From e25acff13cce80d95dcaef3aff7979b04667785c Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Mon, 3 Apr 2023 22:32:26 +0200 Subject: [PATCH] Simplify `alg` validity check --- acme/challenge.go | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/acme/challenge.go b/acme/challenge.go index fb98b50c..6657962e 100644 --- a/acme/challenge.go +++ b/acme/challenge.go @@ -621,16 +621,14 @@ func doTPMAttestationFormat(ctx context.Context, prov Provisioner, ch *Challenge return nil, NewError(ErrorBadAttestationStatementType, "invalid alg in attestation statement") } - var hash crypto.Hash - switch alg { - case -257: // RS256 - hash = crypto.SHA256 - case -7: // ES256 - hash = crypto.SHA256 - default: + // only RS256 and ES256 are allowed + if alg != -257 && alg != -1 { return nil, NewError(ErrorBadAttestationStatementType, "invalid alg %d in attestation statement", alg) } + // set the hash algorithm to use to SHA256 + hash := crypto.SHA256 + // recreate the generated key certification parameter values and verify // the attested key using the public key of the AK. certificationParameters := &attest.CertificationParameters{