oid: move snp issuer and validator oid to own package

edgelesssys · Feb 7, 2024 · 6990a90 · 6990a90
1 parent cc92b12
commit 6990a90
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 3 deletions.
diff --git a/internal/attestation/snp/extensions.go b/internal/attestation/snp/extensions.go
@@ -6,14 +6,17 @@ import (
 	"fmt"
 	"math/big"
 
+	"github.com/edgelesssys/nunki/internal/oid"
 	"github.com/google/go-sev-guest/abi"
 	"github.com/google/go-sev-guest/kds"
 	"github.com/google/go-sev-guest/proto/sevsnp"
 	"golang.org/x/exp/constraints"
 )
 
 var (
-	rootOID = asn1.ObjectIdentifier{1, 3, 9901, 2, 1}
+	// We use the raw SNP OID as root range for our parsed SNP report extensions.
+	// This OID NOT be used for any parsed extension directly.
+	rootOID = oid.RawSNPReport
 
 	versionOID  = append(rootOID, 1)
 	guestSVNOID = append(rootOID, 2)

diff --git a/internal/attestation/snp/issuer.go b/internal/attestation/snp/issuer.go
@@ -14,6 +14,7 @@ import (
 	"fmt"
 	"log/slog"
 
+	"github.com/edgelesssys/nunki/internal/oid"
 	"github.com/google/go-sev-guest/client"
 )
 
@@ -29,7 +30,7 @@ func NewIssuer(log *slog.Logger) *Issuer {
 
 // OID returns the OID of the issuer.
 func (i *Issuer) OID() asn1.ObjectIdentifier {
-	return asn1.ObjectIdentifier{1, 3, 9901, 2, 1}
+	return oid.RawSNPReport
 }
 
 // Issue the attestation document.

diff --git a/internal/attestation/snp/validator.go b/internal/attestation/snp/validator.go
@@ -15,6 +15,7 @@ import (
 	"log/slog"
 
 	"github.com/edgelesssys/nunki/internal/logger"
+	"github.com/edgelesssys/nunki/internal/oid"
 	"github.com/google/go-sev-guest/abi"
 	"github.com/google/go-sev-guest/proto/sevsnp"
 	"github.com/google/go-sev-guest/validate"
@@ -71,7 +72,7 @@ func NewValidatorWithCallbacks(optsGen validateOptsGenerator, kdsGetter trust.HT
 
 // OID returns the OID of the validator.
 func (v *Validator) OID() asn1.ObjectIdentifier {
-	return asn1.ObjectIdentifier{1, 3, 9901, 2, 1}
+	return oid.RawSNPReport
 }
 
 // Validate a TPM based attestation.

diff --git a/internal/oid/oid.go b/internal/oid/oid.go
@@ -0,0 +1,7 @@
+package oid
+
+import "encoding/asn1"
+
+// RawSNPReport is the root OID for the raw SNP report extensions
+// used by the aTLS issuer and validator.
+var RawSNPReport = asn1.ObjectIdentifier{1, 3, 9901, 2, 1}