mirror of
https://salsa.debian.org/gnuk-team/gnuk/gnuk.git
synced 2024-09-20 02:40:08 +00:00
New test suite for OpenPGP card
This commit is contained in:
parent
47150b5c98
commit
c1cc75f5b0
2
.gitignore
vendored
2
.gitignore
vendored
@ -12,3 +12,5 @@ regnual/regnual.bin
|
||||
regnual/regnual.hex
|
||||
regnual/regnual.elf
|
||||
doc/_build
|
||||
tests/.cache
|
||||
tests/__pycache__
|
||||
|
9
tests/README
Normal file
9
tests/README
Normal file
@ -0,0 +1,9 @@
|
||||
Here is a test suite for OpenPGP card.
|
||||
|
||||
You need to install:
|
||||
|
||||
$ sudo apt-get install python3-pytest python3-usb
|
||||
|
||||
Please run test by typing:
|
||||
|
||||
$ py.test-3 -x
|
225
tests/card_reader.py
Normal file
225
tests/card_reader.py
Normal file
@ -0,0 +1,225 @@
|
||||
"""
|
||||
card_reader.py - a library for smartcard reader
|
||||
|
||||
Copyright (C) 2016 Free Software Initiative of Japan
|
||||
Author: NIIBE Yutaka <gniibe@fsij.org>
|
||||
|
||||
This file is a part of Gnuk, a GnuPG USB Token implementation.
|
||||
|
||||
Gnuk is free software: you can redistribute it and/or modify it
|
||||
under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
Gnuk is distributed in the hope that it will be useful, but WITHOUT
|
||||
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
|
||||
License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
"""
|
||||
|
||||
import usb.core
|
||||
from struct import pack
|
||||
from usb.util import find_descriptor, claim_interface, get_string, \
|
||||
endpoint_type, endpoint_direction, \
|
||||
ENDPOINT_TYPE_BULK, ENDPOINT_OUT, ENDPOINT_IN
|
||||
|
||||
# USB class, subclass, protocol
|
||||
CCID_CLASS = 0x0B
|
||||
CCID_SUBCLASS = 0x00
|
||||
CCID_PROTOCOL_0 = 0x00
|
||||
|
||||
def ccid_compose(msg_type, seq, slot=0, rsv=0, param=0, data=b""):
|
||||
return pack('<BiBBBH', msg_type, len(data), slot, seq, rsv, param) + data
|
||||
|
||||
IFSC=254
|
||||
|
||||
class CardReader(object):
|
||||
def __init__(self, dev):
|
||||
"""
|
||||
__init__(dev) -> None
|
||||
Initialize the DEV of CCID.
|
||||
device: usb.core.Device object.
|
||||
"""
|
||||
|
||||
cfg = dev.get_active_configuration()
|
||||
intf = find_descriptor(cfg, bInterfaceClass=CCID_CLASS,
|
||||
bInterfaceSubClass=CCID_SUBCLASS,
|
||||
bInterfaceProtocol=CCID_PROTOCOL_0)
|
||||
if intf is None:
|
||||
raise ValueError("Not a CCID device")
|
||||
|
||||
claim_interface(dev, intf)
|
||||
|
||||
for ep in intf:
|
||||
if endpoint_type(ep.bmAttributes) == ENDPOINT_TYPE_BULK and \
|
||||
endpoint_direction(ep.bEndpointAddress) == ENDPOINT_OUT:
|
||||
self.__bulkout = ep.bEndpointAddress
|
||||
if endpoint_type(ep.bmAttributes) == ENDPOINT_TYPE_BULK and \
|
||||
endpoint_direction(ep.bEndpointAddress) == ENDPOINT_IN:
|
||||
self.__bulkin = ep.bEndpointAddress
|
||||
|
||||
assert len(intf.extra_descriptors) == 54
|
||||
assert intf.extra_descriptors[1] == 33
|
||||
|
||||
if (intf.extra_descriptors[42] & 0x02):
|
||||
# Short APDU level exchange
|
||||
self.__use_APDU = True
|
||||
elif (intf.extra_descriptors[42] & 0x04):
|
||||
# Short and extended APDU level exchange
|
||||
self.__use_APDU = True
|
||||
elif (intf.extra_descriptors[42] & 0x01):
|
||||
# TPDU level exchange
|
||||
self.__use_APDU = False
|
||||
else:
|
||||
raise ValueError("Unknown exchange level")
|
||||
|
||||
# Check other bits???
|
||||
# intf.extra_descriptors[40]
|
||||
# intf.extra_descriptors[41]
|
||||
|
||||
self.__dev = dev
|
||||
self.__timeout = 10000
|
||||
self.__seq = 0
|
||||
|
||||
def get_string(self, num):
|
||||
return get_string(self.__dev, num)
|
||||
|
||||
def increment_seq(self):
|
||||
self.__seq = (self.__seq + 1) & 0xff
|
||||
|
||||
def reset_device(self):
|
||||
try:
|
||||
self.__dev.reset()
|
||||
except:
|
||||
pass
|
||||
|
||||
def ccid_get_result(self):
|
||||
msg = self.__dev.read(self.__bulkin, 1024, self.__timeout)
|
||||
if len(msg) < 10:
|
||||
print(msg)
|
||||
raise ValueError("ccid_get_result")
|
||||
msg_type = msg[0]
|
||||
data_len = msg[1] + (msg[2]<<8) + (msg[3]<<16) + (msg[4]<<24)
|
||||
slot = msg[5]
|
||||
seq = msg[6]
|
||||
status = msg[7]
|
||||
error = msg[8]
|
||||
chain = msg[9]
|
||||
data = msg[10:]
|
||||
# XXX: check msg_type, data_len, slot, seq, error
|
||||
return (status, chain, data.tobytes())
|
||||
|
||||
def ccid_get_status(self):
|
||||
msg = ccid_compose(0x65, self.__seq)
|
||||
self.__dev.write(self.__bulkout, msg, self.__timeout)
|
||||
self.increment_seq()
|
||||
status, chain, data = self.ccid_get_result()
|
||||
# XXX: check chain, data
|
||||
return status
|
||||
|
||||
def ccid_power_on(self):
|
||||
msg = ccid_compose(0x62, self.__seq, rsv=1) # Vcc=5V
|
||||
self.__dev.write(self.__bulkout, msg, self.__timeout)
|
||||
self.increment_seq()
|
||||
status, chain, data = self.ccid_get_result()
|
||||
# XXX: check status, chain
|
||||
self.atr = data
|
||||
#
|
||||
if self.__use_APDU == False:
|
||||
# TPDU reader configuration
|
||||
pps = b"\xFF\x11\x18\xF6"
|
||||
ret_pps = self.ccid_send_data_block(pps)
|
||||
#
|
||||
param = b"\x18\x10\xFF\x75\x00\xFE\x00"
|
||||
# ^--- This shoud be adapted by ATR string, see update_param_by_atr
|
||||
msg = ccid_compose(0x6d, self.__seq, rsv=0x1, data=param)
|
||||
self.__dev.write(self.__bulkout, msg, self.__timeout)
|
||||
self.increment_seq()
|
||||
ret_param = self.ccid_get_result()
|
||||
# Send an S-block
|
||||
sblk = b"\x00\xC1\x01\xFE\x3E"
|
||||
ret_sblk = self.ccid_send_data_block(sblk)
|
||||
return self.atr
|
||||
|
||||
def ccid_power_off(self):
|
||||
msg = ccid_compose(0x63, self.__seq)
|
||||
self.__dev.write(self.__bulkout, msg, self.__timeout)
|
||||
self.increment_seq()
|
||||
status, chain, data = self.ccid_get_result()
|
||||
# XXX: check chain, data
|
||||
return status
|
||||
|
||||
def ccid_send_data_block(self, data):
|
||||
msg = ccid_compose(0x6f, self.__seq, data=data)
|
||||
self.__dev.write(self.__bulkout, msg, self.__timeout)
|
||||
self.increment_seq()
|
||||
return self.ccid_get_result()
|
||||
|
||||
def ccid_send_cmd(self, data):
|
||||
status, chain, data_rcv = self.ccid_send_data_block(data)
|
||||
if chain == 0:
|
||||
while status == 0x80:
|
||||
status, chain, data_rcv = self.ccid_get_result()
|
||||
return data_rcv
|
||||
elif chain == 1:
|
||||
d = data_rcv
|
||||
while True:
|
||||
msg = ccid_compose(0x6f, self.__seq, param=0x10)
|
||||
self.__dev.write(self.__bulkout, msg, self.__timeout)
|
||||
self.increment_seq()
|
||||
status, chain, data_rcv = self.ccid_get_result()
|
||||
# XXX: check status
|
||||
d += data_rcv
|
||||
if chain == 2:
|
||||
break
|
||||
elif chain == 3:
|
||||
continue
|
||||
else:
|
||||
raise ValueError("ccid_send_cmd chain")
|
||||
return d
|
||||
else:
|
||||
raise ValueError("ccid_send_cmd")
|
||||
|
||||
def send_cmd(self, cmd):
|
||||
if self.__use_APDU:
|
||||
return self.ccid_send_cmd(cmd)
|
||||
# TPDU
|
||||
raise ValueError("TPDU not implemented yet")
|
||||
|
||||
class find_class(object):
|
||||
def __init__(self, usb_class):
|
||||
self.__class = usb_class
|
||||
def __call__(self, device):
|
||||
if device.bDeviceClass == self.__class:
|
||||
return True
|
||||
for cfg in device:
|
||||
intf = find_descriptor(cfg, bInterfaceClass=self.__class)
|
||||
if intf is not None:
|
||||
return True
|
||||
return False
|
||||
|
||||
def get_ccid_device():
|
||||
ccid = None
|
||||
dev_list = usb.core.find(find_all=True, custom_match=find_class(CCID_CLASS))
|
||||
for dev in dev_list:
|
||||
try:
|
||||
ccid = CardReader(dev)
|
||||
print("CCID device: Bus %03d Device %03d" % (dev.bus, dev.address))
|
||||
break
|
||||
except:
|
||||
pass
|
||||
if not ccid:
|
||||
raise ValueError("No CCID device present")
|
||||
status = ccid.ccid_get_status()
|
||||
if status == 0:
|
||||
# It's ON already
|
||||
atr = ccid.ccid_power_on()
|
||||
elif status == 1:
|
||||
atr = ccid.ccid_power_on()
|
||||
else:
|
||||
raise ValueError("Unknown CCID status", status)
|
||||
print(atr)
|
||||
return ccid
|
3
tests/conftest.py
Normal file
3
tests/conftest.py
Normal file
@ -0,0 +1,3 @@
|
||||
def pytest_addoption(parser):
|
||||
parser.addoption("--reader", dest="reader", type=str, action="store",
|
||||
default="gnuk", help="specify reader: gnuk or gemalto")
|
289
tests/openpgp_card.py
Normal file
289
tests/openpgp_card.py
Normal file
@ -0,0 +1,289 @@
|
||||
"""
|
||||
openpgp_card.py - a library for OpenPGP card
|
||||
|
||||
Copyright (C) 2011, 2012, 2013, 2015, 2016
|
||||
Free Software Initiative of Japan
|
||||
Author: NIIBE Yutaka <gniibe@fsij.org>
|
||||
|
||||
This file is a part of Gnuk, a GnuPG USB Token implementation.
|
||||
|
||||
Gnuk is free software: you can redistribute it and/or modify it
|
||||
under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
Gnuk is distributed in the hope that it will be useful, but WITHOUT
|
||||
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
|
||||
License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
"""
|
||||
|
||||
from struct import pack
|
||||
|
||||
def iso7816_compose(ins, p1, p2, data, cls=0x00, le=None):
|
||||
data_len = len(data)
|
||||
if data_len == 0:
|
||||
if not le:
|
||||
return pack('>BBBB', cls, ins, p1, p2)
|
||||
else:
|
||||
return pack('>BBBBB', cls, ins, p1, p2, le)
|
||||
else:
|
||||
if not le:
|
||||
return pack('>BBBBB', cls, ins, p1, p2, data_len) + data
|
||||
else:
|
||||
return pack('>BBBBB', cls, ins, p1, p2, data_len) \
|
||||
+ data + pack('>B', le)
|
||||
|
||||
class OpenPGP_Card(object):
|
||||
def __init__(self, reader):
|
||||
"""
|
||||
__init__(reader) -> None
|
||||
Initialize a OpenPGP card with a CardReader.
|
||||
reader: CardReader object.
|
||||
"""
|
||||
|
||||
self.__reader = reader
|
||||
|
||||
def cmd_get_response(self, expected_len):
|
||||
result = b""
|
||||
while True:
|
||||
cmd_data = iso7816_compose(0xc0, 0x00, 0x00, b'') + pack('>B', expected_len)
|
||||
response = self.__reader.send_cmd(cmd_data)
|
||||
result += response[:-2]
|
||||
sw = response[-2:]
|
||||
if sw[0] == 0x90 and sw[1] == 0x00:
|
||||
return result
|
||||
elif sw[0] != 0x61:
|
||||
raise ValueError("%02x%02x" % (sw[0], sw[1]))
|
||||
else:
|
||||
expected_len = sw[1]
|
||||
|
||||
def cmd_verify(self, who, passwd):
|
||||
cmd_data = iso7816_compose(0x20, 0x00, 0x80+who, passwd)
|
||||
sw = self.__reader.send_cmd(cmd_data)
|
||||
if len(sw) != 2:
|
||||
raise ValueError(sw)
|
||||
if not (sw[0] == 0x90 and sw[1] == 0x00):
|
||||
raise ValueError("%02x%02x" % (sw[0], sw[1]))
|
||||
return True
|
||||
|
||||
def cmd_read_binary(self, fileid):
|
||||
cmd_data = iso7816_compose(0xb0, 0x80+fileid, 0x00, b'')
|
||||
sw = self.__reader.send_cmd(cmd_data)
|
||||
if len(sw) != 2:
|
||||
raise ValueError(sw)
|
||||
if sw[0] != 0x61:
|
||||
raise ValueError("%02x%02x" % (sw[0], sw[1]))
|
||||
return self.cmd_get_response(sw[1])
|
||||
|
||||
def cmd_write_binary(self, fileid, data, is_update):
|
||||
count = 0
|
||||
data_len = len(data)
|
||||
if is_update:
|
||||
ins = 0xd6
|
||||
else:
|
||||
ins = 0xd0
|
||||
while count*256 < data_len:
|
||||
if count == 0:
|
||||
if len(data) < 128:
|
||||
cmd_data0 = iso7816_compose(ins, 0x80+fileid, 0x00, data[:128])
|
||||
cmd_data1 = None
|
||||
else:
|
||||
cmd_data0 = iso7816_compose(ins, 0x80+fileid, 0x00, data[:128], 0x10)
|
||||
cmd_data1 = iso7816_compose(ins, 0x80+fileid, 0x00, data[128:256])
|
||||
else:
|
||||
if len(data[256*count:256*count+128]) < 128:
|
||||
cmd_data0 = iso7816_compose(ins, count, 0x00, data[256*count:256*count+128])
|
||||
cmd_data1 = None
|
||||
else:
|
||||
cmd_data0 = iso7816_compose(ins, count, 0x00, data[256*count:256*count+128], 0x10)
|
||||
cmd_data1 = iso7816_compose(ins, count, 0x00, data[256*count+128:256*(count+1)])
|
||||
sw = self.__reader.send_cmd(cmd_data0)
|
||||
if len(sw) != 2:
|
||||
raise ValueError("cmd_write_binary 0")
|
||||
if not (sw[0] == 0x90 and sw[1] == 0x00):
|
||||
raise ValueError("cmd_write_binary 0", "%02x%02x" % (sw[0], sw[1]))
|
||||
if cmd_data1:
|
||||
sw = self.__reader.send_cmd(cmd_data1)
|
||||
if len(sw) != 2:
|
||||
raise ValueError("cmd_write_binary 1", sw)
|
||||
if not (sw[0] == 0x90 and sw[1] == 0x00):
|
||||
raise ValueError("cmd_write_binary 1", "%02x%02x" % (sw[0], sw[1]))
|
||||
count += 1
|
||||
|
||||
def cmd_select_openpgp(self):
|
||||
cmd_data = iso7816_compose(0xa4, 0x04, 0x0c, b"\xD2\x76\x00\x01\x24\x01")
|
||||
sw = self.__reader.send_cmd(cmd_data)
|
||||
if len(sw) != 2:
|
||||
raise ValueError(sw)
|
||||
if not (sw[0] == 0x90 and sw[1] == 0x00):
|
||||
raise ValueError("%02x%02x" % (sw[0], sw[1]))
|
||||
return True
|
||||
|
||||
def cmd_get_data(self, tagh, tagl):
|
||||
cmd_data = iso7816_compose(0xca, tagh, tagl, b"")
|
||||
sw = self.__reader.send_cmd(cmd_data)
|
||||
if len(sw) != 2:
|
||||
raise ValueError(sw)
|
||||
if sw[0] == 0x90 and sw[1] == 0x00:
|
||||
return b""
|
||||
elif sw[0] != 0x61:
|
||||
raise ValueError("%02x%02x" % (sw[0], sw[1]))
|
||||
return self.cmd_get_response(sw[1])
|
||||
|
||||
def cmd_change_reference_data(self, who, data):
|
||||
cmd_data = iso7816_compose(0x24, 0x00, 0x80+who, data)
|
||||
sw = self.__reader.send_cmd(cmd_data)
|
||||
if len(sw) != 2:
|
||||
raise ValueError(sw)
|
||||
if not (sw[0] == 0x90 and sw[1] == 0x00):
|
||||
raise ValueError("%02x%02x" % (sw[0], sw[1]))
|
||||
return True
|
||||
|
||||
def cmd_put_data(self, tagh, tagl, content):
|
||||
cmd_data = iso7816_compose(0xda, tagh, tagl, content)
|
||||
sw = self.__reader.send_cmd(cmd_data)
|
||||
if len(sw) != 2:
|
||||
raise ValueError(sw)
|
||||
if not (sw[0] == 0x90 and sw[1] == 0x00):
|
||||
raise ValueError("%02x%02x" % (sw[0], sw[1]))
|
||||
return True
|
||||
|
||||
def cmd_put_data_odd(self, tagh, tagl, content):
|
||||
cmd_data0 = iso7816_compose(0xdb, tagh, tagl, content[:128], 0x10)
|
||||
cmd_data1 = iso7816_compose(0xdb, tagh, tagl, content[128:])
|
||||
sw = self.__reader.send_cmd(cmd_data0)
|
||||
if len(sw) != 2:
|
||||
raise ValueError(sw)
|
||||
if not (sw[0] == 0x90 and sw[1] == 0x00):
|
||||
raise ValueError("%02x%02x" % (sw[0], sw[1]))
|
||||
sw = self.__reader.send_cmd(cmd_data1)
|
||||
if len(sw) != 2:
|
||||
raise ValueError(sw)
|
||||
if not (sw[0] == 0x90 and sw[1] == 0x00):
|
||||
raise ValueError("%02x%02x" % (sw[0], sw[1]))
|
||||
return True
|
||||
|
||||
def cmd_reset_retry_counter(self, how, data):
|
||||
cmd_data = iso7816_compose(0x2c, how, 0x00, data)
|
||||
sw = self.__reader.send_cmd(cmd_data)
|
||||
if len(sw) != 2:
|
||||
raise ValueError(sw)
|
||||
if not (sw[0] == 0x90 and sw[1] == 0x00):
|
||||
raise ValueError("%02x%02x" % (sw[0], sw[1]))
|
||||
return True
|
||||
|
||||
def cmd_pso(self, p1, p2, data):
|
||||
cmd_data = iso7816_compose(0x2a, p1, p2, data)
|
||||
sw = self.__reader.send_cmd(cmd_data)
|
||||
if len(sw) != 2:
|
||||
raise ValueError(sw)
|
||||
if sw[0] == 0x90 and sw[1] == 0x00:
|
||||
return b""
|
||||
elif sw[0] != 0x61:
|
||||
raise ValueError("%02x%02x" % (sw[0], sw[1]))
|
||||
return self.cmd_get_response(sw[1])
|
||||
|
||||
def cmd_pso_longdata(self, p1, p2, data):
|
||||
cmd_data0 = iso7816_compose(0x2a, p1, p2, data[:128], 0x10)
|
||||
cmd_data1 = iso7816_compose(0x2a, p1, p2, data[128:])
|
||||
sw = self.__reader.send_cmd(cmd_data0)
|
||||
if len(sw) != 2:
|
||||
raise ValueError(sw)
|
||||
if not (sw[0] == 0x90 and sw[1] == 0x00):
|
||||
raise ValueError("%02x%02x" % (sw[0], sw[1]))
|
||||
sw = self.__reader.send_cmd(cmd_data1)
|
||||
if len(sw) != 2:
|
||||
raise ValueError(sw)
|
||||
elif sw[0] != 0x61:
|
||||
raise ValueError("%02x%02x" % (sw[0], sw[1]))
|
||||
return self.cmd_get_response(sw[1])
|
||||
|
||||
def cmd_internal_authenticate(self, data):
|
||||
cmd_data = iso7816_compose(0x88, 0, 0, data)
|
||||
sw = self.__reader.send_cmd(cmd_data)
|
||||
if len(sw) != 2:
|
||||
raise ValueError(sw)
|
||||
if sw[0] == 0x90 and sw[1] == 0x00:
|
||||
return b""
|
||||
elif sw[0] != 0x61:
|
||||
raise ValueError("%02x%02x" % (sw[0], sw[1]))
|
||||
return self.cmd_get_response(sw[1])
|
||||
|
||||
def cmd_genkey(self, keyno):
|
||||
if keyno == 1:
|
||||
data = b'\xb6\x00'
|
||||
elif keyno == 2:
|
||||
data = b'\xb8\x00'
|
||||
else:
|
||||
data = b'\xa4\x00'
|
||||
cmd_data = iso7816_compose(0x47, 0x80, 0, data)
|
||||
sw = self.__reader.send_cmd(cmd_data)
|
||||
if len(sw) != 2:
|
||||
raise ValueError(sw)
|
||||
if sw[0] == 0x90 and sw[1] == 0x00:
|
||||
return b""
|
||||
elif sw[0] != 0x61:
|
||||
raise ValueError("%02x%02x" % (sw[0], sw[1]))
|
||||
pk = self.cmd_get_response(sw[1])
|
||||
return (pk[9:9+256], pk[9+256+2:9+256+2+3])
|
||||
|
||||
def cmd_get_public_key(self, keyno):
|
||||
if keyno == 1:
|
||||
data = b'\xb6\x00'
|
||||
elif keyno == 2:
|
||||
data = b'\xb8\x00'
|
||||
else:
|
||||
data = b'\xa4\x00'
|
||||
cmd_data = iso7816_compose(0x47, 0x81, 0, data)
|
||||
sw = self.__reader.send_cmd(cmd_data)
|
||||
if len(sw) != 2:
|
||||
raise ValueError(sw)
|
||||
elif sw[0] != 0x61:
|
||||
raise ValueError("%02x%02x" % (sw[0], sw[1]))
|
||||
pk = self.cmd_get_response(sw[1])
|
||||
return (pk[9:9+256], pk[9+256+2:9+256+2+3])
|
||||
|
||||
def cmd_put_data_remove(self, tagh, tagl):
|
||||
cmd_data = iso7816_compose(0xda, tagh, tagl, b"")
|
||||
sw = self.__reader.send_cmd(cmd_data)
|
||||
if sw[0] != 0x90 and sw[1] != 0x00:
|
||||
raise ValueError("%02x%02x" % (sw[0], sw[1]))
|
||||
|
||||
def cmd_put_data_key_import_remove(self, keyno):
|
||||
if keyno == 1:
|
||||
keyspec = b"\xb6\x00" # SIG
|
||||
elif keyno == 2:
|
||||
keyspec = b"\xb8\x00" # DEC
|
||||
else:
|
||||
keyspec = b"\xa4\x00" # AUT
|
||||
cmd_data = iso7816_compose(0xdb, 0x3f, 0xff, b"\x4d\x02" + keyspec)
|
||||
sw = self.__reader.send_cmd(cmd_data)
|
||||
if sw[0] != 0x90 and sw[1] != 0x00:
|
||||
raise ValueError("%02x%02x" % (sw[0], sw[1]))
|
||||
|
||||
def cmd_get_challenge(self):
|
||||
cmd_data = iso7816_compose(0x84, 0x00, 0x00, '')
|
||||
sw = self.__reader.send_cmd(cmd_data)
|
||||
if len(sw) != 2:
|
||||
raise ValueError(sw)
|
||||
if sw[0] != 0x61:
|
||||
raise ValueError("%02x%02x" % (sw[0], sw[1]))
|
||||
return self.cmd_get_response(sw[1])
|
||||
|
||||
def cmd_external_authenticate(self, keyno, signed):
|
||||
cmd_data = iso7816_compose(0x82, 0x00, keyno, signed[0:128], cls=0x10)
|
||||
sw = self.__reader.send_cmd(cmd_data)
|
||||
if len(sw) != 2:
|
||||
raise ValueError(sw)
|
||||
if not (sw[0] == 0x90 and sw[1] == 0x00):
|
||||
raise ValueError("%02x%02x" % (sw[0], sw[1]))
|
||||
cmd_data = iso7816_compose(0x82, 0x00, keyno, signed[128:])
|
||||
sw = self.__reader.send_cmd(cmd_data)
|
||||
if len(sw) != 2:
|
||||
raise ValueError(sw)
|
||||
if not (sw[0] == 0x90 and sw[1] == 0x00):
|
||||
raise ValueError("%02x%02x" % (sw[0], sw[1]))
|
162
tests/test_empty_card.py
Normal file
162
tests/test_empty_card.py
Normal file
@ -0,0 +1,162 @@
|
||||
"""
|
||||
test_empty_card.py - testing empty card
|
||||
|
||||
Copyright (C) 2016 g10 Code GmbH
|
||||
Author: NIIBE Yutaka <gniibe@fsij.org>
|
||||
|
||||
This file is a part of Gnuk, a GnuPG USB Token implementation.
|
||||
|
||||
Gnuk is free software: you can redistribute it and/or modify it
|
||||
under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
Gnuk is distributed in the hope that it will be useful, but WITHOUT
|
||||
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
|
||||
License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
"""
|
||||
|
||||
import pytest
|
||||
from re import match, DOTALL
|
||||
|
||||
EMPTY_60=bytes(60)
|
||||
|
||||
FACTORY_PASSPHRASE_PW1=b"123456"
|
||||
FACTORY_PASSPHRASE_PW3=b"12345678"
|
||||
|
||||
@pytest.fixture(scope="module")
|
||||
def card():
|
||||
if pytest.config.option.reader == "gnuk":
|
||||
from card_reader import get_ccid_device
|
||||
reader = get_ccid_device()
|
||||
from openpgp_card import OpenPGP_Card
|
||||
card = OpenPGP_Card(reader)
|
||||
else:
|
||||
raise ValueError("Reader Not Supported")
|
||||
card.cmd_select_openpgp()
|
||||
yield card
|
||||
del card
|
||||
|
||||
def get_data_object(card, tag):
|
||||
tagh = tag >> 8
|
||||
tagl = tag & 0xff
|
||||
return card.cmd_get_data(tagh, tagl)
|
||||
|
||||
def check_null(data_object):
|
||||
return len(data_object) == 0
|
||||
|
||||
def test_login(card):
|
||||
login = get_data_object(card, 0x5e)
|
||||
assert check_null(login)
|
||||
|
||||
def test_name(card):
|
||||
name = get_data_object(card, 0x5b)
|
||||
assert check_null(name)
|
||||
|
||||
def test_lang(card):
|
||||
lang = get_data_object(card, 0x5f2d)
|
||||
assert check_null(lang)
|
||||
|
||||
def test_sex(card):
|
||||
sex = get_data_object(card, 0x5f35)
|
||||
assert check_null(sex)
|
||||
|
||||
def test_url(card):
|
||||
url = get_data_object(card, 0x5f50)
|
||||
assert check_null(url)
|
||||
|
||||
def test_ds_counter(card):
|
||||
c = get_data_object(card, 0x93)
|
||||
assert c == b'\x00\x00\x00'
|
||||
|
||||
def test_pw1_status(card):
|
||||
s = get_data_object(card, 0xc4)
|
||||
assert s == b'\x00\x7f\x7f\x7f\x03\x03\x03'
|
||||
|
||||
def test_fingerprint_0(card):
|
||||
fprlist = get_data_object(card, 0xC5)
|
||||
assert fprlist == EMPTY_60
|
||||
|
||||
def test_fingerprint_1(card):
|
||||
fpr = get_data_object(card, 0xC7)
|
||||
assert check_null(fpr)
|
||||
|
||||
def test_fingerprint_2(card):
|
||||
fpr = get_data_object(card, 0xC8)
|
||||
assert check_null(fpr)
|
||||
|
||||
def test_fingerprint_3(card):
|
||||
fpr = get_data_object(card, 0xC9)
|
||||
assert check_null(fpr)
|
||||
|
||||
def test_ca_fingerprint_0(card):
|
||||
cafprlist = get_data_object(card, 0xC6)
|
||||
assert cafprlist == EMPTY_60
|
||||
|
||||
def test_ca_fingerprint_1(card):
|
||||
cafp = get_data_object(card, 0xCA)
|
||||
assert check_null(cafp)
|
||||
|
||||
def test_ca_fingerprint_2(card):
|
||||
cafp = get_data_object(card, 0xCB)
|
||||
assert check_null(cafp)
|
||||
|
||||
def test_ca_fingerprint_3(card):
|
||||
cafp = get_data_object(card, 0xCC)
|
||||
assert check_null(cafp)
|
||||
|
||||
def test_timestamp_0(card):
|
||||
t = get_data_object(card, 0xCD)
|
||||
assert t == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
|
||||
|
||||
def test_timestamp_1(card):
|
||||
t = get_data_object(card, 0xCE)
|
||||
assert check_null(t)
|
||||
|
||||
def test_timestamp_2(card):
|
||||
t = get_data_object(card, 0xCF)
|
||||
assert check_null(t)
|
||||
|
||||
def test_timestamp_3(card):
|
||||
t = get_data_object(card, 0xD0)
|
||||
assert check_null(t)
|
||||
|
||||
def test_verify_pw1_1(card):
|
||||
v = card.cmd_verify(1, FACTORY_PASSPHRASE_PW1)
|
||||
assert v
|
||||
|
||||
def test_verify_pw1_2(card):
|
||||
v = card.cmd_verify(2, FACTORY_PASSPHRASE_PW1)
|
||||
assert v
|
||||
|
||||
def test_verify_pw3(card):
|
||||
v = card.cmd_verify(3, FACTORY_PASSPHRASE_PW3)
|
||||
assert v
|
||||
|
||||
def test_historical_bytes(card):
|
||||
h = get_data_object(card, 0x5f52)
|
||||
assert h == b'\x00\x31\x84\x73\x80\x01\x80\x00\x90\x00'
|
||||
|
||||
def test_extended_capabilities(card):
|
||||
a = get_data_object(card, 0xc0)
|
||||
assert match(b'[\x70\x74]\x00\x00\x20[\x00\x08]\x00\x00\xff\x01\x00', a)
|
||||
|
||||
def test_algorithm_attributes_1(card):
|
||||
a = get_data_object(card, 0xc1)
|
||||
assert a == b'\x01\x08\x00\x00\x20\x00'
|
||||
|
||||
def test_algorithm_attributes_2(card):
|
||||
a = get_data_object(card, 0xc2)
|
||||
assert a == b'\x01\x08\x00\x00\x20\x00'
|
||||
|
||||
def test_algorithm_attributes_3(card):
|
||||
a = get_data_object(card, 0xc3)
|
||||
assert a == b'\x01\x08\x00\x00\x20\x00'
|
||||
|
||||
def test_AID(card):
|
||||
a = get_data_object(card, 0x4f)
|
||||
assert match(b'\xd2\x76\x00\x01\\$\x01\x02\x00......\x00\x00', a, DOTALL)
|
Loading…
Reference in New Issue
Block a user