fix(kds, validate): address feedback from review

- fix lint errors reported by Ubuntu CI
- make error messages in tests reader friendly

Signed-off-by: Jagannathan Raman <jraman567@gmail.com>

Author: jraman567

kds/kds.go

@@ -72,10 +72,10 @@ var (
 	// TCBStructVersion1 is the version of the TCB structure for Turin
 	TCBStructVersion1 = uint8(1)
 
-	// TCBHwIdLenVersion0 is the length of the hwID extension for TCB structVersion 0
-	TCBHwIdLenVersion0 = uint8(64)
-	// TCBHwIdLenVersion1 is the length of the hwID extension for TCB structVersion 1
-	TCBHwIdLenVersion1 = uint8(8)
+	// TCBHwIDLenVersion0 is the length of the hwID extension for TCB structVersion 0
+	TCBHwIDLenVersion0 = uint8(64)
+	// TCBHwIDLenVersion1 is the length of the hwID extension for TCB structVersion 1
+	TCBHwIDLenVersion1 = uint8(8)
 
 	authorityKeyOid = asn1.ObjectIdentifier([]int{2, 5, 29, 35})
 	// Short forms of the asn1 Object identifiers to use in map lookups, since []int are invalid key
@@ -393,7 +393,7 @@ func asn1OctetString(ext *pkix.Extension, field string, size int) ([]byte, error
 func kdsOidMapToExtensions(exts map[kdsOID]*pkix.Extension) (*Extensions, error) {
 	var (
 		result  Extensions
-		hwIdLen int
+		hwIDLen int
 	)
 
 	if err := asn1U8(exts[kdsStructVersion], "StructVersion", &result.StructVersion); err != nil {
@@ -404,15 +404,15 @@ func kdsOidMapToExtensions(exts map[kdsOID]*pkix.Extension) (*Extensions, error)
 	}
 	switch result.StructVersion {
 	case TCBStructVersion0:
-		hwIdLen = int(TCBHwIdLenVersion0)
+		hwIDLen = int(TCBHwIDLenVersion0)
 	case TCBStructVersion1:
-		hwIdLen = int(TCBHwIdLenVersion1)
+		hwIDLen = int(TCBHwIDLenVersion1)
 	default:
 		return nil, fmt.Errorf("unsupported TCB structVersion %d", result.StructVersion)
 	}
 	hwidExt, ok := exts[kdsHwid]
 	if ok {
-		octet, err := asn1OctetString(hwidExt, "HWID", hwIdLen)
+		octet, err := asn1OctetString(hwidExt, "HWID", hwIDLen)
 		if err != nil {
 			return nil, err
 		}
@@ -509,7 +509,7 @@ func VcekCertificateExtensions(cert *x509.Certificate) (*Extensions, error) {
 	if exts.CspID != "" {
 		return nil, fmt.Errorf("unexpected CSP_ID in VCEK certificate: %s", exts.CspID)
 	}
-	if len(exts.HWID) != int(TCBHwIdLenVersion0) && len(exts.HWID) != int(TCBHwIdLenVersion1) {
+	if len(exts.HWID) != int(TCBHwIDLenVersion0) && len(exts.HWID) != int(TCBHwIDLenVersion1) {
 		return nil, fmt.Errorf("missing HWID extension for VCEK certificate")
 	}
 	return exts, nil
@@ -599,7 +599,7 @@ func VCEKCertURL(productLine string, hwid []byte, tcb TCBVersion) string {
 	parts := DecomposeTCBVersion(tcb)
 	switch parts.Version {
 	case TCBStructVersion1:
-		hwidv1 := hwid[0:TCBHwIdLenVersion1]
+		hwidv1 := hwid[0:TCBHwIDLenVersion1]
 		return fmt.Sprintf("%s/%s?blSPL=%d&teeSPL=%d&snpSPL=%d&ucodeSPL=%d&fmcSPL=%d",
 			productBaseURL(abi.VcekReportSigner, productLine),
 			hex.EncodeToString(hwidv1),

validate/validate.go

@@ -431,7 +431,7 @@ func tcbNeError(left, right partDescription) error {
 	if ltcb == rtcb {
 		return nil
 	}
-	return fmt.Errorf("the %s %x does not match the %s %x", left.desc, ltcb, right.desc, rtcb)
+	return fmt.Errorf("the %s 0x%x does not match the %s 0x%x", left.desc, ltcb.TCB, right.desc, rtcb.TCB)
 }
 
 // tcbGtError returns an error if wantLower is greater than (in part) wantHigher. It enforces

validate/validate_test.go

@@ -418,7 +418,7 @@ func TestValidateSnpAttestation(t *testing.T) {
 			name:        "rejected provisional by tcb",
 			attestation: attestationcb1455,
 			opts:        &Options{ReportData: noncecb1455[:], GuestPolicy: abi.SnpPolicy{Debug: true}},
-			wantErr:     "the report's COMMITTED_TCB {0 9270000000007f00} does not match the report's CURRENT_TCB {0 9270000000007f1f}",
+			wantErr:     "the report's COMMITTED_TCB 0x9270000000007f00 does not match the report's CURRENT_TCB 0x9270000000007f1f",
 		},
 		{
 			name:        "accepted provisional by version",