Add Open DICE cert chains and TCB Info

- Add validation and claim extraction for Open DICE X.509 and CBOR
  certificate chains.
- Add TCB into claim extension definition.

Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>

.github/workflows/ci-go-cover.yml

@@ -14,20 +14,23 @@
 # 1. Change workflow name from "cover 100%" to "cover ≥92.5%". Script will automatically use 92.5%.
 # 2. Update README.md to use the new path to badge.svg because the path includes the workflow name.
 
-name: cover ≥75%
-on: [push]
+name: cover ≥80.0%
+on: [push, pull_request]
 jobs:
-
-  # Verify minimum coverage is reached using `go test -short -cover` on latest-ubuntu with default version of Go.
-  # The grep expression can't be too strict, it needed to be relaxed to work with different versions of Go.
   cover:
     name: Coverage
     runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
     steps:
+    - uses: actions/setup-go@v3
+      with:
+        go-version: "1.18"
     - name: Checkout code
       uses: actions/checkout@v2
     - name: Go Coverage
       run: |
         go version
-        go test -short -cover | grep "^.*coverage:.*of statements$" | python -c "import os,re,sys; cover_rpt = sys.stdin.read(); print(cover_rpt) if len(cover_rpt) != 0 and len(cover_rpt.splitlines()) == 1 else sys.exit(1); min_cover = float(re.findall(r'\d*\.\d+|\d+', os.environ['GITHUB_WORKFLOW'])[0]); cover = float(re.findall(r'\d*\.\d+|\d+', cover_rpt)[0]); sys.exit(1) if (cover > 100) or (cover < min_cover) else sys.exit(0)"
+        make test-cover | grep -o "coverage:.*of statements$" | python scripts/cov.py
+
       shell: bash

.github/workflows/linters.yml

@@ -1,20 +1,21 @@
 # Go Linters - GitHub Actions
 name: linters
-on: [push]
+on: [push, pull_request]
 jobs:
-
-  # Check linters on latest-ubuntu with default version of Go.
   lint:
     name: Lint
     runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
     steps:
+    - uses: actions/setup-go@v3
+      with:
+        go-version: "1.18"
     - name: Checkout code
       uses: actions/checkout@v2
-    - name: Install golangci-lint
+    - name: Install golangci-lint 
       run: |
         go version
-        curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.23.8
+        curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.53.2
     - name: Run required linters in .golangci.yml plus hard-coded ones here
-      run: $(go env GOPATH)/bin/golangci-lint run --timeout=3m
-    - name: Run optional linters (not required to pass)
-      run: $(go env GOPATH)/bin/golangci-lint run --timeout=3m --issues-exit-code=0 -E dupl -E gocritic -E gosimple -E lll -E prealloc
+      run: make -w GOLINT=$(go env GOPATH)/bin/golangci-lint lint

.golangci.yml

@@ -0,0 +1,87 @@
+# Do not delete linter settings. Linters like gocritic can be enabled on the command line.
+
+linters-settings:
+  dupl:
+    threshold: 100
+  funlen:
+    lines: 100
+    statements: 50
+  goconst:
+    min-len: 2
+    min-occurrences: 3
+  gocritic:
+    enabled-tags:
+      - diagnostic
+      - experimental
+      - opinionated
+      - style
+    disabled-checks:
+      - dupImport # https://github.com/go-critic/go-critic/issues/845
+      - ifElseChain
+      - octalLiteral
+      - paramTypeCombine
+      - whyNoLint
+      - wrapperFunc    
+  gofmt:
+    simplify: false    
+  goimports:
+  golint:
+    min-confidence: 0
+  govet:
+    check-shadowing: true
+  lll:
+    line-length: 140
+  maligned:
+    suggest-new: true
+  misspell:
+    locale: US
+
+linters:
+  disable-all: true
+  enable:
+    - deadcode
+    - errcheck
+    - goconst
+    - gocyclo
+    - gofmt
+    - goimports
+    - golint
+    - gosec
+    - govet
+    - ineffassign
+    - maligned
+    - misspell
+    - staticcheck
+    - structcheck
+    - typecheck
+    - unconvert
+    - unused
+    - varcheck
+
+
+issues:
+  # max-issues-per-linter default is 50.  Set to 0 to disable limit.
+  max-issues-per-linter: 0
+  # max-same-issues default is 3.  Set to 0 to disable limit.
+  max-same-issues: 0
+  # Excluding configuration per-path, per-linter, per-text and per-source
+  exclude-rules:
+    - path: _test\.go
+      linters:
+        - goconst
+        - dupl
+        - gomnd
+        - lll        
+    - path: doc\.go
+      linters:
+        - goimports
+        - gomnd
+        - lll
+    - path: pretty_test_vectors.go
+      linters:
+        - lll
+
+# golangci.com configuration
+# https://github.com/golangci/golangci/wiki/Configuration
+service:
+  golangci-lint-version: 1.23.x # use the fixed version to not introduce new linters unexpectedly

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2023 Contributors to the Veraison Project
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

Makefile

@@ -3,31 +3,49 @@
 export GO111MODULE := on
 export SHELL := /bin/bash
 
-.PHONY: test
-test: ; @go test -v
+GOPKG := github.com/veraison/dice
 
-.PHONY: coverage
-coverage:
-	@go test -v -cover -race -coverprofile=coverage.out && \
-                go tool cover -html=coverage.out
-CLEANFILES += coverage.out
+GOLINT ?= golangci-lint
+
+ifeq ($(MAKECMDGOALS),lint)
+GOLINT_ARGS ?= run --timeout=3m -E dupl -E gocritic -E gosimple -E prealloc
+endif
 
 .PHONY: lint
-lint: ; @golangci-lint run
+lint: ; $(GOLINT) $(GOLINT_ARGS)
+
+ifeq ($(MAKECMDGOALS),test)
+GOTEST_ARGS ?= -v -race $(GOPKG)
+else
+  ifeq ($(MAKECMDGOALS),test-cover)
+  GOTEST_ARGS ?= -short -cover $(GOPKG)
+  endif
+endif
+
+COVER_THRESHOLD := $(shell grep '^name: cover' .github/workflows/ci-go-cover.yml | cut -c13-)
 
-.PHONY: clean
-clean: ; $(RM) -r $(CLEANFILES)
+.PHONY: test test-cover
+test test-cover: ; go test $(GOTEST_ARGS)
+
+presubmit:
+	@echo
+	@echo ">>> Check that the reported coverage figures are $(COVER_THRESHOLD)"
+	@echo
+	$(MAKE) test-cover
+	@echo
+	@echo ">>> Fix any lint error"
+	@echo
+	$(MAKE) lint
 
 .PHONY: licenses
 licenses: ; @./scripts/licenses.sh
 
 .PHONY: help
 help:
 	@echo "Available targets:"
-	@echo
-	@echo "    test: run the package tests (default)"
-	@echo "coverage: run the package tests and show coverage profile"
-	@echo "    lint: run golangci-lint using configuration from .golangci.yml"
-	@echo "   clean: remove garbage"
-	@echo "licenses: check licenses of dependent packages"
-	@echo
+	@echo "  * test:       run unit tests for $(GOPKG)"
+	@echo "  * test-cover: run unit tests and measure coverage for $(GOPKG)"
+	@echo "  * licenses:   check licenses of dependent packages"
+	@echo "  * lint:       lint sources using default configuration"
+	@echo "  * presubmit:  check you are ready to push your local branch to remote"
+	@echo "  * help:       print this menu"

README.md

@@ -1,6 +1,9 @@
 # Features
 
-Implementation of the attestation extension defined in [TCG DICE Attestation Architecture](https://trustedcomputinggroup.org/wp-content/uploads/TCG_DICE_Attestation_Architecture_r22_02dec2020.pdf).
+- Implementation of the attestation extension defined in [TCG DICE Attestation Architecture](https://trustedcomputinggroup.org/wp-content/uploads/TCG_DICE_Attestation_Architecture_r22_02dec2020.pdf).
+- Implementation of TCG DICE TCB Info evidence extension.
+- Implementation of [Open
+  DICE](https://pigweed.googlesource.com/open-dice/+/refs/heads/master/docs/specification.md) certificate (CBOR and X.509) chain validation and claim extraction.
 
 
 # Make targets

go.mod

@@ -1,5 +1,17 @@
 module github.com/veraison/dice
 
-go 1.15
+go 1.18
 
-require github.com/stretchr/testify v1.6.1
+require (
+	github.com/fxamacker/cbor/v2 v2.4.0
+	github.com/stretchr/testify v1.8.3
+	github.com/veraison/go-cose v1.1.1-0.20230613195103-433d4c233485
+	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)

go.sum

@@ -1,10 +1,18 @@
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD88=
+github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY=
+github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/veraison/go-cose v1.1.1-0.20230613195103-433d4c233485 h1:DrmH7fx8abH1uhkNyUv0pjH8DVkfkD9BcRLbrHr9Buo=
+github.com/veraison/go-cose v1.1.1-0.20230613195103-433d4c233485/go.mod h1:XIgugULT1VrP3RsJabABJqSvdMpy40KaAAhWbspGZUU=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
+golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc=
+golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=