attest: re-work EK API (#79)

This PR adds: * Renames 'PlatformEK' to 'EK' * More consistant support of EKs without certificates * Removes HTTP GET to Intel EK certificate service * Always populates EK.Public
2025-06-20 07:53:47 +00:00 · 2019-08-21 10:26:55 -07:00
parent cd07b32602
commit bfcbe8f1e2
10 changed files with 181 additions and 122 deletions
--- a/attest/attest_test.go
+++ b/attest/attest_test.go
@ -17,11 +17,8 @@ package attest
 import (
 	"bytes"
 	"crypto"
-	"crypto/rsa"
 	"flag"
 	"testing"
-
-	"github.com/google/certificate-transparency-go/x509"
 )

 var (
@ -121,18 +118,14 @@ func TestAIKCreateAndLoad(t *testing.T) {
 }

 // chooseEK selects the EK public which will be activated against.
-func chooseEK(t *testing.T, eks []PlatformEK) crypto.PublicKey {
+func chooseEK(t *testing.T, eks []EK) crypto.PublicKey {
 	t.Helper()

 	for _, ek := range eks {
-		if ek.Cert != nil && ek.Cert.PublicKeyAlgorithm == x509.RSA {
-			return ek.Cert.PublicKey.(*rsa.PublicKey)
-		} else if ek.Public != nil {
-			return ek.Public
-		}
+		return ek.Public
 	}

-	t.Skip("No suitable RSA EK found")
+	t.Fatalf("No suitable EK found")
 	return nil
 }