diff --git a/go.mod b/go.mod index a431cd2b..fe1e58ed 100644 --- a/go.mod +++ b/go.mod @@ -29,7 +29,7 @@ require ( github.com/tbaehler/gin-keycloak v1.5.0 github.com/veraison/ccatoken v1.1.0 github.com/veraison/cmw v0.1.0 - github.com/veraison/corim v1.1.2-0.20230912171018-eeb7bd486d3c + github.com/veraison/corim v1.1.2 github.com/veraison/dice v0.0.1 github.com/veraison/ear v1.1.2 github.com/veraison/eat v0.0.0-20220117140849-ddaf59d69f53 @@ -62,7 +62,7 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect github.com/fsnotify/fsnotify v1.5.4 // indirect - github.com/fxamacker/cbor/v2 v2.4.0 // indirect + github.com/fxamacker/cbor/v2 v2.5.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/gin-contrib/sse v0.1.0 // indirect github.com/go-playground/locales v0.14.1 // indirect diff --git a/go.sum b/go.sum index ae2932cc..81c0f816 100644 --- a/go.sum +++ b/go.sum @@ -401,8 +401,9 @@ github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmV github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= github.com/fxamacker/cbor/v2 v2.2.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= github.com/fxamacker/cbor/v2 v2.3.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= -github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD88= github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= +github.com/fxamacker/cbor/v2 v2.5.0 h1:oHsG0V/Q6E/wqTS2O1Cozzsy69nqCiguo5Q1a1ADivE= +github.com/fxamacker/cbor/v2 v2.5.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU= github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA= github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY= @@ -1062,8 +1063,8 @@ github.com/veraison/ccatoken v1.1.0 h1:U0Z5fOQRsdz3ksvvxVzTITczo+kfRxIlkWahJNP6I github.com/veraison/ccatoken v1.1.0/go.mod h1:qh/KBwsrhPyGJqttlh8PU56wt1rPkUCX9A3ZAA/53Nc= github.com/veraison/cmw v0.1.0 h1:vD6tBlGPROCW/HlDcG1jh+XUJi5ihrjXatKZBjrv8mU= github.com/veraison/cmw v0.1.0/go.mod h1:WoBrlgByc6C1FeHhdze1/bQx1kv5d1sWKO5ezEf4Hs4= -github.com/veraison/corim v1.1.2-0.20230912171018-eeb7bd486d3c h1:do1Yj0d4uq+Sd4PusgE8pfLfSKejJfaWukyjYTi8Ro0= -github.com/veraison/corim v1.1.2-0.20230912171018-eeb7bd486d3c/go.mod h1:Vn9+tCyN2ljpQxYvM6rwu3hNqdVbWrdQ9hqMa1Jfxb0= +github.com/veraison/corim v1.1.2 h1:JIk6ZK/OzKEb0FJUFHSnmkn67yyGy+5NChYax0bwttA= +github.com/veraison/corim v1.1.2/go.mod h1:yoN6+vVQJgzS926nheCbJi68SvOlN0CpiPuTxYSe5FU= github.com/veraison/dice v0.0.1 h1:dOm7ByDN/r4WlDsGkEUXzdPMXgTvAPTAksQ8+BwBrD4= github.com/veraison/dice v0.0.1/go.mod h1:QPMLc5LVMj08VZ+HNMYk4XxWoVYGAUBVm8Rd5V1hzxs= github.com/veraison/ear v1.1.2 h1:Xs41FqAG8IyJaceqNFcX2+nf51Et1uyhmCJV8SZqw/8= diff --git a/integration-tests/tests/test_enacttrust_badkey.tavern.yaml b/integration-tests/tests/test_enacttrust_badkey.tavern.yaml index d2c71946..ab1ca64b 100644 --- a/integration-tests/tests/test_enacttrust_badkey.tavern.yaml +++ b/integration-tests/tests/test_enacttrust_badkey.tavern.yaml @@ -34,4 +34,4 @@ stages: status_code: 200 json: status: failed - failure-reason: 'submit endorsement returned error: submit endorsements failed: RPC server returned error: plugin "unsigned-corim (TPM EnactTrust profile)" returned error: decoding failed for CoMID at index 0: cbor: cannot unmarshal map into Go struct field comid.Comid.4 of type comid.ICryptoKeyValue' + failure-reason: 'submit endorsement returned error: submit endorsements failed: RPC server returned error: plugin "unsigned-corim (TPM EnactTrust profile)" returned error: decoding failed for CoMID at index 0: error unmarshalling field "Triples": error unmarshalling field "AttestVerifKeys": cbor: cannot unmarshal map into Go struct field comid.AttestVerifKey.verification-keys of type comid.ICryptoKeyValue' diff --git a/scheme/cca-ssd-platform/endorsement_handler_test.go b/scheme/cca-ssd-platform/endorsement_handler_test.go index 27f823d7..5e4cbbac 100644 --- a/scheme/cca-ssd-platform/endorsement_handler_test.go +++ b/scheme/cca-ssd-platform/endorsement_handler_test.go @@ -58,7 +58,7 @@ func TestDecoder_Decode_invalid_data(t *testing.T) { invalidCbor := []byte("invalid CBOR") - expectedErr := `CBOR decoding failed: cbor: cannot unmarshal UTF-8 text string into Go value of type corim.UnsignedCorim` + expectedErr := `CBOR decoding failed: expected map (CBOR Major Type 5), found Major Type 3` _, err := d.Decode(invalidCbor) diff --git a/scheme/common/arm/extractor.go b/scheme/common/arm/extractor.go index a040c7cf..1d517b14 100644 --- a/scheme/common/arm/extractor.go +++ b/scheme/common/arm/extractor.go @@ -1,4 +1,4 @@ -// Copyright 2022-2023 Contributors to the Veraison project. +// Copyright 2022-2024 Contributors to the Veraison project. // SPDX-License-Identifier: Apache-2.0 package arm @@ -51,14 +51,15 @@ func (o Extractor) RefValExtractor(rv comid.ReferenceValue) ([]*handler.Endorsem } // Check which MKey is present and then decide which extractor to invoke - if m.Key.IsPSARefValID() { // nolint:gocritic + switch m.Key.Type() { + case comid.PSARefValIDType: var swCompAttrs SwCompAttributes refVal, err = extractMeasurement(&swCompAttrs, m, classAttrs, o.Scheme) if err != nil { return nil, fmt.Errorf("unable to extract measurement at index %d, %w", i, err) } - } else if m.Key.IsCCAPlatformConfigID() { + case comid.CCAPlatformConfigIDType: if (o.Scheme != "CCA_SSD_PLATFORM") && (o.Scheme != "PARSEC_CCA") { return nil, fmt.Errorf("measurement error at index %d: incorrect profile %s", i, o.Scheme) } @@ -67,7 +68,7 @@ func (o Extractor) RefValExtractor(rv comid.ReferenceValue) ([]*handler.Endorsem if err != nil { return nil, fmt.Errorf("unable to extract measurement: %w", err) } - } else { + default: return nil, fmt.Errorf("unknown measurement key: %T", reflect.TypeOf(m.Key)) } refVals = append(refVals, refVal) diff --git a/scheme/parsec-cca/endorsement_handler_test.go b/scheme/parsec-cca/endorsement_handler_test.go index 9bba00c6..22e0338b 100644 --- a/scheme/parsec-cca/endorsement_handler_test.go +++ b/scheme/parsec-cca/endorsement_handler_test.go @@ -80,7 +80,7 @@ func TestDecoder_Decode_invalid_data(t *testing.T) { invalidCbor := []byte("invalid CBOR") - expectedErr := `CBOR decoding failed: cbor: cannot unmarshal UTF-8 text string into Go value of type corim.UnsignedCorim` + expectedErr := `CBOR decoding failed: expected map (CBOR Major Type 5), found Major Type 3` _, err := d.Decode(invalidCbor) diff --git a/scheme/parsec-cca/evidence_handler.go b/scheme/parsec-cca/evidence_handler.go index 01413948..d278453f 100644 --- a/scheme/parsec-cca/evidence_handler.go +++ b/scheme/parsec-cca/evidence_handler.go @@ -1,4 +1,4 @@ -// Copyright 2023 Contributors to the Veraison project. +// Copyright 2024 Contributors to the Veraison project. // SPDX-License-Identifier: Apache-2.0 package parsec_cca diff --git a/scheme/parsec-tpm/corim_extractor.go b/scheme/parsec-tpm/corim_extractor.go index f82cf65f..1bd40559 100644 --- a/scheme/parsec-tpm/corim_extractor.go +++ b/scheme/parsec-tpm/corim_extractor.go @@ -1,4 +1,4 @@ -// Copyright 2023 Contributors to the Veraison project. +// Copyright 2024 Contributors to the Veraison project. // SPDX-License-Identifier: Apache-2.0 package parsec_tpm @@ -174,7 +174,7 @@ func (o *ID) FromEnvironment(e comid.Environment) error { return fmt.Errorf("class-id not found in class") } - if classID.Type() != comid.ClassIDTypeUUID { + if classID.Type() != comid.UUIDType { return fmt.Errorf("class-id not in UUID format") } diff --git a/scheme/parsec-tpm/endorsement_handler_test.go b/scheme/parsec-tpm/endorsement_handler_test.go index d9934f34..f8e122ad 100644 --- a/scheme/parsec-tpm/endorsement_handler_test.go +++ b/scheme/parsec-tpm/endorsement_handler_test.go @@ -38,7 +38,7 @@ func TestDecoder_Decode_negative_tests(t *testing.T) { { desc: "key with an instance identifier of an unexpected type", input: unsignedCorimComidParsecTpmKeyUnknownInstanceType, - expectedErr: `bad key in CoMID at index 0: could not extract id from AVK environment: could not extract instance-id (UEID) from instance: instance-id type is: comid.TaggedUUID`, + expectedErr: `bad key in CoMID at index 0: could not extract id from AVK environment: could not extract instance-id (UEID) from instance: instance-id type is: *comid.TaggedUUID`, }, { desc: "key without class", @@ -73,7 +73,7 @@ func TestDecoder_Decode_negative_tests(t *testing.T) { { desc: "measurement with PCR of an unexpected type", input: unsignedCorimComidParsecTpmPcrsUnknownPCRType, - expectedErr: `bad software component in CoMID at index 0: could not extract PCR: measurement key is not uint: measurement-key type is: comid.TaggedUUID`, + expectedErr: `bad software component in CoMID at index 0: could not extract PCR: measurement key is not uint: measurement-key type is: *comid.TaggedUUID`, }, { desc: "measurement with PCR without digests", @@ -139,7 +139,7 @@ func TestDecoder_Decode_invalid_data(t *testing.T) { invalidCbor := []byte("invalid CBOR") - expectedErr := `CBOR decoding failed: cbor: cannot unmarshal UTF-8 text string into Go value of type corim.UnsignedCorim` + expectedErr := `CBOR decoding failed: expected map (CBOR Major Type 5), found Major Type 3` _, err := d.Decode(invalidCbor) diff --git a/scheme/parsec-tpm/evidence_handler.go b/scheme/parsec-tpm/evidence_handler.go index acbc74d2..2f431c6b 100644 --- a/scheme/parsec-tpm/evidence_handler.go +++ b/scheme/parsec-tpm/evidence_handler.go @@ -1,4 +1,4 @@ -// Copyright 2023 Contributors to the Veraison project. +// Copyright 2024 Contributors to the Veraison project. // SPDX-License-Identifier: Apache-2.0 package parsec_tpm diff --git a/scheme/psa-iot/endorsement_handler_test.go b/scheme/psa-iot/endorsement_handler_test.go index 81d77140..0cac16e8 100644 --- a/scheme/psa-iot/endorsement_handler_test.go +++ b/scheme/psa-iot/endorsement_handler_test.go @@ -58,7 +58,7 @@ func TestDecoder_Decode_invalid_data(t *testing.T) { invalidCbor := []byte("invalid CBOR") - expectedErr := `CBOR decoding failed: cbor: cannot unmarshal UTF-8 text string into Go value of type corim.UnsignedCorim` + expectedErr := `CBOR decoding failed: expected map (CBOR Major Type 5), found Major Type 3` _, err := d.Decode(invalidCbor) @@ -102,12 +102,12 @@ func TestDecoder_Decode_negative_tests(t *testing.T) { { desc: "missing measurement identifier", input: unsignedCorimComidPsaRefValNoMkey, - expectedErr: "bad software component in CoMID at index 0: measurement key is not present", + expectedErr: `decoding failed for CoMID at index 0: error unmarshalling field "Triples": error unmarshalling field "ReferenceValues": error unmarshalling field "Flags": expected map (CBOR Major Type 5), found Major Type 0`, }, { desc: "no implementation id specified in the measurement", input: unsignedCorimComidPsaRefValNoImplID, - expectedErr: `bad software component in CoMID at index 0: could not extract PSA class attributes: could not extract implementation-id from class-id: class-id type is: comid.TaggedUUID`, + expectedErr: `bad software component in CoMID at index 0: could not extract PSA class attributes: could not extract implementation-id from class-id: class-id type is: *comid.TaggedUUID`, }, { desc: "no instance id specified in the verification key triple", @@ -117,7 +117,7 @@ func TestDecoder_Decode_negative_tests(t *testing.T) { { desc: "no implementation id specified in the verification key triple", input: unsignedCorimComidPsaIakPubNoImplID, - expectedErr: `bad key in CoMID at index 0: could not extract PSA class attributes: could not extract implementation-id from class-id: class-id type is: comid.TaggedUUID`, + expectedErr: `bad key in CoMID at index 0: could not extract PSA class attributes: could not extract implementation-id from class-id: class-id type is: *comid.TaggedUUID`, }} for _, tv := range tvs {