internal: refactor oid package to variant package (#1538)

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

bootstrapper/cmd/bootstrapper/BUILD.bazel

@@ -38,8 +38,8 @@ go_library(
         "//internal/grpc/dialer",
         "//internal/kubernetes/kubectl",
         "//internal/logger",
-        "//internal/oid",
         "//internal/role",
+        "//internal/variant",
         "//internal/versions/components",
         "@com_github_spf13_afero//:afero",
         "@io_k8s_kubernetes//cmd/kubeadm/app/apis/kubeadm/v1beta3",

bootstrapper/cmd/bootstrapper/main.go

@@ -32,7 +32,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/file"
 	"github.com/edgelesssys/constellation/v2/internal/kubernetes/kubectl"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/spf13/afero"
 	"go.uber.org/zap"
 )
@@ -71,7 +71,7 @@ func main() {
 		log.With(zap.Error(err)).Fatalf("Helm client could not be initialized")
 	}
 
-	attestVariant, err := oid.FromString(os.Getenv(constants.AttestationVariant))
+	attestVariant, err := variant.FromString(os.Getenv(constants.AttestationVariant))
 	if err != nil {
 		log.With(zap.Error(err)).Fatalf("Failed to parse attestation variant")
 	}

bootstrapper/internal/initserver/BUILD.bazel

@@ -44,7 +44,7 @@ go_test(
         "//internal/kms/setup",
         "//internal/kms/uri",
         "//internal/logger",
-        "//internal/oid",
+        "//internal/variant",
         "//internal/versions/components",
         "@com_github_spf13_afero//:afero",
         "@com_github_stretchr_testify//assert",

bootstrapper/internal/initserver/initserver_test.go

@@ -22,7 +22,7 @@ import (
 	kmssetup "github.com/edgelesssys/constellation/v2/internal/kms/setup"
 	"github.com/edgelesssys/constellation/v2/internal/kms/uri"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/edgelesssys/constellation/v2/internal/versions/components"
 	"github.com/spf13/afero"
 	"github.com/stretchr/testify/assert"
@@ -62,7 +62,7 @@ func TestNew(t *testing.T) {
 		t.Run(name, func(t *testing.T) {
 			assert := assert.New(t)
 
-			server, err := New(context.TODO(), newFakeLock(), &stubClusterInitializer{}, atls.NewFakeIssuer(oid.Dummy{}), fh, &tc.metadata, logger.NewTest(t))
+			server, err := New(context.TODO(), newFakeLock(), &stubClusterInitializer{}, atls.NewFakeIssuer(variant.Dummy{}), fh, &tc.metadata, logger.NewTest(t))
 			if tc.wantErr {
 				assert.Error(err)
 				return

cli/internal/cloudcmd/BUILD.bazel

@@ -33,7 +33,7 @@ go_library(
         "//internal/constants",
         "//internal/kubernetes",
         "//internal/kubernetes/kubectl",
-        "//internal/oid",
+        "//internal/variant",
         "//internal/versions",
         "//internal/versions/components",
         "//internal/versionsapi",
@@ -83,7 +83,7 @@ go_test(
         "//internal/config",
         "//internal/constants",
         "//internal/logger",
-        "//internal/oid",
+        "//internal/variant",
         "//internal/versions",
         "//internal/versions/components",
         "//operators/constellation-node-operator/api/v1alpha1",

cli/internal/cloudcmd/validators.go

@@ -18,13 +18,13 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/attestation/idkeydigest"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
 	"github.com/edgelesssys/constellation/v2/internal/config"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/spf13/cobra"
 )
 
 // Validator validates Platform Configuration Registers (PCRs).
 type Validator struct {
-	attestationVariant oid.Getter
+	attestationVariant variant.Variant
 	pcrs               measurements.M
 	idKeyConfig        idkeydigest.Config
 	validator          atls.Validator
@@ -34,17 +34,17 @@ type Validator struct {
 // NewValidator creates a new Validator.
 func NewValidator(conf *config.Config, maaURL string, log debugLog) (*Validator, error) {
 	v := Validator{log: log}
-	variant, err := oid.FromString(conf.AttestationVariant)
+	attestVariant, err := variant.FromString(conf.AttestationVariant)
 	if err != nil {
 		return nil, fmt.Errorf("parsing attestation variant: %w", err)
 	}
-	v.attestationVariant = variant // valid variant
+	v.attestationVariant = attestVariant // valid variant
 
 	if err := v.setPCRs(conf); err != nil {
 		return nil, err
 	}
 
-	if v.attestationVariant.OID().Equal(oid.AzureSEVSNP{}.OID()) {
+	if v.attestationVariant.Equal(variant.AzureSEVSNP{}) {
 		v.idKeyConfig = idkeydigest.Config{
 			IDKeyDigests:      conf.Provider.Azure.IDKeyDigest,
 			EnforcementPolicy: conf.IDKeyDigestPolicy(),
@@ -96,32 +96,11 @@ func (v *Validator) updatePCR(pcrIndex uint32, encoded string) error {
 }
 
 func (v *Validator) setPCRs(config *config.Config) error {
-	switch v.attestationVariant {
+	measurements := config.GetMeasurements()
-	case oid.AWSNitroTPM{}:
+	if len(measurements) == 0 {
-		awsPCRs := config.Provider.AWS.Measurements
+		return errors.New("no measurements found in config")
-		if len(awsPCRs) == 0 {
-			return errors.New("no expected measurement provided")
-		}
-		v.pcrs = awsPCRs
-	case oid.AzureSEVSNP{}, oid.AzureTrustedLaunch{}:
-		azurePCRs := config.Provider.Azure.Measurements
-		if len(azurePCRs) == 0 {
-			return errors.New("no expected measurement provided")
-		}
-		v.pcrs = azurePCRs
-	case oid.GCPSEVES{}:
-		gcpPCRs := config.Provider.GCP.Measurements
-		if len(gcpPCRs) == 0 {
-			return errors.New("no expected measurement provided")
-		}
-		v.pcrs = gcpPCRs
-	case oid.QEMUVTPM{}:
-		qemuPCRs := config.Provider.QEMU.Measurements
-		if len(qemuPCRs) == 0 {
-			return errors.New("no expected measurement provided")
-		}
-		v.pcrs = qemuPCRs
 	}
+	v.pcrs = measurements
 	return nil
 }
 

cli/internal/cloudcmd/validators_test.go

@@ -21,7 +21,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/attestation/qemu"
 	"github.com/edgelesssys/constellation/v2/internal/config"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/spf13/cobra"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -43,7 +43,7 @@ func TestNewValidator(t *testing.T) {
 	}{
 		"gcp": {
 			config: &config.Config{
-				AttestationVariant: oid.GCPSEVES{}.String(),
+				AttestationVariant: variant.GCPSEVES{}.String(),
 				Provider: config.ProviderConfig{
 					GCP: &config.GCPConfig{
 						Measurements: testPCRs,
@@ -53,7 +53,7 @@ func TestNewValidator(t *testing.T) {
 		},
 		"azure cvm": {
 			config: &config.Config{
-				AttestationVariant: oid.AzureSEVSNP{}.String(),
+				AttestationVariant: variant.AzureSEVSNP{}.String(),
 				Provider: config.ProviderConfig{
 					Azure: &config.AzureConfig{
 						Measurements: testPCRs,
@@ -63,7 +63,7 @@ func TestNewValidator(t *testing.T) {
 		},
 		"azure trusted launch": {
 			config: &config.Config{
-				AttestationVariant: oid.AzureTrustedLaunch{}.String(),
+				AttestationVariant: variant.AzureTrustedLaunch{}.String(),
 				Provider: config.ProviderConfig{
 					Azure: &config.AzureConfig{
 						Measurements: testPCRs,
@@ -73,7 +73,7 @@ func TestNewValidator(t *testing.T) {
 		},
 		"qemu": {
 			config: &config.Config{
-				AttestationVariant: oid.QEMUVTPM{}.String(),
+				AttestationVariant: variant.QEMUVTPM{}.String(),
 				Provider: config.ProviderConfig{
 					QEMU: &config.QEMUConfig{
 						Measurements: testPCRs,
@@ -83,7 +83,7 @@ func TestNewValidator(t *testing.T) {
 		},
 		"no pcrs provided": {
 			config: &config.Config{
-				AttestationVariant: oid.AzureSEVSNP{}.String(),
+				AttestationVariant: variant.AzureSEVSNP{}.String(),
 				Provider: config.ProviderConfig{
 					Azure: &config.AzureConfig{
 						Measurements: measurements.M{},
@@ -105,7 +105,7 @@ func TestNewValidator(t *testing.T) {
 		},
 		"set idkeydigest": {
 			config: &config.Config{
-				AttestationVariant: oid.AzureSEVSNP{}.String(),
+				AttestationVariant: variant.AzureSEVSNP{}.String(),
 				Provider: config.ProviderConfig{
 					Azure: &config.AzureConfig{
 						Measurements:       testPCRs,
@@ -128,7 +128,7 @@ func TestNewValidator(t *testing.T) {
 			} else {
 				assert.NoError(err)
 				assert.Equal(tc.config.GetMeasurements(), validators.pcrs)
-				variant, err := oid.FromString(tc.config.AttestationVariant)
+				variant, err := variant.FromString(tc.config.AttestationVariant)
 				require.NoError(t, err)
 				assert.Equal(variant, validators.attestationVariant)
 			}
@@ -156,17 +156,17 @@ func TestValidatorV(t *testing.T) {
 	}
 
 	testCases := map[string]struct {
-		variant oid.Getter
+		variant variant.Variant
 		pcrs    measurements.M
 		wantVs  atls.Validator
 	}{
 		"gcp": {
-			variant: oid.GCPSEVES{},
+			variant: variant.GCPSEVES{},
 			pcrs:    newTestPCRs(),
 			wantVs:  gcp.NewValidator(newTestPCRs(), nil),
 		},
 		"azure cvm": {
-			variant: oid.AzureSEVSNP{},
+			variant: variant.AzureSEVSNP{},
 			pcrs:    newTestPCRs(),
 			wantVs: snp.NewValidator(
 				newTestPCRs(),
@@ -175,12 +175,12 @@ func TestValidatorV(t *testing.T) {
 			),
 		},
 		"azure trusted launch": {
-			variant: oid.AzureTrustedLaunch{},
+			variant: variant.AzureTrustedLaunch{},
 			pcrs:    newTestPCRs(),
 			wantVs:  trustedlaunch.NewValidator(newTestPCRs(), nil),
 		},
 		"qemu": {
-			variant: oid.QEMUVTPM{},
+			variant: variant.QEMUVTPM{},
 			pcrs:    newTestPCRs(),
 			wantVs:  qemu.NewValidator(newTestPCRs(), nil),
 		},
@@ -235,50 +235,50 @@ func TestValidatorUpdateInitPCRs(t *testing.T) {
 	}
 
 	testCases := map[string]struct {
-		variant   oid.Getter
+		variant   variant.Variant
 		pcrs      measurements.M
 		ownerID   string
 		clusterID string
 		wantErr   bool
 	}{
 		"gcp update owner ID": {
-			variant: oid.GCPSEVES{},
+			variant: variant.GCPSEVES{},
 			pcrs:    newTestPCRs(),
 			ownerID: one64,
 		},
 		"gcp update cluster ID": {
-			variant:   oid.GCPSEVES{},
+			variant:   variant.GCPSEVES{},
 			pcrs:      newTestPCRs(),
 			clusterID: one64,
 		},
 		"gcp update both": {
-			variant:   oid.GCPSEVES{},
+			variant:   variant.GCPSEVES{},
 			pcrs:      newTestPCRs(),
 			ownerID:   one64,
 			clusterID: one64,
 		},
 		"azure update owner ID": {
-			variant: oid.AzureSEVSNP{},
+			variant: variant.AzureSEVSNP{},
 			pcrs:    newTestPCRs(),
 			ownerID: one64,
 		},
 		"azure update cluster ID": {
-			variant:   oid.AzureSEVSNP{},
+			variant:   variant.AzureSEVSNP{},
 			pcrs:      newTestPCRs(),
 			clusterID: one64,
 		},
 		"azure update both": {
-			variant:   oid.AzureSEVSNP{},
+			variant:   variant.AzureSEVSNP{},
 			pcrs:      newTestPCRs(),
 			ownerID:   one64,
 			clusterID: one64,
 		},
 		"owner ID and cluster ID empty": {
-			variant: oid.GCPSEVES{},
+			variant: variant.GCPSEVES{},
 			pcrs:    newTestPCRs(),
 		},
 		"invalid encoding": {
-			variant: oid.GCPSEVES{},
+			variant: variant.GCPSEVES{},
 			pcrs:    newTestPCRs(),
 			ownerID: "invalid",
 			wantErr: true,
@@ -421,7 +421,7 @@ func TestUpdatePCR(t *testing.T) {
 			}
 
 			validators := &Validator{
-				attestationVariant: oid.GCPSEVES{},
+				attestationVariant: variant.GCPSEVES{},
 				pcrs:               pcrs,
 			}
 			err := validators.updatePCR(tc.pcrIndex, tc.encoded)

cli/internal/cmd/BUILD.bazel

@@ -61,9 +61,9 @@ go_library(
         "//internal/kubernetes/kubectl",
         "//internal/license",
         "//internal/logger",
-        "//internal/oid",
         "//internal/retry",
         "//internal/sigstore",
+        "//internal/variant",
         "//internal/versions",
         "//internal/versionsapi",
         "//internal/versionsapi/fetcher",
@@ -127,7 +127,7 @@ go_test(
         "//internal/kms/uri",
         "//internal/license",
         "//internal/logger",
-        "//internal/oid",
+        "//internal/variant",
         "//internal/versions",
         "//internal/versionsapi",
         "//verify/verifyproto",

cli/internal/cmd/configgenerate.go

@@ -15,7 +15,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/config"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
 	"github.com/edgelesssys/constellation/v2/internal/file"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/edgelesssys/constellation/v2/internal/versions"
 	"github.com/siderolabs/talos/pkg/machinery/config/encoder"
 	"github.com/spf13/afero"
@@ -109,13 +109,13 @@ func createConfig(provider cloudprovider.Provider) *config.Config {
 	// TODO(AB#2976): Replace hardcoded values with user input
 	switch provider {
 	case cloudprovider.AWS:
-		conf.AttestationVariant = oid.AWSNitroTPM{}.String()
+		conf.AttestationVariant = variant.AWSNitroTPM{}.String()
 	case cloudprovider.Azure:
-		conf.AttestationVariant = oid.AzureSEVSNP{}.String()
+		conf.AttestationVariant = variant.AzureSEVSNP{}.String()
 	case cloudprovider.GCP:
-		conf.AttestationVariant = oid.GCPSEVES{}.String()
+		conf.AttestationVariant = variant.GCPSEVES{}.String()
 	case cloudprovider.QEMU:
-		conf.AttestationVariant = oid.QEMUVTPM{}.String()
+		conf.AttestationVariant = variant.QEMUVTPM{}.String()
 	}
 
 	return conf

cli/internal/cmd/configgenerate_test.go

@@ -15,7 +15,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/constants"
 	"github.com/edgelesssys/constellation/v2/internal/file"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/edgelesssys/constellation/v2/internal/versions"
 	"github.com/spf13/afero"
 	"github.com/stretchr/testify/assert"
@@ -94,7 +94,7 @@ func TestConfigGenerateDefaultGCPSpecific(t *testing.T) {
 	require.NoError(cg.configGenerate(cmd, fileHandler, cloudprovider.GCP))
 
 	// TODO(AB#2976): Remove this once attestation variants are dynamically created
-	wantConf.AttestationVariant = oid.GCPSEVES{}.String()
+	wantConf.AttestationVariant = variant.GCPSEVES{}.String()
 
 	var readConfig config.Config
 	err := fileHandler.ReadYAML(constants.ConfigFilename, &readConfig)

cli/internal/cmd/init_test.go

@@ -33,7 +33,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/kms/uri"
 	"github.com/edgelesssys/constellation/v2/internal/license"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/edgelesssys/constellation/v2/internal/versions"
 	"github.com/spf13/afero"
 	"github.com/stretchr/testify/assert"
@@ -399,14 +399,14 @@ func TestAttestation(t *testing.T) {
 	netDialer := testdialer.NewBufconnDialer()
 	newDialer := func(v *cloudcmd.Validator) *dialer.Dialer {
 		validator := &testValidator{
-			Getter: oid.QEMUVTPM{},
+			Getter: variant.QEMUVTPM{},
 			pcrs:   v.PCRS(),
 		}
 		return dialer.New(nil, validator, netDialer)
 	}
 
 	issuer := &testIssuer{
-		Getter: oid.QEMUVTPM{},
+		Getter: variant.QEMUVTPM{},
 		pcrs: map[uint32][]byte{
 			0: bytes.Repeat([]byte{0xFF}, 32),
 			1: bytes.Repeat([]byte{0xFF}, 32),
@@ -436,7 +436,7 @@ func TestAttestation(t *testing.T) {
 
 	cfg := config.Default()
 	cfg.Image = "image"
-	cfg.AttestationVariant = oid.QEMUVTPM{}.String()
+	cfg.AttestationVariant = variant.QEMUVTPM{}.String()
 	cfg.RemoveProviderExcept(cloudprovider.QEMU)
 	cfg.Provider.QEMU.Measurements[0] = measurements.WithAllBytes(0x00, measurements.Enforce)
 	cfg.Provider.QEMU.Measurements[1] = measurements.WithAllBytes(0x11, measurements.Enforce)
@@ -460,7 +460,7 @@ func TestAttestation(t *testing.T) {
 }
 
 type testValidator struct {
-	oid.Getter
+	variant.Getter
 	pcrs measurements.M
 }
 
@@ -482,7 +482,7 @@ func (v *testValidator) Validate(_ context.Context, attDoc []byte, _ []byte) ([]
 }
 
 type testIssuer struct {
-	oid.Getter
+	variant.Getter
 	pcrs map[uint32][]byte
 }
 
@@ -530,7 +530,7 @@ func defaultConfigWithExpectedMeasurements(t *testing.T, conf *config.Config, cs
 
 	switch csp {
 	case cloudprovider.Azure:
-		conf.AttestationVariant = oid.AzureSEVSNP{}.String()
+		conf.AttestationVariant = variant.AzureSEVSNP{}.String()
 		conf.Provider.Azure.SubscriptionID = "01234567-0123-0123-0123-0123456789ab"
 		conf.Provider.Azure.TenantID = "01234567-0123-0123-0123-0123456789ab"
 		conf.Provider.Azure.Location = "test-location"
@@ -542,7 +542,7 @@ func defaultConfigWithExpectedMeasurements(t *testing.T, conf *config.Config, cs
 		conf.Provider.Azure.Measurements[9] = measurements.WithAllBytes(0x11, measurements.Enforce)
 		conf.Provider.Azure.Measurements[12] = measurements.WithAllBytes(0xcc, measurements.Enforce)
 	case cloudprovider.GCP:
-		conf.AttestationVariant = oid.GCPSEVES{}.String()
+		conf.AttestationVariant = variant.GCPSEVES{}.String()
 		conf.Provider.GCP.Region = "test-region"
 		conf.Provider.GCP.Project = "test-project"
 		conf.Provider.GCP.Zone = "test-zone"
@@ -551,7 +551,7 @@ func defaultConfigWithExpectedMeasurements(t *testing.T, conf *config.Config, cs
 		conf.Provider.GCP.Measurements[9] = measurements.WithAllBytes(0x11, measurements.Enforce)
 		conf.Provider.GCP.Measurements[12] = measurements.WithAllBytes(0xcc, measurements.Enforce)
 	case cloudprovider.QEMU:
-		conf.AttestationVariant = oid.QEMUVTPM{}.String()
+		conf.AttestationVariant = variant.QEMUVTPM{}.String()
 		conf.Provider.QEMU.Measurements[4] = measurements.WithAllBytes(0x44, measurements.Enforce)
 		conf.Provider.QEMU.Measurements[9] = measurements.WithAllBytes(0x11, measurements.Enforce)
 		conf.Provider.QEMU.Measurements[12] = measurements.WithAllBytes(0xcc, measurements.Enforce)

cli/internal/cmd/verify_test.go

@@ -25,7 +25,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/grpc/dialer"
 	"github.com/edgelesssys/constellation/v2/internal/grpc/testdialer"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/edgelesssys/constellation/v2/verify/verifyproto"
 	"github.com/spf13/afero"
 	"github.com/stretchr/testify/assert"
@@ -247,7 +247,7 @@ func TestVerifyClient(t *testing.T) {
 				Nonce: tc.nonce,
 			}
 
-			err = verifier.Verify(context.Background(), addr, request, atls.NewFakeValidator(oid.Dummy{}))
+			err = verifier.Verify(context.Background(), addr, request, atls.NewFakeValidator(variant.Dummy{}))
 
 			if tc.wantErr {
 				assert.Error(err)

cli/internal/helm/BUILD.bazel

@@ -362,7 +362,7 @@ go_test(
         "//internal/deploy/helm",
         "//internal/file",
         "//internal/logger",
-        "//internal/oid",
+        "//internal/variant",
         "@com_github_pkg_errors//:errors",
         "@com_github_spf13_afero//:afero",
         "@com_github_stretchr_testify//assert",

cli/internal/helm/loader_test.go

@@ -23,7 +23,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
 	"github.com/edgelesssys/constellation/v2/internal/config"
 	"github.com/edgelesssys/constellation/v2/internal/deploy/helm"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/pkg/errors"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -62,7 +62,7 @@ func TestConstellationServices(t *testing.T) {
 	}{
 		"AWS": {
 			config: &config.Config{
-				AttestationVariant: oid.AWSNitroTPM{}.String(),
+				AttestationVariant: variant.AWSNitroTPM{}.String(),
 				Provider:           config.ProviderConfig{AWS: &config.AWSConfig{}},
 			},
 			valuesModifier: prepareAWSValues,
@@ -70,7 +70,7 @@ func TestConstellationServices(t *testing.T) {
 		},
 		"Azure": {
 			config: &config.Config{
-				AttestationVariant: oid.AzureSEVSNP{}.String(),
+				AttestationVariant: variant.AzureSEVSNP{}.String(),
 				Provider: config.ProviderConfig{Azure: &config.AzureConfig{
 					DeployCSIDriver:    toPtr(true),
 					EnforceIDKeyDigest: idkeydigest.StrictChecking,
@@ -87,7 +87,7 @@ func TestConstellationServices(t *testing.T) {
 		},
 		"GCP": {
 			config: &config.Config{
-				AttestationVariant: oid.GCPSEVES{}.String(),
+				AttestationVariant: variant.GCPSEVES{}.String(),
 				Provider: config.ProviderConfig{GCP: &config.GCPConfig{
 					DeployCSIDriver: toPtr(true),
 				}},
@@ -97,7 +97,7 @@ func TestConstellationServices(t *testing.T) {
 		},
 		"OpenStack": {
 			config: &config.Config{
-				AttestationVariant: oid.Dummy{}.String(),
+				AttestationVariant: variant.Dummy{}.String(),
 				Provider:           config.ProviderConfig{OpenStack: &config.OpenStackConfig{}},
 			},
 			valuesModifier: prepareOpenStackValues,
@@ -105,7 +105,7 @@ func TestConstellationServices(t *testing.T) {
 		},
 		"QEMU": {
 			config: &config.Config{
-				AttestationVariant: oid.QEMUVTPM{}.String(),
+				AttestationVariant: variant.QEMUVTPM{}.String(),
 				Provider:           config.ProviderConfig{QEMU: &config.QEMUConfig{}},
 			},
 			valuesModifier: prepareQEMUValues,

disk-mapper/cmd/BUILD.bazel

@@ -24,8 +24,8 @@ go_library(
         "//internal/grpc/dialer",
         "//internal/kms/setup",
         "//internal/logger",
-        "//internal/oid",
         "//internal/role",
+        "//internal/variant",
         "@com_github_spf13_afero//:afero",
         "@org_uber_go_zap//:zap",
     ],

disk-mapper/cmd/main.go

@@ -30,8 +30,8 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/grpc/dialer"
 	kmssetup "github.com/edgelesssys/constellation/v2/internal/kms/setup"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
 	"github.com/edgelesssys/constellation/v2/internal/role"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/spf13/afero"
 	"go.uber.org/zap"
 )
@@ -54,7 +54,7 @@ func main() {
 		Infof("Starting disk-mapper")
 
 	// set up quote issuer for aTLS connections
-	attestVariant, err := oid.FromString(os.Getenv(constants.AttestationVariant))
+	attestVariant, err := variant.FromString(os.Getenv(constants.AttestationVariant))
 	if err != nil {
 		log.With(zap.Error(err)).Fatalf("Failed to parse attestation variant")
 	}

disk-mapper/internal/recoveryserver/BUILD.bazel

@@ -32,7 +32,7 @@ go_test(
         "//internal/grpc/testdialer",
         "//internal/kms/kms",
         "//internal/logger",
-        "//internal/oid",
+        "//internal/variant",
         "@com_github_stretchr_testify//assert",
         "@com_github_stretchr_testify//require",
         "@org_uber_go_goleak//:goleak",

disk-mapper/internal/recoveryserver/recoveryserver_test.go

@@ -19,7 +19,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/grpc/testdialer"
 	"github.com/edgelesssys/constellation/v2/internal/kms/kms"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/goleak"
@@ -36,7 +36,7 @@ func TestServe(t *testing.T) {
 	assert := assert.New(t)
 	log := logger.NewTest(t)
 	uuid := "uuid"
-	server := New(atls.NewFakeIssuer(oid.Dummy{}), newStubKMS(nil, nil), log)
+	server := New(atls.NewFakeIssuer(variant.Dummy{}), newStubKMS(nil, nil), log)
 	dialer := testdialer.NewBufconnDialer()
 	listener := dialer.GetListener("192.0.2.1:1234")
 	ctx, cancel := context.WithCancel(context.Background())
@@ -53,7 +53,7 @@ func TestServe(t *testing.T) {
 	cancel()
 	wg.Wait()
 
-	server = New(atls.NewFakeIssuer(oid.Dummy{}), newStubKMS(nil, nil), log)
+	server = New(atls.NewFakeIssuer(variant.Dummy{}), newStubKMS(nil, nil), log)
 	dialer = testdialer.NewBufconnDialer()
 	listener = dialer.GetListener("192.0.2.1:1234")
 
@@ -105,7 +105,7 @@ func TestRecover(t *testing.T) {
 
 			ctx := context.Background()
 			serverUUID := "uuid"
-			server := New(atls.NewFakeIssuer(oid.Dummy{}), tc.factory, logger.NewTest(t))
+			server := New(atls.NewFakeIssuer(variant.Dummy{}), tc.factory, logger.NewTest(t))
 			netDialer := testdialer.NewBufconnDialer()
 			listener := netDialer.GetListener("192.0.2.1:1234")
 

internal/atls/BUILD.bazel

@@ -8,7 +8,7 @@ go_library(
     visibility = ["//:__subpackages__"],
     deps = [
         "//internal/crypto",
-        "//internal/oid",
+        "//internal/variant",
     ],
 )
 
@@ -17,7 +17,7 @@ go_test(
     srcs = ["atls_test.go"],
     embed = [":atls"],
     deps = [
-        "//internal/oid",
+        "//internal/variant",
         "@com_github_stretchr_testify//assert",
         "@com_github_stretchr_testify//require",
         "@org_uber_go_goleak//:goleak",

internal/atls/atls.go

@@ -26,7 +26,7 @@ import (
 	"time"
 
 	"github.com/edgelesssys/constellation/v2/internal/crypto"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 )
 
 const attestationTimeout = 30 * time.Second
@@ -75,13 +75,13 @@ func CreateAttestationClientTLSConfig(issuer Issuer, validators []Validator) (*t
 
 // Issuer issues an attestation document.
 type Issuer interface {
-	oid.Getter
+	variant.Getter
 	Issue(ctx context.Context, userData []byte, nonce []byte) (quote []byte, err error)
 }
 
 // Validator is able to validate an attestation document.
 type Validator interface {
-	oid.Getter
+	variant.Getter
 	Validate(ctx context.Context, attDoc []byte, nonce []byte) ([]byte, error)
 }
 
@@ -351,11 +351,11 @@ func (c *serverConnection) getCertificate(chi *tls.ClientHelloInfo) (*tls.Certif
 
 // FakeIssuer fakes an issuer and can be used for tests.
 type FakeIssuer struct {
-	oid.Getter
+	variant.Getter
 }
 
 // NewFakeIssuer creates a new FakeIssuer with the given OID.
-func NewFakeIssuer(oid oid.Getter) *FakeIssuer {
+func NewFakeIssuer(oid variant.Getter) *FakeIssuer {
 	return &FakeIssuer{oid}
 }
 
@@ -366,17 +366,17 @@ func (FakeIssuer) Issue(_ context.Context, userData []byte, nonce []byte) ([]byt
 
 // FakeValidator fakes a validator and can be used for tests.
 type FakeValidator struct {
-	oid.Getter
+	variant.Getter
 	err error // used for package internal testing only
 }
 
 // NewFakeValidator creates a new FakeValidator with the given OID.
-func NewFakeValidator(oid oid.Getter) *FakeValidator {
+func NewFakeValidator(oid variant.Getter) *FakeValidator {
 	return &FakeValidator{oid, nil}
 }
 
 // NewFakeValidators returns a slice with a single FakeValidator.
-func NewFakeValidators(oid oid.Getter) []Validator {
+func NewFakeValidators(oid variant.Getter) []Validator {
 	return []Validator{NewFakeValidator(oid)}
 }
 

internal/atls/atls_test.go

@@ -15,7 +15,7 @@ import (
 	"net/http/httptest"
 	"testing"
 
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/goleak"
@@ -193,7 +193,7 @@ func TestClientConnectionConcurrency(t *testing.T) {
 	var urls []string
 
 	for i := 0; i < serverCount; i++ {
-		serverCfg, err := CreateAttestationServerTLSConfig(NewFakeIssuer(oid.Dummy{}), NewFakeValidators(oid.Dummy{}))
+		serverCfg, err := CreateAttestationServerTLSConfig(NewFakeIssuer(variant.Dummy{}), NewFakeValidators(variant.Dummy{}))
 		require.NoError(err)
 
 		server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -211,7 +211,7 @@ func TestClientConnectionConcurrency(t *testing.T) {
 	// Create client.
 	//
 
-	clientConfig, err := CreateAttestationClientTLSConfig(NewFakeIssuer(oid.Dummy{}), NewFakeValidators(oid.Dummy{}))
+	clientConfig, err := CreateAttestationClientTLSConfig(NewFakeIssuer(variant.Dummy{}), NewFakeValidators(variant.Dummy{}))
 	require.NoError(err)
 	client := http.Client{Transport: &http.Transport{TLSClientConfig: clientConfig}}
 
@@ -266,7 +266,7 @@ func TestServerConnectionConcurrency(t *testing.T) {
 
 	var urls []string
 
-	serverCfg, err := CreateAttestationServerTLSConfig(NewFakeIssuer(oid.Dummy{}), NewFakeValidators(oid.Dummy{}))
+	serverCfg, err := CreateAttestationServerTLSConfig(NewFakeIssuer(variant.Dummy{}), NewFakeValidators(variant.Dummy{}))
 	require.NoError(err)
 
 	for i := 0; i < serverCount; i++ {
@@ -285,7 +285,7 @@ func TestServerConnectionConcurrency(t *testing.T) {
 	// Create client.
 	//
 
-	clientConfig, err := CreateAttestationClientTLSConfig(NewFakeIssuer(oid.Dummy{}), NewFakeValidators(oid.Dummy{}))
+	clientConfig, err := CreateAttestationClientTLSConfig(NewFakeIssuer(variant.Dummy{}), NewFakeValidators(variant.Dummy{}))
 	require.NoError(err)
 	client := http.Client{Transport: &http.Transport{TLSClientConfig: clientConfig}}
 

internal/attestation/aws/BUILD.bazel

@@ -13,7 +13,7 @@ go_library(
     deps = [
         "//internal/attestation/measurements",
         "//internal/attestation/vtpm",
-        "//internal/oid",
+        "//internal/variant",
         "@com_github_aws_aws_sdk_go_v2_config//:config",
         "@com_github_aws_aws_sdk_go_v2_feature_ec2_imds//:imds",
         "@com_github_aws_aws_sdk_go_v2_service_ec2//:ec2",

internal/attestation/aws/issuer.go

@@ -15,7 +15,7 @@ import (
 
 	"github.com/aws/aws-sdk-go-v2/feature/ec2/imds"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 
 	"github.com/google/go-tpm-tools/client"
 	tpmclient "github.com/google/go-tpm-tools/client"
@@ -23,7 +23,7 @@ import (
 
 // Issuer for AWS TPM attestation.
 type Issuer struct {
-	oid.AWSNitroTPM
+	variant.AWSNitroTPM
 	*vtpm.Issuer
 }
 

internal/attestation/aws/validator.go

@@ -17,14 +17,14 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/ec2"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/google/go-tpm-tools/proto/attest"
 	"github.com/google/go-tpm/tpm2"
 )
 
 // Validator for AWS TPM attestation.
 type Validator struct {
-	oid.AWSNitroTPM
+	variant.AWSNitroTPM
 	*vtpm.Validator
 	getDescribeClient func(context.Context, string) (awsMetadataAPI, error)
 }

internal/attestation/azure/snp/BUILD.bazel

@@ -19,7 +19,7 @@ go_library(
         "//internal/attestation/vtpm",
         "//internal/cloud/azure",
         "//internal/crypto",
-        "//internal/oid",
+        "//internal/variant",
         "@com_github_edgelesssys_go_azguestattestation//maa",
         "@com_github_google_go_tpm//tpm2",
         "@com_github_google_go_tpm_tools//client",

internal/attestation/azure/snp/issuer.go

@@ -13,7 +13,7 @@ import (
 	"io"
 
 	"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/edgelesssys/go-azguestattestation/maa"
 	tpmclient "github.com/google/go-tpm-tools/client"
 )
@@ -22,7 +22,7 @@ const tpmAkIdx = 0x81000003
 
 // Issuer for Azure TPM attestation.
 type Issuer struct {
-	oid.AzureSEVSNP
+	variant.AzureSEVSNP
 	*vtpm.Issuer
 
 	imds imdsAPI

internal/attestation/azure/snp/validator.go

@@ -24,7 +24,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
 	internalCrypto "github.com/edgelesssys/constellation/v2/internal/crypto"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/google/go-tpm-tools/proto/attest"
 	"github.com/google/go-tpm/tpm2"
 )
@@ -40,7 +40,7 @@ const (
 
 // Validator for Azure confidential VM attestation.
 type Validator struct {
-	oid.AzureSEVSNP
+	variant.AzureSEVSNP
 	*vtpm.Validator
 	hclValidator hclAkValidator
 	maa          maaValidator

internal/attestation/azure/trustedlaunch/BUILD.bazel

@@ -14,7 +14,7 @@ go_library(
         "//internal/attestation/measurements",
         "//internal/attestation/vtpm",
         "//internal/crypto",
-        "//internal/oid",
+        "//internal/variant",
         "@com_github_google_go_tpm//tpm2",
         "@com_github_google_go_tpm_tools//client",
         "@com_github_google_go_tpm_tools//proto/attest",

internal/attestation/azure/trustedlaunch/issuer.go

@@ -16,7 +16,7 @@ import (
 	"net/http"
 
 	"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	tpmclient "github.com/google/go-tpm-tools/client"
 	"github.com/google/go-tpm/tpm2"
 )
@@ -28,7 +28,7 @@ const (
 
 // Issuer for Azure trusted launch TPM attestation.
 type Issuer struct {
-	oid.AzureTrustedLaunch
+	variant.AzureTrustedLaunch
 	*vtpm.Issuer
 	hClient httpClient
 }

internal/attestation/azure/trustedlaunch/validator.go

@@ -18,7 +18,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
 	certutil "github.com/edgelesssys/constellation/v2/internal/crypto"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/google/go-tpm-tools/proto/attest"
 	"github.com/google/go-tpm/tpm2"
 )
@@ -29,7 +29,7 @@ var ameRoot = mustParseX509("-----BEGIN CERTIFICATE-----\nMIIFVjCCAz6gAwIBAgIQJd
 
 // Validator for Azure trusted launch VM attestation.
 type Validator struct {
-	oid.AzureTrustedLaunch
+	variant.AzureTrustedLaunch
 	*vtpm.Validator
 	roots *x509.CertPool
 }

internal/attestation/choose/BUILD.bazel

@@ -16,7 +16,7 @@ go_library(
         "//internal/attestation/measurements",
         "//internal/attestation/qemu",
         "//internal/attestation/vtpm",
-        "//internal/oid",
+        "//internal/variant",
     ],
 )
 
@@ -26,7 +26,7 @@ go_test(
     embed = [":choose"],
     deps = [
         "//internal/attestation/idkeydigest",
-        "//internal/oid",
+        "//internal/variant",
         "@com_github_stretchr_testify//assert",
         "@com_github_stretchr_testify//require",
     ],

internal/attestation/choose/choose.go

@@ -18,47 +18,47 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/qemu"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 )
 
 // Issuer returns the issuer for the given variant.
-func Issuer(variant oid.Getter, log vtpm.AttestationLogger) (atls.Issuer, error) {
+func Issuer(attestationVariant variant.Variant, log vtpm.AttestationLogger) (atls.Issuer, error) {
-	switch variant {
+	switch attestationVariant {
-	case oid.AWSNitroTPM{}:
+	case variant.AWSNitroTPM{}:
 		return aws.NewIssuer(log), nil
-	case oid.AzureTrustedLaunch{}:
+	case variant.AzureTrustedLaunch{}:
 		return trustedlaunch.NewIssuer(log), nil
-	case oid.AzureSEVSNP{}:
+	case variant.AzureSEVSNP{}:
 		return snp.NewIssuer(log), nil
-	case oid.GCPSEVES{}:
+	case variant.GCPSEVES{}:
 		return gcp.NewIssuer(log), nil
-	case oid.QEMUVTPM{}:
+	case variant.QEMUVTPM{}:
 		return qemu.NewIssuer(log), nil
-	case oid.Dummy{}:
+	case variant.Dummy{}:
-		return atls.NewFakeIssuer(oid.Dummy{}), nil
+		return atls.NewFakeIssuer(variant.Dummy{}), nil
 	default:
-		return nil, fmt.Errorf("unknown attestation variant: %s", variant)
+		return nil, fmt.Errorf("unknown attestation variant: %s", attestationVariant)
 	}
 }
 
 // Validator returns the validator for the given variant.
 func Validator(
-	variant oid.Getter, measurements measurements.M, idKeyCfg idkeydigest.Config, log vtpm.AttestationLogger,
+	attestationVariant variant.Variant, measurements measurements.M, idKeyCfg idkeydigest.Config, log vtpm.AttestationLogger,
 ) (atls.Validator, error) {
-	switch variant {
+	switch attestationVariant {
-	case oid.AWSNitroTPM{}:
+	case variant.AWSNitroTPM{}:
 		return aws.NewValidator(measurements, log), nil
-	case oid.AzureTrustedLaunch{}:
+	case variant.AzureTrustedLaunch{}:
 		return trustedlaunch.NewValidator(measurements, log), nil
-	case oid.AzureSEVSNP{}:
+	case variant.AzureSEVSNP{}:
 		return snp.NewValidator(measurements, idKeyCfg, log), nil
-	case oid.GCPSEVES{}:
+	case variant.GCPSEVES{}:
 		return gcp.NewValidator(measurements, log), nil
-	case oid.QEMUVTPM{}:
+	case variant.QEMUVTPM{}:
 		return qemu.NewValidator(measurements, log), nil
-	case oid.Dummy{}:
+	case variant.Dummy{}:
-		return atls.NewFakeValidator(oid.Dummy{}), nil
+		return atls.NewFakeValidator(variant.Dummy{}), nil
 	default:
-		return nil, fmt.Errorf("unknown attestation variant: %s", variant)
+		return nil, fmt.Errorf("unknown attestation variant: %s", attestationVariant)
 	}
 }

internal/attestation/choose/choose_test.go

@@ -11,33 +11,33 @@ import (
 	"testing"
 
 	"github.com/edgelesssys/constellation/v2/internal/attestation/idkeydigest"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
 func TestIssuer(t *testing.T) {
 	testCases := map[string]struct {
-		variant oid.Getter
+		variant variant.Variant
 		wantErr bool
 	}{
 		"aws-nitro-tpm": {
-			variant: oid.AWSNitroTPM{},
+			variant: variant.AWSNitroTPM{},
 		},
 		"azure-sev-snp": {
-			variant: oid.AzureSEVSNP{},
+			variant: variant.AzureSEVSNP{},
 		},
 		"azure-trusted-launch": {
-			variant: oid.AzureTrustedLaunch{},
+			variant: variant.AzureTrustedLaunch{},
 		},
 		"gcp-sev-es": {
-			variant: oid.GCPSEVES{},
+			variant: variant.GCPSEVES{},
 		},
 		"qemu-vtpm": {
-			variant: oid.QEMUVTPM{},
+			variant: variant.QEMUVTPM{},
 		},
 		"dummy": {
-			variant: oid.Dummy{},
+			variant: variant.Dummy{},
 		},
 		"unknown": {
 			variant: unknownVariant{},
@@ -64,26 +64,26 @@ func TestIssuer(t *testing.T) {
 
 func TestValidator(t *testing.T) {
 	testCases := map[string]struct {
-		variant oid.Getter
+		variant variant.Variant
 		wantErr bool
 	}{
 		"aws-nitro-tpm": {
-			variant: oid.AWSNitroTPM{},
+			variant: variant.AWSNitroTPM{},
 		},
 		"azure-sev-snp": {
-			variant: oid.AzureSEVSNP{},
+			variant: variant.AzureSEVSNP{},
 		},
 		"azure-trusted-launch": {
-			variant: oid.AzureTrustedLaunch{},
+			variant: variant.AzureTrustedLaunch{},
 		},
 		"gcp-sev-es": {
-			variant: oid.GCPSEVES{},
+			variant: variant.GCPSEVES{},
 		},
 		"qemu-vtpm": {
-			variant: oid.QEMUVTPM{},
+			variant: variant.QEMUVTPM{},
 		},
 		"dummy": {
-			variant: oid.Dummy{},
+			variant: variant.Dummy{},
 		},
 		"unknown": {
 			variant: unknownVariant{},
@@ -113,3 +113,11 @@ type unknownVariant struct{}
 func (unknownVariant) OID() asn1.ObjectIdentifier {
 	return asn1.ObjectIdentifier{1, 3, 9900, 9999, 9999}
 }
+
+func (unknownVariant) String() string {
+	return "unknown"
+}
+
+func (unknownVariant) Equal(other variant.Getter) bool {
+	return other.OID().Equal(unknownVariant{}.OID())
+}

internal/attestation/gcp/BUILD.bazel

@@ -13,7 +13,7 @@ go_library(
     deps = [
         "//internal/attestation/measurements",
         "//internal/attestation/vtpm",
-        "//internal/oid",
+        "//internal/variant",
         "@com_github_google_go_tpm_tools//client",
         "@com_github_google_go_tpm_tools//proto/attest",
         "@com_github_googleapis_gax_go_v2//:gax-go",

internal/attestation/gcp/issuer.go

@@ -14,14 +14,14 @@ import (
 
 	"cloud.google.com/go/compute/metadata"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	tpmclient "github.com/google/go-tpm-tools/client"
 	"github.com/google/go-tpm-tools/proto/attest"
 )
 
 // Issuer for GCP confidential VM attestation.
 type Issuer struct {
-	oid.GCPSEVES
+	variant.GCPSEVES
 	*vtpm.Issuer
 }
 

internal/attestation/gcp/validator.go

@@ -18,7 +18,7 @@ import (
 	"cloud.google.com/go/compute/apiv1/computepb"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/google/go-tpm-tools/proto/attest"
 	"github.com/googleapis/gax-go/v2"
 	"google.golang.org/api/option"
@@ -28,7 +28,7 @@ const minimumGceVersion = 1
 
 // Validator for GCP confidential VM attestation.
 type Validator struct {
-	oid.GCPSEVES
+	variant.GCPSEVES
 	*vtpm.Validator
 
 	restClient func(context.Context, ...option.ClientOption) (gcpRestClient, error)

internal/attestation/qemu/BUILD.bazel

@@ -12,7 +12,7 @@ go_library(
     deps = [
         "//internal/attestation/measurements",
         "//internal/attestation/vtpm",
-        "//internal/oid",
+        "//internal/variant",
         "@com_github_google_go_tpm//tpm2",
         "@com_github_google_go_tpm_tools//client",
         "@com_github_google_go_tpm_tools//proto/attest",

internal/attestation/qemu/issuer.go

@@ -11,13 +11,13 @@ import (
 	"io"
 
 	"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	tpmclient "github.com/google/go-tpm-tools/client"
 )
 
 // Issuer for qemu TPM attestation.
 type Issuer struct {
-	oid.QEMUVTPM
+	variant.QEMUVTPM
 	*vtpm.Issuer
 }
 

internal/attestation/qemu/validator.go

@@ -12,14 +12,14 @@ import (
 
 	"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/google/go-tpm-tools/proto/attest"
 	"github.com/google/go-tpm/tpm2"
 )
 
 // Validator for QEMU VM attestation.
 type Validator struct {
-	oid.QEMUVTPM
+	variant.QEMUVTPM
 	*vtpm.Validator
 }
 

internal/config/BUILD.bazel

@@ -22,7 +22,7 @@ go_library(
         "//internal/config/instancetypes",
         "//internal/constants",
         "//internal/file",
-        "//internal/oid",
+        "//internal/variant",
         "//internal/versions",
         "//internal/versionsapi",
         "@com_github_go_playground_locales//en",
@@ -49,7 +49,7 @@ go_test(
         "//internal/config/instancetypes",
         "//internal/constants",
         "//internal/file",
-        "//internal/oid",
+        "//internal/variant",
         "@com_github_go_playground_locales//en",
         "@com_github_go_playground_universal_translator//:universal-translator",
         "@com_github_go_playground_validator_v10//:validator",

internal/config/config_test.go

@@ -16,7 +16,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/config/instancetypes"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
 	"github.com/edgelesssys/constellation/v2/internal/file"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/go-playground/locales/en"
 	ut "github.com/go-playground/universal-translator"
 	"github.com/go-playground/validator/v10"
@@ -123,7 +123,7 @@ func TestNewWithDefaultOptions(t *testing.T) {
 				c := Default()
 				c.RemoveProviderExcept(cloudprovider.Azure)
 				c.Image = "v" + constants.VersionInfo()
-				c.AttestationVariant = oid.AzureSEVSNP{}.String()
+				c.AttestationVariant = variant.AzureSEVSNP{}.String()
 				c.Provider.Azure.SubscriptionID = "f4278079-288c-4766-a98c-ab9d5dba01a5"
 				c.Provider.Azure.TenantID = "d4ff9d63-6d6d-4042-8f6a-21e804add5aa"
 				c.Provider.Azure.Location = "westus"
@@ -143,7 +143,7 @@ func TestNewWithDefaultOptions(t *testing.T) {
 				c := Default()
 				c.RemoveProviderExcept(cloudprovider.Azure)
 				c.Image = "v" + constants.VersionInfo()
-				c.AttestationVariant = oid.AzureSEVSNP{}.String()
+				c.AttestationVariant = variant.AzureSEVSNP{}.String()
 				c.Provider.Azure.SubscriptionID = "f4278079-288c-4766-a98c-ab9d5dba01a5"
 				c.Provider.Azure.TenantID = "d4ff9d63-6d6d-4042-8f6a-21e804add5aa"
 				c.Provider.Azure.Location = "westus"
@@ -235,7 +235,7 @@ func TestValidate(t *testing.T) {
 			cnf: func() *Config {
 				cnf := Default()
 				cnf.Image = "v" + constants.VersionInfo()
-				cnf.AttestationVariant = oid.AzureSEVSNP{}.String()
+				cnf.AttestationVariant = variant.AzureSEVSNP{}.String()
 				az := cnf.Provider.Azure
 				az.SubscriptionID = "01234567-0123-0123-0123-0123456789ab"
 				az.TenantID = "01234567-0123-0123-0123-0123456789ab"
@@ -265,7 +265,7 @@ func TestValidate(t *testing.T) {
 			cnf: func() *Config {
 				cnf := Default()
 				cnf.Image = "v" + constants.VersionInfo()
-				cnf.AttestationVariant = oid.GCPSEVES{}.String()
+				cnf.AttestationVariant = variant.GCPSEVES{}.String()
 				gcp := cnf.Provider.GCP
 				gcp.Region = "test-region"
 				gcp.Project = "test-project"

internal/config/validation.go

@@ -20,7 +20,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/compatibility"
 	"github.com/edgelesssys/constellation/v2/internal/config/instancetypes"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/edgelesssys/constellation/v2/internal/versions"
 	"github.com/edgelesssys/constellation/v2/internal/versionsapi"
 	ut "github.com/go-playground/universal-translator"
@@ -482,23 +482,23 @@ func (c *Config) validAttestVariant(_ validator.FieldLevel) bool {
 	// TODO: v2.8: remove variant fallback and make variant a required field
 	c.addMissingVariant()
 
-	variant, err := oid.FromString(c.AttestationVariant)
+	attestationVariant, err := variant.FromString(c.AttestationVariant)
 	if err != nil {
 		return false
 	}
 
 	// make sure the variant is valid for the chosen CSP
-	switch variant {
+	switch attestationVariant {
-	case oid.AWSNitroTPM{}:
+	case variant.AWSNitroTPM{}:
 		return c.Provider.AWS != nil
-	case oid.AzureSEVSNP{}, oid.AzureTrustedLaunch{}:
+	case variant.AzureSEVSNP{}, variant.AzureTrustedLaunch{}:
 		return c.Provider.Azure != nil
 	// TODO(malt3): remove this case once we have a vTPM for OpenStack
-	case oid.Dummy{}:
+	case variant.Dummy{}:
 		return c.Provider.OpenStack != nil
-	case oid.GCPSEVES{}:
+	case variant.GCPSEVES{}:
 		return c.Provider.GCP != nil
-	case oid.QEMUVTPM{}:
+	case variant.QEMUVTPM{}:
 		return c.Provider.QEMU != nil
 	default:
 		return false
@@ -513,12 +513,12 @@ func (c *Config) addMissingVariant() {
 
 	switch c.GetProvider() {
 	case cloudprovider.AWS:
-		c.AttestationVariant = oid.AWSNitroTPM{}.String()
+		c.AttestationVariant = variant.AWSNitroTPM{}.String()
 	case cloudprovider.Azure:
-		c.AttestationVariant = oid.AzureSEVSNP{}.String()
+		c.AttestationVariant = variant.AzureSEVSNP{}.String()
 	case cloudprovider.GCP:
-		c.AttestationVariant = oid.GCPSEVES{}.String()
+		c.AttestationVariant = variant.GCPSEVES{}.String()
 	case cloudprovider.QEMU:
-		c.AttestationVariant = oid.QEMUVTPM{}.String()
+		c.AttestationVariant = variant.QEMUVTPM{}.String()
 	}
 }

internal/grpc/dialer/BUILD.bazel

@@ -22,7 +22,7 @@ go_test(
         "//internal/atls",
         "//internal/grpc/atlscredentials",
         "//internal/grpc/testdialer",
-        "//internal/oid",
+        "//internal/variant",
         "@com_github_stretchr_testify//assert",
         "@com_github_stretchr_testify//require",
         "@org_golang_google_grpc//:go_default_library",

internal/grpc/dialer/dialer_test.go

@@ -13,7 +13,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/atls"
 	"github.com/edgelesssys/constellation/v2/internal/grpc/atlscredentials"
 	"github.com/edgelesssys/constellation/v2/internal/grpc/testdialer"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/goleak"
@@ -75,8 +75,8 @@ func TestDial(t *testing.T) {
 			require := require.New(t)
 
 			netDialer := testdialer.NewBufconnDialer()
-			dialer := New(nil, atls.NewFakeValidator(oid.Dummy{}), netDialer)
+			dialer := New(nil, atls.NewFakeValidator(variant.Dummy{}), netDialer)
-			server := newServer(oid.Dummy{}, tc.tls)
+			server := newServer(variant.Dummy{}, tc.tls)
 			api := &testAPI{}
 			grpc_testing.RegisterTestServiceServer(server, api)
 			go server.Serve(netDialer.GetListener("192.0.2.1:1234"))
@@ -97,7 +97,7 @@ func TestDial(t *testing.T) {
 	}
 }
 
-func newServer(oid oid.Getter, tls bool) *grpc.Server {
+func newServer(oid variant.Getter, tls bool) *grpc.Server {
 	if tls {
 		creds := atlscredentials.New(atls.NewFakeIssuer(oid), nil)
 		return grpc.NewServer(grpc.Creds(creds))

internal/variant/BUILD.bazel

@@ -6,3 +6,10 @@ go_library(
     importpath = "github.com/edgelesssys/constellation/v2/internal/oid",
     visibility = ["//:__subpackages__"],
 )
+
+go_library(
+    name = "variant",
+    srcs = ["variant.go"],
+    importpath = "github.com/edgelesssys/constellation/v2/internal/variant",
+    visibility = ["//:__subpackages__"],
+)

internal/variant/variant.go

@@ -5,7 +5,11 @@ SPDX-License-Identifier: AGPL-3.0-only
 */
 
 /*
-Package oid defines OIDs for different CSPs. Currently this is used in attested TLS to distinguish the attestation documents.
+Package variant defines Attestation variants for different CSPs.
+
+Each variant defines an OID, a string representation, and a function to compare it to other OIDs.
+
+The OID is used in attested TLS to distinguish the attestation documents.
 OIDs beginning with 1.3.9900 are reserved and can be used without registration.
 
 * The 1.3.9900.1 branch is reserved for placeholder values and testing.
@@ -20,21 +24,41 @@ OIDs beginning with 1.3.9900 are reserved and can be used without registration.
 
 Deprecated OIDs should never be reused for different purposes.
 Instead, new OIDs should be added in the appropriate branch at the next available index.
+
+String representation should be lowercase and contain only letters, numbers, and hyphens.
+They should be prefixed with the branch name, e.g. all variants in the 1.3.9900.2 (AWS) branch should start with "aws-".
+Each variant should have a unique string representation.
 */
-package oid
+package variant
 
 import (
 	"encoding/asn1"
 	"fmt"
 )
 
+const (
+	dummy              = "dummy"
+	awsNitroTPM        = "aws-nitro-tpm"
+	gcpSEVES           = "gcp-sev-es"
+	azureSEVSNP        = "azure-sev-snp"
+	azureTrustedLaunch = "azure-trustedlaunch"
+	qemuVTPM           = "qemu-vtpm"
+)
+
 // Getter returns an ASN.1 Object Identifier.
 type Getter interface {
 	OID() asn1.ObjectIdentifier
 }
 
+// Variant describes an attestation variant.
+type Variant interface {
+	Getter
+	String() string
+	Equal(other Getter) bool
+}
+
 // FromString returns the OID for the given string.
-func FromString(oid string) (Getter, error) {
+func FromString(oid string) (Variant, error) {
 	switch oid {
 	case dummy:
 		return Dummy{}, nil
@@ -65,6 +89,11 @@ func (Dummy) String() string {
 	return dummy
 }
 
+// Equal returns true if the other variant is also a Dummy.
+func (Dummy) Equal(other Getter) bool {
+	return other.OID().Equal(Dummy{}.OID())
+}
+
 // AWSNitroTPM holds the AWS nitro TPM OID.
 type AWSNitroTPM struct{}
 
@@ -78,6 +107,11 @@ func (AWSNitroTPM) String() string {
 	return awsNitroTPM
 }
 
+// Equal returns true if the other variant is also AWSNitroTPM.
+func (AWSNitroTPM) Equal(other Getter) bool {
+	return other.OID().Equal(AWSNitroTPM{}.OID())
+}
+
 // GCPSEVES holds the GCP SEV-ES OID.
 type GCPSEVES struct{}
 
@@ -91,6 +125,11 @@ func (GCPSEVES) String() string {
 	return gcpSEVES
 }
 
+// Equal returns true if the other variant is also GCPSEVES.
+func (GCPSEVES) Equal(other Getter) bool {
+	return other.OID().Equal(GCPSEVES{}.OID())
+}
+
 // AzureSEVSNP holds the OID for Azure SNP CVMs.
 type AzureSEVSNP struct{}
 
@@ -104,6 +143,11 @@ func (AzureSEVSNP) String() string {
 	return azureSEVSNP
 }
 
+// Equal returns true if the other variant is also AzureSEVSNP.
+func (AzureSEVSNP) Equal(other Getter) bool {
+	return other.OID().Equal(AzureSEVSNP{}.OID())
+}
+
 // AzureTrustedLaunch holds the OID for Azure TrustedLaunch VMs.
 type AzureTrustedLaunch struct{}
 
@@ -117,6 +161,11 @@ func (AzureTrustedLaunch) String() string {
 	return azureTrustedLaunch
 }
 
+// Equal returns true if the other variant is also AzureTrustedLaunch.
+func (AzureTrustedLaunch) Equal(other Getter) bool {
+	return other.OID().Equal(AzureTrustedLaunch{}.OID())
+}
+
 // QEMUVTPM holds the QEMUVTPM OID.
 type QEMUVTPM struct{}
 
@@ -130,11 +179,7 @@ func (QEMUVTPM) String() string {
 	return qemuVTPM
 }
 
-const (
+// Equal returns true if the other variant is also QEMUVTPM.
-	dummy              = "dummy"
+func (QEMUVTPM) Equal(other Getter) bool {
-	awsNitroTPM        = "aws-nitro-tpm"
+	return other.OID().Equal(QEMUVTPM{}.OID())
-	gcpSEVES           = "gcp-sev-es"
+}
-	azureSEVSNP        = "azure-sev-snp"
-	azureTrustedLaunch = "azure-trustedlaunch"
-	qemuVTPM           = "qemu-vtpm"
-)

internal/watcher/BUILD.bazel

@@ -17,7 +17,7 @@ go_library(
         "//internal/constants",
         "//internal/file",
         "//internal/logger",
-        "//internal/oid",
+        "//internal/variant",
         "@com_github_fsnotify_fsnotify//:fsnotify",
         "@com_github_spf13_afero//:afero",
         "@org_uber_go_zap//:zap",
@@ -39,7 +39,7 @@ go_test(
         "//internal/constants",
         "//internal/file",
         "//internal/logger",
-        "//internal/oid",
+        "//internal/variant",
         "@com_github_fsnotify_fsnotify//:fsnotify",
         "@com_github_spf13_afero//:afero",
         "@com_github_stretchr_testify//assert",

internal/watcher/validator.go

@@ -22,7 +22,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/constants"
 	"github.com/edgelesssys/constellation/v2/internal/file"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/spf13/afero"
 )
 
@@ -31,12 +31,12 @@ type Updatable struct {
 	log         *logger.Logger
 	mux         sync.Mutex
 	fileHandler file.Handler
-	variant     oid.Getter
+	variant     variant.Variant
 	atls.Validator
 }
 
 // NewValidator initializes a new updatable validator.
-func NewValidator(log *logger.Logger, variant oid.Getter, fileHandler file.Handler) (*Updatable, error) {
+func NewValidator(log *logger.Logger, variant variant.Variant, fileHandler file.Handler) (*Updatable, error) {
 	u := &Updatable{
 		log:         log,
 		fileHandler: fileHandler,
@@ -78,7 +78,7 @@ func (u *Updatable) Update() error {
 
 	// Read ID Key config
 	var idKeyCfg idkeydigest.Config
-	if u.variant.OID().Equal(oid.AzureSEVSNP{}.OID()) {
+	if u.variant.Equal(variant.AzureSEVSNP{}) {
 		u.log.Infof("Updating SEV-SNP ID Key config")
 
 		err := u.fileHandler.ReadJSON(filepath.Join(constants.ServiceBasePath, constants.IDKeyConfigFilename), &idKeyCfg)

internal/watcher/validator_test.go

@@ -24,7 +24,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/constants"
 	"github.com/edgelesssys/constellation/v2/internal/file"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/spf13/afero"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -40,24 +40,24 @@ func TestMain(m *testing.M) {
 
 func TestNewUpdateableValidator(t *testing.T) {
 	testCases := map[string]struct {
-		variant   oid.Getter
+		variant   variant.Variant
 		writeFile bool
 		wantErr   bool
 	}{
 		"azure": {
-			variant:   oid.AzureSEVSNP{},
+			variant:   variant.AzureSEVSNP{},
 			writeFile: true,
 		},
 		"gcp": {
-			variant:   oid.GCPSEVES{},
+			variant:   variant.GCPSEVES{},
 			writeFile: true,
 		},
 		"qemu": {
-			variant:   oid.QEMUVTPM{},
+			variant:   variant.QEMUVTPM{},
 			writeFile: true,
 		},
 		"no file": {
-			variant:   oid.AzureSEVSNP{},
+			variant:   variant.AzureSEVSNP{},
 			writeFile: false,
 			wantErr:   true,
 		},
@@ -112,7 +112,7 @@ func TestUpdate(t *testing.T) {
 	// create server
 	validator := &Updatable{
 		log:         logger.NewTest(t),
-		variant:     oid.Dummy{},
+		variant:     variant.Dummy{},
 		fileHandler: handler,
 	}
 
@@ -146,7 +146,7 @@ func TestUpdate(t *testing.T) {
 	defer server.Close()
 
 	// test connection to server
-	clientOID := oid.Dummy{}
+	clientOID := variant.Dummy{}
 	resp, err := testConnection(require, server.URL, clientOID)
 	require.NoError(err)
 	defer resp.Body.Close()
@@ -155,7 +155,7 @@ func TestUpdate(t *testing.T) {
 	assert.EqualValues("hello", body)
 
 	// update the server's validator
-	validator.variant = oid.QEMUVTPM{}
+	validator.variant = variant.QEMUVTPM{}
 	require.NoError(validator.Update())
 
 	// client connection should fail now, since the server's validator expects a different OID from the client
@@ -198,7 +198,7 @@ func TestOIDConcurrency(t *testing.T) {
 	// create server
 	validator := &Updatable{
 		log:         logger.NewTest(t),
-		variant:     oid.Dummy{},
+		variant:     variant.Dummy{},
 		fileHandler: handler,
 	}
 
@@ -228,7 +228,7 @@ func TestUpdateConcurrency(t *testing.T) {
 	validator := &Updatable{
 		log:         logger.NewTest(t),
 		fileHandler: handler,
-		variant:     oid.Dummy{},
+		variant:     variant.Dummy{},
 	}
 	require.NoError(handler.WriteJSON(
 		filepath.Join(constants.ServiceBasePath, constants.MeasurementsFilename),
@@ -256,7 +256,7 @@ func TestUpdateConcurrency(t *testing.T) {
 	wg.Wait()
 }
 
-func testConnection(require *require.Assertions, url string, oid oid.Getter) (*http.Response, error) {
+func testConnection(require *require.Assertions, url string, oid variant.Getter) (*http.Response, error) {
 	clientConfig, err := atls.CreateAttestationClientTLSConfig(fakeIssuer{oid}, nil)
 	require.NoError(err)
 	client := http.Client{Transport: &http.Transport{TLSClientConfig: clientConfig}}
@@ -267,7 +267,7 @@ func testConnection(require *require.Assertions, url string, oid oid.Getter) (*h
 }
 
 type fakeIssuer struct {
-	oid.Getter
+	variant.Getter
 }
 
 func (fakeIssuer) Issue(_ context.Context, userData []byte, nonce []byte) ([]byte, error) {
@@ -280,6 +280,14 @@ func (o fakeOID) OID() asn1.ObjectIdentifier {
 	return asn1.ObjectIdentifier(o)
 }
 
+func (o fakeOID) String() string {
+	return o.OID().String()
+}
+
+func (o fakeOID) Equal(other variant.Getter) bool {
+	return o.OID().Equal(other.OID())
+}
+
 type fakeDoc struct {
 	UserData []byte
 	Nonce    []byte

joinservice/cmd/BUILD.bazel

@@ -18,7 +18,7 @@ go_library(
         "//internal/file",
         "//internal/grpc/atlscredentials",
         "//internal/logger",
-        "//internal/oid",
+        "//internal/variant",
         "//internal/watcher",
         "//joinservice/internal/kms",
         "//joinservice/internal/kubeadm",

joinservice/cmd/main.go

@@ -27,7 +27,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/file"
 	"github.com/edgelesssys/constellation/v2/internal/grpc/atlscredentials"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/edgelesssys/constellation/v2/internal/watcher"
 	"github.com/edgelesssys/constellation/v2/joinservice/internal/kms"
 	"github.com/edgelesssys/constellation/v2/joinservice/internal/kubeadm"
@@ -56,7 +56,7 @@ func main() {
 
 	handler := file.NewHandler(afero.NewOsFs())
 
-	variant, err := oid.FromString(*attestationVariant)
+	variant, err := variant.FromString(*attestationVariant)
 	if err != nil {
 		log.With(zap.Error(err)).Fatalf("Failed to parse attestation variant")
 	}

measurement-reader/cmd/BUILD.bazel

@@ -9,7 +9,7 @@ go_library(
     deps = [
         "//internal/constants",
         "//internal/logger",
-        "//internal/oid",
+        "//internal/variant",
         "//measurement-reader/internal/sorted",
         "//measurement-reader/internal/tpm",
         "@org_uber_go_zap//:zap",

measurement-reader/cmd/main.go

@@ -12,7 +12,7 @@ import (
 
 	"github.com/edgelesssys/constellation/v2/internal/constants"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/edgelesssys/constellation/v2/measurement-reader/internal/sorted"
 	"github.com/edgelesssys/constellation/v2/measurement-reader/internal/tpm"
 	"go.uber.org/zap"
@@ -21,21 +21,21 @@ import (
 
 func main() {
 	log := logger.New(logger.JSONLog, zapcore.InfoLevel)
-	variant := os.Getenv(constants.AttestationVariant)
+	variantString := os.Getenv(constants.AttestationVariant)
-	attestationVariant, err := oid.FromString(variant)
+	attestationVariant, err := variant.FromString(variantString)
 	if err != nil {
 		log.With(zap.Error(err)).Fatalf("Failed to parse attestation variant")
 	}
 
 	var m []sorted.Measurement
 	switch attestationVariant {
-	case oid.AWSNitroTPM{}, oid.AzureSEVSNP{}, oid.AzureTrustedLaunch{}, oid.GCPSEVES{}, oid.QEMUVTPM{}:
+	case variant.AWSNitroTPM{}, variant.AzureSEVSNP{}, variant.AzureTrustedLaunch{}, variant.GCPSEVES{}, variant.QEMUVTPM{}:
 		m, err = tpm.Measurements()
 		if err != nil {
 			log.With(zap.Error(err)).Fatalf("Failed to read TPM measurements")
 		}
 	default:
-		log.With(zap.String("attestationVariant", variant)).Fatalf("Unsupported attestation variant")
+		log.With(zap.String("attestationVariant", variantString)).Fatalf("Unsupported attestation variant")
 	}
 
 	fmt.Println("Measurements:")

verify/cmd/BUILD.bazel

@@ -9,7 +9,7 @@ go_library(
         "//internal/attestation/choose",
         "//internal/constants",
         "//internal/logger",
-        "//internal/oid",
+        "//internal/variant",
         "//verify/server",
         "@org_uber_go_zap//:zap",
     ],

verify/cmd/main.go

@@ -14,7 +14,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/attestation/choose"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
-	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/edgelesssys/constellation/v2/verify/server"
 	"go.uber.org/zap"
 )
@@ -29,7 +29,7 @@ func main() {
 	log.With(zap.String("version", constants.VersionInfo()), zap.String("attestationVariant", *attestationVariant)).
 		Infof("Constellation Verification Service")
 
-	variant, err := oid.FromString(*attestationVariant)
+	variant, err := variant.FromString(*attestationVariant)
 	if err != nil {
 		log.With(zap.Error(err)).Fatalf("Failed to parse attestation variant")
 	}