From 830d80896f965b1b1f4a550505014aad016ca938 Mon Sep 17 00:00:00 2001 From: Leonard Cohnen Date: Wed, 7 Feb 2024 18:45:28 +0100 Subject: [PATCH] ca: remove duplicate oid usage --- internal/attestation/snp/extensions.go | 32 ++++++++++----------- internal/attestation/snp/extensions_test.go | 26 +++++++++++++++++ 2 files changed, 42 insertions(+), 16 deletions(-) create mode 100644 internal/attestation/snp/extensions_test.go diff --git a/internal/attestation/snp/extensions.go b/internal/attestation/snp/extensions.go index 629ebe9fb..53814c1a1 100644 --- a/internal/attestation/snp/extensions.go +++ b/internal/attestation/snp/extensions.go @@ -59,22 +59,22 @@ var ( chipIDOID = append(rootOID, 32) - committedTCBPartsBlSplOID = append(rootOID, 32) - committedTCBPartsSnpSplOID = append(rootOID, 33) - committedTCBPartsTeeSplOID = append(rootOID, 34) - committedTCBPartsUcodeSplOID = append(rootOID, 35) - - currentBuildOID = append(rootOID, 36) - currentMinorOID = append(rootOID, 37) - currentMajorOID = append(rootOID, 38) - committedBuildOID = append(rootOID, 39) - committedMinorOID = append(rootOID, 40) - committedMajorOID = append(rootOID, 41) - - launchTCBPartsBlSplOID = append(rootOID, 42) - launchTCBPartsSnpSplOID = append(rootOID, 43) - launchTCBPartsTeeSplOID = append(rootOID, 44) - launchTCBPartsUcodeSplOID = append(rootOID, 45) + committedTCBPartsBlSplOID = append(rootOID, 33) + committedTCBPartsSnpSplOID = append(rootOID, 34) + committedTCBPartsTeeSplOID = append(rootOID, 35) + committedTCBPartsUcodeSplOID = append(rootOID, 36) + + currentBuildOID = append(rootOID, 37) + currentMinorOID = append(rootOID, 38) + currentMajorOID = append(rootOID, 39) + committedBuildOID = append(rootOID, 40) + committedMinorOID = append(rootOID, 41) + committedMajorOID = append(rootOID, 42) + + launchTCBPartsBlSplOID = append(rootOID, 43) + launchTCBPartsSnpSplOID = append(rootOID, 44) + launchTCBPartsTeeSplOID = append(rootOID, 45) + launchTCBPartsUcodeSplOID = append(rootOID, 46) ) type bigIntExtension struct { diff --git a/internal/attestation/snp/extensions_test.go b/internal/attestation/snp/extensions_test.go new file mode 100644 index 000000000..f8eaadaca --- /dev/null +++ b/internal/attestation/snp/extensions_test.go @@ -0,0 +1,26 @@ +package snp + +import ( + "testing" + + "github.com/google/go-sev-guest/proto/sevsnp" + "github.com/stretchr/testify/require" +) + +func TestClaimsToCertExtension(t *testing.T) { + require := require.New(t) + report := &sevsnp.Report{ + Policy: 0x00000000000f0000, + } + exts, err := ClaimsToCertExtension(report) + require.NoError(err) + + // Check that no OIDs are used multiple times + oidSet := make(map[string]struct{}) + for _, ext := range exts { + oid := ext.Id.String() + _, ok := oidSet[oid] + require.False(ok, "OID %s used multiple times", oid) + oidSet[oid] = struct{}{} + } +}