packages/secGear
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!184 Judgment of added challenge length

Browse Source 
From: @zhengxiaoxiaoGitee 
Reviewed-by: @houmingyong 
Signed-off-by: @houmingyong
This commit is contained in:
openeuler-ci-bot 2024-06-14 06:12:50 +00:00 committed by Gitee
commit 90285a4b4a
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 23 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
backport-init-attestation.patch
View File

@ -12,6 +12,7 @@ Reference: https://gitee.com/openeuler/secGear/commit/d06b6beab9ae13898870297e8e
https://gitee.com/openeuler/secGear/commit/8e02b257d9bec81bc557d6431e90448522ad6270
https://gitee.com/openeuler/secGear/commit/980d0a89d3b1b1a6d280846d6edddabdfd57a635
https://gitee.com/openeuler/secGear/commit/1fbc825bd34e859f3bc641f6b1b14c106be23433
https://gitee.com/openeuler/secGear/commit/97f78a21040443796d137ce1739861b66451c7dd
Conflict:no
---
.../attestation/attestation-agent/Cargo.toml | 30 ++
@ -402,7 +403,7 @@ new file mode 100644
index 0000000..0f1efc2
--- /dev/null
+++ b/service/attestation/attestation-agent/agent/src/lib.rs
@@ -0,0 +1,72 @@
@@ -0,0 +1,73 @@
+use agent::*;
+pub mod agent;
+
@ -455,12 +456,13 @@ index 0000000..0f1efc2
+
+ let fut = async {agent::AttestationAgent::default().verify_evidence(
+ &challenge, &report).await};
+ let ret = block_on(fut);
+ if ret.is_err() {
+ println!("verfiy report failed");
+ return 1;
+ }
+ return 0;
+ let ret = match block_on(fut) {
+ Ok(_) => return 0,
+ Err(e) => {
+ println!("verify report failed {:?}", e);
+ return 1;
+ }
+ };
+}
+
+#[ffi_export]
@ -768,8 +770,8 @@ index 0000000..28bf33c
+ async fn tee_get_evidence(&self, _user_data: EvidenceRequest) -> Result<Vec<u8>> {
+ let len = _user_data.challenge.len();
+ if len <= 0 || len > MAX_CHALLENGE_LEN {
+ log::error!("challenge len is error, expecting 0 < len < {}, got {}", MAX_CHALLENGE_LEN, len);
+ bail!("challenge len is error, expecting 0 < len < {}, got {}", MAX_CHALLENGE_LEN, len);
+ log::error!("challenge len is error, expecting 0 < len <= {}, got {}", MAX_CHALLENGE_LEN, len);
+ bail!("challenge len is error, expecting 0 < len <= {}, got {}", MAX_CHALLENGE_LEN, len);
+ }
+ #[cfg(feature = "itrustee-attester")]
+ if itrustee::detect_platform() {
@ -1256,7 +1258,7 @@ new file mode 100644
index 0000000..f3c9157
--- /dev/null
+++ b/service/attestation/attestation-service/verifier/src/lib.rs
@@ -0,0 +1,51 @@
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
@ -1293,9 +1295,16 @@ index 0000000..f3c9157
+ async fn verify_evidence(&self, user_data: &[u8], evidence: &[u8]) -> Result<()>;
+}
+
+const MAX_CHALLENGE_LEN: usize = 64;
+
+#[async_trait]
+impl VerifierAPIs for Verifier {
+ async fn verify_evidence(&self, user_data: &[u8], evidence: &[u8]) -> Result<()> {
+ let len = user_data.len();
+ if len <= 0 || len > MAX_CHALLENGE_LEN {
+ log::error!("challenge len is error, expecting 0 < len <= {}, got {}", MAX_CHALLENGE_LEN, len);
+ bail!("challenge len is error, expecting 0 < len <= {}, got {}", MAX_CHALLENGE_LEN, len);
+ }
+ let aa_evidence: Evidence = serde_json::from_slice(evidence)?;
+ let tee_type = aa_evidence.tee;
+ let evidence = aa_evidence.evidence.as_bytes();

5
secGear.spec
View File

@ -1,6 +1,6 @@
Name: secGear
Version: 0.1.0
Release: 40
Release: 41
Summary: secGear is an SDK to develop confidential computing apps based on hardware enclave features
@ -252,6 +252,9 @@ popd
systemctl restart rsyslog
%changelog
* Thu Jun 13 2024 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 0.1.0-41
- Judgment of added challenge length
* Thu Jun 6 2024 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 0.1.0-40
- modify Requires