feat!: profiles part 3: extendable sw components

Introduce a number changes and refactors to allow external profiles to
extend/modify software components.

- Add ISwComponent interface for accessing sw component fields. This
  will allow profiles to introduce their own fields in a similar way to
  claims.
- Add ISwComponents interface that defines a container structure for
  ISwComponent's. This is necessary to neatly handle marshaling of a
  slice of interfaces.
- Add SwComponets[I ISwComponent], a generic implementation of
  ISwComponents interface. The intent is that this (or rather, its
  concrete instantiations) would be the only implementation of
  ISwComponents needed. ISwComponents is used to hide this to avoid
  needing to make the claims structures generic as well. Generics
  require updating the required Go version to 21.
- Replace *[]SwComponent field inside claims structures with
  ISwComponents. This requires for the SwComponents field to always be
  initialized before unmarshaling (which cannot handle nil interfaces),
  so fixup tests to judiciously use newXXXClaims() methods to get claims
  instances.
- update newXXXClaims() methods to not return error. This removes the
  need for useless error checks in tests. An error cannot occur since
  all initial values are full controlled by this code.
- The resulting changes now make CCAPlatformClaims detect as "heavy" by
  the linter, so use pointers in method receivers.

BREAKING CHANGE: Claims structures have been altered to use
ISwComponents.

BREAKING CHANGE: required Go version has been bumped to 21 in order to
allow the use of generics for the SwComponents structure.

Signed-off-by: Sergei Trofimov <[email protected]>

Author: setrofim

.github/workflows/ci-go-cover.yml

@@ -24,6 +24,9 @@ jobs:
     name: Coverage
     runs-on: ubuntu-latest
     steps:
+    - uses: actions/setup-go@v3
+      with:
+        go-version: "1.21"
     - name: Checkout code
       uses: actions/checkout@v2
     - name: Go Coverage

.github/workflows/ci.yml

@@ -12,6 +12,9 @@ jobs:
       matrix:
         os: [macos-latest, ubuntu-latest]
     steps:
+    - uses: actions/setup-go@v3
+      with:
+        go-version: "1.21"
     - name: Checkout code
       uses: actions/checkout@v1
       with:

.github/workflows/linters.yml

@@ -8,12 +8,15 @@ jobs:
     name: Lint
     runs-on: ubuntu-latest
     steps:
+    - uses: actions/setup-go@v3
+      with:
+        go-version: "1.21"
     - name: Checkout code
       uses: actions/checkout@v2
     - name: Install golangci-lint
       run: |
         go version
-        curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.46.2
+        curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.54.2
     - name: Run required linters in .golangci.yml plus hard-coded ones here
       run: $(go env GOPATH)/bin/golangci-lint run --timeout=3m
     - name: Run optional linters (not required to pass)

claims_cca.go

@@ -46,17 +46,7 @@ func (o CCAPlatformProfile) GetName() string {
 }
 
 func (o CCAPlatformProfile) GetClaims() IClaims {
-	claims, err := newCCAPlatformClaims()
-
-	if err != nil {
-		// We should never get here as the only source of error inside
-		// newCCAPlatformClaims() is when attempting to set the Profile field
-		// when it is already set; however, as we're creating a new
-		// claims struct, this cannot happen.
-		panic(err)
-	}
-
-	return claims
+	return newCCAPlatformClaims()
 }
 
 const (
@@ -155,54 +145,41 @@ func CCALifeCycleToState(v uint16) CCALifeCycleState {
 
 func ValidateCCASecurityLifeCycle(v uint16) error {
 	if !CCALifeCycleToState(v).IsValid() {
-		return fmt.Errorf("%w: value %d is invalid", ErrWrongClaimSyntax, v)
+		return fmt.Errorf("%w: value %d is invalid", ErrWrongSyntax, v)
 	}
 
 	return nil
 }
 
 type CCAPlatformClaims struct {
-	Profile           *eat.Profile   `cbor:"265,keyasint" json:"cca-platform-profile"`
-	Challenge         *eat.Nonce     `cbor:"10,keyasint" json:"cca-platform-challenge"`
-	ImplID            *[]byte        `cbor:"2396,keyasint" json:"cca-platform-implementation-id"`
-	InstID            *eat.UEID      `cbor:"256,keyasint" json:"cca-platform-instance-id"`
-	Config            *[]byte        `cbor:"2401,keyasint" json:"cca-platform-config"`
-	SecurityLifeCycle *uint16        `cbor:"2395,keyasint" json:"cca-platform-lifecycle"`
-	SwComponents      *[]SwComponent `cbor:"2399,keyasint" json:"cca-platform-sw-components"`
+	Profile           *eat.Profile  `cbor:"265,keyasint" json:"cca-platform-profile"`
+	Challenge         *eat.Nonce    `cbor:"10,keyasint" json:"cca-platform-challenge"`
+	ImplID            *[]byte       `cbor:"2396,keyasint" json:"cca-platform-implementation-id"`
+	InstID            *eat.UEID     `cbor:"256,keyasint" json:"cca-platform-instance-id"`
+	Config            *[]byte       `cbor:"2401,keyasint" json:"cca-platform-config"`
+	SecurityLifeCycle *uint16       `cbor:"2395,keyasint" json:"cca-platform-lifecycle"`
+	SwComponents      ISwComponents `cbor:"2399,keyasint" json:"cca-platform-sw-components"`
 
 	VSI       *string `cbor:"2400,keyasint,omitempty" json:"cca-platform-service-indicator,omitempty"`
 	HashAlgID *string `cbor:"2402,keyasint" json:"cca-platform-hash-algo-id"`
 }
 
-func newCCAPlatformClaims() (ICCAClaims, error) {
-	var c CCAPlatformClaims
-
-	if err := c.setProfile(); err != nil {
-		return nil, err
-	}
-
-	return &c, nil
-}
-
-func (c *CCAPlatformClaims) setProfile() error {
-	if c.Profile != nil {
-		panic("profile already set")
-	}
-
+func newCCAPlatformClaims() ICCAClaims {
 	p := eat.Profile{}
-
 	if err := p.Set(CCAProfileName); err != nil {
-		return err
+		// should never get here as using known good constant as input
+		panic(err)
 	}
 
-	c.Profile = &p
-
-	return nil
+	return &CCAPlatformClaims{
+		Profile:      &p,
+		SwComponents: &SwComponents[*SwComponent]{},
+	}
 }
 
 // Semantic validation
-func (c CCAPlatformClaims) Validate() error {
-	return ValidateCCAClaims(&c)
+func (c *CCAPlatformClaims) Validate() error {
+	return ValidateCCAClaims(c)
 }
 
 // Codecs
@@ -222,6 +199,8 @@ func (c *CCAPlatformClaims) FromCBOR(buf []byte) error {
 }
 
 func (c *CCAPlatformClaims) FromUnvalidatedCBOR(buf []byte) error {
+	c.Profile = nil // clear profile to make sure we taked it from buf
+
 	err := dm.Unmarshal(buf, c)
 	if err != nil {
 		return fmt.Errorf("CBOR decoding of CCA platform claims failed: %w", err)
@@ -230,7 +209,7 @@ func (c *CCAPlatformClaims) FromUnvalidatedCBOR(buf []byte) error {
 	return nil
 }
 
-func (c CCAPlatformClaims) ToCBOR() ([]byte, error) {
+func (c *CCAPlatformClaims) ToCBOR() ([]byte, error) {
 	err := c.Validate()
 	if err != nil {
 		return nil, fmt.Errorf("validation of CCA platform claims failed: %w", err)
@@ -239,8 +218,17 @@ func (c CCAPlatformClaims) ToCBOR() ([]byte, error) {
 	return c.ToUnvalidatedCBOR()
 }
 
-func (c CCAPlatformClaims) ToUnvalidatedCBOR() ([]byte, error) {
+func (c *CCAPlatformClaims) ToUnvalidatedCBOR() ([]byte, error) {
+	var scs ISwComponents
+	if c.SwComponents != nil && c.SwComponents.IsEmpty() {
+		scs = c.SwComponents
+		c.SwComponents = nil
+	}
+
 	buf, err := em.Marshal(&c)
+	if scs != nil {
+		c.SwComponents = scs
+	}
 	if err != nil {
 		return nil, fmt.Errorf("CBOR encoding of CCA platform claims failed: %w", err)
 	}
@@ -263,6 +251,8 @@ func (c *CCAPlatformClaims) FromJSON(buf []byte) error {
 }
 
 func (c *CCAPlatformClaims) FromUnvalidatedJSON(buf []byte) error {
+	c.Profile = nil // clear profile to make sure we taked it from buf
+
 	err := json.Unmarshal(buf, c)
 	if err != nil {
 		return fmt.Errorf("JSON decoding of CCA platform claims failed: %w", err)
@@ -271,7 +261,7 @@ func (c *CCAPlatformClaims) FromUnvalidatedJSON(buf []byte) error {
 	return nil
 }
 
-func (c CCAPlatformClaims) ToJSON() ([]byte, error) {
+func (c *CCAPlatformClaims) ToJSON() ([]byte, error) {
 	err := c.Validate()
 	if err != nil {
 		return nil, fmt.Errorf("validation of CCA platform claims failed: %w", err)
@@ -280,8 +270,17 @@ func (c CCAPlatformClaims) ToJSON() ([]byte, error) {
 	return c.ToUnvalidatedJSON()
 }
 
-func (c CCAPlatformClaims) ToUnvalidatedJSON() ([]byte, error) {
+func (c *CCAPlatformClaims) ToUnvalidatedJSON() ([]byte, error) {
+	var scs ISwComponents
+	if c.SwComponents != nil && c.SwComponents.IsEmpty() {
+		scs = c.SwComponents
+		c.SwComponents = nil
+	}
+
 	buf, err := json.Marshal(&c)
+	if scs != nil {
+		c.SwComponents = scs
+	}
 	if err != nil {
 		return nil, fmt.Errorf("JSON encoding of CCA platform claims failed: %w", err)
 	}
@@ -355,18 +354,16 @@ func (c *CCAPlatformClaims) SetCertificationReference(v string) error {
 	return fmt.Errorf("%w: certification reference", ErrClaimNotInProfile)
 }
 
-func (c CCAPlatformClaims) SetClientID(int32) error {
+func (c *CCAPlatformClaims) SetClientID(int32) error {
 	return fmt.Errorf("%w: client id", ErrClaimNotInProfile)
 }
 
-func (c *CCAPlatformClaims) SetSoftwareComponents(scs []SwComponent) error {
-	if err := ValidateSwComponents(scs); err != nil {
-		return err
+func (c *CCAPlatformClaims) SetSoftwareComponents(scs []ISwComponent) error {
+	if c.SwComponents == nil {
+		c.SwComponents = &SwComponents[*SwComponent]{}
 	}
 
-	c.SwComponents = &scs
-
-	return nil
+	return c.SwComponents.Replace(scs)
 }
 
 func (c *CCAPlatformClaims) SetConfig(v []byte) error {
@@ -393,7 +390,7 @@ func (c *CCAPlatformClaims) SetHashAlgID(v string) error {
 // After successful call to Validate(), getters of mandatory claims are assured
 // to never fail.  Getters of optional claim may still fail with
 // ErrOptionalClaimMissing in case the claim is not present.
-func (c CCAPlatformClaims) GetProfile() (string, error) {
+func (c *CCAPlatformClaims) GetProfile() (string, error) {
 	if c.Profile == nil {
 		return "", ErrMandatoryClaimMissing
 	}
@@ -411,11 +408,11 @@ func (c CCAPlatformClaims) GetProfile() (string, error) {
 	return c.Profile.Get()
 }
 
-func (c CCAPlatformClaims) GetClientID() (int32, error) {
+func (c *CCAPlatformClaims) GetClientID() (int32, error) {
 	return -1, fmt.Errorf("%w: client id", ErrClaimNotInProfile)
 }
 
-func (c CCAPlatformClaims) GetSecurityLifeCycle() (uint16, error) {
+func (c *CCAPlatformClaims) GetSecurityLifeCycle() (uint16, error) {
 	if c.SecurityLifeCycle == nil {
 		return 0, ErrMandatoryClaimMissing
 	}
@@ -427,7 +424,7 @@ func (c CCAPlatformClaims) GetSecurityLifeCycle() (uint16, error) {
 	return *c.SecurityLifeCycle, nil
 }
 
-func (c CCAPlatformClaims) GetImplID() ([]byte, error) {
+func (c *CCAPlatformClaims) GetImplID() ([]byte, error) {
 	if c.ImplID == nil {
 		return nil, ErrMandatoryClaimMissing
 	}
@@ -439,29 +436,24 @@ func (c CCAPlatformClaims) GetImplID() ([]byte, error) {
 	return *c.ImplID, nil
 }
 
-func (c CCAPlatformClaims) GetBootSeed() ([]byte, error) {
+func (c *CCAPlatformClaims) GetBootSeed() ([]byte, error) {
 	return nil, fmt.Errorf("%w: boot seed", ErrClaimNotInProfile)
 }
 
-func (c CCAPlatformClaims) GetCertificationReference() (string, error) {
+func (c *CCAPlatformClaims) GetCertificationReference() (string, error) {
 	return "", fmt.Errorf("%w: certification reference", ErrClaimNotInProfile)
 }
 
-func (c CCAPlatformClaims) GetSoftwareComponents() ([]SwComponent, error) {
-	v := c.SwComponents
-
-	if v == nil {
-		return nil, ErrMandatoryClaimMissing
+func (c *CCAPlatformClaims) GetSoftwareComponents() ([]ISwComponent, error) {
+	if c.SwComponents == nil || c.SwComponents.IsEmpty() {
+		return nil, fmt.Errorf("%w (MUST have at least one sw component)",
+			ErrMandatoryClaimMissing)
 	}
 
-	if err := ValidateSwComponents(*v); err != nil {
-		return nil, err
-	}
-
-	return *v, nil
+	return c.SwComponents.Values()
 }
 
-func (c CCAPlatformClaims) GetNonce() ([]byte, error) {
+func (c *CCAPlatformClaims) GetNonce() ([]byte, error) {
 	v := c.Challenge
 
 	if v == nil {
@@ -471,7 +463,7 @@ func (c CCAPlatformClaims) GetNonce() ([]byte, error) {
 	l := v.Len()
 
 	if l != 1 {
-		return nil, fmt.Errorf("%w: got %d nonces, want 1", ErrWrongClaimSyntax, l)
+		return nil, fmt.Errorf("%w: got %d nonces, want 1", ErrWrongSyntax, l)
 	}
 
 	n := v.GetI(0)
@@ -482,7 +474,7 @@ func (c CCAPlatformClaims) GetNonce() ([]byte, error) {
 	return n, nil
 }
 
-func (c CCAPlatformClaims) GetInstID() ([]byte, error) {
+func (c *CCAPlatformClaims) GetInstID() ([]byte, error) {
 	v := c.InstID
 
 	if v == nil {
@@ -496,7 +488,7 @@ func (c CCAPlatformClaims) GetInstID() ([]byte, error) {
 	return *v, nil
 }
 
-func (c CCAPlatformClaims) GetVSI() (string, error) {
+func (c *CCAPlatformClaims) GetVSI() (string, error) {
 	if c.VSI == nil {
 		return "", ErrOptionalClaimMissing
 	}
@@ -508,15 +500,15 @@ func (c CCAPlatformClaims) GetVSI() (string, error) {
 	return *c.VSI, nil
 }
 
-func (c CCAPlatformClaims) GetConfig() ([]byte, error) {
+func (c *CCAPlatformClaims) GetConfig() ([]byte, error) {
 	v := c.Config
 	if v == nil {
 		return nil, ErrMandatoryClaimMissing
 	}
 	return *v, nil
 }
 
-func (c CCAPlatformClaims) GetHashAlgID() (string, error) {
+func (c *CCAPlatformClaims) GetHashAlgID() (string, error) {
 	v := c.HashAlgID
 
 	if v == nil {