AKPublic.Verify: return error if a provided PCR was missing from the quote

attest/attest.go

@@ -290,7 +290,8 @@ func ParseAKPublic(version TPMVersion, public []byte) (*AKPublic, error) {
 
 // Verify is used to prove authenticity of the PCR measurements. It ensures that
 // the quote was signed by the AK, and that its contents matches the PCR and
-// nonce combination.
+// nonce combination. An error is returned if a provided PCR index was not part
+// of the quote.
 //
 // The nonce is used to prevent replays of Quote and PCRs and is signed by the
 // quote. Some TPMs don't support nonces longer than 20 bytes, and if the

attest/eventlog.go

@@ -366,14 +366,22 @@ func (a *AKPublic) validate20Quote(quote Quote, pcrs []PCR, nonce []byte) error
 	}
 
 	sigHash.Reset()
+	quotePCRs := make(map[int]struct{}, len(att.AttestedQuoteInfo.PCRSelection.PCRs))
 	for _, index := range att.AttestedQuoteInfo.PCRSelection.PCRs {
 		digest, ok := pcrByIndex[index]
 		if !ok {
 			return fmt.Errorf("quote was over PCR %d which wasn't provided", index)
 		}
+		quotePCRs[index] = struct{}{}
 		sigHash.Write(digest)
 	}
 
+	for index, _ := range pcrByIndex {
+		if _, exists := quotePCRs[index]; !exists {
+			return fmt.Errorf("provided PCR %d was not included in quote", index)
+		}
+	}
+
 	if !bytes.Equal(sigHash.Sum(nil), att.AttestedQuoteInfo.PCRDigest) {
 		return fmt.Errorf("quote digest didn't match pcrs provided")
 	}