Verify(): ensure that the hash function is available (#204)

2025-02-21 01:11:21 +00:00 · 2021-03-09 09:30:11 -08:00 · 2021-03-09 09:30:11 -08:00 · 1379a4f766
commit 1379a4f766
parent 440d34a877
2 changed files with 12 additions and 0 deletions
--- a/attest/certification.go
+++ b/attest/certification.go
@ -150,6 +150,9 @@ func (p *CertificationParameters) Verify(opts VerifyOpts) error {
 	if !ok {
 		return fmt.Errorf("Only RSA verification keys are supported")
 	}
+	if !opts.Hash.Available() {
+		return fmt.Errorf("hash function is unavailable")
+	}
 	hsh := opts.Hash.New()
 	hsh.Write(p.CreateAttestation)

--- a/attest/certification_test.go
+++ b/attest/certification_test.go
@ -97,6 +97,15 @@ func TestCertificationParametersTPM20(t *testing.T) {
 			},
 			err: cmpopts.AnyError,
 		},
+		{
+			name: "unavailable hash function",
+			p:    &skCertParams,
+			opts: VerifyOpts{
+				Public: correctOpts.Public,
+				Hash:   crypto.BLAKE2b_384,
+			},
+			err: cmpopts.AnyError,
+		},
 		{
 			name: "modified Public",
 			p: &CertificationParameters{