Judgment of added challenge length

backport-init-attestation.patch

@@ -12,6 +12,7 @@ Reference: https://gitee.com/openeuler/secGear/commit/d06b6beab9ae13898870297e8e
            https://gitee.com/openeuler/secGear/commit/8e02b257d9bec81bc557d6431e90448522ad6270
            https://gitee.com/openeuler/secGear/commit/980d0a89d3b1b1a6d280846d6edddabdfd57a635
            https://gitee.com/openeuler/secGear/commit/1fbc825bd34e859f3bc641f6b1b14c106be23433
+           https://gitee.com/openeuler/secGear/commit/97f78a21040443796d137ce1739861b66451c7dd
 Conflict:no
 ---
  .../attestation/attestation-agent/Cargo.toml  |  30 ++
@@ -402,7 +403,7 @@ new file mode 100644
 index 0000000..0f1efc2
 --- /dev/null
 +++ b/service/attestation/attestation-agent/agent/src/lib.rs
-@@ -0,0 +1,72 @@
+@@ -0,0 +1,73 @@
 +use agent::*;
 +pub mod agent;
 +
@@ -455,12 +456,13 @@ index 0000000..0f1efc2
 +
 +    let fut = async {agent::AttestationAgent::default().verify_evidence(
 +            &challenge, &report).await};
-+    let ret = block_on(fut);
++    let ret = match block_on(fut) {
-+    if ret.is_err() {
++        Ok(_) => return 0,
-+        println!("verfiy report failed");
++        Err(e) => {
-+        return 1;
++            println!("verify report failed {:?}", e);
-+    }
++            return 1;
-+    return 0;
++        }
++    };
 +}
 +
 +#[ffi_export]
@@ -768,8 +770,8 @@ index 0000000..28bf33c
 +    async fn tee_get_evidence(&self, _user_data: EvidenceRequest) -> Result<Vec<u8>> {
 +        let len = _user_data.challenge.len();
 +        if len <= 0 || len > MAX_CHALLENGE_LEN {
-+            log::error!("challenge len is error, expecting 0 < len < {}, got {}", MAX_CHALLENGE_LEN, len);
++            log::error!("challenge len is error, expecting 0 < len <= {}, got {}", MAX_CHALLENGE_LEN, len);
-+            bail!("challenge len is error, expecting 0 < len < {}, got {}", MAX_CHALLENGE_LEN, len);
++            bail!("challenge len is error, expecting 0 < len <= {}, got {}", MAX_CHALLENGE_LEN, len);
 +        }
 +        #[cfg(feature = "itrustee-attester")]
 +        if itrustee::detect_platform() {
@@ -1256,7 +1258,7 @@ new file mode 100644
 index 0000000..f3c9157
 --- /dev/null
 +++ b/service/attestation/attestation-service/verifier/src/lib.rs
-@@ -0,0 +1,51 @@
+@@ -0,0 +1,58 @@
 +/*
 + * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved.
 + * secGear is licensed under the Mulan PSL v2.
@@ -1293,9 +1295,16 @@ index 0000000..f3c9157
 +    async fn verify_evidence(&self, user_data: &[u8], evidence: &[u8]) -> Result<()>;
 +}
 +
++const MAX_CHALLENGE_LEN: usize = 64;
++
 +#[async_trait]
 +impl VerifierAPIs for Verifier {
 +    async fn verify_evidence(&self, user_data: &[u8], evidence: &[u8]) -> Result<()> {
++        let len = user_data.len();
++        if len <= 0 || len > MAX_CHALLENGE_LEN {
++            log::error!("challenge len is error, expecting 0 < len <= {}, got {}", MAX_CHALLENGE_LEN, len);
++            bail!("challenge len is error, expecting 0 < len <= {}, got {}", MAX_CHALLENGE_LEN, len);
++        }
 +        let aa_evidence: Evidence = serde_json::from_slice(evidence)?;
 +        let tee_type = aa_evidence.tee;
 +        let evidence = aa_evidence.evidence.as_bytes();

secGear.spec

@@ -1,6 +1,6 @@
 Name:		secGear
 Version:	0.1.0
-Release:	40
+Release:	41
 Summary:	secGear is an SDK to develop confidential computing apps based on hardware enclave features
 
 
@@ -252,6 +252,9 @@ popd
 systemctl restart rsyslog
 
 %changelog
+* Thu Jun 13 2024 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 0.1.0-41
+- Judgment of added challenge length
+
 * Thu Jun 6 2024 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 0.1.0-40
 - modify Requires