From 277c40ca1df0b61f37e9010d61a7bf761c9b6162 Mon Sep 17 00:00:00 2001
From: Tom D <40675700+twitchy-jsonp@users.noreply.github.com>
Date: Mon, 31 Jan 2022 09:32:19 -0800
Subject: [PATCH] AKPublic.VerifyAll: Additionally validate input parameters
 (#263)

---
 attest/attest.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/attest/attest.go b/attest/attest.go
index 2b75d5bd..e461133d 100644
--- a/attest/attest.go
+++ b/attest/attest.go
@@ -325,7 +325,17 @@ func (a *AKPublic) Verify(quote Quote, pcrs []PCR, nonce []byte) error {
 
 // VerifyAll uses multiple quotes to verify the authenticity of all PCR
 // measurements. See documentation on Verify() for semantics.
+//
+// An error is returned if any PCRs provided were not covered by a quote,
+// or if no quote/nonce was provided.
 func (a *AKPublic) VerifyAll(quotes []Quote, pcrs []PCR, nonce []byte) error {
+	if len(quotes) == 0 {
+		return errors.New("no quotes were provided")
+	}
+	if len(nonce) == 0 {
+		return errors.New("no nonce was provided")
+	}
+
 	for i, quote := range quotes {
 		if err := a.Verify(quote, pcrs, nonce); err != nil {
 			return fmt.Errorf("quote %d: %v", i, err)