Skip to content

Commit e6425e8

Browse files
burgerdevburgerdev
committed
parse PIID from PCK SGX extensions
Signed-off-by: Markus Rudy <mr@edgeless.systems>
1 parent ca87474 commit e6425e8

File tree

2 files changed

+12
-0
lines changed

2 files changed

+12
-0
lines changed

pcs/pcs.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ const (
3131
pckCertExtensionSize = 6
3232
sgxExtensionMinSize = 4
3333
tcbExtensionSize = 18
34+
piidSize = 16
3435
ppidSize = 16
3536
cpuSvnSize = 16
3637
fmspcSize = 6
@@ -77,6 +78,8 @@ var (
7778
OidFMSPC = asn1.ObjectIdentifier([]int{1, 2, 840, 113741, 1, 13, 1, 4})
7879
// OidSGXType is the x509v3 extension for PCK certificate's SGX Extensions SGX Type value.
7980
OidSGXType = asn1.ObjectIdentifier([]int{1, 2, 840, 113741, 1, 13, 1, 5})
81+
// OidPIID is the x509v3 extension for PCK certificate's SGX Extensions PIID value.
82+
OidPIID = asn1.ObjectIdentifier([]int{1, 2, 840, 113741, 1, 13, 1, 6})
8083

8184
// ErrPckExtInvalid error returned when parsing PCK certificate's extension returns leftover bytes
8285
ErrPckExtInvalid = errors.New("unexpected leftover bytes for PCK certificate's extension")
@@ -185,6 +188,7 @@ type PckExtensions struct {
185188
PCEID string
186189
FMSPC string
187190
SGXType SGXType
191+
PIID string
188192
}
189193

190194
// SGXType represents the type of the platform for which the PCK certificate was created
@@ -466,6 +470,12 @@ func extractSgxExtensions(extensions []asn1.RawValue) (*PckExtensions, error) {
466470
}
467471
pckExtension.SGXType = SGXType(sExtension.Value)
468472
}
473+
if sExtension.Type.Equal(OidPIID) {
474+
pckExtension.PIID, err = extractAsn1OctetStringExtension("PIID", extensions[i], piidSize)
475+
if err != nil {
476+
return nil, err
477+
}
478+
}
469479
}
470480
return pckExtension, nil
471481
}

verify/verify_test.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -100,9 +100,11 @@ func TestPckCertificateExtensions(t *testing.T) {
100100
}
101101
pckExt := &pcs.PckExtensions{}
102102
ppidBytes := []byte{8, 157, 223, 219, 156, 3, 89, 200, 42, 59, 199, 113, 146, 57, 87, 78}
103+
piidBytes := []byte{0x8c, 0x31, 0x4d, 0x17, 0xd2, 0x5, 0xdf, 0xaf, 0xcb, 0xec, 0xbb, 0x0, 0xfc, 0x87, 0xef, 0xf7}
103104
fmspcBytes := []byte{80, 128, 111, 0, 0, 0}
104105
pceIDBytes := []byte{0, 0}
105106
pckExt.PPID = hex.EncodeToString(ppidBytes)
107+
pckExt.PIID = hex.EncodeToString(piidBytes)
106108
pckExt.FMSPC = hex.EncodeToString(fmspcBytes)
107109
pckExt.PCEID = hex.EncodeToString(pceIDBytes)
108110
pckExt.SGXType = pcs.SGXTypeScalable

0 commit comments

Comments
 (0)