chore: update to latest CoRIM implementation

Update to support the latest github.com/veraison/corim, which is (more)
aligned with he latest CoRIM spec draft. The latest implementation has
the following major changes:

- UnsignedCorim's Profiles field (a slice of strings) has been replaced
  with Profile field (a single string).
- Reference value can now only contain a single measurement, so multiple
  measurements require multiple reference values (each with its own
  environment).
- CBOR keys for DevIdentityKeys and AttestVerifKeys have been swapped
  to align with the spec (this was a bug in the old implementation).

As the latest github.com/veraison/corim requires Go 1.22, the required
version for this code base has been bumped to that as well.

Signed-off-by: Sergei Trofimov <[email protected]>

.github/workflows/ci-go-cover.yml

@@ -25,7 +25,7 @@ jobs:
  steps:
  - uses: actions/setup-go@v3
  with:
- go-version: "1.19"
+ go-version: "1.22"
  - name: Checkout code
  uses: actions/checkout@v2
  - name: Install mockgen

.github/workflows/ci.yml

@@ -12,7 +12,7 @@ jobs:
  steps:
  - uses: actions/setup-go@v3
  with:
- go-version: "1.19"
+ go-version: "1.22"
  - name: Checkout code
  uses: actions/checkout@v2
  - name: Install mockgen

.github/workflows/linters.yml

@@ -10,7 +10,7 @@ jobs:
  steps:
  - uses: actions/setup-go@v3
  with:
- go-version: "1.19"
+ go-version: "1.22"
  - name: Checkout code
  uses: actions/checkout@v2
  - name: Install mockgen
@@ -25,7 +25,7 @@ jobs:
  - name: Install golangci-lint
  run: |
  go version
- curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.51.1
+ curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.54.2
  - name: Install Protoc
  uses: arduino/setup-protoc@v1
  with:

.gitignore

@@ -35,6 +35,3 @@ management/cmd/management-service/management-service
 tags
 
 .ipynb_checkpoints
-
-# generated by build-test-vector scripts
-scheme/**/*Comid*.cbor

Makefile

@@ -29,6 +29,22 @@ IGNORE_COVERAGE += github.com/veraison/services/plugin/test
 # There is protobuf-generated stuff here, which skews coverage.
 IGNORE_COVERAGE += github.com/veraison/services/handler
 
+# Go 1.22 started reporting subpackages without any tests as having 0.0%
+# coverage. Previous version of go ignored them.
+# See: https://go-review.googlesource.com/c/go/+/495447
+IGNORE_COVERAGE += github.com/veraison/services/builtin
+IGNORE_COVERAGE += github.com/veraison/services/management/api
+IGNORE_COVERAGE += github.com/veraison/services/management/cmd/management-service
+IGNORE_COVERAGE += github.com/veraison/services/provisioning/cmd/provisioning-service
+IGNORE_COVERAGE += github.com/veraison/services/provisioning/provisioner
+IGNORE_COVERAGE += github.com/veraison/services/scheme/common
+IGNORE_COVERAGE += github.com/veraison/services/scheme/common/arm
+IGNORE_COVERAGE += github.com/veraison/services/verification/cmd/verification-service
+IGNORE_COVERAGE += github.com/veraison/services/verification/verifier
+IGNORE_COVERAGE += github.com/veraison/services/vts/cmd/vts-service
+IGNORE_COVERAGE += github.com/veraison/services/vts/trustedservices
+IGNORE_COVERAGE += github.com/veraison/services/vtsclient
+
 include mk/cover.mk
 
 define __MAKEFILE_HELP

deployments/docker/src/builder.docker

@@ -1,6 +1,6 @@
 # Go version that will be used to build the project. Due to the use of generics
-# within the project, it must be at least 1.19.
-ARG GO_VERSION=1.19
+# within the project, it must be at least 1.22.
+ARG GO_VERSION=1.22
 
 FROM golang:${GO_VERSION} AS veraison-builder
 
@@ -60,7 +60,7 @@ RUN go mod download &&\
  go install google.golang.org/protobuf/cmd/[email protected] &&\
  go install google.golang.org/grpc/cmd/[email protected] &&\
  go install github.com/mitchellh/[email protected] &&\
- go install github.com/veraison/corim/cocli@latest &&\
+ go install github.com/veraison/corim/cocli@be7ec482 &&\
  go install github.com/veraison/evcli/v2@latest &&\
  go install github.com/veraison/pocli@latest &&\
  go install github.com/go-delve/delve/cmd/[email protected]

go.mod

@@ -1,6 +1,6 @@
 module github.com/veraison/services
 
-go 1.19
+go 1.22
 
 require (
  github.com/DATA-DOG/go-sqlmock v1.5.0
@@ -30,7 +30,7 @@ require (
  github.com/tbaehler/gin-keycloak v1.6.1
  github.com/veraison/ccatoken v1.1.0
  github.com/veraison/cmw v0.1.0
- github.com/veraison/corim v1.1.3-0.20240615102753-72283bb916a0
+ github.com/veraison/corim v1.1.3-0.20240814105452-be7ec4829479
  github.com/veraison/dice v0.0.1
  github.com/veraison/ear v1.1.2
  github.com/veraison/eat v0.0.0-20220117140849-ddaf59d69f53

go.sum

@@ -691,6 +691,7 @@ github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZo
 github.com/aws/aws-sdk-go v1.43.16/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
+github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
@@ -982,6 +983,7 @@ github.com/foxcpp/go-mockdns v0.0.0-20210729171921-fb145fc6f897 h1:E52jfcE64UG42
 github.com/foxcpp/go-mockdns v0.0.0-20210729171921-fb145fc6f897/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4=
 github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
+github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
@@ -1285,6 +1287,7 @@ github.com/j-keck/arping v1.0.2/go.mod h1:aJbELhR92bSk7tp79AWM/ftfc90EfEi2bQJrbB
 github.com/jellydator/ttlcache/v3 v3.0.0 h1:zmFhqrB/4sKiEiJHhtseJsNRE32IMVmJSs4++4gaQO4=
 github.com/jellydator/ttlcache/v3 v3.0.0/go.mod h1:WwTaEmcXQ3MTjOm4bsZoDFiCu/hMvNWLO1w67RXz6h4=
 github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE=
+github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74=
 github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
@@ -1712,8 +1715,8 @@ github.com/veraison/ccatoken v1.1.0 h1:U0Z5fOQRsdz3ksvvxVzTITczo+kfRxIlkWahJNP6I
 github.com/veraison/ccatoken v1.1.0/go.mod h1:qh/KBwsrhPyGJqttlh8PU56wt1rPkUCX9A3ZAA/53Nc=
 github.com/veraison/cmw v0.1.0 h1:vD6tBlGPROCW/HlDcG1jh+XUJi5ihrjXatKZBjrv8mU=
 github.com/veraison/cmw v0.1.0/go.mod h1:WoBrlgByc6C1FeHhdze1/bQx1kv5d1sWKO5ezEf4Hs4=
-github.com/veraison/corim v1.1.3-0.20240615102753-72283bb916a0 h1:FgWzsb/wUxeeKZ3Dd3NOTnwHBJ397EPNiF3o3ZJ/64o=
-github.com/veraison/corim v1.1.3-0.20240615102753-72283bb916a0/go.mod h1:KB6TVcLcz1QppfzoyIesUMfdYodI/ndg7bqBdtqgc90=
+github.com/veraison/corim v1.1.3-0.20240814105452-be7ec4829479 h1:dcKW+Nugh2Cs/ihz6xAmmTfi4v5flaLTg6MiZ8gN3N8=
+github.com/veraison/corim v1.1.3-0.20240814105452-be7ec4829479/go.mod h1:sYmwruIqD5+83OcvMg6WUDTTWq8AWM6QbVQhbE9VFQM=
 github.com/veraison/dice v0.0.1 h1:dOm7ByDN/r4WlDsGkEUXzdPMXgTvAPTAksQ8+BwBrD4=
 github.com/veraison/dice v0.0.1/go.mod h1:QPMLc5LVMj08VZ+HNMYk4XxWoVYGAUBVm8Rd5V1hzxs=
 github.com/veraison/ear v1.1.2 h1:Xs41FqAG8IyJaceqNFcX2+nf51Et1uyhmCJV8SZqw/8=

integration-tests/data/endorsements/comid-cca-platform-refval.json

@@ -28,81 +28,127 @@
  "model": "RoadRunner"
  }
  },
- "measurements": [
- {
- "key": {
- "type": "psa.refval-id",
- "value": {
- "label": "BL",
- "version": "3.4.2",
- "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg="
- }
- },
+ "measurement": {
+ "key": {
+ "type": "psa.refval-id",
  "value": {
- "digests": [
-  "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg="
- ]
+ "label": "BL",
+ "version": "3.4.2",
+ "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg="
  }
  },
- {
- "key": {
- "type": "psa.refval-id",
- "value": {
- "label": "M1",
- "version": "1.2.0",
- "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg="
- }
+ "value": {
+ "digests": [
+ "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg="
+ ]
+ }
+ }
+ },
+ {
+ "environment": {
+ "class": {
+ "id": {
+ "type": "psa.impl-id",
+ "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
  },
+ "vendor": "ACME",
+ "model": "RoadRunner"
+ }
+ },
+ "measurement": {
+ "key": {
+ "type": "psa.refval-id",
  "value": {
- "digests": [
-  "sha-256:CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg="
- ]
+ "label": "M1",
+ "version": "1.2.0",
+ "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg="
  }
  },
- {
- "key": {
- "type": "psa.refval-id",
- "value": {
- "label": "M2",
- "version": "1.2.3",
- "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg="
- }
+ "value": {
+ "digests": [
+ "sha-256:CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg="
+ ]
+ }
+ }
+ },
+ {
+ "environment": {
+ "class": {
+ "id": {
+ "type": "psa.impl-id",
+ "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
  },
+ "vendor": "ACME",
+ "model": "RoadRunner"
+ }
+ },
+ "measurement": {
+ "key": {
+ "type": "psa.refval-id",
  "value": {
- "digests": [
-  "sha-256:DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg="
- ]
+ "label": "M2",
+ "version": "1.2.3",
+ "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg="
  }
  },
- {
- "key": {
- "type": "psa.refval-id",
- "value": {
- "label": "M3",
- "version": "1.0.0",
- "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg="
- }
+ "value": {
+ "digests": [
+ "sha-256:DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg="
+ ]
+ }
+ }
+ },
+ {
+ "environment": {
+ "class": {
+ "id": {
+ "type": "psa.impl-id",
+ "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
  },
+ "vendor": "ACME",
+ "model": "RoadRunner"
+ }
+ },
+ "measurement": {
+ "key": {
+ "type": "psa.refval-id",
  "value": {
- "digests": [
-  "sha-256:EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg="
- ]
+ "label": "M3",
+ "version": "1.0.0",
+ "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg="
  }
  },
- {
- "key": {
- "type": "cca.platform-config-id",
- "value": "cfg v1.0.0"
+ "value": {
+ "digests": [
+ "sha-256:EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg="
+ ]
+ }
+ }
+ },
+ {
+ "environment": {
+ "class": {
+ "id": {
+ "type": "psa.impl-id",
+ "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
  },
- "value": {
- "raw-value": {
- "type": "bytes",
- "value": "AQID"
- }
+ "vendor": "ACME",
+ "model": "RoadRunner"
+ }
+ },
+ "measurement": {
+ "key": {
+ "type": "cca.platform-config-id",
+ "value": "cfg v1.0.0"
+ },
+ "value": {
+ "raw-value": {
+ "type": "bytes",
+ "value": "AQID"
  }
  }
- ]
+ }
  }
  ]
  }
- }
+ }