Add helper method FromCryptoHash() to convert to HashAlg (#463)

liamjm · web-flow · commit 384d71e4117e · 2025-10-20T19:01:10.000Z
diff --git a/attest/attest.go b/attest/attest.go
@@ -395,6 +395,7 @@ func (a HashAlg) cryptoHash() (crypto.Hash, error) {
 	}
 	return h, nil
 }
+
 func (a HashAlg) goTPMAlg() tpm2.Algorithm {
 	return tpm2.Algorithm(a)
 }
@@ -420,6 +421,22 @@ func FromTPMAlg(h tpm2.Algorithm) (HashAlg, error) {
 	}
 }
 
+// FromCryptoHash returns the HashAlg corresponding to the given crypto.Hash.
+func FromCryptoHash(h crypto.Hash) (HashAlg, error) {
+	switch h {
+	case crypto.SHA1:
+		return HashSHA1, nil
+	case crypto.SHA256:
+		return HashSHA256, nil
+	case crypto.SHA384:
+		return HashSHA384, nil
+	case crypto.SHA512:
+		return HashSHA512, nil
+	default:
+		return 0, fmt.Errorf("crypto.Hash %v has no corresponding HashAlg", h)
+	}
+}
+
 // PlatformParameters encapsulates the set of information necessary to attest
 // the booted state of the machine the TPM is attached to.
 //
diff --git a/attest/attest_test.go b/attest/attest_test.go
@@ -16,6 +16,7 @@ package attest
 
 import (
 	"bytes"
+	"crypto"
 	"flag"
 	"fmt"
 	"reflect"
@@ -187,3 +188,42 @@ func TestBug142(t *testing.T) {
 		t.Errorf("ParseEKCertificate() = %v, want %v", err, wantErr)
 	}
 }
+
+func TestFromCryptoHash(t *testing.T) {
+	tests := []struct {
+		hash crypto.Hash
+		want HashAlg
+		err  bool
+	}{
+		{
+			hash: crypto.SHA1,
+			want: HashSHA1,
+		},
+		{
+			hash: crypto.SHA256,
+			want: HashSHA256,
+		},
+		{
+			hash: crypto.SHA384,
+			want: HashSHA384,
+		},
+		{
+			hash: crypto.SHA512,
+			want: HashSHA512,
+		},
+		{
+			hash: crypto.MD5,
+			err:  true,
+		},
+	}
+
+	for _, tc := range tests {
+		got, err := FromCryptoHash(tc.hash)
+		if tc.err != (err != nil) {
+			t.Errorf("FromCryptoHash(%v) returned err=%v, want err=%v", tc.hash, err, tc.err)
+		}
+		if got != tc.want {
+			t.Errorf("FromCryptoHash(%v) = %v, want %v", tc.hash, got, tc.want)
+		}
+	}
+}
diff --git a/attest/eventlog.go b/attest/eventlog.go
@@ -742,17 +742,12 @@ func AppendEvents(base []byte, additional ...[]byte) ([]byte, error) {
 
 			// Serialize digests
 			for _, d := range e.digests {
-				var algID uint16
-				switch d.hash {
-				case crypto.SHA256:
-					algID = uint16(HashSHA256)
-				case crypto.SHA1:
-					algID = uint16(HashSHA1)
-				default:
+				algID, err := FromCryptoHash(d.hash)
+				if err != nil {
 					return nil, fmt.Errorf("log %d: event %d: unhandled hash function %v", i, x, d.hash)
 				}
 
-				binary.Write(out, binary.LittleEndian, algID)
+				binary.Write(out, binary.LittleEndian, uint16(algID))
 				out.Write(d.data)
 			}
 

Original file line number	Diff line number	Diff line change
`@@ -395,6 +395,7 @@ func (a HashAlg) cryptoHash() (crypto.Hash, error) {`
`395`	`395`	`}`
`396`	`396`	`return h, nil`
`397`	`397`	`}`
	`398`	`+`
`398`	`399`	`func (a HashAlg) goTPMAlg() tpm2.Algorithm {`
`399`	`400`	`return tpm2.Algorithm(a)`
`400`	`401`	`}`
`@@ -420,6 +421,22 @@ func FromTPMAlg(h tpm2.Algorithm) (HashAlg, error) {`
`420`	`421`	`}`
`421`	`422`	`}`
`422`	`423`
	`424`	`+// FromCryptoHash returns the HashAlg corresponding to the given crypto.Hash.`
	`425`	`+func FromCryptoHash(h crypto.Hash) (HashAlg, error) {`
	`426`	`+ switch h {`
	`427`	`+ case crypto.SHA1:`
	`428`	`+ return HashSHA1, nil`
	`429`	`+ case crypto.SHA256:`
	`430`	`+ return HashSHA256, nil`
	`431`	`+ case crypto.SHA384:`
	`432`	`+ return HashSHA384, nil`
	`433`	`+ case crypto.SHA512:`
	`434`	`+ return HashSHA512, nil`
	`435`	`+ default:`
	`436`	`+ return 0, fmt.Errorf("crypto.Hash %v has no corresponding HashAlg", h)`
	`437`	`+ }`
	`438`	`+}`
	`439`	`+`
`423`	`440`	`// PlatformParameters encapsulates the set of information necessary to attest`
`424`	`441`	`// the booted state of the machine the TPM is attached to.`
`425`	`442`	`//`