[ot_certs] Rename extensions to private_extensions

Signed-off-by: Amaury Pouly <[email protected]>
timothytrippel · Apr 26, 2024 · 80c8a02 · 80c8a02
1 parent 5015f26
commit 80c8a02
Show file tree

Hide file tree

Showing 12 changed files with 13 additions and 16 deletions.
diff --git a/sw/device/silicon_creator/lib/cert/cdi_0.hjson b/sw/device/silicon_creator/lib/cert/cdi_0.hjson
@@ -79,7 +79,7 @@
         // https://pigweed.googlesource.com/open-dice/+/refs/heads/main/docs/specification.md#certificate-details
         // The standard extensions are fixed by the specification.
         basic_constraints: { ca: true },
-        extensions: [
+        private_extensions: [
             {
                 type: "dice_tcb_info",
                 vendor: "OpenTitan",

diff --git a/sw/device/silicon_creator/lib/cert/cdi_1.hjson b/sw/device/silicon_creator/lib/cert/cdi_1.hjson
@@ -84,7 +84,7 @@
         // https://pigweed.googlesource.com/open-dice/+/refs/heads/main/docs/specification.md#certificate-details
         // The standard extensions are fixed by the specification.
         basic_constraints: { ca: true },
-        extensions: [
+        private_extensions: [
             {
                 type: "dice_tcb_info",
                 vendor: "OpenTitan",

diff --git a/sw/device/silicon_creator/lib/cert/tpm_cek.hjson b/sw/device/silicon_creator/lib/cert/tpm_cek.hjson
@@ -69,7 +69,6 @@
         },
         authority_key_identifier: { var: "auth_key_key_id" },
         subject_key_identifier: { var: "tpm_cek_pub_key_id" },
-        extensions: [],
         signature: {
             algorithm: "ecdsa-with-sha256",
             value: {

diff --git a/sw/device/silicon_creator/lib/cert/tpm_cik.hjson b/sw/device/silicon_creator/lib/cert/tpm_cik.hjson
@@ -69,7 +69,6 @@
         },
         authority_key_identifier: { var: "auth_key_key_id" },
         subject_key_identifier: { var: "tpm_cik_pub_key_id" },
-        extensions: [],
         signature: {
             algorithm: "ecdsa-with-sha256",
             value: {

diff --git a/sw/device/silicon_creator/lib/cert/tpm_ek.hjson b/sw/device/silicon_creator/lib/cert/tpm_ek.hjson
@@ -87,7 +87,6 @@
             tpm_model: { var: "tpm_model" },
             tpm_version: { var: "tpm_version" },
         },
-        extensions: [],
         signature: {
             algorithm: "ecdsa-with-sha256",
             value: {

diff --git a/sw/device/silicon_creator/lib/cert/uds.hjson b/sw/device/silicon_creator/lib/cert/uds.hjson
@@ -105,7 +105,7 @@
         // https://pigweed.googlesource.com/open-dice/+/refs/heads/main/docs/specification.md#certificate-details
         // The standard extensions are fixed by the specification.
         basic_constraints: { ca: true },
-        extensions: [
+        private_extensions: [
             {
                 type: "dice_tcb_info",
                 vendor: "OpenTitan",

diff --git a/sw/host/ot_certs/src/asn1/x509.rs b/sw/host/ot_certs/src/asn1/x509.rs
@@ -154,7 +154,7 @@ impl X509 {
                         Self::push_key_usage_ext(builder)?;
                         Self::push_auth_key_id_ext(builder, &cert.authority_key_identifier)?;
                         Self::push_subject_key_id_ext(builder, &cert.subject_key_identifier)?;
-                        for ext in &cert.extensions {
+                        for ext in &cert.private_extensions {
                             Self::push_cert_extension(builder, ext)?
                         }
                         Ok(())

diff --git a/sw/host/ot_certs/src/template/mod.rs b/sw/host/ot_certs/src/template/mod.rs
@@ -456,7 +456,7 @@ mod tests {
                 },
                 authority_key_identifier: { var: "signing_pub_key_id" },
                 subject_key_identifier: { var: "owner_pub_key_id" },
-                extensions: [
+                private_extensions: [
                     {
                         type: "dice_tcb_info",
                         vendor: "OpenTitan",
@@ -553,7 +553,7 @@ mod tests {
             subject_key_identifier: Value::variable("owner_pub_key_id"),
             basic_constraints: None,
             subject_alt_name: IndexMap::from([]),
-            extensions: vec![CertificateExtension::DiceTcbInfo(DiceTcbInfoExtension {
+            private_extensions: vec![CertificateExtension::DiceTcbInfo(DiceTcbInfoExtension {
                 vendor: Some(Value::literal("OpenTitan")),
                 model: Some(Value::literal("ROM_EXT")),
                 svn: Some(Value::variable("rom_ext_security_version")),

diff --git a/sw/host/ot_certs/src/template/subst.rs b/sw/host/ot_certs/src/template/subst.rs
@@ -362,8 +362,8 @@ impl Subst for Certificate {
                 .basic_constraints
                 .subst(data)
                 .context("cannot substitute basic constraints")?,
-            extensions: self
-                .extensions
+            private_extensions: self
+                .private_extensions
                 .iter()
                 .map(|ext| ext.subst(data))
                 .collect::<Result<Vec<_>>>()

diff --git a/sw/host/ot_certs/src/x509.rs b/sw/host/ot_certs/src/x509.rs
@@ -233,7 +233,7 @@ pub fn parse_certificate(cert: &[u8]) -> Result<template::Certificate> {
     let x509 = X509::from_der(cert).context("could not parse certificate with openssl")?;
     let raw_extensions =
         extension::x509_get_extensions(&x509).context("could not parse X509 extensions")?;
-    let mut extensions = Vec::new();
+    let mut private_extensions = Vec::new();
     let mut basic_constraints = None;
     for ext in raw_extensions {
         match ext.object.nid() {
@@ -252,7 +252,7 @@ pub fn parse_certificate(cert: &[u8]) -> Result<template::Certificate> {
             Nid::AUTHORITY_KEY_IDENTIFIER => (),
             Nid::SUBJECT_ALT_NAME => (),
             Nid::SUBJECT_KEY_IDENTIFIER => (),
-            _ => extensions
+            _ => private_extensions
                 .push(extension::parse_extension(&ext).context("could not parse X509 extension")?),
         }
     }
@@ -281,7 +281,7 @@ pub fn parse_certificate(cert: &[u8]) -> Result<template::Certificate> {
         ),
         basic_constraints,
         subject_alt_name: get_subject_alt_name(&x509)?,
-        extensions,
+        private_extensions,
         signature: extract_signature(&x509)?,
     })
 }
diff --git a/sw/host/ot_certs/tests/example.hjson b/sw/host/ot_certs/tests/example.hjson
@@ -40,7 +40,7 @@
             tpm_model: "TPM Model",
             tpm_version: "TPM Version",
         },
-        extensions: [
+        private_extensions: [
             {
                 type: "dice_tcb_info",
                 vendor: "lowRISC",

diff --git a/sw/host/ot_certs/tests/generic.hjson b/sw/host/ot_certs/tests/generic.hjson
@@ -135,7 +135,7 @@
             tpm_model: { var: "tpm_model" },
             tpm_version: { var: "tpm_version" },
         },
-        extensions: [
+        private_extensions: [
             {
                 type: "dice_tcb_info",
                 vendor: { var: "vendor" },