From 1d75d05ae648dda25010079df1add7495a07ccf7 Mon Sep 17 00:00:00 2001 From: Leontiy Volodin Date: Thu, 25 Aug 2022 13:04:27 +0300 Subject: [PATCH] Revert "feat: 替换加密算法" This reverts commit 9a0f1d2c9cd3d31875678de6fd8347d36322fa7b. --- CMakeLists.txt | 4 ---- debian/dde-session-shell.lintian-overrides | 1 - src/dde-lock/lockworker.cpp | 4 ++-- src/libdde-auth/deepinauthframework.cpp | 176 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--------------------------------------------------- src/libdde-auth/deepinauthframework.h | 62 +++++++++++++++++++++++++++++++++----------------------------- src/libdde-auth/encrypt_helper.cpp | 190 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- src/libdde-auth/encrypt_helper.h | 76 ---------------------------------------------------------------------------- src/lightdm-deepin-greeter/greeter_display_wayland.cpp | 4 ++-- src/lightdm-deepin-greeter/greeterworker.cpp | 2 +- tests/dde-lock/CMakeLists.txt | 4 ---- tests/dde-lock/ut_deepinauthframework.cpp | 4 ++-- tests/lightdm-deepin-greeter/CMakeLists.txt | 4 ---- 12 files changed, 165 insertions(+), 366 deletions(-) delete mode 100644 debian/dde-session-shell.lintian-overrides delete mode 100644 src/libdde-auth/encrypt_helper.cpp delete mode 100644 src/libdde-auth/encrypt_helper.h diff --git a/CMakeLists.txt b/CMakeLists.txt index 2587b77..899ea00 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -83,8 +83,6 @@ message(STATUS "USE_DEEPIN_WAYLAND ${USE_DEEPIN_WAYLAND}") if(USE_DEEPIN_WAYLAND) add_definitions(-DUSE_DEEPIN_WAYLAND) endif() -# 优先使用国密 -add_definitions(-DPREFER_USING_GM) function(generation_dbus_interface xml class_name class_file option) execute_process(COMMAND qdbusxml2cpp ${option} -p ${class_file} -c ${class_name} ${xml} @@ -190,7 +188,6 @@ target_link_libraries(dde-lock PRIVATE ${Qt5Network_LIBRARIES} ${QGSettings_LIBRARIES} KF5::WaylandClient - -lcrypto ) set(GREETER_SRCS @@ -261,7 +258,6 @@ target_link_libraries(lightdm-deepin-greeter PRIVATE ${QGSettings_LIBRARIES} ${Greeter_LIBRARIES} KF5::WaylandClient - -lcrypto ) add_subdirectory(tests) diff --git a/debian/dde-session-shell.lintian-overrides b/debian/dde-session-shell.lintian-overrides deleted file mode 100644 index 3a50979..0000000 --- a/debian/dde-session-shell.lintian-overrides +++ /dev/null @@ -1 +0,0 @@ -dde-session-shell: possible-gpl-code-linked-with-openssl \ No newline at end of file diff --git a/src/dde-lock/lockworker.cpp b/src/dde-lock/lockworker.cpp index b22001b..316282d 100644 --- a/src/dde-lock/lockworker.cpp +++ b/src/dde-lock/lockworker.cpp @@ -551,10 +551,10 @@ void LockWorker::destoryAuthentication(const QString &account) qInfo() << "LockWorker::destoryAuthentication:" << account; switch (m_model->getAuthProperty().FrameworkState) { case Available: - m_authFramework->DestroyAuthController(account); + m_authFramework->DestoryAuthController(account); break; default: - m_authFramework->DestroyAuthenticate(); + m_authFramework->DestoryAuthenticate(); break; } } diff --git a/src/libdde-auth/deepinauthframework.cpp b/src/libdde-auth/deepinauthframework.cpp index 8195c04..93a652c 100644 --- a/src/libdde-auth/deepinauthframework.cpp +++ b/src/libdde-auth/deepinauthframework.cpp @@ -1,25 +1,4 @@ -/* -* Copyright (C) 2021 ~ 2021 Uniontech Software Technology Co.,Ltd. -* -* Author: Yin Jie -* -* Maintainer: Yin Jie -* -* This program is free software: you can redistribute it and/or modify -* it under the terms of the GNU General Public License as published by -* the Free Software Foundation, either version 3 of the License, or -* any later version. -* -* This program is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU General Public License for more details. -* -* You should have received a copy of the GNU General Public License -* along with this program. If not, see . -*/ #include "deepinauthframework.h" -#include "encrypt_helper.h" #include "authcommon.h" #include "public_func.h" @@ -43,30 +22,42 @@ #define PAM_SERVICE_SYSTEM_NAME "password-auth" #define PAM_SERVICE_DEEPIN_NAME "common-auth" +#define PKCS1_HEADER "-----BEGIN RSA PUBLIC KEY-----" +#define PKCS8_HEADER "-----BEGIN PUBLIC KEY-----" +#define OPENSSLNAME "libssl.so" using namespace AuthCommon; DeepinAuthFramework::DeepinAuthFramework(QObject *parent) : QObject(parent) - , m_authenticateInter(new AuthInter(AUTHENTICATE_SERVICE, "/com/deepin/daemon/Authenticate", QDBusConnection::systemBus(), this)) + , m_authenticateInter(new AuthInter(AUTHRNTICATESERVICE, "/com/deepin/daemon/Authenticate", QDBusConnection::systemBus(), this)) , m_PAMAuthThread(0) , m_authenticateControllers(new QMap()) , m_cancelAuth(false) , m_waitToken(true) + , m_encryptionHandle(nullptr) + , m_AES(new AES_KEY) + , m_BIO(nullptr) + , m_RSA(nullptr) { connect(m_authenticateInter, &AuthInter::FrameworkStateChanged, this, &DeepinAuthFramework::FramworkStateChanged); connect(m_authenticateInter, &AuthInter::LimitUpdated, this, &DeepinAuthFramework::LimitsInfoChanged); connect(m_authenticateInter, &AuthInter::SupportedFlagsChanged, this, &DeepinAuthFramework::SupportedMixAuthFlagsChanged); connect(m_authenticateInter, &AuthInter::SupportEncryptsChanged, this, &DeepinAuthFramework::SupportedEncryptsChanged); + + /* 暂时将加密方式固定,后续有修改再调整 */ + setEncryption(0, {1}); } DeepinAuthFramework::~DeepinAuthFramework() { for (const QString &key : m_authenticateControllers->keys()) { m_authenticateControllers->remove(key); } delete m_authenticateControllers; - DestroyAuthenticate(); + delete m_AES; + + DestoryAuthenticate(); } /** @@ -81,7 +72,7 @@ void DeepinAuthFramework::CreateAuthenticate(const QString &account) } qInfo() << "Create PAM authenticate thread:" << account << m_PAMAuthThread; m_account = account; - DestroyAuthenticate(); + DestoryAuthenticate(); m_cancelAuth = false; m_waitToken = true; int rc = pthread_create(&m_PAMAuthThread, nullptr, &PAMAuthWorker, this); @@ -273,19 +264,81 @@ void DeepinAuthFramework::UpdateAuthState(const int state, const QString &messag /** * @brief 结束 PAM 认证服务 */ -void DeepinAuthFramework::DestroyAuthenticate() +void DeepinAuthFramework::DestoryAuthenticate() { if (m_PAMAuthThread == 0) { return; } - qInfo() << "Destroy PAM authenticate thread"; + qInfo() << "Destory PAM authenticate thread"; m_cancelAuth = true; pthread_cancel(m_PAMAuthThread); pthread_join(m_PAMAuthThread, nullptr); m_PAMAuthThread = 0; } /** + * @brief 设置加密类型和加密方式 + * + * @param type + * @param method + */ +void DeepinAuthFramework::setEncryption(const int type, ArrayInt method) +{ + m_encryptType = type; + m_encryptMethod = method; +} + +/** + * @brief 初始化加密服务 + */ +void DeepinAuthFramework::initEncryptionService() +{ + if ((m_encryptionHandle = dlopen(OPENSSLNAME, RTLD_NOW)) == nullptr) { + qCritical() << "Failed to load" << OPENSSLNAME; + return; + } + m_F_AES_cbc_encrypt = reinterpret_cast(dlsym(m_encryptionHandle, "AES_cbc_encrypt")); + m_F_AES_set_encrypt_key = reinterpret_cast(dlsym(m_encryptionHandle, "AES_set_encrypt_key")); + m_F_BIO_new = reinterpret_cast(dlsym(m_encryptionHandle, "BIO_new")); + m_F_BIO_puts = reinterpret_cast(dlsym(m_encryptionHandle, "BIO_puts")); + m_F_BIO_s_mem = reinterpret_cast(dlsym(m_encryptionHandle, "BIO_s_mem")); + m_F_PEM_read_bio_RSAPublicKey = reinterpret_cast(dlsym(m_encryptionHandle, "PEM_read_bio_RSAPublicKey")); + m_F_PEM_read_bio_RSA_PUBKEY = reinterpret_cast(dlsym(m_encryptionHandle, "PEM_read_bio_RSA_PUBKEY")); + m_F_RSA_public_encrypt = reinterpret_cast(dlsym(m_encryptionHandle, "RSA_public_encrypt")); + m_F_RSA_size = reinterpret_cast(dlsym(m_encryptionHandle, "RSA_size")); + m_F_RSA_free = reinterpret_cast(dlsym(m_encryptionHandle, "RSA_free")); + m_F_BIO_free = reinterpret_cast(dlsym(m_encryptionHandle, "BIO_free")); + + m_BIO = m_F_BIO_new(m_F_BIO_s_mem()); + m_F_BIO_puts(m_BIO, m_publicKey.toLatin1().data()); + + if (strncmp(m_publicKey.toLatin1().data(), PKCS8_HEADER, strlen(PKCS8_HEADER)) == 0) { + m_RSA = m_F_PEM_read_bio_RSA_PUBKEY(m_BIO, nullptr, nullptr, nullptr); + } else if (strncmp(m_publicKey.toLatin1().data(), PKCS1_HEADER, strlen(PKCS1_HEADER)) == 0) { + m_RSA = m_F_PEM_read_bio_RSAPublicKey(m_BIO, nullptr, nullptr, nullptr); + } + + /* 生成对称加密的密钥 */ + srand(static_cast(time(nullptr))); + int randNum = (10000000 + rand() % 10000000) % 100000000; + m_symmetricKey = QString::number(randNum) + QString::number(randNum); +} + +/** + * @brief 加密对称加密的密钥并发送给认证服务 + * + * @param account + */ +void DeepinAuthFramework::encryptSymmtricKey(const QString &account) +{ + int size = m_F_RSA_size(m_RSA); + char *ciphertext = new char[static_cast(size)]; + m_F_RSA_public_encrypt(m_symmetricKey.length(), reinterpret_cast(m_symmetricKey.toLatin1().data()), reinterpret_cast(ciphertext), m_RSA, 1); + m_authenticateControllers->value(account)->SetSymmetricKey(QByteArray(ciphertext, size)); + delete[] ciphertext; +} + +/** * @brief 创建认证服务 * * @param account 用户名 @@ -324,46 +377,46 @@ void DeepinAuthFramework::CreateAuthController(const QString &account, const int emit PINLenChanged(authControllerInter->pINLen()); emit PromptChanged(authControllerInter->prompt()); - - int DAEncryptType; - ArrayInt DAEncryptMethod; - QString publicKey; - // 获取非对称加密公钥 - QDBusReply reply = authControllerInter->EncryptKey( - EncryptHelper::ref().encryptType(), - EncryptHelper::ref().encryptMethod(), - DAEncryptMethod, - publicKey); - DAEncryptType = reply.value(); - - // 使用DA返回的加密算法; 例如,如果是没有适配SM2算法的DA,那么就使用RSA - EncryptHelper::ref().setEncryption(DAEncryptType, DAEncryptMethod); - if (publicKey.isEmpty()) { + int encryptType; + ArrayInt encryptMethod; + QDBusReply reply = authControllerInter->EncryptKey(m_encryptType, m_encryptMethod, encryptMethod, m_publicKey); + encryptType = reply.value(); + if (encryptType != m_encryptType || encryptMethod != m_encryptMethod) { + qWarning() << "The current encryption method is not supported, use the default encryption method."; + m_encryptType = encryptType; + m_encryptMethod = encryptMethod; + } + if (m_publicKey.isEmpty()) { qCritical() << "Failed to get the public key!"; return; } - EncryptHelper::ref().setPublicKey(publicKey); - EncryptHelper::ref().initEncryptionService(); - m_authenticateControllers->value(account)->SetSymmetricKey(EncryptHelper::ref().encryptSymmetricalKey()); + + initEncryptionService(); + encryptSymmtricKey(account); } /** * @brief 销毁认证服务,下次使用认证服务前需要先创建 * * @param account 用户名 */ -void DeepinAuthFramework::DestroyAuthController(const QString &account) +void DeepinAuthFramework::DestoryAuthController(const QString &account) { if (!m_authenticateControllers->contains(account)) { return; } AuthControllerInter *authControllerInter = m_authenticateControllers->value(account); - qInfo() << "Destroy Authenticate Session:" << account << authControllerInter->path(); + qInfo() << "Destory Authenticate Sesssion:" << account << authControllerInter->path(); authControllerInter->End(AT_All); authControllerInter->Quit(); m_authenticateControllers->remove(account); delete authControllerInter; - EncryptHelper::ref().releaseResources(); + + if (m_encryptionHandle) { + m_F_RSA_free(m_RSA); + m_F_BIO_free(m_BIO); + dlclose(m_encryptionHandle); + } } /** @@ -411,8 +464,29 @@ void DeepinAuthFramework::SendTokenToAuth(const QString &account, const int auth } qInfo() << "Send token to authentication:" << account << ", authType" << authType; - QByteArray ba = EncryptHelper::ref().getEncryptedToken(token); - m_authenticateControllers->value(account)->SetToken(authType, ba); + const int tokenSize = token.size(); + const int padding = AES_BLOCK_SIZE - tokenSize % AES_BLOCK_SIZE; + const int blockCount = token.length() / AES_BLOCK_SIZE + 1; + const int bufferSize = blockCount * AES_BLOCK_SIZE; + char *tokenBuffer = new char[static_cast(bufferSize)]; + memset(tokenBuffer, padding, static_cast(bufferSize)); + memcpy(tokenBuffer, token.toLatin1().data(), static_cast(tokenSize)); + char *ciphertext = new char[static_cast(bufferSize)]; + memset(ciphertext, 0, static_cast(bufferSize)); + int ret = m_F_AES_set_encrypt_key(reinterpret_cast(m_symmetricKey.toLatin1().data()), m_symmetricKey.length() * 8, m_AES); + if (ret < 0) { + qCritical() << "Failed to set symmetric key!"; + delete[] tokenBuffer; + delete[] ciphertext; + return; + } + unsigned char *iv = new unsigned char[AES_BLOCK_SIZE]; + memset(iv, 0, AES_BLOCK_SIZE); + m_F_AES_cbc_encrypt(reinterpret_cast(tokenBuffer), reinterpret_cast(ciphertext), static_cast(bufferSize), m_AES, iv, AES_ENCRYPT); + m_authenticateControllers->value(account)->SetToken(authType, QByteArray(ciphertext, bufferSize)); + delete[] tokenBuffer; + delete[] ciphertext; + delete[] iv; } /** @@ -613,7 +687,7 @@ bool DeepinAuthFramework::isDeepinAuthValid() const { qDebug() << Q_FUNC_INFO << ", frameworkState" << m_authenticateInter->frameworkState() - << ", isServiceRegistered: " << QDBusConnection::systemBus().interface()->isServiceRegistered(AUTHENTICATE_SERVICE); - return QDBusConnection::systemBus().interface()->isServiceRegistered(AUTHENTICATE_SERVICE) + << ", isServiceRegistered: " << QDBusConnection::systemBus().interface()->isServiceRegistered(AUTHRNTICATESERVICE); + return QDBusConnection::systemBus().interface()->isServiceRegistered(AUTHRNTICATESERVICE) && Available == GetFrameworkState(); } diff --git a/src/libdde-auth/deepinauthframework.h b/src/libdde-auth/deepinauthframework.h index 58d549a..195376b 100644 --- a/src/libdde-auth/deepinauthframework.h +++ b/src/libdde-auth/deepinauthframework.h @@ -1,23 +1,3 @@ -/* -* Copyright (C) 2021 ~ 2021 Uniontech Software Technology Co.,Ltd. -* -* Author: Yin Jie -* -* Maintainer: Yin Jie -* -* This program is free software: you can redistribute it and/or modify -* it under the terms of the GNU General Public License as published by -* the Free Software Foundation, either version 3 of the License, or -* any later version. -* -* This program is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU General Public License for more details. -* -* You should have received a copy of the GNU General Public License -* along with this program. If not, see . -*/ #ifndef DEEPINAUTHFRAMEWORK_H #define DEEPINAUTHFRAMEWORK_H @@ -28,18 +8,23 @@ #include #include #include -#include -#include -#include -#include -#include -#include -#define AUTHENTICATE_SERVICE "com.deepin.daemon.Authenticate" +#define AUTHRNTICATESERVICE "com.deepin.daemon.Authenticate" +#define AUTHRNTICATEINTERFACE "com.deepin.daemon.Authenticate.Session" using AuthInter = com::deepin::daemon::Authenticate; using AuthControllerInter = com::deepin::daemon::authenticate::Session; +using FUNC_AES_CBC_ENCRYPT = void (*)(const unsigned char *in, unsigned char *out, size_t length, const void *aes, unsigned char *ivec, const int enc); +using FUNC_AES_SET_ENCRYPT_KEY = int (*)(const unsigned char *userKey, const int bits, void *aes); +using FUNC_BIO_S_MEM = void *(*)(); +using FUNC_BIO_NEW = void *(*)(void *); +using FUNC_BIO_PUTS = int (*)(void *, const char *); +using FUNC_PEM_READ_BIO_RSA_PUBKEY = void *(*)(void *, void *, void *, void *); +using FUNC_PEM_READ_BIO_RSAPUBLICKEY = void *(*)(void *, void *, void *, void *); +using FUNC_RSA_PUBLIC_ENCRYPT = void *(*)(int flen, const unsigned char *from, unsigned char *to, void *rsa, int padding); +using FUNC_RSA_SIZE = int (*)(void *); +using FUNC_RSA_FREE = void (*)(void *); class DeepinAuthFramework : public QObject { @@ -58,7 +43,7 @@ public: /* Compatible with old authentication methods */ void CreateAuthenticate(const QString &account); void SendToken(const QString &token); - void DestroyAuthenticate(); + void DestoryAuthenticate(); /* com.deepin.daemon.Authenticate */ int GetFrameworkState() const; @@ -98,7 +83,7 @@ signals: public slots: /* New authentication framework */ void CreateAuthController(const QString &account, const int authType, const int appType); - void DestroyAuthController(const QString &account); + void DestoryAuthController(const QString &account); void StartAuthentication(const QString &account, const int authType, const int timeout); void EndAuthentication(const QString &account, const int authType); void SendTokenToAuth(const QString &account, const int authType, const QString &token); @@ -111,6 +96,9 @@ private: static int PAMConversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *app_data); void UpdateAuthState(const int state, const QString &message); + void initEncryptionService(); + void encryptSymmtricKey(const QString &account); + private: AuthInter *m_authenticateInter; pthread_t m_PAMAuthThread; @@ -124,6 +112,22 @@ private: QMap *m_authenticateControllers; bool m_cancelAuth; bool m_waitToken; + + void *m_encryptionHandle; + FUNC_AES_CBC_ENCRYPT m_F_AES_cbc_encrypt; + FUNC_AES_SET_ENCRYPT_KEY m_F_AES_set_encrypt_key; + FUNC_BIO_NEW m_F_BIO_new; + FUNC_BIO_PUTS m_F_BIO_puts; + FUNC_BIO_S_MEM m_F_BIO_s_mem; + FUNC_PEM_READ_BIO_RSAPUBLICKEY m_F_PEM_read_bio_RSAPublicKey; + FUNC_PEM_READ_BIO_RSA_PUBKEY m_F_PEM_read_bio_RSA_PUBKEY; + FUNC_RSA_FREE m_F_RSA_free; + FUNC_RSA_FREE m_F_BIO_free; + FUNC_RSA_PUBLIC_ENCRYPT m_F_RSA_public_encrypt; + FUNC_RSA_SIZE m_F_RSA_size; + AES_KEY *m_AES; + void *m_BIO; + void *m_RSA; }; #endif // DEEPINAUTHFRAMEWORK_H diff --git a/src/libdde-auth/encrypt_helper.cpp b/src/libdde-auth/encrypt_helper.cpp deleted file mode 100644 index acb01d7..0000000 --- a/src/libdde-auth/encrypt_helper.cpp +++ /dev/null @@ -1,190 +0,0 @@ -/* -* Copyright (C) 2021 ~ 2021 Uniontech Software Technology Co.,Ltd. -* -* Author: Yin Jie -* -* Maintainer: Yin Jie -* -* This program is free software: you can redistribute it and/or modify -* it under the terms of the GNU General Public License as published by -* the Free Software Foundation, either version 3 of the License, or -* any later version. -* -* This program is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU General Public License for more details. -* -* You should have received a copy of the GNU General Public License -* along with this program. If not, see . -*/ - -#include "encrypt_helper.h" -#include "public_func.h" - -#include - -#define PKCS1_HEADER "-----BEGIN RSA PUBLIC KEY-----" -#define PKCS8_HEADER "-----BEGIN PUBLIC KEY-----" - -EncryptHelper::EncryptHelper() - : m_BIO(nullptr) - , m_RSA(nullptr) - , m_ecKey(nullptr) -#ifndef PREFER_USING_GM - , m_encryptType(ET_RSA) -#else - , m_encryptType(ET_SM2) -#endif - , m_encryptMethod({1}) -{ - -} - -EncryptHelper::~EncryptHelper() -{ - releaseResources(); -} - -/** - * @brief 初始化加密服务,创建对称加密密钥 - */ -void EncryptHelper::initEncryptionService() -{ - m_BIO = BIO_new(BIO_s_mem()); - BIO_puts(m_BIO, m_publicKey.toLatin1().data()); - - if (ET_SM2 == m_encryptType) { - PEM_read_bio_EC_PUBKEY(m_BIO, &m_ecKey, nullptr, nullptr); - } else { - if (strncmp(m_publicKey.toLatin1().data(), PKCS8_HEADER, strlen(PKCS8_HEADER)) == 0) { - PEM_read_bio_RSA_PUBKEY(m_BIO, &m_RSA, nullptr, nullptr); - } else if (strncmp(m_publicKey.toLatin1().data(), PKCS1_HEADER, strlen(PKCS1_HEADER)) == 0) { - PEM_read_bio_RSAPublicKey(m_BIO, &m_RSA, nullptr, nullptr); - } - } - - /* 生成对称加密的密钥 */ - srand(static_cast(time(nullptr))); - int randNum = (10000000 + rand() % 10000000) % 100000000; - m_symmetricKey = QString::number(randNum) + QString::number(randNum); -} - -/** - * @brief 设置加密类型和加密方式 - * - * @param type 非对称加密类型 - * @param method 默认传{1},没人知道为什么 - */ -void EncryptHelper::setEncryption(const int type, ArrayInt method) -{ - qInfo() << "Set encryption type: " << type; - m_encryptType = type; - m_encryptMethod = method; -} - -/** - * @brief 用非对称加密公钥加密对称加密的密钥 - * - * @return 加密后的对称加密密钥 - */ -QByteArray EncryptHelper::encryptSymmetricalKey() -{ - if (ET_SM2 == m_encryptType) { - return SM2EncryptSymmetricalKey(); - } - - return RSAEncryptSymmetricalKey(); -} - - -QByteArray EncryptHelper::RSAEncryptSymmetricalKey() -{ - int size = RSA_size(m_RSA); - char *ciphertext = new char[static_cast(size)]; - RSA_public_encrypt(m_symmetricKey.length(), reinterpret_cast(m_symmetricKey.toLatin1().data()), reinterpret_cast(ciphertext), m_RSA, 1); - QByteArray ba = QByteArray(ciphertext, size); - delete[] ciphertext; - return ba; -} - - -QByteArray EncryptHelper::SM2EncryptSymmetricalKey() -{ - size_t csize = 0; - size_t psize = m_symmetricKey.length(); - if (1 != sm2_ciphertext_size(m_ecKey, EVP_sm3(), psize, &csize)) { - qCritical() << "Can't get sm2 ciphertext size"; - return ""; - } - - uint8_t *cipherText = new uint8_t[csize]; - if (1 != sm2_encrypt(m_ecKey, EVP_sm3(), (uint8_t *)m_symmetricKey.toStdString().c_str(), psize, cipherText, &csize)) { - qCritical() << "Can't encrypt sm2 cipher"; - delete[] cipherText; - return ""; - } - - QByteArray ba(reinterpret_cast(cipherText), csize); - delete[] cipherText; - return ba; -} - -QByteArray EncryptHelper::getEncryptedToken(const QString &token) -{ - const int tokenSize = token.size(); - const int padding = AES_BLOCK_SIZE - tokenSize % AES_BLOCK_SIZE; - const int blockCount = token.length() / AES_BLOCK_SIZE + 1; - const int bufferSize = blockCount * AES_BLOCK_SIZE; - char *tokenBuffer = new char[static_cast(bufferSize)]; - memset(tokenBuffer, padding, static_cast(bufferSize)); - memcpy(tokenBuffer, token.toLatin1().data(), static_cast(tokenSize)); - char *ciphertext = new char[static_cast(bufferSize)]; - memset(ciphertext, 0, static_cast(bufferSize)); - SM4_KEY sm4; - AES_KEY aes; - int ret = 0; - if (ET_SM2 == m_encryptType) { - SM4_set_key(reinterpret_cast(m_symmetricKey.toLatin1().data()), &sm4); - } else { - AES_set_encrypt_key(reinterpret_cast(m_symmetricKey.toLatin1().data()), m_symmetricKey.length() * 8, &aes); - } - if (ret < 0) { - qCritical() << "Failed to set symmetric key!"; - delete[] tokenBuffer; - delete[] ciphertext; - return QByteArray(); - } - unsigned char *iv = new unsigned char[AES_BLOCK_SIZE]; - memset(iv, 0, AES_BLOCK_SIZE); - if (ET_SM2 == m_encryptType) { - SM4_encrypt(reinterpret_cast(tokenBuffer), reinterpret_cast(ciphertext), &sm4); - } else { - AES_cbc_encrypt(reinterpret_cast(tokenBuffer), reinterpret_cast(ciphertext), static_cast(bufferSize), &aes, iv, AES_ENCRYPT); - } - - QByteArray ba = QByteArray(ciphertext, bufferSize); - delete[] ciphertext; - delete[] tokenBuffer; - delete[] iv; - - return ba; -} - -void EncryptHelper::releaseResources() -{ - if (m_BIO) { - BIO_free(m_BIO); - m_BIO = nullptr; - } - - if (m_RSA) { - RSA_free(m_RSA); - m_RSA = nullptr; - } - - if (m_ecKey) { - EC_KEY_free(m_ecKey); - m_ecKey = nullptr; - } -} diff --git a/src/libdde-auth/encrypt_helper.h b/src/libdde-auth/encrypt_helper.h deleted file mode 100644 index 513c399..0000000 --- a/src/libdde-auth/encrypt_helper.h +++ /dev/null @@ -1,76 +0,0 @@ -/* -* Copyright (C) 2021 ~ 2021 Uniontech Software Technology Co.,Ltd. -* -* Author: Yin Jie -* -* Maintainer: Yin Jie -* -* This program is free software: you can redistribute it and/or modify -* it under the terms of the GNU General Public License as published by -* the Free Software Foundation, either version 3 of the License, or -* any later version. -* -* This program is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU General Public License for more details. -* -* You should have received a copy of the GNU General Public License -* along with this program. If not, see . -*/ - -#pragma once - -#include -#include - -#include -#include -#include -#ifdef __cplusplus -extern "C" { -#endif -#include -#include -#ifdef __cplusplus -} -#endif -#include - -#include - -class EncryptHelper : public Dtk::Core::DSingleton -{ - friend class Dtk::Core::DSingleton; - -public: - enum EncryptType { - ET_RSA = 0, - ET_SM2 - }; - - void setEncryption(const int type, ArrayInt method = {1}); - QByteArray encryptSymmetricalKey(); - QByteArray getEncryptedToken(const QString &token); - int encryptType() const { return m_encryptType; } - ArrayInt encryptMethod() const { return m_encryptMethod; } - void setPublicKey(const QString &publicKey) { m_publicKey = publicKey; } - void initEncryptionService(); - void releaseResources(); - -private: - EncryptHelper(); - ~EncryptHelper(); - - QByteArray RSAEncryptSymmetricalKey(); - QByteArray SM2EncryptSymmetricalKey(); - -private: - BIO *m_BIO; - RSA *m_RSA; - EC_KEY *m_ecKey; - int m_encryptType; - QString m_symmetricKey; - QString m_publicKey; - ArrayInt m_encryptMethod; -}; diff --git a/src/lightdm-deepin-greeter/greeter_display_wayland.cpp b/src/lightdm-deepin-greeter/greeter_display_wayland.cpp index 64cf536..d75e23b 100644 --- a/src/lightdm-deepin-greeter/greeter_display_wayland.cpp +++ b/src/lightdm-deepin-greeter/greeter_display_wayland.cpp @@ -144,7 +144,7 @@ void GreeterDisplayWayland::setupRegistry(Registry *registry) Q_EMIT setOutputFinished(); }); } - } + } }); connect(registry, &Registry::outputDeviceAnnounced, this, [ this, registry ](quint32 name, quint32 version) { @@ -550,7 +550,7 @@ QString GreeterDisplayWayland::getOutputDeviceName(const QString& model, const Q // 找到第一个纯数字部分 for (int i = 0; i < nameList.size(); ++i) { bool ok = false; - nameList[i].toInt(&ok, 10); + int num = nameList[i].toInt(&ok, 10); if (ok && i >= 1) { // name 是数字 // 比如 model 为 HDMI-A-2-VA2430-H-3/W72211325199 diff --git a/src/lightdm-deepin-greeter/greeterworker.cpp b/src/lightdm-deepin-greeter/greeterworker.cpp index c7e088b..fac2824 100644 --- a/src/lightdm-deepin-greeter/greeterworker.cpp +++ b/src/lightdm-deepin-greeter/greeterworker.cpp @@ -491,7 +491,7 @@ void GreeterWorker::destoryAuthentication(const QString &account) qDebug() << "GreeterWorker::destoryAuthentication:" << account; switch (m_model->getAuthProperty().FrameworkState) { case Available: - m_authFramework->DestroyAuthController(account); + m_authFramework->DestoryAuthController(account); break; default: break; diff --git a/tests/dde-lock/CMakeLists.txt b/tests/dde-lock/CMakeLists.txt index 59abe1d..f8ccfa7 100644 --- a/tests/dde-lock/CMakeLists.txt +++ b/tests/dde-lock/CMakeLists.txt @@ -2,9 +2,6 @@ set(BIN_NAME dde-lock-test) aux_source_directory(. LOCK_TEST) -# 优先使用国密 -add_definitions(-DPREFER_USING_GM) - set(LOCK_TEST_SRCS ${LOCK_TEST} ${authority_DBUS_SCRS} @@ -61,5 +58,4 @@ target_link_libraries(${BIN_NAME} PRIVATE KF5::WaylandClient -lpthread -lm - -lcrypto ) diff --git a/tests/dde-lock/ut_deepinauthframework.cpp b/tests/dde-lock/ut_deepinauthframework.cpp index e37df3c..3503825 100644 --- a/tests/dde-lock/ut_deepinauthframework.cpp +++ b/tests/dde-lock/ut_deepinauthframework.cpp @@ -26,7 +26,7 @@ TEST_F(UT_DeepinAuthFramework, PAMTest) { // m_authFramework->CreateAuthenticate("uos"); // m_authFramework->SendToken("123"); -// m_authFramework->DestroyAuthenticate(); +// m_authFramework->DestoryAuthenticate(); } TEST_F(UT_DeepinAuthFramework, DATest) @@ -42,7 +42,7 @@ TEST_F(UT_DeepinAuthFramework, DATest) // m_authFramework->StartAuthentication(UserName, 19, -1); // m_authFramework->SendTokenToAuth(UserName, 1, "123"); // m_authFramework->EndAuthentication(UserName, 19); -// m_authFramework->DestroyAuthController(UserName); +// m_authFramework->DestoryAuthController(UserName); // m_authFramework->GetFuzzyMFA(UserName); // m_authFramework->GetMFAFlag(UserName); diff --git a/tests/lightdm-deepin-greeter/CMakeLists.txt b/tests/lightdm-deepin-greeter/CMakeLists.txt index 5b19ef6..3bebc81 100644 --- a/tests/lightdm-deepin-greeter/CMakeLists.txt +++ b/tests/lightdm-deepin-greeter/CMakeLists.txt @@ -2,9 +2,6 @@ set(BIN_NAME lightdm-deepin-greeter-test) aux_source_directory(. GREETER_TEST) -# 优先使用国密 -add_definitions(-DPREFER_USING_GM) - set(GREETER_TEST_SRCS ${GREETER_TEST} ${authority_DBUS_SCRS} @@ -72,5 +69,4 @@ target_link_libraries(${BIN_NAME} PRIVATE KF5::WaylandClient -lpthread -lm - -lcrypto ) -- libgit2 1.3.0