Fix bug in PCR comparison.

Amnesic-Systems · Nov 29, 2024 · fb3b68d · fb3b68d
1 parent b3a8994
commit fb3b68d
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 6 deletions.
diff --git a/internal/enclave/pcr.go b/internal/enclave/pcr.go
@@ -32,13 +32,17 @@ func (p PCR) String() string {
 
 // Equal returns true if (and only if) the two given PCR maps are identical.
 func (ours PCR) Equal(theirs PCR) bool {
+	// PCR4 contains a hash over the parent's instance ID, which is known at
+	// runtime.  We ignore it for now, until we have a better solution for how
+	// to handle this.
+	delete(ours, 4)
+	delete(theirs, 4)
+
+	if len(ours) != len(theirs) {
+		return false
+	}
+
 	for i, ourValue := range ours {
-		// PCR4 contains a hash over the parent's instance ID, which is known at
-		// runtime.  We ignore it for now, until we have a better solution on
-		// how to handle this.
-		if i == 4 {
-			continue
-		}
 		theirValue, exists := theirs[i]
 		if !exists {
 			return false

diff --git a/internal/enclave/pcr_test.go b/internal/enclave/pcr_test.go
@@ -122,6 +122,16 @@ func TestPCRsEqual(t *testing.T) {
 			},
 			want: false,
 		},
+		{
+			name: "one PCR missing",
+			pcr1: PCR{},
+			pcr2: PCR{
+				0: []byte("foo"),
+				1: []byte("bar"),
+				2: []byte("baz"),
+			},
+			want: false,
+		},
 	}
 
 	for _, c := range cases {