admin cleared
-
-def test_verify_pw3_fail_1(card):
-    try:
-        v = card.verify(3, FACTORY_PASSPHRASE_PW3)
-    except ValueError as e:
-        v = False
-    assert not v
-
-def test_verify_pw1_0(card):
-    v = card.verify(1, PW1_TEST0)
-    assert v
-
-def test_verify_pw1_0_2(card):
-    v = card.verify(2, PW1_TEST0)
-    assert v
-
-def test_setup_pw1_1(card):
-    r = card.change_passwd(1, PW1_TEST0, PW1_TEST1)
-    assert r
-
-def test_verify_pw1_1(card):
-    v = card.verify(1, PW1_TEST1)
-    assert v
-
-def test_verify_pw1_1_2(card):
-    v = card.verify(2, PW1_TEST1)
-    assert v
-
-def test_verify_pw3_admin_less_1(card):
-    v = card.verify(3, PW1_TEST1)
-    assert v
-
-def test_setup_reset_code(card):
-    r = card.setup_reset_code(RESETCODE_TEST)
-    assert r
-
-def test_reset_code(card):
-    r = card.reset_passwd_by_resetcode(RESETCODE_TEST, PW1_TEST2)
-    assert r
-
-# Changing PW1, auth status for admin cleared
-def test_login_put_fail(card):
-    try:
-        r = card.cmd_put_data(0x00, 0x5e, b"gpg_user")
-    except ValueError as e:
-        r = e.args[0]
-    assert r == "6982"
-
-def test_verify_pw1_2(card):
-    v = card.verify(1, PW1_TEST2)
-    assert v
-
-def test_verify_pw1_2_2(card):
-    v = card.verify(2, PW1_TEST2)
-    assert v
-
-def test_verify_pw3_fail_2(card):
-    try:
-        v = card.verify(3, FACTORY_PASSPHRASE_PW3)
-    except ValueError as e:
-        v = e.args[0]
-    assert v == "6982"
-
-def test_sign_0(card):
-    digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT0)
-    r = card.cmd_pso(0x9e, 0x9a, digestinfo)
-    sig = rsa_keys.compute_signature(0, digestinfo)
-    sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big')
-    assert r == sig_bytes
-
-# Since forcesig setting, failed
-def test_sign_1(card):
-    digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT1)
-    try:
-        r = card.cmd_pso(0x9e, 0x9a, digestinfo)
-    except ValueError as e:
-        r = e.args[0]
-    assert r == "6982"
-
-def test_ds_counter_1(card):
-    c = get_data_object(card, 0x7a)
-    assert c == b'\x93\x03\x00\x00\x01'
-
-def test_sign_auth_0(card):
-    digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT0)
-    r = card.cmd_internal_authenticate(digestinfo)
-    sig = rsa_keys.compute_signature(2, digestinfo)
-    sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big')
-    assert r == sig_bytes
-
-def test_sign_auth_1(card):
-    digestinfo = rsa_keys.compute_digestinfo(PLAIN_TEXT1)
-    r = card.cmd_internal_authenticate(digestinfo)
-    sig = rsa_keys.compute_signature(2, digestinfo)
-    sig_bytes = sig.to_bytes(int((sig.bit_length()+7)/8), byteorder='big')
-    assert r == sig_bytes
-
-def test_decrypt_0(card):
-    ciphertext = rsa_keys.encrypt(1, PLAIN_TEXT0)
-    r = card.cmd_pso(0x80, 0x86, ciphertext)
-    assert r == PLAIN_TEXT0
-
-def test_decrypt_1(card):
-    ciphertext = rsa_keys.encrypt(1, PLAIN_TEXT1)
-    r = card.cmd_pso(0x80, 0x86, ciphertext)
-    assert r == PLAIN_TEXT1
-
-def test_verify_pw3_admin_less_2(card):
-    v = card.verify(3, PW1_TEST2)
-    assert v
-
-def test_login_put(card):
-    r = card.cmd_put_data(0x00, 0x5e, b"gpg_user")
-    assert r
-
-def test_name_put(card):
-    r = card.cmd_put_data(0x00, 0x5b, b"GnuPG User")
-    assert r
-
-def test_lang_put(card):
-    r = card.cmd_put_data(0x5f, 0x2d, b"ja")
-    assert r
-
-def test_sex_put(card):
-    r = card.cmd_put_data(0x5f, 0x35, b"1")
-    assert r
-
-def test_url_put(card):
-    r = card.cmd_put_data(0x5f, 0x50, b"https://www.fsij.org/gnuk/")
-    assert r
-
-def test_pw1_status_put(card):
-    r = card.cmd_put_data(0x00, 0xc4, b"\x01")
-    assert r
-
-def test_login(card):
-    login = get_data_object(card, 0x5e)
-    assert login == b"gpg_user"
-
-def test_name_lang_sex(card):
-    name = b"GnuPG User"
-    lang = b"ja"
-    sex = b"1"
-    expected = b'\x5b' + pack('B', len(name)) + name \
-               +  b'\x5f\x2d' + pack('B', len(lang)) + lang \
-               + b'\x5f\x35' + pack('B', len(sex)) + sex
-    name_lang_sex = get_data_object(card, 0x65)
-    assert name_lang_sex == expected
-
-def test_url(card):
-    url = get_data_object(card, 0x5f50)
-    assert url == b"https://www.fsij.org/gnuk/"
-
-def test_pw1_status(card):
-    s = get_data_object(card, 0xc4)
-    assert match(b'\x01...\x03[\x00\x03]\x03', s, DOTALL)
-
-# Setting PW3, changed to admin-full mode
-
-def test_setup_pw3_1(card):
-    r = card.change_passwd(3, PW1_TEST2, PW3_TEST1)
-    assert r
-
-def test_verify_pw3_1(card):
-    v = card.verify(3, PW3_TEST1)
-    assert v
-
-def test_reset_userpass_admin(card):
-    r = card.reset_passwd_by_admin(PW1_TEST3)
-    assert r
-
-def test_verify_pw1_3(card):
-    v = card.verify(1, PW1_TEST3)
-    assert v
-
-def test_verify_pw1_3_2(card):
-    v = card.verify(2, PW1_TEST3)
-    assert v
-
-def test_setup_pw1_4(card):
-    r = card.change_passwd(1, PW1_TEST3, PW1_TEST4)
-    assert r
-
-def test_verify_pw1_4(card):
-    v = card.verify(1, PW1_TEST4)
-    assert v
-
-def test_verify_pw1_4_2(card):
-    v = card.verify(2, PW1_TEST4)
-    assert v
-
-def test_setup_pw3_2(card):
-    r = card.change_passwd(3, PW3_TEST1, PW3_TEST0)
-    assert r
-
-def test_verify_pw3_2(card):
-    v = card.verify(3, PW3_TEST0)
-    assert v
+from card_test_personalize_admin_less import *
+from card_test_personalize_reset import *
+from card_test_remove_keys import *
+from card_test_reset_pw3 import *

tests/test_006_personalize_reset.py

@@ -1 +0,0 @@
-test_002_personalize_reset.py

tests/test_007_remove_keys.py

@@ -1 +0,0 @@
-test_003_remove_keys.py

tests/test_008_reset_pw3.py

@@ -1 +0,0 @@
-test_004_reset_pw3.py

tests/test_009_keygen.py

@@ -1,7 +1,7 @@
 """
 test_005_keygen.py - test key generation
 
-Copyright (C) 2018  g10 Code GmbH
+Copyright (C) 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 
 This file is a part of Gnuk, a GnuPG USB Token implementation.
@@ -20,64 +20,5 @@ You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 
-from binascii import hexlify
-import rsa_keys
-from card_const import *
-
-def test_keygen_1(card):
-    pk = card.cmd_genkey(1)
-    fpr_date = rsa_keys.calc_fpr(pk[0], pk[1])
-    r = card.cmd_put_data(0x00, 0xc7, fpr_date[0])
-    if r:
-        r = card.cmd_put_data(0x00, 0xce, fpr_date[1])
-    assert r
-
-def test_keygen_2(card):
-    pk = card.cmd_genkey(2)
-    fpr_date = rsa_keys.calc_fpr(pk[0], pk[1])
-    r = card.cmd_put_data(0x00, 0xc8, fpr_date[0])
-    if r:
-        r = card.cmd_put_data(0x00, 0xcf, fpr_date[1])
-    assert r
-
-def test_keygen_3(card):
-    pk = card.cmd_genkey(3)
-    fpr_date = rsa_keys.calc_fpr(pk[0], pk[1])
-    r = card.cmd_put_data(0x00, 0xc9, fpr_date[0])
-    if r:
-        r = card.cmd_put_data(0x00, 0xd0, fpr_date[1])
-    assert r
-
-def test_verify_pw1(card):
-    v = card.cmd_verify(1, FACTORY_PASSPHRASE_PW1)
-    assert v
-
-def test_signature_sigkey(card):
-    msg = b"Sign me please"
-    pk = card.cmd_get_public_key(1)
-    pk_info = (pk[9:9+256], pk[9+256+2:9+256+2+3])
-    digest = rsa_keys.compute_digestinfo(msg)
-    sig = int(hexlify(card.cmd_pso(0x9e, 0x9a, digest)),16)
-    r = rsa_keys.verify_signature(pk_info, digest, sig)
-    assert r
-
-def test_verify_pw1_2(card):
-    v = card.cmd_verify(2, FACTORY_PASSPHRASE_PW1)
-    assert v
-
-def test_decryption(card):
-    msg = b"encrypt me please"
-    pk = card.cmd_get_public_key(2)
-    pk_info = (pk[9:9+256], pk[9+256+2:9+256+2+3])
-    ciphertext = rsa_keys.encrypt_with_pubkey(pk_info, msg)
-    r = card.cmd_pso(0x80, 0x86, ciphertext)
-    assert r == msg
-
-def test_signature_authkey(card):
-    msg = b"Sign me please to authenticate"
-    pk = card.cmd_get_public_key(3)
-    pk_info = (pk[9:9+256], pk[9+256+2:9+256+2+3])
-    digest = rsa_keys.compute_digestinfo(msg)
-    sig = int(hexlify(card.cmd_internal_authenticate(digest)),16)
-    r = rsa_keys.verify_signature(pk_info, digest, sig)
-    assert r
+from card_test_keygen import *
+from card_test_remove_keys import *

tests/test_010_remove_keys.py

@@ -1 +0,0 @@
-test_003_remove_keys.py

tests/test_011_kdf_full.py

@@ -1,7 +1,7 @@
 """
 test_007_kdf_full.py - test KDF data object
 
-Copyright (C) 2018  g10 Code GmbH
+Copyright (C) 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 
 This file is a part of Gnuk, a GnuPG USB Token implementation.
@@ -20,15 +20,10 @@ You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 
-from card_const import *
-from constants_for_test import *
+from skip_gnuk_only_tests import *
 
-def test_verify_pw3(card):
-    v = card.verify(3, FACTORY_PASSPHRASE_PW3)
-    assert v
-
-def test_kdf_put_full(card):
-    r = card.cmd_put_data(0x00, 0xf9, KDF_FULL)
-    if r:
-        card.configure_with_kdf()
-    assert r
+from card_test_kdf_full import *
+from card_test_personalize_card import *
+from card_test_personalize_reset import *
+from card_test_remove_keys import *
+from card_test_reset_pw3 import *

tests/test_012_personalize_card.py

@@ -1 +0,0 @@
-test_001_personalize_card.py

tests/test_013_personalize_reset.py

@@ -1 +0,0 @@
-test_002_personalize_reset.py

tests/test_014_remove_keys.py

@@ -1 +0,0 @@
-test_003_remove_keys.py

tests/test_015_reset_pw3.py

@@ -1 +0,0 @@
-test_004_reset_pw3.py

tests/test_016_kdf_single.py

@@ -1,7 +1,7 @@
 """
 test_012_kdf_single.py - test KDF data object
 
-Copyright (C) 2018  g10 Code GmbH
+Copyright (C) 2018, 2019  g10 Code GmbH
 Author: NIIBE Yutaka <gniibe@fsij.org>
 
 This file is a part of Gnuk, a GnuPG USB Token implementation.
@@ -20,15 +20,10 @@ You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 
-from card_const import *
-from constants_for_test import *
+from skip_gnuk_only_tests import *
 
-def test_verify_pw3(card):
-    v = card.verify(3, FACTORY_PASSPHRASE_PW3)
-    assert v
-
-def test_kdf_put_single(card):
-    r = card.cmd_put_data(0x00, 0xf9, KDF_SINGLE)
-    if r:
-        card.configure_with_kdf()
-    assert r
+from card_test_kdf_single import *
+from card_test_personalize_card import *
+from card_test_personalize_reset import *
+from card_test_remove_keys import *
+from card_test_reset_pw3 import *

tests/test_017_personalize_card.py

@@ -1 +0,0 @@
-test_001_personalize_card.py

tests/test_018_personalize_reset.py

@@ -1 +0,0 @@
-test_002_personalize_reset.py

tests/test_019_remove_keys.py

@@ -1 +0,0 @@
-test_003_remove_keys.py

tests/test_020_reset_pw3.py

@@ -1 +0,0 @@
-test_004_reset_pw3.py

tests/test_021_personalize_admin_less.py

@@ -1 +0,0 @@
-test_005_personalize_admin_less.py

tests/test_021_personalize_admin_less.py

@@ -0,0 +1 @@
+from test_005_personalize_admin_less import *

tests/test_022_personalize_reset.py

@@ -1 +0,0 @@
-test_002_personalize_reset.py

tests/test_023_remove_keys.py

@@ -1 +0,0 @@
-test_003_remove_keys.py

tests/test_024_reset_pw3.py

@@ -1 +0,0 @@
-test_004_reset_pw3.py

tests/test_025_kdf_none.py

@@ -20,6 +20,8 @@ You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 
+from skip_gnuk_only_tests import *
+
 from card_const import *
 from constants_for_test import *
 

tool/add_openpgp_authkey_from_gpgssh.py

@@ -109,15 +109,15 @@ def build_rsakey_from_ssh_key_under_gpg_agent(g, timestamp=None):
     # The information is in SEXP format, extract N and E
     s = sexp(pubkey_info_str)
     if s[0] != 'public-key':
-        print s
+        print(s)
         exit(1)
     rsa = s[1]
     if rsa[0] != 'rsa':
-        print rsa
+        print(rsa)
         exit(1)
     n_x = rsa[1]
     if n_x[0] != 'n':
-        print n_x
+        print(n_x)
         exit(1)
     n_byte_str = n_x[1]
     while n_byte_str[0] == '\x00':
@@ -125,7 +125,7 @@ def build_rsakey_from_ssh_key_under_gpg_agent(g, timestamp=None):
     n = n_byte_str
     e_x = rsa[2]
     if e_x[0] != 'e':
-        print e_x
+        print(e_x)
         exit(1)
     e = e_x[1]
     if not timestamp:

tool/calc_precompute_table_ecc.py

@@ -8,21 +8,21 @@ def print_nG(n):
    nGy_str = "%064x" % nG.y()
    print256(nGx_str)
    print256(nGy_str)
-   print
+   print()
 
 def print256(s):
    print("0x%s, 0x%s, 0x%s, 0x%s," % (s[56:64], s[48:56], s[40:48], s[32:40]))
    print("0x%s, 0x%s, 0x%s, 0x%s" %  (s[24:32], s[16:24], s[8:16], s[0:8]))
-   print
+   print()
 
 
 for i in range(1,16):
-  n = (i & 1) + (i & 2) * 0x8000000000000000L + (i & 4) * 0x40000000000000000000000000000000L + (i & 8) * 0x200000000000000000000000000000000000000000000000L
-  print "%064x" % n
+  n = (i & 1) + (i & 2) * 0x8000000000000000 + (i & 4) * 0x40000000000000000000000000000000 + (i & 8) * 0x200000000000000000000000000000000000000000000000
+  print("%064x" % n)
   print_nG(n)
 
 for i in range(1,16):
-  n = (i & 1) + (i & 2) * 0x8000000000000000L + (i & 4) * 0x40000000000000000000000000000000L + (i & 8) * 0x200000000000000000000000000000000000000000000000L
-  n = n * 0x100000000L
-  print "%064x" % n
+  n = (i & 1) + (i & 2) * 0x8000000000000000 + (i & 4) * 0x40000000000000000000000000000000 + (i & 8) * 0x200000000000000000000000000000000000000000000000
+  n = n * 0x100000000
+  print("%064x" % n)
   print_nG(n)

tool/dfuse.py

@@ -104,9 +104,9 @@ class DFU_STM32(object):
         interface: usb.Interface object representing the interface and altenate setting.
         """
         if interface.interfaceClass != DFU_CLASS:
-            raise ValueError, "Wrong interface class"
+            raise ValueError("Wrong interface class")
         if interface.interfaceSubClass != DFU_SUBCLASS:
-            raise ValueError, "Wrong interface sub class"
+            raise ValueError("Wrong interface sub class")
         self.__protocol = interface.interfaceProtocol
         self.__devhandle = device.open()
         self.__devhandle.setConfiguration(configuration)
@@ -170,7 +170,7 @@ class DFU_STM32(object):
             while s[4] == STATE_DFU_DOWNLOAD_BUSY:
                 time.sleep(0.1)
                 s = self.ll_get_status()
-            raise ValueError, "Read memory failed (%d)" % s[0]
+            raise ValueError("Read memory failed (%d)" % s[0])
 
     def dfuse_set_address_pointer(self, address):
         bytes = get_four_bytes (address)
@@ -181,7 +181,7 @@ class DFU_STM32(object):
             time.sleep(0.1)
             s = self.ll_get_status()
         if s[4] != STATE_DFU_DOWNLOAD_IDLE:
-            raise ValueError, "Set Address Pointer failed"
+            raise ValueError("Set Address Pointer failed")
 
     def dfuse_erase(self, address):
         bytes = get_four_bytes (address)
@@ -191,7 +191,7 @@ class DFU_STM32(object):
             time.sleep(0.1)
             s = self.ll_get_status()
         if s[4] != STATE_DFU_DOWNLOAD_IDLE:
-            raise ValueError, "Erase failed"
+            raise ValueError("Erase failed")
 
     def dfuse_write_memory(self, block):
         blocknum = self.__blocknum
@@ -202,7 +202,7 @@ class DFU_STM32(object):
             time.sleep(0.1)
             s = self.ll_get_status()
         if s[4] != STATE_DFU_DOWNLOAD_IDLE:
-            raise ValueError, "Write memory failed"
+            raise ValueError("Write memory failed")
 
     def download(self, ih):
         # First, erase pages
@@ -280,7 +280,7 @@ class DFU_STM32(object):
             elif s[4] == STATE_DFU_MANIFEST_WAIT_RESET:
                 self.__devhandle.reset()
             elif s[4] != STATE_DFU_IDLE:
-                raise ValueError, "write failed (%d)." % s[4]
+                raise ValueError("write failed (%d)." % s[4])
         else:
             self.ll_clear_status()
             self.ll_clear_status()
@@ -315,7 +315,7 @@ class DFU_STM32(object):
                 j = 0
                 for c in data[0:(addr + 1024 - start_addr)]:
                     if (ord(c)&0xff) != block[j + start_addr - addr]:
-                        raise ValueError, "verify failed at %08x" % (addr + i*1024+j)
+                        raise ValueError("verify failed at %08x" % (addr + i*1024+j))
                     j += 1
                 data = data[(addr + 1024 - start_addr):]
                 addr += 1024
@@ -330,7 +330,7 @@ class DFU_STM32(object):
                 j = 0
                 for c in data[i*1024:(i+1)*1024]:
                     if (ord(c)&0xff) != block[j]:
-                        raise ValueError, "verify failed at %08x" % (addr + i*1024+j)
+                        raise ValueError("verify failed at %08x" % (addr + i*1024+j))
                     j += 1
                 if i & 0x03 == 0x03:
                     sys.stdout.write("#")
@@ -367,25 +367,25 @@ def get_device():
                                 (alt.interfaceProtocol == DFU_STM32PROTOCOL_0 or \
                                      alt.interfaceProtocol == DFU_STM32PROTOCOL_2):
                             return dev, config, alt
-    raise ValueError, "Device not found"
+    raise ValueError("Device not found")
 
 def main(filename):
     dev, config, intf = get_device()
-    print "Device:", dev.filename
-    print "Configuration", config.value
-    print "Interface", intf.interfaceNumber
+    print("Device:", dev.filename)
+    print("Configuration", config.value)
+    print("Interface", intf.interfaceNumber)
     dfu = DFU_STM32(dev, config, intf)
-    print dfu.ll_get_string(intf.iInterface)
+    print(dfu.ll_get_string(intf.iInterface))
     s = dfu.ll_get_status()
     if s[4] == STATE_DFU_ERROR:
         dfu.ll_clear_status()
     s = dfu.ll_get_status()
-    print s
+    print(s)
     if s[4] == STATE_DFU_IDLE:
         exit
     transfer_size = 1024
     if s[0] != DFU_STATUS_OK:
-        print s
+        print(s)
         exit
     ih = intel_hex(filename)
     dfu.download(ih)

tool/dump_mem.py

@@ -27,22 +27,22 @@ from dfuse import *
 
 dev, config, intf = get_device()
 dfu = DFU_STM32(dev, config, intf)
-print dfu.ll_get_string(intf.iInterface)
+print(dfu.ll_get_string(intf.iInterface))
 s = dfu.ll_get_status()
 dfu.ll_clear_status()
 s = dfu.ll_get_status()
-print s
+print(s)
 dfu.dfuse_set_address_pointer(int(sys.argv[1], 16))
 s = dfu.ll_get_status()
 dfu.ll_clear_status()
 s = dfu.ll_get_status()
 dfu.ll_clear_status()
 s = dfu.ll_get_status()
-print s
+print(s)
 block = dfu.dfuse_read_memory()
 count = 0
 for d in block:
-    print "%02x" % d,
+    print("%02x" % d)
     if count & 0x0f == 0x0f:
         print
     count += 1

tool/get_raw_public_key.py

@@ -20,7 +20,7 @@ def get_gpg_public_key(keygrip):
     pos_last = key.index(")(1:e3:")
     key = key[pos:pos_last]
     if len(key) != 256:
-        raise ValueError, binascii.hexlify(key)
+        raise ValueError(binascii.hexlify(key))
     return key
 
 if __name__ == '__main__':

tool/gnuk-emulation-setup

@@ -1,48 +0,0 @@
-#! /bin/sh
-#
-# gnuk-emulation-setup - Generate flash image for Gnuk
-#
-# Copyright (C) 2017  Free Software Initiative of Japan
-# Author: NIIBE Yutaka <gniibe@fsij.org>
-#
-# This file is a part of Gnuk, a GnuPG USB Token implementation.
-#
-# Gnuk is free software: you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Gnuk is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
-# License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-if test "$1" = "--help"; then
-    echo "Usage:"
-    echo "	$0 [output-file]"
-    echo "		Generate Gnuk flash image"
-    echo "	$0 --help"
-    echo "		Show this message"
-    exit 0
-fi
-
-OUTPUT_FILE=${1:-$HOME/.gnuk-flash-image}
-
-# Generate 8192-byte flash data into OUTPUT_FILE
-
-exec > $OUTPUT_FILE
-
-for i in $(seq 512); do
-    /bin/echo -n -e '\xff\xff\xff\xff\xff\xff\xff\xff'
-done
-
-/bin/echo -n -e '\x00\x00\xff\xff\xff\xff\xff\xff'
-
-for i in $(seq 511); do
-    /bin/echo -n -e '\xff\xff\xff\xff\xff\xff\xff\xff'
-done
-
-chmod og-rw $OUTPUT_FILE

tool/gnuk_get_random.py

@@ -0,0 +1,21 @@
+#! /usr/bin/python3
+
+from gnuk_token import get_gnuk_device, gnuk_token
+from binascii import hexlify
+import sys
+
+if __name__ == '__main__':
+    count = 0
+    gnuk = get_gnuk_device()
+    gnuk.cmd_select_openpgp()
+    looping = (len(sys.argv) > 1)
+    while True:
+        try:
+            challenge = gnuk.cmd_get_challenge().tobytes()
+        except Exception as e:
+            print(count)
+            raise e
+        print(hexlify(challenge))
+        count = count + 1
+        if not looping:
+            break

tool/gnuk_put_binary_libusb.py

@@ -1,10 +1,10 @@
-#! /usr/bin/python
+#! /usr/bin/python3
 
 """
 gnuk_put_binary.py - a tool to put binary to Gnuk Token
 This tool is for importing certificate, writing serial number, etc.
 
-Copyright (C) 2011, 2012 Free Software Initiative of Japan
+Copyright (C) 2011, 2012, 2021 Free Software Initiative of Japan
 Author: NIIBE Yutaka <gniibe@fsij.org>
 
 This file is a part of Gnuk, a GnuPG USB Token implementation.
@@ -56,7 +56,7 @@ def main(fileid, is_update, data, passwd):
     if fileid == 0:
         data_in_device = gnuk.cmd_get_data(0x00, 0x4f)
         print(' '.join([ "%02x" % d for d in data_in_device ]))
-        compare(data + b'\x00\x00', data_in_device[8:].tostring())
+        compare(data + b'\x00\x00', data_in_device[8:].tobytes())
     elif fileid >= 1 and fileid <= 4:
         data_in_device = gnuk.cmd_read_binary(fileid)
         compare(data, data_in_device)

tool/gnuk_remove_keys_libusb.py

@@ -1,9 +1,9 @@
-#! /usr/bin/python
+#! /usr/bin/python3
 
 """
 gnuk_remove_keys_libusb.py - a tool to remove keys in Gnuk Token
 
-Copyright (C) 2012, 2018 Free Software Initiative of Japan
+Copyright (C) 2012, 2018, 2021 Free Software Initiative of Japan
 Author: NIIBE Yutaka <gniibe@fsij.org>
 
 This file is a part of Gnuk, a GnuPG USB Token implementation.
@@ -51,7 +51,7 @@ def main(passwd):
         gnuk.icc_power_on()
     gnuk.cmd_select_openpgp()
     # Compute passwd data
-    kdf_data = gnuk.cmd_get_data(0x00, 0xf9).tostring()
+    kdf_data = gnuk.cmd_get_data(0x00, 0xf9).tobytes()
     if kdf_data == b"":
         passwd_data = passwd.encode('UTF-8')
     else:

tool/gnuk_token.py

@@ -30,6 +30,7 @@ from array import array
 USB_PRODUCT_LIST=[
     { 'vendor' : 0x234b, 'product' : 0x0000 }, # FSIJ Gnuk Token
     { 'vendor' : 0x20a0, 'product' : 0x4211 }, # Nitrokey Start
+    { 'vendor' : 0x1209, 'product' : 0x2440 }, # GnuPG e.V.
 ]
 
 # USB class, subclass, protocol
@@ -74,6 +75,7 @@ class gnuk_token(object):
             raise ValueError("Wrong interface sub class")
         self.__devhandle = device.open()
         self.__devhandle.claimInterface(interface)
+        self.__devhandle.setAltInterface(interface)
 
         self.__intf = interface.interfaceNumber
         self.__alt = interface.alternateSetting
@@ -86,11 +88,17 @@ class gnuk_token(object):
                         alt.interfaceSubClass == HID_SUBCLASS_NO_BOOT and \
                         alt.interfaceProtocol == HID_PROTOCOL_0:
                     self.__hid_intf = alt.interfaceNumber
+                elif alt.interfaceClass == CCID_CLASS and \
+                        alt.interfaceSubClass == CCID_SUBCLASS and \
+                        alt.interfaceProtocol == CCID_PROTOCOL_0:
+                    for endpoint in alt.endpoints:
+                        if endpoint.type == usb.ENDPOINT_TYPE_BULK:
+                            if endpoint.address & usb.ENDPOINT_DIR_MASK == usb.ENDPOINT_IN:
+                                self.__bulkin = endpoint.address
+                            else:
+                                self.__bulkout = endpoint.address
 
-        self.__bulkout = 1
-        self.__bulkin  = 0x81
-
-        self.__timeout = 10000
+        self.__timeout = 100000
         self.__seq = 0
 
     def get_string(self, num):

tool/gnuk_upgrade.py

@@ -1,9 +1,9 @@
-#! /usr/bin/python
+#! /usr/bin/python3
 
 """
 gnuk_upgrade.py - a tool to upgrade firmware of Gnuk Token
 
-Copyright (C) 2012, 2015  Free Software Initiative of Japan
+Copyright (C) 2012, 2015, 2021  Free Software Initiative of Japan
 Author: NIIBE Yutaka <gniibe@fsij.org>
 
 This file is a part of Gnuk, a GnuPG USB Token implementation.
@@ -70,7 +70,7 @@ def gpg_sign(keygrip, hash):
         raise ValueError(binascii.hexlify(signed))
     return signed
 
-def main(keyno,keygrip, data_regnual, data_upgrade):
+def main(keyno, keygrip, data_regnual, data_upgrade):
     l = len(data_regnual)
     if (l & 0x03) != 0:
         data_regnual = data_regnual.ljust(l + 4 - (l & 0x03), b'\x00')
@@ -91,7 +91,7 @@ def main(keyno,keygrip, data_regnual, data_upgrade):
     elif icc.icc_get_status() == 1:
         icc.icc_power_on()
     icc.cmd_select_openpgp()
-    challenge = icc.cmd_get_challenge().tostring()
+    challenge = icc.cmd_get_challenge().tobytes()
     signed = gpg_sign(keygrip, binascii.hexlify(challenge))
     icc.cmd_external_authenticate(keyno, signed)
     icc.stop_gnuk()
@@ -107,17 +107,19 @@ def main(keyno,keygrip, data_regnual, data_upgrade):
     del icc
     icc = None
     #
-    print("Wait 3 seconds...")
-    time.sleep(3)
-    # Then, send upgrade program...
     reg = None
-    for dev in gnuk_devices_by_vidpid():
-        try:
-            reg = regnual(dev)
-            print("Device: %d" % dev.filename)
-            break
-        except:
-            pass
+    print("Waiting for device to appear:")
+    while reg == None:
+        print("  Wait {} second{}...".format(wait_e, 's' if wait_e > 1 else ''))
+        time.sleep(wait_e)
+        for dev in gnuk_devices_by_vidpid():
+            try:
+                reg = regnual(dev)
+                print("Device: %s" % dev.filename)
+                break
+            except:
+                pass
+    # Then, send upgrade program...
     mem_info = reg.mem_info()
     print("%08x:%08x" % mem_info)
     print("Downloading the program")

tool/pageant_proxy_to_gpg.py

@@ -28,7 +28,7 @@ from sexp import sexp
 # Assume it's only OPENPGP.3 key and it's 2048-bit
 
 def debug(string):
-    print "DEBUG: %s" % string
+    print("DEBUG: %s" % string)
     sys.stdout.flush()
 
 def get_keygrip_list(keyinfo_result):

tool/pinpadtest.py

@@ -82,7 +82,7 @@ class Card(object):
             elif code == FEATURE_MODIFY_PIN_DIRECT:
                 self.modify_ioctl = ioctl
         if self.verify_ioctl == -1:
-            raise ValueError, "Not supported"
+            raise ValueError("Not supported")
 
     def cmd_select_openpgp(self):
         apdu = [0x00, 0xa4, 0x04, 0x00, 6, 0xd2, 0x76, 0x00, 0x01, 0x24, 0x01 ]
@@ -90,7 +90,7 @@ class Card(object):
         if sw1 == 0x61:         # More data
             response, sw1, sw2 = self.connection.transmit([0x00, 0xc0, 0, 0, sw2])
         elif not (sw1 == 0x90 and sw2 == 0x00):
-            raise ValueError, ("cmd_select_openpgp %02x %02x" % (sw1, sw2))
+            raise ValueError("cmd_select_openpgp %02x %02x" % (sw1, sw2))
 
     def possibly_add_dummy_byte(self):
         if self.another_byte:
@@ -135,11 +135,11 @@ class Card(object):
         sw1 = data[0]
         sw2 = data[1]
         if not (sw1 == 0x90 and sw2 == 0x00):
-            raise ValueError, ("cmd_verify_pinpad %02x %02x" % (sw1, sw2))
+            raise ValueError("cmd_verify_pinpad %02x %02x" % (sw1, sw2))
 
     def send_modify_pinpad(self, apdu, single_step, command):
         if self.modify_ioctl == -1:
-            raise ValueError, "Not supported"
+            raise ValueError("Not supported")
         pin_modify = [ 0x00, # bTimerOut
                        0x00, # bTimerOut2
                        0x82, # bmFormatString: Byte, pos=0, left, ASCII.
@@ -171,7 +171,7 @@ class Card(object):
         sw1 = data[0]
         sw2 = data[1]
         if not (sw1 == 0x90 and sw2 == 0x00):
-            raise ValueError, ("%s %02x %02x" % (command, sw1, sw2))
+            raise ValueError("%s %02x %02x" % (command, sw1, sw2))
 
     def cmd_reset_retry_counter(self, who, data):
         if who == BY_ADMIN:
@@ -180,7 +180,7 @@ class Card(object):
             apdu = [0x00, 0x2c, 0x00, 0x81, len(data) ] + data # BY_USER with resetcode
         response, sw1, sw2 = self.connection.transmit(apdu)
         if not (sw1 == 0x90 and sw2 == 0x00):
-            raise ValueError, ("cmd_reset_retry_counter %02x %02x" % (sw1, sw2))
+            raise ValueError("cmd_reset_retry_counter %02x %02x" % (sw1, sw2))
 
     # Note: CCID specification doesn't permit this (only 0x20 and 0x24)
     def cmd_reset_retry_counter_pinpad(self, who):
@@ -195,7 +195,7 @@ class Card(object):
         apdu = [0x00, 0xda, 0x00, 0xd3, len(data) ] + data # BY_ADMIN
         response, sw1, sw2 = self.connection.transmit(apdu)
         if not (sw1 == 0x90 and sw2 == 0x00):
-            raise ValueError, ("cmd_put_resetcode %02x %02x" % (sw1, sw2))
+            raise ValueError("cmd_put_resetcode %02x %02x" % (sw1, sw2))
 
     # Note: CCID specification doesn't permit this (only 0x20 and 0x24)
     def cmd_put_resetcode_pinpad(self):
@@ -225,8 +225,8 @@ def main(who, method, add_a_byte, pinmin, pinmax, change_by_two_steps, fixed):
     card.connection.connect()
 
     ident = card.connection.getReader()
-    print "Reader/Token:", ident
-    print "ATR:", toHexString( card.connection.getATR() )
+    print("Reader/Token:", ident)
+    print("ATR:", toHexString( card.connection.getATR() ))
 
     if ident == COVADIS_VEGA_ALPHA:
         card.cmd_vega_alpha_disable_empty_verify()
@@ -236,29 +236,29 @@ def main(who, method, add_a_byte, pinmin, pinmax, change_by_two_steps, fixed):
     card.cmd_select_openpgp()
     if method == "verify":
         if who == BY_USER:
-            print "Please input User's PIN"
+            print("Please input User's PIN")
         else:
-            print "Please input Admin's PIN"
+            print("Please input Admin's PIN")
         card.cmd_verify_pinpad(who)
     elif method == "change":
         if change_by_two_steps:
             if who == BY_USER:
-                print "Please input User's PIN"
+                print("Please input User's PIN")
             else:
-                print "Please input Admin's PIN"
+                print("Please input Admin's PIN")
             card.cmd_verify_pinpad(who)
             if who == BY_USER:
-                print "Please input New User's PIN twice"
+                print("Please input New User's PIN twice")
             else:
-                print "Please input New Admin's PIN twice"
+                print("Please input New Admin's PIN twice")
             card.cmd_change_reference_data_pinpad(who, True)
         else:
             if who == BY_USER:
-                print "Please input User's PIN"
-                print "and New User's PIN twice"
+                print("Please input User's PIN")
+                print("and New User's PIN twice")
             else:
-                print "Please input Admin's PIN"
-                print "and New Admin's PIN twice"
+                print("Please input Admin's PIN")
+                print("and New Admin's PIN twice")
             card.cmd_change_reference_data_pinpad(who, False)
     elif method == "unblock":
         if change_by_two_steps:
@@ -268,66 +268,66 @@ def main(who, method, add_a_byte, pinmin, pinmax, change_by_two_steps, fixed):
                 newpin=s2l(getpass("Please input New User's PIN from keyboard: "))
                 card.cmd_reset_retry_counter(who,resetcode+newpin)
             else:
-                print "Please input Admin's PIN"
+                print("Please input Admin's PIN")
                 card.cmd_verify_pinpad(BY_ADMIN)
                 newpin=s2l(getpass("Please input New User's PIN from keyboard: "))
                 card.cmd_reset_retry_counter(who,newpin)
         else:
             if who == BY_USER:
-                print "Please input reset code"
-                print "and New User's PIN twice"
+                print("Please input reset code")
+                print("and New User's PIN twice")
             else:
-                print "Please input Admin's PIN"
+                print("Please input Admin's PIN")
                 card.cmd_verify_pinpad(BY_ADMIN)
-                print "Please input New User's PIN twice"
+                print("Please input New User's PIN twice")
             card.cmd_reset_retry_counter_pinpad(who)
     elif method == "put":
         if change_by_two_steps:
             # It means using keyboard for new PIN
-            print "Please input Admin's PIN"
+            print("Please input Admin's PIN")
             card.cmd_verify_pinpad(BY_ADMIN)
             resetcode=s2l(getpass("Please input New Reset Code from keyboard: "))
             card.cmd_put_resetcode(resetcode)
         else:
-            print "Please input Admin's PIN"
+            print("Please input Admin's PIN")
             card.cmd_verify_pinpad(BY_ADMIN)
-            print "Please input New Reset Code twice"
+            print("Please input New Reset Code twice")
             card.cmd_put_resetcode_pinpad()
     else:
-        raise ValueError, method
+        raise ValueError(method)
     card.connection.disconnect()
 
-    print "OK."
+    print("OK.")
     return 0
 
 def print_usage():
-    print "pinpad-test: testing pinentry of PC/SC card reader"
-    print "    help:"
-    print "\t--help:\t\tthis message"
-    print "    method:\t\t\t\t\t\t\t[verify]"
-    print "\t--verify:\tverify PIN"
-    print "\t--change:\tchange PIN (old PIN, new PIN twice)"
-    print "\t--change2:\tchange PIN by two steps (old PIN, new PIN twice)"
-    print "\t--unblock:\tunblock PIN (admin PIN/resetcode, new PIN twice)"
-    print "\t--unblock2:\tunblock PIN (admin PIN:pinpad, new PIN:kbd)"
-    print "\t--put:\t\tsetup resetcode (admin PIN, new PIN twice)"
-    print "\t--put2::\t\tsetup resetcode (admin PIN:pinpad, new PIN:kbd)"
-    print "    options:"
-    print "\t--fixed N:\tUse fixed length input"
-    print "\t--admin:\tby administrator\t\t\t[False]"
-    print "\t--add:\t\tadd a dummy byte at the end of APDU\t[False]"
-    print "\t--pinmin:\tspecify minimum length of PIN\t\t[6]"
-    print "\t--pinmax:\tspecify maximum length of PIN\t\t[15]"
-    print "EXAMPLES:"
-    print "   $ pinpad-test                   # verify user's PIN "
-    print "   $ pinpad-test --admin           # verify admin's PIN "
-    print "   $ pinpad-test --change          # change user's PIN "
-    print "   $ pinpad-test --change --admin  # change admin's PIN "
-    print "   $ pinpad-test --change2         # change user's PIN by two steps"
-    print "   $ pinpad-test --change2 --admin # change admin's PIN by two steps"
-    print "   $ pinpad-test --unblock         # change user's PIN by reset code"
-    print "   $ pinpad-test --unblock --admin # change user's PIN by admin's PIN"
-    print "   $ pinpad-test --put             # setup resetcode "
+    print("pinpad-test: testing pinentry of PC/SC card reader")
+    print("    help:")
+    print("\t--help:\t\tthis message")
+    print("    method:\t\t\t\t\t\t\t[verify]")
+    print("\t--verify:\tverify PIN")
+    print("\t--change:\tchange PIN (old PIN, new PIN twice)")
+    print("\t--change2:\tchange PIN by two steps (old PIN, new PIN twice)")
+    print("\t--unblock:\tunblock PIN (admin PIN/resetcode, new PIN twice)")
+    print("\t--unblock2:\tunblock PIN (admin PIN:pinpad, new PIN:kbd)")
+    print("\t--put:\t\tsetup resetcode (admin PIN, new PIN twice)")
+    print("\t--put2::\t\tsetup resetcode (admin PIN:pinpad, new PIN:kbd)")
+    print("    options:")
+    print("\t--fixed N:\tUse fixed length input")
+    print("\t--admin:\tby administrator\t\t\t[False]")
+    print("\t--add:\t\tadd a dummy byte at the end of APDU\t[False]")
+    print("\t--pinmin:\tspecify minimum length of PIN\t\t[6]")
+    print("\t--pinmax:\tspecify maximum length of PIN\t\t[15]")
+    print("EXAMPLES:")
+    print("   $ pinpad-test                   # verify user's PIN ")
+    print("   $ pinpad-test --admin           # verify admin's PIN ")
+    print("   $ pinpad-test --change          # change user's PIN ")
+    print("   $ pinpad-test --change --admin  # change admin's PIN ")
+    print("   $ pinpad-test --change2         # change user's PIN by two steps")
+    print("   $ pinpad-test --change2 --admin # change admin's PIN by two steps")
+    print("   $ pinpad-test --unblock         # change user's PIN by reset code")
+    print("   $ pinpad-test --unblock --admin # change user's PIN by admin's PIN")
+    print("   $ pinpad-test --put             # setup resetcode ")
 
 if __name__ == '__main__':
     who = BY_USER
@@ -374,7 +374,7 @@ if __name__ == '__main__':
             print_usage()
             exit(0)
         else:
-            raise ValueError, option
+            raise ValueError(option)
     main(who, method, add_a_byte, pinmin, pinmax, change_by_two_steps, fixed)
 
 # Failure

tool/upgrade_by_passwd.py

@@ -1,10 +1,10 @@
-#! /usr/bin/python
+#! /usr/bin/python3
 
 """
 upgrade_by_passwd.py - a tool to install another firmware for Gnuk Token
                        which is just shipped from factory
 
-Copyright (C) 2012, 2013, 2015, 2018
+Copyright (C) 2012, 2013, 2015, 2018, 2021
               Free Software Initiative of Japan
 Author: NIIBE Yutaka <gniibe@fsij.org>
 
@@ -52,7 +52,7 @@ def main(wait_e, keyno, passwd, data_regnual, data_upgrade):
     gnuk.cmd_select_openpgp()
     # Compute passwd data
     try:
-        kdf_data = gnuk.cmd_get_data(0x00, 0xf9).tostring()
+        kdf_data = gnuk.cmd_get_data(0x00, 0xf9).tobytes()
     except:
         kdf_data = b""
     if kdf_data == b"":
@@ -70,7 +70,7 @@ def main(wait_e, keyno, passwd, data_regnual, data_upgrade):
     gnuk.cmd_write_binary(1+keyno, rsa_raw_pubkey, False)
 
     gnuk.cmd_select_openpgp()
-    challenge = gnuk.cmd_get_challenge().tostring()
+    challenge = gnuk.cmd_get_challenge().tobytes()
     digestinfo = binascii.unhexlify(SHA256_OID_PREFIX) + challenge
     signed = rsa.compute_signature(rsa_key, digestinfo)
     signed_bytes = rsa.integer_to_bytes_256(signed)