oid: add alternative string representations for attestation variants (#1322)

This commit is contained in:
Malte Poll 2023-03-02 10:48:16 +01:00 committed by GitHub
parent a5d4970753
commit ab0b881cbf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 81 additions and 22 deletions

View File

@ -400,14 +400,14 @@ func TestAttestation(t *testing.T) {
netDialer := testdialer.NewBufconnDialer()
newDialer := func(v *cloudcmd.Validator) *dialer.Dialer {
validator := &testValidator{
Getter: oid.QEMU{},
Getter: oid.QEMUVTPM{},
pcrs: v.PCRS(),
}
return dialer.New(nil, validator, netDialer)
}
issuer := &testIssuer{
Getter: oid.QEMU{},
Getter: oid.QEMUVTPM{},
pcrs: map[uint32][]byte{
0: bytes.Repeat([]byte{0xFF}, 32),
1: bytes.Repeat([]byte{0xFF}, 32),

View File

@ -23,7 +23,7 @@ import (
// Issuer for AWS TPM attestation.
type Issuer struct {
oid.AWS
oid.AWSNitroTPM
*vtpm.Issuer
}

View File

@ -23,7 +23,7 @@ import (
// Validator for AWS TPM attestation.
type Validator struct {
oid.AWS
oid.AWSNitroTPM
*vtpm.Validator
getDescribeClient func(context.Context, string) (awsMetadataAPI, error)
}

View File

@ -51,7 +51,7 @@ func GetIDKeyDigest(open vtpm.TPMOpenFunc) ([]byte, error) {
// Issuer for Azure TPM attestation.
type Issuer struct {
oid.AzureSNP
oid.AzureSEVSNP
*vtpm.Issuer
}

View File

@ -38,7 +38,7 @@ const (
// Validator for Azure confidential VM attestation.
type Validator struct {
oid.AzureSNP
oid.AzureSEVSNP
*vtpm.Validator
}

View File

@ -20,7 +20,7 @@ import (
// Issuer for GCP confidential VM attestation.
type Issuer struct {
oid.GCP
oid.GCPSEVES
*vtpm.Issuer
}

View File

@ -30,7 +30,7 @@ import (
// Validator for GCP confidential VM attestation.
type Validator struct {
oid.GCP
oid.GCPSEVES
*vtpm.Validator
}

View File

@ -16,7 +16,7 @@ import (
// Issuer for qemu TPM attestation.
type Issuer struct {
oid.QEMU
oid.QEMUVTPM
*vtpm.Issuer
}

View File

@ -17,7 +17,7 @@ import (
// Validator for QEMU VM attestation.
type Validator struct {
oid.QEMU
oid.QEMUVTPM
*vtpm.Validator
}

View File

@ -25,6 +25,7 @@ package oid
import (
"encoding/asn1"
"errors"
)
// Getter returns an ASN.1 Object Identifier.
@ -32,6 +33,25 @@ type Getter interface {
OID() asn1.ObjectIdentifier
}
// FromString returns the OID for the given string.
func FromString(oid string) (Getter, error) {
switch oid {
case dummy:
return Dummy{}, nil
case awsNitroTPM:
return AWSNitroTPM{}, nil
case gcpSEVES:
return GCPSEVES{}, nil
case azureSEVSNP:
return AzureSEVSNP{}, nil
case azureTrustedLaunch:
return AzureTrustedLaunch{}, nil
case qemuVTPM:
return QEMUVTPM{}, nil
}
return nil, errors.New("unknown OID")
}
// Dummy OID for testing.
type Dummy struct{}
@ -40,30 +60,50 @@ func (Dummy) OID() asn1.ObjectIdentifier {
return asn1.ObjectIdentifier{1, 3, 9900, 1, 1}
}
// AWS holds the AWS OID.
type AWS struct{}
// String returns the string representation of the OID.
func (Dummy) String() string {
return dummy
}
// AWSNitroTPM holds the AWS nitro TPM OID.
type AWSNitroTPM struct{}
// OID returns the struct's object identifier.
func (AWS) OID() asn1.ObjectIdentifier {
func (AWSNitroTPM) OID() asn1.ObjectIdentifier {
return asn1.ObjectIdentifier{1, 3, 9900, 2, 1}
}
// GCP holds the GCP OID.
type GCP struct{}
// String returns the string representation of the OID.
func (AWSNitroTPM) String() string {
return awsNitroTPM
}
// GCPSEVES holds the GCP SEV-ES OID.
type GCPSEVES struct{}
// OID returns the struct's object identifier.
func (GCP) OID() asn1.ObjectIdentifier {
func (GCPSEVES) OID() asn1.ObjectIdentifier {
return asn1.ObjectIdentifier{1, 3, 9900, 3, 1}
}
// AzureSNP holds the OID for Azure SNP CVMs.
type AzureSNP struct{}
// String returns the string representation of the OID.
func (GCPSEVES) String() string {
return gcpSEVES
}
// AzureSEVSNP holds the OID for Azure SNP CVMs.
type AzureSEVSNP struct{}
// OID returns the struct's object identifier.
func (AzureSNP) OID() asn1.ObjectIdentifier {
func (AzureSEVSNP) OID() asn1.ObjectIdentifier {
return asn1.ObjectIdentifier{1, 3, 9900, 4, 1}
}
// String returns the string representation of the OID.
func (AzureSEVSNP) String() string {
return azureSEVSNP
}
// AzureTrustedLaunch holds the OID for Azure TrustedLaunch VMs.
type AzureTrustedLaunch struct{}
@ -72,10 +112,29 @@ func (AzureTrustedLaunch) OID() asn1.ObjectIdentifier {
return asn1.ObjectIdentifier{1, 3, 9900, 4, 2}
}
// QEMU holds the QEMU OID.
type QEMU struct{}
// String returns the string representation of the OID.
func (AzureTrustedLaunch) String() string {
return azureTrustedLaunch
}
// QEMUVTPM holds the QEMUVTPM OID.
type QEMUVTPM struct{}
// OID returns the struct's object identifier.
func (QEMU) OID() asn1.ObjectIdentifier {
func (QEMUVTPM) OID() asn1.ObjectIdentifier {
return asn1.ObjectIdentifier{1, 3, 9900, 5, 1}
}
// String returns the string representation of the OID.
func (QEMUVTPM) String() string {
return qemuVTPM
}
const (
dummy = "dummy"
awsNitroTPM = "aws-nitro-tpm"
gcpSEVES = "gcp-sev-es"
azureSEVSNP = "azure-sev-snp"
azureTrustedLaunch = "azure-trustedlaunch"
qemuVTPM = "qemu-vtpm"
)