oid: add alternative string representations for attestation variants (#1322)

cli/internal/cmd/init_test.go

@@ -400,14 +400,14 @@ func TestAttestation(t *testing.T) {
 	netDialer := testdialer.NewBufconnDialer()
 	newDialer := func(v *cloudcmd.Validator) *dialer.Dialer {
 		validator := &testValidator{
-			Getter: oid.QEMU{},
+			Getter: oid.QEMUVTPM{},
 			pcrs:   v.PCRS(),
 		}
 		return dialer.New(nil, validator, netDialer)
 	}
 
 	issuer := &testIssuer{
-		Getter: oid.QEMU{},
+		Getter: oid.QEMUVTPM{},
 		pcrs: map[uint32][]byte{
 			0: bytes.Repeat([]byte{0xFF}, 32),
 			1: bytes.Repeat([]byte{0xFF}, 32),

internal/attestation/aws/issuer.go

@@ -23,7 +23,7 @@ import (
 
 // Issuer for AWS TPM attestation.
 type Issuer struct {
-	oid.AWS
+	oid.AWSNitroTPM
 	*vtpm.Issuer
 }
 

internal/attestation/aws/validator.go

@@ -23,7 +23,7 @@ import (
 
 // Validator for AWS TPM attestation.
 type Validator struct {
-	oid.AWS
+	oid.AWSNitroTPM
 	*vtpm.Validator
 	getDescribeClient func(context.Context, string) (awsMetadataAPI, error)
 }

internal/attestation/azure/snp/issuer.go

@@ -51,7 +51,7 @@ func GetIDKeyDigest(open vtpm.TPMOpenFunc) ([]byte, error) {
 
 // Issuer for Azure TPM attestation.
 type Issuer struct {
-	oid.AzureSNP
+	oid.AzureSEVSNP
 	*vtpm.Issuer
 }
 

internal/attestation/azure/snp/validator.go

@@ -38,7 +38,7 @@ const (
 
 // Validator for Azure confidential VM attestation.
 type Validator struct {
-	oid.AzureSNP
+	oid.AzureSEVSNP
 	*vtpm.Validator
 }
 

internal/attestation/gcp/issuer.go

@@ -20,7 +20,7 @@ import (
 
 // Issuer for GCP confidential VM attestation.
 type Issuer struct {
-	oid.GCP
+	oid.GCPSEVES
 	*vtpm.Issuer
 }
 

internal/attestation/gcp/validator.go

@@ -30,7 +30,7 @@ import (
 
 // Validator for GCP confidential VM attestation.
 type Validator struct {
-	oid.GCP
+	oid.GCPSEVES
 	*vtpm.Validator
 }
 

internal/attestation/qemu/issuer.go

@@ -16,7 +16,7 @@ import (
 
 // Issuer for qemu TPM attestation.
 type Issuer struct {
-	oid.QEMU
+	oid.QEMUVTPM
 	*vtpm.Issuer
 }
 

internal/attestation/qemu/validator.go

@@ -17,7 +17,7 @@ import (
 
 // Validator for QEMU VM attestation.
 type Validator struct {
-	oid.QEMU
+	oid.QEMUVTPM
 	*vtpm.Validator
 }
 

internal/oid/oid.go

@@ -25,6 +25,7 @@ package oid
 
 import (
 	"encoding/asn1"
+	"errors"
 )
 
 // Getter returns an ASN.1 Object Identifier.
@@ -32,6 +33,25 @@ type Getter interface {
 	OID() asn1.ObjectIdentifier
 }
 
+// FromString returns the OID for the given string.
+func FromString(oid string) (Getter, error) {
+	switch oid {
+	case dummy:
+		return Dummy{}, nil
+	case awsNitroTPM:
+		return AWSNitroTPM{}, nil
+	case gcpSEVES:
+		return GCPSEVES{}, nil
+	case azureSEVSNP:
+		return AzureSEVSNP{}, nil
+	case azureTrustedLaunch:
+		return AzureTrustedLaunch{}, nil
+	case qemuVTPM:
+		return QEMUVTPM{}, nil
+	}
+	return nil, errors.New("unknown OID")
+}
+
 // Dummy OID for testing.
 type Dummy struct{}
 
@@ -40,30 +60,50 @@ func (Dummy) OID() asn1.ObjectIdentifier {
 	return asn1.ObjectIdentifier{1, 3, 9900, 1, 1}
 }
 
-// AWS holds the AWS OID.
+// String returns the string representation of the OID.
-type AWS struct{}
+func (Dummy) String() string {
+	return dummy
+}
+
+// AWSNitroTPM holds the AWS nitro TPM OID.
+type AWSNitroTPM struct{}
 
 // OID returns the struct's object identifier.
-func (AWS) OID() asn1.ObjectIdentifier {
+func (AWSNitroTPM) OID() asn1.ObjectIdentifier {
 	return asn1.ObjectIdentifier{1, 3, 9900, 2, 1}
 }
 
-// GCP holds the GCP OID.
+// String returns the string representation of the OID.
-type GCP struct{}
+func (AWSNitroTPM) String() string {
+	return awsNitroTPM
+}
+
+// GCPSEVES holds the GCP SEV-ES OID.
+type GCPSEVES struct{}
 
 // OID returns the struct's object identifier.
-func (GCP) OID() asn1.ObjectIdentifier {
+func (GCPSEVES) OID() asn1.ObjectIdentifier {
 	return asn1.ObjectIdentifier{1, 3, 9900, 3, 1}
 }
 
-// AzureSNP holds the OID for Azure SNP CVMs.
+// String returns the string representation of the OID.
-type AzureSNP struct{}
+func (GCPSEVES) String() string {
+	return gcpSEVES
+}
+
+// AzureSEVSNP holds the OID for Azure SNP CVMs.
+type AzureSEVSNP struct{}
 
 // OID returns the struct's object identifier.
-func (AzureSNP) OID() asn1.ObjectIdentifier {
+func (AzureSEVSNP) OID() asn1.ObjectIdentifier {
 	return asn1.ObjectIdentifier{1, 3, 9900, 4, 1}
 }
 
+// String returns the string representation of the OID.
+func (AzureSEVSNP) String() string {
+	return azureSEVSNP
+}
+
 // AzureTrustedLaunch holds the OID for Azure TrustedLaunch VMs.
 type AzureTrustedLaunch struct{}
 
@@ -72,10 +112,29 @@ func (AzureTrustedLaunch) OID() asn1.ObjectIdentifier {
 	return asn1.ObjectIdentifier{1, 3, 9900, 4, 2}
 }
 
-// QEMU holds the QEMU OID.
+// String returns the string representation of the OID.
-type QEMU struct{}
+func (AzureTrustedLaunch) String() string {
+	return azureTrustedLaunch
+}
+
+// QEMUVTPM holds the QEMUVTPM OID.
+type QEMUVTPM struct{}
 
 // OID returns the struct's object identifier.
-func (QEMU) OID() asn1.ObjectIdentifier {
+func (QEMUVTPM) OID() asn1.ObjectIdentifier {
 	return asn1.ObjectIdentifier{1, 3, 9900, 5, 1}
 }
+
+// String returns the string representation of the OID.
+func (QEMUVTPM) String() string {
+	return qemuVTPM
+}
+
+const (
+	dummy              = "dummy"
+	awsNitroTPM        = "aws-nitro-tpm"
+	gcpSEVES           = "gcp-sev-es"
+	azureSEVSNP        = "azure-sev-snp"
+	azureTrustedLaunch = "azure-trustedlaunch"
+	qemuVTPM           = "qemu-vtpm"
+)