1# Copyright 2019 The Chromium OS Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5import time 6 7from autotest_lib.client.common_lib import error 8from autotest_lib.client.common_lib.cros import tpm_utils 9from autotest_lib.server.cros.faft.firmware_test import FirmwareTest 10 11# TPM vendor commands have the following header structure: 12 13# 8001 TPM_ST_NO_SESSIONS 14# 00000000 Command/response size 15# 20000000 Cr50 Vendor Command (Constant, TPM Command Code) 16# 0000 Vendor Command Code (VENDOR_CC_ enum) 17 18TPM_TAG_SIZE_BYTES = 2 19VENDOR_CC_SIZE_BYTES = 2 20VENDOR_CMD_HEADER_SIZE_BYTES = 12 21 22# Responses to TPM vendor commands have the following header structure: 23 24# 8001 TPM_ST_NO_SESSIONS 25# 00000000 Response size 26# 00000000 Response code 27# 0000 Vendor Command Code 28 29VENDOR_CMD_RESPONSE_SIZE_OFFSET = TPM_TAG_SIZE_BYTES 30VENDOR_CMD_RESPONSE_SIZE_BYTES = 4 31VENDOR_CMD_RESPONSE_CODE_OFFSET = ( 32 VENDOR_CMD_RESPONSE_SIZE_OFFSET + VENDOR_CMD_RESPONSE_SIZE_BYTES) 33VENDOR_CMD_RESPONSE_CODE_SIZE_BYTES = 4 34VENDOR_CMD_RESPONSE_CC_OFFSET = ( 35 VENDOR_CMD_RESPONSE_CODE_OFFSET + VENDOR_CMD_RESPONSE_CODE_SIZE_BYTES) 36 37# Vendor command codes being tested 38 39VENDOR_CC_U2F_GENERATE = '002C' 40VENDOR_CC_U2F_SIGN = '002D' 41VENDOR_CC_U2F_ATTEST = '002E' 42 43# Expected response sizes (body only) 44 45VENDOR_CC_U2F_SIGN_RESPONSE_SIZE_BYTES = 64 46VENDOR_CC_U2F_GENERATE_RESPONSE_SIZE_BYTES = 129 47VENDOR_CC_U2F_ATTEST_RESPONSE_SIZE_BYTES = 64 48 49# Response Codes 50 51VENDOR_CMD_RESPONSE_SUCCESS = '00000000' 52VENDOR_CMD_RESPONSE_BOGUS_ARGS = '00000501' 53VENDOR_CMD_RESPONSE_NOT_ALLOWED = '00000507' 54VENDOR_CMD_RESPONSE_PASSWORD_REQUIRED = '0000050A' 55 56# U2F Attest constants 57 58U2F_ATTEST_FORMAT_REG_RESP = '00' 59U2F_ATTEST_REG_RESP_SIZE_BYTES = 194 60 61# Some 'random' input to simulate actual inputs. 62APP_ID = '699abb209a23ec31dcef298064a92ed9829e70a1bc873b272db321fe1644feae' 63APP_ID_2 = '3c67e46408ec57dc6e4fb46fd0aecddadcf10c7b856446986ef67544a00530fa' 64USER_SECRET_1 = ('1b6e854dcc052dfff2b5ece48c60a9db' 65 'c69d27315c5f3ef8031abab60aa24d61') 66USER_SECRET_2 = ('26398186431b14de9a6b99f849d71d342' 67 'a1ec246d413aed42b7f2ac98846f24d') 68HASH_TO_SIGN = ('91f93c8d88ed6168d07a36de53bd62b6' 69 '649e84d343dd417ed6062775739b6e65') 70RANDOM_32 = '0fd2bf886fa8c036d069adf321bf1390859da4d615034c3a81ca3812a210ce0d' 71 72# For complying with struct u2f_generate_req only. 73# Auth-time secret hash is used only in versioned KHs. 74UNUSED_AUTH_TIME_SECRET_HASH = '00' * 32 75 76def get_bytes(tpm_str, start, length): 77 return tpm_str[(start * 2):(start * 2 + length * 2)] 78 79 80def assert_byte_length(str, len_bytes): 81 """Assert str represents a byte sequence len_bytes long""" 82 assert (len(str) / 2) == len_bytes 83 84 85def get_str_length_as_hex(str, additional_len=0): 86 """Get the length of str plus any additional_len as a hex string.""" 87 assert (len(str) % 2) == 0 88 length_bytes = len(str) // 2 89 # hex() returns strings with a '0x' prefix, which we remove. 90 return hex(length_bytes + additional_len)[2:] 91 92 93def check_response_size(response, expected_response, success_size): 94 """If the response is expected to be success, check it's size is as expected, 95 96 otherwise, check it is 0. 97 """ 98 response_size = response['length'] 99 if expected_response == VENDOR_CMD_RESPONSE_SUCCESS: 100 if response_size != success_size: 101 raise error.TestFail('Invalid successful response size: {}'.format( 102 response_size)) 103 elif response_size != 0: 104 raise error.TestFail( 105 'Non-zero response size on failure: {}'.format(response_size)) 106 107 108class firmware_Cr50U2fCommands(FirmwareTest): 109 """Tests the custom U2F commands in cr50""" 110 111 version = 1 112 113 def __send_vendor_cmd(self, 114 vendor_cc, 115 cmd_body, 116 expected_response_code=VENDOR_CMD_RESPONSE_SUCCESS): 117 assert_byte_length(vendor_cc, VENDOR_CC_SIZE_BYTES) 118 119 cmd_size_str = get_str_length_as_hex(cmd_body, 120 VENDOR_CMD_HEADER_SIZE_BYTES) 121 122 cmd = ( 123 '8001' # TPM_ST_NO_SESSIONS 124 '{:0>8}' # Command Size (UINT32) 125 '20000000' # CR50 Vendor Command (TPM CC) 126 '{}' # Vendor Command Code (Subcommand Code, UINT16) 127 '{}' # Command Body 128 ).format(cmd_size_str, vendor_cc, cmd_body) 129 130 result = self.client.run( 131 'trunks_send --raw {}'.format(cmd)).stdout.strip() 132 133 if get_bytes(result, 0, TPM_TAG_SIZE_BYTES) != '8001': 134 raise error.TestFail( 135 'Unexpected response tag from vendor command: {}'.format( 136 result)) 137 138 response_size_bytes = int( 139 get_bytes(result, VENDOR_CMD_RESPONSE_SIZE_OFFSET, 140 VENDOR_CMD_RESPONSE_SIZE_BYTES), 16) 141 142 if response_size_bytes < VENDOR_CMD_HEADER_SIZE_BYTES: 143 raise error.TestFail( 144 'Unexpected response length from vendor command: {}'. 145 format(result)) 146 147 response_code = get_bytes(result, VENDOR_CMD_RESPONSE_CODE_OFFSET, 148 VENDOR_CMD_RESPONSE_CODE_SIZE_BYTES) 149 150 if response_code != expected_response_code: 151 raise error.TestFail( 152 'Unexpected response received from vendor command: {}'. 153 format(response_code)) 154 155 response_vendor_cc = get_bytes(result, VENDOR_CMD_RESPONSE_CC_OFFSET, 156 VENDOR_CC_SIZE_BYTES) 157 158 if response_vendor_cc != vendor_cc: 159 raise error.TestFail( 160 'Received response for unexpected vendor command code: {}'. 161 format(response_vendor_cc)) 162 163 response_body_size_bytes = (response_size_bytes - 164 VENDOR_CMD_HEADER_SIZE_BYTES) 165 166 return { 167 'length': 168 response_body_size_bytes, 169 'value': 170 get_bytes(result, VENDOR_CMD_HEADER_SIZE_BYTES, 171 response_body_size_bytes) 172 } 173 174 def __u2f_sign(self, app_id, user_secret, key_handle, hash, flags, 175 expected_response): 176 assert_byte_length(app_id, 32) 177 assert_byte_length(user_secret, 32) 178 assert_byte_length(key_handle, 64) 179 assert_byte_length(flags, 1) 180 181 response = self.__send_vendor_cmd( 182 VENDOR_CC_U2F_SIGN, 183 '{}{}{}{}{}'.format(app_id, user_secret, key_handle, hash, 184 flags), expected_response) 185 186 expected_response_size = VENDOR_CC_U2F_SIGN_RESPONSE_SIZE_BYTES 187 # 'check-only' requests don't have a response body. 188 if flags == '07': 189 expected_response_size = 0 190 191 check_response_size(response, expected_response, 192 expected_response_size) 193 194 def __u2f_generate(self, 195 app_id, 196 user_secret, 197 flags, 198 expected_response=VENDOR_CMD_RESPONSE_SUCCESS): 199 assert_byte_length(app_id, 32) 200 assert_byte_length(user_secret, 32) 201 assert_byte_length(flags, 1) 202 203 response = self.__send_vendor_cmd( 204 VENDOR_CC_U2F_GENERATE, 205 '{}{}{}{}'.format(app_id, user_secret, flags, 206 UNUSED_AUTH_TIME_SECRET_HASH), 207 expected_response) 208 209 check_response_size(response, expected_response, 210 VENDOR_CC_U2F_GENERATE_RESPONSE_SIZE_BYTES) 211 212 return { 213 'pubKey': response['value'][0:130], 214 'keyHandle': response['value'][130:258] 215 } 216 217 def __u2f_attest(self, 218 user_secret, 219 format, 220 data, 221 expected_response=VENDOR_CMD_RESPONSE_SUCCESS, 222 pad=False, 223 truncated=False): 224 assert_byte_length(user_secret, 32) 225 assert_byte_length(format, 1) 226 227 data_len_str = get_str_length_as_hex(data) 228 229 if truncated: 230 # Send 1 less byte of data than will be advertised in data_len field 231 assert pad == False 232 assert len(data) >= 2 233 data = data[:len(data) - 2] 234 235 if pad: 236 # Max data size is 256 bytes 237 data = data + '0' * (512 - len(data)) 238 239 response = self.__send_vendor_cmd( 240 VENDOR_CC_U2F_ATTEST, 241 '{}{}{}{}'.format(user_secret, format, data_len_str, 242 data), expected_response) 243 244 check_response_size(response, expected_response, 245 VENDOR_CC_U2F_ATTEST_RESPONSE_SIZE_BYTES) 246 247 def __test_generate_unique(self): 248 registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00') 249 registration_2 = self.__u2f_generate(APP_ID, USER_SECRET_1, '00') 250 251 if registration['pubKey'] == registration_2['pubKey']: 252 raise error.TestFail('Public keys not unique') 253 254 if registration['keyHandle'] == registration_2['keyHandle']: 255 raise error.TestFail('Key handles not unique') 256 257 def _safe_power_short_press(self): 258 """Stop powerd before pressing the power button.""" 259 # Validating U2F requires pressing the power button. If those power button 260 # presses power off the AP, stop powerd before the test to ignore them. 261 if self.faft_config.ec_forwards_short_pp_press: 262 self.stop_powerd() 263 self.servo.power_short_press() 264 265 def __test_generate_sign_simple(self): 266 registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00') 267 268 self._safe_power_short_press() 269 270 self.__u2f_sign(APP_ID, USER_SECRET_1, registration['keyHandle'], 271 HASH_TO_SIGN, '00', VENDOR_CMD_RESPONSE_SUCCESS) 272 273 def __test_generate_with_presence(self): 274 # Wait 11 seconds to ensure no presence. 275 276 time.sleep(11) 277 278 self.__u2f_generate( 279 APP_ID, 280 USER_SECRET_1, 281 '01', # U2F_AUTH_FLAG_TUP 282 VENDOR_CMD_RESPONSE_NOT_ALLOWED) 283 284 self._safe_power_short_press() 285 286 self.__u2f_generate( 287 APP_ID, 288 USER_SECRET_1, 289 '01', # U2F_AUTH_FLAG_TUP 290 VENDOR_CMD_RESPONSE_SUCCESS) 291 292 def __test_generate_consume_presence(self): 293 self._safe_power_short_press() 294 295 self.__u2f_generate( 296 APP_ID, 297 USER_SECRET_1, 298 '03', # U2F_AUTH_FLAG_TUP | G2F_CONSUME 299 VENDOR_CMD_RESPONSE_SUCCESS) 300 301 self.__u2f_generate( 302 APP_ID, 303 USER_SECRET_1, 304 '01', # U2F_AUTH_FLAG_TUP 305 VENDOR_CMD_RESPONSE_NOT_ALLOWED) 306 307 def __test_sign_requires_presence(self): 308 registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00') 309 310 # U2F asserts presence by checking for a power button press within the 311 # last 10 seconds, sleep so that we are sure there was not one. 312 313 time.sleep(11) 314 315 self.__u2f_sign(APP_ID, USER_SECRET_1, registration['keyHandle'], 316 HASH_TO_SIGN, '00', VENDOR_CMD_RESPONSE_NOT_ALLOWED) 317 318 def __test_sign_multiple_no_consume(self): 319 registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00') 320 321 self._safe_power_short_press() 322 323 self.__u2f_sign(APP_ID, USER_SECRET_1, registration['keyHandle'], 324 HASH_TO_SIGN, '00', VENDOR_CMD_RESPONSE_SUCCESS) 325 326 # We should be able to sign again, as this will happen within 10 327 # seconds of the power button press, and we did not consume. 328 329 self.__u2f_sign(APP_ID, USER_SECRET_1, registration['keyHandle'], 330 HASH_TO_SIGN, '00', VENDOR_CMD_RESPONSE_SUCCESS) 331 332 def __test_sign_consume(self): 333 registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00') 334 335 self._safe_power_short_press() 336 337 self.__u2f_sign( 338 APP_ID, 339 USER_SECRET_1, 340 registration['keyHandle'], 341 HASH_TO_SIGN, 342 '02', # G2F_CONSUME 343 VENDOR_CMD_RESPONSE_SUCCESS) 344 345 # We should have consumed the power button press, so we should not be 346 # able to sign again. 347 348 self.__u2f_sign(APP_ID, USER_SECRET_1, registration['keyHandle'], 349 HASH_TO_SIGN, '00', VENDOR_CMD_RESPONSE_NOT_ALLOWED) 350 351 def __test_sign_wrong_user_secret(self): 352 registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00') 353 354 self._safe_power_short_press() 355 356 # Check. 357 self.__u2f_sign(APP_ID, USER_SECRET_1, registration['keyHandle'], 358 HASH_TO_SIGN, '00', VENDOR_CMD_RESPONSE_SUCCESS) 359 360 self.__u2f_sign(APP_ID, USER_SECRET_2, registration['keyHandle'], 361 HASH_TO_SIGN, '00', 362 VENDOR_CMD_RESPONSE_PASSWORD_REQUIRED) 363 364 def __test_sign_wrong_app_id(self): 365 registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00') 366 367 self._safe_power_short_press() 368 369 # Check. 370 self.__u2f_sign(APP_ID, USER_SECRET_1, registration['keyHandle'], 371 HASH_TO_SIGN, '00', VENDOR_CMD_RESPONSE_SUCCESS) 372 373 self.__u2f_sign(APP_ID_2, USER_SECRET_1, registration['keyHandle'], 374 HASH_TO_SIGN, '00', 375 VENDOR_CMD_RESPONSE_PASSWORD_REQUIRED) 376 377 def __test_sign_invalid_kh(self): 378 # U2F asserts presence by checking for a power button press within the 379 # last 10 seconds, sleep so that we are sure there was not one. 380 381 time.sleep(11) 382 383 self.__u2f_sign( 384 APP_ID, 385 USER_SECRET_1, 386 RANDOM_32 + RANDOM_32, # KH is 64 bytes long 387 HASH_TO_SIGN, 388 '00', 389 VENDOR_CMD_RESPONSE_PASSWORD_REQUIRED) 390 391 self.__u2f_sign( 392 APP_ID, 393 USER_SECRET_1, 394 RANDOM_32 + RANDOM_32, # KH is 64 bytes long 395 HASH_TO_SIGN, 396 '02', # G2F_CONSUME 397 VENDOR_CMD_RESPONSE_PASSWORD_REQUIRED) 398 399 def __test_sign_invalid_kh_with_presence(self): 400 registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00') 401 402 self._safe_power_short_press() 403 404 # Should return invalid KH error, without consuming presence. 405 self.__u2f_sign( 406 APP_ID, 407 USER_SECRET_1, 408 RANDOM_32 + RANDOM_32, # KH is 64 bytes long 409 HASH_TO_SIGN, 410 '02', # G2F_CONSUME 411 VENDOR_CMD_RESPONSE_PASSWORD_REQUIRED) 412 413 # Check presence was not consumed. 414 self.__u2f_sign(APP_ID, USER_SECRET_1, registration['keyHandle'], 415 HASH_TO_SIGN, '00', VENDOR_CMD_RESPONSE_SUCCESS) 416 417 def __test_sign_check_only(self): 418 registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00') 419 420 # U2F asserts presence by checking for a power button press within the 421 # last 10 seconds, sleep so that we are sure there was not one. 422 423 time.sleep(11) 424 425 self.__u2f_sign(APP_ID, USER_SECRET_1, registration['keyHandle'], 426 HASH_TO_SIGN, '07', VENDOR_CMD_RESPONSE_SUCCESS) 427 428 def __test_sign_check_only_with_presence(self): 429 registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00') 430 431 self._safe_power_short_press() 432 433 self.__u2f_sign(APP_ID, USER_SECRET_1, registration['keyHandle'], 434 HASH_TO_SIGN, '07', VENDOR_CMD_RESPONSE_SUCCESS) 435 436 def __test_sign_check_only_invalid_kh(self): 437 # U2F asserts presence by checking for a power button press within the 438 # last 10 seconds, sleep so that we are sure there was not one. 439 440 time.sleep(11) 441 442 self.__u2f_sign( 443 APP_ID, 444 USER_SECRET_1, 445 RANDOM_32 + RANDOM_32, # KH is 64 bytes long 446 HASH_TO_SIGN, 447 '07', 448 VENDOR_CMD_RESPONSE_PASSWORD_REQUIRED) 449 450 def __test_sign_check_only_invalid_kh_with_presence(self): 451 registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00') 452 453 self._safe_power_short_press() 454 455 self.__u2f_sign( 456 APP_ID, 457 USER_SECRET_1, 458 RANDOM_32 + RANDOM_32, # KH is 64 bytes long 459 HASH_TO_SIGN, 460 '07', 461 VENDOR_CMD_RESPONSE_PASSWORD_REQUIRED) 462 463 def __check_attest_reg_resp(self, 464 app_id, 465 key_handle, 466 pub_key, 467 user_secret, 468 expected_response, 469 pad=False): 470 register_resp = '00{}{}{}{}'.format( 471 app_id, 472 RANDOM_32, # challenge 473 key_handle, 474 pub_key) 475 476 self.__u2f_attest(user_secret, U2F_ATTEST_FORMAT_REG_RESP, 477 register_resp, expected_response, pad) 478 479 def __test_attest_simple(self): 480 # Attest does not require user presence 481 time.sleep(11) 482 483 registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00') 484 485 self.__check_attest_reg_resp(APP_ID, registration['keyHandle'], 486 registration['pubKey'], USER_SECRET_1, 487 VENDOR_CMD_RESPONSE_SUCCESS) 488 489 def __test_attest_simple_padded(self): 490 registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00') 491 492 self.__check_attest_reg_resp(APP_ID, 493 registration['keyHandle'], 494 registration['pubKey'], 495 USER_SECRET_1, 496 VENDOR_CMD_RESPONSE_SUCCESS, 497 pad=True) 498 499 def __test_attest_wrong_user(self): 500 registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00') 501 502 self.__check_attest_reg_resp(APP_ID, registration['keyHandle'], 503 registration['pubKey'], USER_SECRET_2, 504 VENDOR_CMD_RESPONSE_NOT_ALLOWED) 505 506 def __test_attest_wrong_app_id(self): 507 registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00') 508 509 self.__check_attest_reg_resp(APP_ID_2, registration['keyHandle'], 510 registration['pubKey'], USER_SECRET_1, 511 VENDOR_CMD_RESPONSE_NOT_ALLOWED) 512 513 def __test_attest_wrong_pub_key(self): 514 registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00') 515 516 self.__check_attest_reg_resp(APP_ID, registration['keyHandle'], 517 'FF' * 65, USER_SECRET_1, 518 VENDOR_CMD_RESPONSE_NOT_ALLOWED) 519 520 def __test_attest_garbage_data(self): 521 self.__u2f_attest(USER_SECRET_1, U2F_ATTEST_FORMAT_REG_RESP, 522 'ff' * U2F_ATTEST_REG_RESP_SIZE_BYTES, 523 VENDOR_CMD_RESPONSE_NOT_ALLOWED) 524 525 def __test_attest_truncated_data(self): 526 registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00') 527 528 register_resp = '00{}{}{}{}'.format( 529 APP_ID, 530 RANDOM_32, # challenge 531 registration['keyHandle'], 532 registration['pubKey']) 533 534 # Attempt to attest to valid data with invalid format. 535 self.__u2f_attest(USER_SECRET_1, 536 U2F_ATTEST_FORMAT_REG_RESP, 537 register_resp, 538 VENDOR_CMD_RESPONSE_BOGUS_ARGS, 539 truncated=True) 540 541 def __test_attest_invalid_format(self): 542 registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00') 543 544 register_resp = '00{}{}{}{}'.format( 545 APP_ID, 546 RANDOM_32, # challenge 547 registration['keyHandle'], 548 registration['pubKey']) 549 550 # Attempt to attest to valid data with invalid format. 551 self.__u2f_attest(USER_SECRET_1, 'ff', register_resp, 552 VENDOR_CMD_RESPONSE_NOT_ALLOWED) 553 554 def __test_attest_invalid_reserved_byte(self): 555 registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00') 556 557 register_resp = '{}{}{}{}{}'.format( 558 '01', # unexpected reserved byte 559 APP_ID, 560 RANDOM_32, # challenge 561 registration['keyHandle'], 562 registration['pubKey']) 563 564 # Attempt to attest to valid data with invalid format. 565 self.__u2f_attest(USER_SECRET_1, U2F_ATTEST_FORMAT_REG_RESP, 566 register_resp, VENDOR_CMD_RESPONSE_NOT_ALLOWED) 567 568 def __test_kh_invalidated_by_powerwash(self): 569 registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00') 570 571 self._safe_power_short_press() 572 573 # Check 574 self.__u2f_sign(APP_ID, USER_SECRET_1, registration['keyHandle'], 575 HASH_TO_SIGN, '00', VENDOR_CMD_RESPONSE_SUCCESS) 576 577 # Clear TPM. We should no longer be able to authenticate with the 578 # key handle after this. 579 tpm_utils.ClearTPMOwnerRequest(self.client, wait_for_ready=True) 580 581 self._safe_power_short_press() 582 583 self.__u2f_sign(APP_ID, USER_SECRET_1, registration['keyHandle'], 584 HASH_TO_SIGN, '00', 585 VENDOR_CMD_RESPONSE_PASSWORD_REQUIRED) 586 587 def run_once(self, host=None): 588 """Run the tests.""" 589 590 self.client = host 591 592 # Basic functionality 593 self.__test_generate_unique() 594 self.__test_generate_sign_simple() 595 596 # Generate - presence 597 self.__test_generate_with_presence() 598 self.__test_generate_consume_presence() 599 600 # Sign - presence 601 self.__test_sign_requires_presence() 602 self.__test_sign_multiple_no_consume() 603 self.__test_sign_consume() 604 605 # Sign - key handle 606 self.__test_sign_wrong_user_secret() 607 self.__test_sign_wrong_app_id() 608 self.__test_sign_invalid_kh() 609 610 # Sign - check only 611 self.__test_sign_check_only() 612 self.__test_sign_check_only_with_presence() 613 self.__test_sign_check_only_invalid_kh() 614 self.__test_sign_check_only_invalid_kh_with_presence() 615 616 # Attest 617 self.__test_attest_simple() 618 self.__test_attest_simple_padded() 619 self.__test_attest_wrong_user() 620 self.__test_attest_wrong_app_id() 621 self.__test_attest_wrong_pub_key() 622 self.__test_attest_garbage_data() 623 self.__test_attest_truncated_data() 624 self.__test_attest_invalid_format() 625 self.__test_attest_invalid_reserved_byte() 626 627 # Powerwash 628 self.__test_kh_invalidated_by_powerwash() 629