1 /*
2  * Copyright (C) 2022 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 //! Trusty implementation of RetrieveKeyMaterial.
17 
18 use alloc::vec::Vec;
19 use core::ffi::CStr;
20 use core::mem::size_of;
21 use hwkey::{Hwkey, KdfVersion, OsRollbackVersion, RollbackVersionSource};
22 use kmr_common::{crypto, km_err, vec_try_with_capacity, Error};
23 use kmr_wire::secureclock::{TimeStampToken, TIME_STAMP_MAC_LABEL};
24 
25 pub(crate) mod legacy;
26 
27 /// Size of a key agreement key in bytes.
28 const TRUSTY_KM_KAK_SIZE: usize = 32;
29 
30 /// Size of a key wrapping key in bytes.
31 const TRUSTY_KM_WRAPPING_KEY_SIZE: usize = 16;
32 
33 /// Key slot identification; matches the value used in
34 /// `OpenSSLKeymasterEnforcement::GetKeyAgreementKey` in `openssl_keymaster_enforcement.cpp` for
35 /// back-compatibility.
36 const KM_KAK_SLOT_ID: &[u8] = b"com.android.trusty.keymint.kak\0";
37 
38 /// Key derivation input data; matches `kMasterKeyDerivationData` in `trusty_keymaster_context.cpp`
39 /// for back-compatibility.
40 const KM_KEY_DERIVATION_DATA: &[u8] = b"KeymasterMaster\0";
41 
42 /// Size of a `u32` value in bytes.
43 const U32_SIZE: usize = core::mem::size_of::<u32>();
44 
45 /// Extract a (little-endian) serialized `u32`.
deserialize_u32(bytes: &[u8], error_message: &str) -> Result<u32, Error>46 fn deserialize_u32(bytes: &[u8], error_message: &str) -> Result<u32, Error> {
47     let u32_bytes: [u8; U32_SIZE] = match bytes.try_into() {
48         Ok(byte_array) => byte_array,
49         Err(_) => return Err(km_err!(InvalidArgument, "{}", error_message)),
50     };
51     Ok(u32::from_le_bytes(u32_bytes))
52 }
53 
54 /// Convert an [`OsRollbackVersion`] to an integer value, expanding `Current` along the way.
os_rollback_version_to_u32(os_rollback_version: OsRollbackVersion) -> Result<u32, Error>55 fn os_rollback_version_to_u32(os_rollback_version: OsRollbackVersion) -> Result<u32, Error> {
56     match os_rollback_version {
57         // If we get a `Current` version, we want to convert it to the specific version, so the
58         // context remains accurate if it is saved and used at a later time.
59         OsRollbackVersion::Current => {
60             let hwkey_session = match Hwkey::open() {
61                 Ok(connection) => connection,
62                 Err(_) => {
63                     return Err(km_err!(SecureHwCommunicationFailed, "hwkey connection error"))
64                 }
65             };
66             match hwkey_session.query_current_os_version(RollbackVersionSource::CommittedVersion) {
67                 Ok(OsRollbackVersion::Version(n)) => Ok(n),
68                 _ => Err(km_err!(
69                     SecureHwCommunicationFailed,
70                     "couldn't get current os rollback version"
71                 )),
72             }
73         }
74         OsRollbackVersion::Version(n) => Ok(n),
75     }
76 }
77 
78 /// Context information required for key derivation with versioned information.
79 #[derive(Clone, Debug, PartialEq, Eq)]
80 struct NonLegacyKeyContext {
81     kdf_version: KdfVersion,
82     os_rollback_version: OsRollbackVersion,
83 }
84 
85 /// KEK context that provides information to derive the same Key Encryption Key used to encrypt a
86 /// given key. To be able to do that we need to know if the key is a legacy one or not; and if it is
87 /// not a legacy key; we need to know the KDF method used (although currently there is only 1
88 /// method) and the Os Rollback version (more info on this parameters can be found on the trusty
89 /// hwkey crate).
90 #[derive(Clone, Debug, PartialEq, Eq)]
91 enum TrustyKekContext {
92     LegacyKey,
93     NonLegacyKey(NonLegacyKeyContext),
94 }
95 
96 impl TrustyKekContext {
97     /// Current version of the serialized format of [`TrustyKekContext`] data.  If the structure is
98     /// changed this number needs to be bumped and the serialize/deserialize functions updated.
99     const CONTEXT_VERSION: u32 = 1;
100 
101     /// Offset of version marker for serialized data.
102     const CONTEXT_VER_OFFSET: usize = 0;
103     /// Offset of non-legacy key indicator in serialized data.  Reserves 4 bytes in case we want to
104     /// replace it with the enum that represents the specific key format.  For kek derivation we
105     /// don't really use it; it is either a legacy key or not.
106     const NON_LEGACY_KEY_OFFSET: usize = Self::CONTEXT_VER_OFFSET + U32_SIZE;
107     /// Offset of KDF version in serialized data.
108     const KDF_VER_OFFSET: usize = Self::NON_LEGACY_KEY_OFFSET + U32_SIZE;
109     /// Offset of OS rollback version in serialized data.
110     const OS_ROLLBACK_VER_OFFSET: usize = Self::KDF_VER_OFFSET + U32_SIZE;
111 
112     /// Overall size of serialized form in bytes.
113     const SERIALIZED_SIZE: usize = Self::OS_ROLLBACK_VER_OFFSET + U32_SIZE;
114 
115     /// Build a new `TrustyKekContext` from constituent values.
new( non_legacy_key: bool, kdf_version: Option<KdfVersion>, os_rollback_version: Option<OsRollbackVersion>, ) -> Result<Self, Error>116     fn new(
117         non_legacy_key: bool,
118         kdf_version: Option<KdfVersion>,
119         os_rollback_version: Option<OsRollbackVersion>,
120     ) -> Result<Self, Error> {
121         if non_legacy_key {
122             if kdf_version.is_none() {
123                 return Err(km_err!(InvalidArgument, "non-legacy keys require a KDF version"));
124             }
125             if os_rollback_version.is_none() {
126                 return Err(km_err!(
127                     InvalidArgument,
128                     "non-legacy keys require an OS Rollback version"
129                 ));
130             }
131             // Directly unwrapping values because we checked that they were not None
132             let kdf_version = kdf_version.unwrap();
133             let os_rollback_version = os_rollback_version.unwrap();
134             Ok(TrustyKekContext::NonLegacyKey(NonLegacyKeyContext {
135                 kdf_version,
136                 os_rollback_version,
137             }))
138         } else {
139             if kdf_version.is_some() {
140                 return Err(km_err!(InvalidArgument, "legacy keys do not use a KDF version"));
141             }
142             if os_rollback_version.is_some() {
143                 return Err(km_err!(
144                     InvalidArgument,
145                     "legacy keys do not use a OS Rollback version"
146                 ));
147             }
148             Ok(TrustyKekContext::LegacyKey)
149         }
150     }
151 
152     /// Build a [`TrustyKekContext`] from its serialized form.
from_raw(raw_context: &[u8]) -> Result<Self, Error>153     fn from_raw(raw_context: &[u8]) -> Result<Self, Error> {
154         if raw_context.len() != Self::SERIALIZED_SIZE {
155             return Err(km_err!(
156                 InvalidArgument,
157                 "provided kek context had wrong size ({} not {} bytes)",
158                 raw_context.len(),
159                 Self::SERIALIZED_SIZE
160             ));
161         }
162         let context_version = deserialize_u32(
163             &raw_context[..Self::NON_LEGACY_KEY_OFFSET],
164             "couldn't deserialize context version",
165         )?;
166         if context_version != Self::CONTEXT_VERSION {
167             return Err(km_err!(InvalidArgument, "invalid context version {}", context_version));
168         }
169         let non_legacy_key = deserialize_u32(
170             &raw_context[Self::NON_LEGACY_KEY_OFFSET..Self::KDF_VER_OFFSET],
171             "couldn't deserialize kdf version",
172         )?;
173         match non_legacy_key {
174             0 => Ok(TrustyKekContext::LegacyKey),
175             1 => {
176                 let kdf_version = deserialize_u32(
177                     &raw_context[Self::KDF_VER_OFFSET..Self::OS_ROLLBACK_VER_OFFSET],
178                     "couldn't deserialize kdf version",
179                 )?;
180                 let kdf_version = KdfVersion::from(kdf_version);
181                 let os_rollback_version = deserialize_u32(
182                     &raw_context[Self::OS_ROLLBACK_VER_OFFSET..],
183                     "Couldn't deserialize os rolback version",
184                 )?;
185                 let os_rollback_version = OsRollbackVersion::Version(os_rollback_version);
186                 Ok(TrustyKekContext::NonLegacyKey(NonLegacyKeyContext {
187                     kdf_version,
188                     os_rollback_version,
189                 }))
190             }
191             v => Err(km_err!(InvalidArgument, "invalid non legacy key value {}", v)),
192         }
193     }
194 
195     /// Convert a [`TrustyKekContext`] into its serialized form, as 4 consecutive little-endian U32
196     /// values:
197     /// - context version
198     /// - non-legacy key indicator
199     /// - KDF version
200     /// - OS rollback version.
to_raw(&self) -> Result<Vec<u8>, Error>201     fn to_raw(&self) -> Result<Vec<u8>, Error> {
202         // For legacy keys giving 0 values for OS and KDF version. These values will be ignored on
203         // deserialization.
204         let (os_version, kdf_version, non_legacy_key) = match self {
205             TrustyKekContext::LegacyKey => (0, 0, 0u32),
206             TrustyKekContext::NonLegacyKey(ctx) => {
207                 let os_version = os_rollback_version_to_u32(ctx.os_rollback_version)?;
208                 let kdf_version: u32 = ctx.kdf_version.into();
209                 (os_version, kdf_version, 1u32)
210             }
211         };
212         let mut raw_vec = vec_try_with_capacity!(Self::SERIALIZED_SIZE)?;
213         raw_vec.extend_from_slice(&Self::CONTEXT_VERSION.to_le_bytes());
214         raw_vec.extend_from_slice(&non_legacy_key.to_le_bytes());
215         raw_vec.extend_from_slice(&kdf_version.to_le_bytes());
216         raw_vec.extend_from_slice(&os_version.to_le_bytes());
217         Ok(raw_vec)
218     }
219 }
220 
221 /// Key material retrieval implementation for Trusty.
222 pub struct TrustyKeys;
223 
224 // TODO: Change traits definitions to support kek and kak keys stored on hardware if needed.
225 //       RawKeyMaterial assume that the key will be passed in the clear, which won't be the case
226 //       if the IP block never releases the key. KeyMaterial type fixes that issue by including
227 //       Opaque keys, but RawKeys are not included in KeyMaterial.
228 impl kmr_ta::device::RetrieveKeyMaterial for TrustyKeys {
root_kek(&self, context: &[u8]) -> Result<crypto::OpaqueOr<crypto::hmac::Key>, Error>229     fn root_kek(&self, context: &[u8]) -> Result<crypto::OpaqueOr<crypto::hmac::Key>, Error> {
230         let context = TrustyKekContext::from_raw(context)?;
231         let hwkey_session = Hwkey::open().map_err(|e| {
232             km_err!(SecureHwCommunicationFailed, "failed to connect to hwkey: {:?}", e)
233         })?;
234 
235         let mut key_buffer = [0; TRUSTY_KM_WRAPPING_KEY_SIZE];
236 
237         match context {
238             TrustyKekContext::NonLegacyKey(context) => {
239                 let _ = hwkey_session
240                     .derive_key_req()
241                     .unique_key()
242                     .kdf(context.kdf_version)
243                     .os_rollback_version(context.os_rollback_version)
244                     .rollback_version_source(RollbackVersionSource::CommittedVersion)
245                     .derive(KM_KEY_DERIVATION_DATA, &mut key_buffer)
246                     .map_err(|e| {
247                         km_err!(SecureHwCommunicationFailed, "failed to derive key: {:?}", e)
248                     })?;
249             }
250             TrustyKekContext::LegacyKey => {
251                 let _ = hwkey_session
252                     .derive_key_req()
253                     .kdf(KdfVersion::Version(1))
254                     .derive(KM_KEY_DERIVATION_DATA, &mut key_buffer)
255                     .map_err(|e| {
256                         km_err!(SecureHwCommunicationFailed, "failed to derive legacy key: {:?}", e)
257                     })?;
258             }
259         }
260         Ok(crypto::hmac::Key::new(key_buffer.to_vec()).into())
261     }
262 
kek_context(&self) -> Result<Vec<u8>, Error>263     fn kek_context(&self) -> Result<Vec<u8>, Error> {
264         TrustyKekContext::new(true, Some(KdfVersion::Best), Some(OsRollbackVersion::Current))?
265             .to_raw()
266     }
267 
kak(&self) -> Result<crypto::OpaqueOr<crypto::aes::Key>, Error>268     fn kak(&self) -> Result<crypto::OpaqueOr<crypto::aes::Key>, Error> {
269         let hwkey_session = Hwkey::open().map_err(|e| {
270             km_err!(SecureHwCommunicationFailed, "failed to connect to HwKey: {:?}", e)
271         })?;
272         let mut key_buffer = [0; TRUSTY_KM_KAK_SIZE];
273         let keyslot = CStr::from_bytes_with_nul(KM_KAK_SLOT_ID)
274             .expect("should never happen, KM_KAK_SLOT_ID follows from_bytes_with_nul rules");
275         let _kak = hwkey_session
276             .get_keyslot_data(keyslot, &mut key_buffer)
277             .map_err(|e| km_err!(SecureHwCommunicationFailed, "failed to retrieve kak: {:?}", e))?;
278         // TODO: check whether `key_buffer` needs truncating to size of `_kak`.
279         Ok(crypto::aes::Key::Aes256(key_buffer).into())
280     }
281 
timestamp_token_mac_input(&self, token: &TimeStampToken) -> Result<Vec<u8>, Error>282     fn timestamp_token_mac_input(&self, token: &TimeStampToken) -> Result<Vec<u8>, Error> {
283         let mut result = vec_try_with_capacity!(
284             TIME_STAMP_MAC_LABEL.len() +
285         size_of::<i64>() + // challenge (host-endian)
286         size_of::<i64>() + // timestamp (host-endian)
287         size_of::<u32>() // 1u32 (host-endian)
288         )?;
289         // For compatibility with previous implementations, use native byte order for MAC inputs.
290         result.extend_from_slice(TIME_STAMP_MAC_LABEL);
291         result.extend_from_slice(&token.challenge.to_ne_bytes()[..]);
292         result.extend_from_slice(&token.timestamp.milliseconds.to_ne_bytes()[..]);
293         result.extend_from_slice(&1u32.to_ne_bytes()[..]);
294         Ok(result)
295     }
296 }
297 
298 #[cfg(test)]
299 mod tests {
300     use super::*;
301     use kmr_ta::device::RetrieveKeyMaterial;
302     use test::{expect, expect_eq, expect_ne, skip};
303 
304     #[test]
kak_call_returns_key()305     fn kak_call_returns_key() {
306         let trusty_keys = TrustyKeys;
307         let kak = trusty_keys.kak().expect("Couldn't retrieve kak");
308         let kak = kmr_common::explicit!(kak).expect("kak should be an explicit key");
309 
310         expect!(matches!(kak, crypto::aes::Key::Aes256(_)), "Should have received an AES 256 key");
311 
312         let key = match kak {
313             crypto::aes::Key::Aes256(key) => key,
314             _ => panic!("Wrong type of key received"),
315         };
316         // Getting an all 0 key agreement key by chance is not likely if we got a connection to
317         // HWKey
318         expect_ne!(key, [0; TRUSTY_KM_KAK_SIZE], "key agreement key should not be 0s");
319     }
320 
321     #[test]
kak_two_calls_returns_same_key()322     fn kak_two_calls_returns_same_key() {
323         let trusty_keys = TrustyKeys;
324 
325         let kak = trusty_keys.kak().expect("Couldn't retrieve kak");
326         let kak1 = match kmr_common::explicit!(kak).expect("kak should be an explicit key") {
327             crypto::aes::Key::Aes256(key) => key,
328             _ => panic!("Wrong type of key received"),
329         };
330         let kak = trusty_keys.kak().expect("Couldn't retrieve kak");
331         let kak2 = match kmr_common::explicit!(kak).expect("kak should be an explicit key") {
332             crypto::aes::Key::Aes256(key) => key,
333             _ => panic!("Wrong type of key received"),
334         };
335         expect_eq!(kak1, kak2, "Calls to kak should return the same key");
336     }
337 
338     #[test]
kek_call_returns_key()339     fn kek_call_returns_key() {
340         let trusty_keys = TrustyKeys;
341         let kek = trusty_keys
342             .root_kek(&trusty_keys.kek_context().expect("Couldn't get kek context"))
343             .expect("Couldn't get kek");
344         let kek = kmr_common::explicit!(kek).expect("kek should be an explicit key");
345 
346         // Getting an all 0 key encryption key by chance is not likely if we got a connection to
347         // HWKey
348         expect_ne!(
349             kek.0,
350             [0; TRUSTY_KM_WRAPPING_KEY_SIZE].to_vec(),
351             "Key encryption key should not be 0s"
352         );
353     }
354 
355     #[test]
kek_two_calls_returns_same_key()356     fn kek_two_calls_returns_same_key() {
357         let trusty_keys = TrustyKeys;
358         let kek1 = kmr_common::explicit!(trusty_keys
359             .root_kek(&trusty_keys.kek_context().expect("Couldn't get kek context"))
360             .expect("Couldn't get kek"))
361         .expect("kek should be an explicit key");
362         let kek2 = kmr_common::explicit!(trusty_keys
363             .root_kek(&trusty_keys.kek_context().expect("Couldn't get kek context"))
364             .expect("Couldn't get kek"))
365         .expect("kek should be an explicit key");
366 
367         expect_eq!(kek1.0, kek2.0, "Calls to root_kek should return the same key");
368     }
369 
370     #[test]
kek_with_different_context_return_different_keys()371     fn kek_with_different_context_return_different_keys() {
372         if true {
373             skip!("TODO: reinstate test");
374         }
375         let context1 =
376             TrustyKekContext::new(true, Some(KdfVersion::Best), Some(OsRollbackVersion::Current));
377         // Transforming back and forward to raw format to get specific versions
378         let context1 = TrustyKekContext::from_raw(&context1.unwrap().to_raw().unwrap()).unwrap();
379         let non_legacy_context1 = match context1.clone() {
380             TrustyKekContext::NonLegacyKey(context) => context,
381             _ => panic!("Didn't get back a non-legacy key"),
382         };
383         let context1_version = match non_legacy_context1.os_rollback_version {
384             OsRollbackVersion::Version(n) => n,
385             _ => panic!("Didn't get an specific version"),
386         };
387         // Specific running/committed versions are greater than 0.
388         let context2_version = context1_version - 1;
389         let context2 = TrustyKekContext::new(
390             true,
391             Some(KdfVersion::Best),
392             Some(OsRollbackVersion::Version(context2_version)),
393         )
394         .unwrap();
395         let trusty_keys = TrustyKeys;
396         let kek1 = kmr_common::explicit!(trusty_keys
397             .root_kek(&context1.to_raw().expect("Couldn't serialize kek1 context"))
398             .expect("Couldn't get kek"))
399         .expect("kek should be an explicit key");
400         let kek2 = kmr_common::explicit!(trusty_keys
401             .root_kek(&context2.to_raw().expect("Couldn't serialize kek2 context"))
402             .expect("Couldn't get kek"))
403         .expect("kek should be an explicit key");
404 
405         expect_ne!(kek1.0, kek2.0, "kek keys should be different");
406     }
407 
408     #[test]
legacy_kek_is_different_than_non_legacy()409     fn legacy_kek_is_different_than_non_legacy() {
410         if true {
411             skip!("TODO: reinstate test");
412         }
413         let context1 =
414             TrustyKekContext::new(true, Some(KdfVersion::Best), Some(OsRollbackVersion::Current))
415                 .unwrap();
416         let context2 = TrustyKekContext::new(false, None, None).unwrap();
417         let trusty_keys = TrustyKeys;
418         let kek1 = kmr_common::explicit!(trusty_keys
419             .root_kek(&context1.to_raw().expect("Couldn't serialize kek1 context"))
420             .expect("Couldn't get kek"))
421         .expect("kek should be an explicit key");
422         let kek2 = kmr_common::explicit!(trusty_keys
423             .root_kek(&context2.to_raw().expect("Couldn't serialize kek2 context"))
424             .expect("Couldn't get kek"))
425         .expect("kek should be an explicit key");
426 
427         expect_ne!(kek1.0, kek2.0, "kek keys should be different");
428     }
429 
430     #[test]
deserializing_u32s()431     fn deserializing_u32s() {
432         let num = deserialize_u32(&[0; 0], "");
433         expect!(num.is_err(), "We need an array of exactly 4 bytes for a u32");
434         let num = deserialize_u32(&[0; 3], "");
435         expect!(num.is_err(), "We need an array of exactly 4 bytes for a u32");
436         let num = deserialize_u32(&[0; 5], "");
437         expect!(num.is_err(), "We need an array of exactly 4 bytes for a u32");
438         let num = deserialize_u32(&[0; 4], "").unwrap();
439         expect_eq!(num, 0, "recovered number should be 0");
440         let num = deserialize_u32(&[0xff; 4], "").unwrap();
441         expect_eq!(num, 0xffffffff, "recovered number should be 0xffffffff");
442         let num = deserialize_u32(&[1, 0, 0, 0], "").unwrap();
443         expect_eq!(num, 1, "recovered number should be 1");
444         let num = deserialize_u32(&[0x78, 0x56, 0x34, 0x12], "").unwrap();
445         expect_eq!(num, 0x12345678, "recovered number should be 0x12345678");
446     }
447 
448     #[test]
os_version_to_u32()449     fn os_version_to_u32() {
450         for version in 0..20 {
451             let u32_version =
452                 os_rollback_version_to_u32(OsRollbackVersion::Version(version)).unwrap();
453             expect_eq!(version, u32_version, "Wriong version received");
454         }
455     }
456 
457     #[test]
current_version_to_u32()458     fn current_version_to_u32() {
459         if true {
460             skip!("TODO: reinstate test");
461         }
462         let curr_version = os_rollback_version_to_u32(OsRollbackVersion::Current).unwrap();
463         expect_ne!(curr_version, 0, "Current version should not be 0");
464     }
465 
466     #[test]
deserializing_bad_kek_context_fails()467     fn deserializing_bad_kek_context_fails() {
468         let ctx_1 = TrustyKekContext::from_raw(&[0; 0]);
469         expect!(ctx_1.is_err(), "deserializing an empty context should fail");
470         let good_ctx =
471             TrustyKekContext::new(true, Some(KdfVersion::Best), Some(OsRollbackVersion::Current))
472                 .unwrap();
473         let mut ctx_raw = good_ctx.to_raw().unwrap();
474         ctx_raw.push(0);
475         let ctx_2 = TrustyKekContext::from_raw(&ctx_raw);
476         expect!(ctx_2.is_err(), "deserializing a bigger than expected context should fail");
477         ctx_raw.pop();
478         let ctx_3 = TrustyKekContext::from_raw(&ctx_raw);
479         expect!(ctx_3.is_ok(), "checking that good context can be deserialized");
480         ctx_raw.pop();
481         let ctx_4 = TrustyKekContext::from_raw(&ctx_raw);
482         expect!(ctx_4.is_err(), "deserializing a smaller than expected context should fail");
483         let ctx_5 = TrustyKekContext::from_raw(&[0; TrustyKekContext::SERIALIZED_SIZE]);
484         expect!(ctx_5.is_err(), "deserializing a smaller than expected context should fail");
485     }
486 
487     #[test]
test_kek_context_serialization()488     fn test_kek_context_serialization() {
489         let original_ctx = TrustyKekContext::new(
490             true,
491             Some(KdfVersion::Best),
492             Some(OsRollbackVersion::Version(2)),
493         )
494         .unwrap();
495         let recovered_ctx = TrustyKekContext::from_raw(&original_ctx.to_raw().unwrap()).unwrap();
496         expect_eq!(original_ctx, recovered_ctx, "Didn't get back same context");
497         let original_ctx = TrustyKekContext::new(false, None, None).unwrap();
498         let recovered_ctx = TrustyKekContext::from_raw(&original_ctx.to_raw().unwrap()).unwrap();
499         expect_eq!(original_ctx, recovered_ctx, "Didn't get back same context");
500     }
501 
502     #[test]
test_kek_context_creation()503     fn test_kek_context_creation() {
504         // Testing that non legacy context requires all parameters to be present
505         let non_legacy_ctx = TrustyKekContext::new(true, None, Some(OsRollbackVersion::Version(2)));
506         expect!(
507             non_legacy_ctx.is_err(),
508             "We should not be able to create a non legacy context without KDF version"
509         );
510         let non_legacy_ctx = TrustyKekContext::new(true, Some(KdfVersion::Best), None);
511         expect!(
512             non_legacy_ctx.is_err(),
513             "We should not be able to create a non legacy context without OS rollback version"
514         );
515         let non_legacy_ctx = TrustyKekContext::new(
516             true,
517             Some(KdfVersion::Best),
518             Some(OsRollbackVersion::Version(2)),
519         );
520         expect!(non_legacy_ctx.is_ok(), "Couldn't create non legacy context");
521         // Testing that legacy context requires all optional parameters to be None
522         let legacy_ctx = TrustyKekContext::new(
523             false,
524             Some(KdfVersion::Best),
525             Some(OsRollbackVersion::Version(2)),
526         );
527         expect!(
528             legacy_ctx.is_err(),
529             "We should not be able to create a non legacy with optional parameters"
530         );
531         let legacy_ctx = TrustyKekContext::new(false, None, Some(OsRollbackVersion::Version(2)));
532         expect!(
533             legacy_ctx.is_err(),
534             "We should not be able to create a non legacy context with a OS Rollback version"
535         );
536         let legacy_ctx = TrustyKekContext::new(false, Some(KdfVersion::Best), None);
537         expect!(
538             legacy_ctx.is_err(),
539             "We should not be able to create a non legacy context without OS rollback version"
540         );
541         let legacy_ctx = TrustyKekContext::new(false, None, None);
542         expect!(legacy_ctx.is_ok(), "Couldn't create legacy context");
543     }
544 }
545