go-attestation/attest/tpm_test.go

package attest

import (
	"crypto/rsa"
	"crypto/x509"
	"encoding/pem"
	"fmt"
	"testing"
)

// Created by downloading the base64-url encoded PEM data from
// https://ekop.intel.com/ekcertservice/WVEG2rRwkQ7m3RpXlUphgo6Y2HLxl18h6ZZkkOAdnBE%3D,
// extracting its public key, and formatting it to PEM using
//
//	openssl x509 -in ekcert.pem  -pubkey
//
// This is the public key from the EK cert that's used for testing tpm2-tools:
// https://github.com/tpm2-software/tpm2-tools/blob/master/test/integration/tests/getekcertificate.sh
var testRSAKey = mustParseRSAKey(`-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyDi8kSoYBqs8+AdJsZl
JJk1Vi3h2hl+nn8HbEaWE8+2U+mOwsOG/B0TPyyMbMM4tzLwsgi9g4qHej5bvD4d
QIToNcfIkGocBbTS0w/b68HbrZUPprFlvUtqhkYDFGFkwMT1nUiQEe8fko3upukA
YfPTdeVkYnMVHvYiJSCYvhpKsB3AoSInxgn9rOsRWvQI1Gk6b0mRl3RpWwwSvBih
/3EgpzN7L7XxlR2Lt/CU1bVUwRyVI7MHKf5keH0KE7nmMEiNq039hmNKUnDscvzF
pE3GeajzKTjdgZfina6Dn1tMoPXeJ8lSLCPFThws5XhZUlEYvURwsYGA7veK5CZ7
zQIDAQAB
-----END PUBLIC KEY-----`)

func mustParseRSAKey(data string) *rsa.PublicKey {
	pub, err := parseRSAKey(data)
	if err != nil {
		panic(err)
	}
	return pub
}

func parseRSAKey(data string) (*rsa.PublicKey, error) {
	b, _ := pem.Decode([]byte(data))
	if b == nil {
		return nil, fmt.Errorf("failed to parse PEM key")
	}
	pub, err := x509.ParsePKIXPublicKey(b.Bytes)
	if err != nil {
		return nil, fmt.Errorf("parsing public key: %v", err)
	}
	if rsaPub, ok := pub.(*rsa.PublicKey); ok {
		return rsaPub, nil
	}
	return nil, fmt.Errorf("expected *rsa.PublicKey, got %T", pub)
}

func TestIntelEKURL(t *testing.T) {
	want := "https://ekop.intel.com/ekcertservice/WVEG2rRwkQ7m3RpXlUphgo6Y2HLxl18h6ZZkkOAdnBE%3D"
	got := intelEKURL(testRSAKey)
	if got != want {
		t.Fatalf("intelEKURL(), got=%q, want=%q", got, want)
	}
}