Группа :: Графические оболочки/Прочее
Пакет: deepin-session-shell
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: deepin-session-shell-5.5.68-alt-use-previous-encryption.patch
Скачать
Скачать
From 1d75d05ae648dda25010079df1add7495a07ccf7 Mon Sep 17 00:00:00 2001
From: Leontiy Volodin <lvol@altlinux.org>
Date: Thu, 25 Aug 2022 13:04:27 +0300
Subject: [PATCH] Revert "feat: Ф⌡©Ф█╒Е┼═Е╞├Г╝≈ФЁ∙"
This reverts commit 9a0f1d2c9cd3d31875678de6fd8347d36322fa7b.
---
CMakeLists.txt | 4 ----
debian/dde-session-shell.lintian-overrides | 1 -
src/dde-lock/lockworker.cpp | 4 ++--
src/libdde-auth/deepinauthframework.cpp | 176 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---------------------------------------------------
src/libdde-auth/deepinauthframework.h | 62 +++++++++++++++++++++++++++++++++-----------------------------
src/libdde-auth/encrypt_helper.cpp | 190 ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
src/libdde-auth/encrypt_helper.h | 76 ----------------------------------------------------------------------------
src/lightdm-deepin-greeter/greeter_display_wayland.cpp | 4 ++--
src/lightdm-deepin-greeter/greeterworker.cpp | 2 +-
tests/dde-lock/CMakeLists.txt | 4 ----
tests/dde-lock/ut_deepinauthframework.cpp | 4 ++--
tests/lightdm-deepin-greeter/CMakeLists.txt | 4 ----
12 files changed, 165 insertions(+), 366 deletions(-)
delete mode 100644 debian/dde-session-shell.lintian-overrides
delete mode 100644 src/libdde-auth/encrypt_helper.cpp
delete mode 100644 src/libdde-auth/encrypt_helper.h
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 2587b77..899ea00 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -83,8 +83,6 @@ message(STATUS "USE_DEEPIN_WAYLAND ${USE_DEEPIN_WAYLAND}")
if(USE_DEEPIN_WAYLAND)
add_definitions(-DUSE_DEEPIN_WAYLAND)
endif()
-# Д╪≤Е┘┬Д╫©Г■╗Е⌡╫Е╞├
-add_definitions(-DPREFER_USING_GM)
function(generation_dbus_interface xml class_name class_file option)
execute_process(COMMAND qdbusxml2cpp ${option} -p ${class_file} -c ${class_name} ${xml}
@@ -190,7 +188,6 @@ target_link_libraries(dde-lock PRIVATE
${Qt5Network_LIBRARIES}
${QGSettings_LIBRARIES}
KF5::WaylandClient
- -lcrypto
)
set(GREETER_SRCS
@@ -261,7 +258,6 @@ target_link_libraries(lightdm-deepin-greeter PRIVATE
${QGSettings_LIBRARIES}
${Greeter_LIBRARIES}
KF5::WaylandClient
- -lcrypto
)
add_subdirectory(tests)
diff --git a/debian/dde-session-shell.lintian-overrides b/debian/dde-session-shell.lintian-overrides
deleted file mode 100644
index 3a50979..0000000
--- a/debian/dde-session-shell.lintian-overrides
+++ /dev/null
@@ -1 +0,0 @@
-dde-session-shell: possible-gpl-code-linked-with-openssl
\ No newline at end of file
diff --git a/src/dde-lock/lockworker.cpp b/src/dde-lock/lockworker.cpp
index b22001b..316282d 100644
--- a/src/dde-lock/lockworker.cpp
+++ b/src/dde-lock/lockworker.cpp
@@ -551,10 +551,10 @@ void LockWorker::destoryAuthentication(const QString &account)
qInfo() << "LockWorker::destoryAuthentication:" << account;
switch (m_model->getAuthProperty().FrameworkState) {
case Available:
- m_authFramework->DestroyAuthController(account);
+ m_authFramework->DestoryAuthController(account);
break;
default:
- m_authFramework->DestroyAuthenticate();
+ m_authFramework->DestoryAuthenticate();
break;
}
}
diff --git a/src/libdde-auth/deepinauthframework.cpp b/src/libdde-auth/deepinauthframework.cpp
index 8195c04..93a652c 100644
--- a/src/libdde-auth/deepinauthframework.cpp
+++ b/src/libdde-auth/deepinauthframework.cpp
@@ -1,25 +1,4 @@
-/*
-* Copyright (C) 2021 ~ 2021 Uniontech Software Technology Co.,Ltd.
-*
-* Author: Yin Jie <yinjie@uniontech.com>
-*
-* Maintainer: Yin Jie <yinjie@uniontech.com>
-*
-* This program is free software: you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation, either version 3 of the License, or
-* any later version.
-*
-* This program is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
#include "deepinauthframework.h"
-#include "encrypt_helper.h"
#include "authcommon.h"
#include "public_func.h"
@@ -43,30 +22,42 @@
#define PAM_SERVICE_SYSTEM_NAME "password-auth"
#define PAM_SERVICE_DEEPIN_NAME "common-auth"
+#define PKCS1_HEADER "-----BEGIN RSA PUBLIC KEY-----"
+#define PKCS8_HEADER "-----BEGIN PUBLIC KEY-----"
+#define OPENSSLNAME "libssl.so"
using namespace AuthCommon;
DeepinAuthFramework::DeepinAuthFramework(QObject *parent)
: QObject(parent)
- , m_authenticateInter(new AuthInter(AUTHENTICATE_SERVICE, "/com/deepin/daemon/Authenticate", QDBusConnection::systemBus(), this))
+ , m_authenticateInter(new AuthInter(AUTHRNTICATESERVICE, "/com/deepin/daemon/Authenticate", QDBusConnection::systemBus(), this))
, m_PAMAuthThread(0)
, m_authenticateControllers(new QMap<QString, AuthControllerInter *>())
, m_cancelAuth(false)
, m_waitToken(true)
+ , m_encryptionHandle(nullptr)
+ , m_AES(new AES_KEY)
+ , m_BIO(nullptr)
+ , m_RSA(nullptr)
{
connect(m_authenticateInter, &AuthInter::FrameworkStateChanged, this, &DeepinAuthFramework::FramworkStateChanged);
connect(m_authenticateInter, &AuthInter::LimitUpdated, this, &DeepinAuthFramework::LimitsInfoChanged);
connect(m_authenticateInter, &AuthInter::SupportedFlagsChanged, this, &DeepinAuthFramework::SupportedMixAuthFlagsChanged);
connect(m_authenticateInter, &AuthInter::SupportEncryptsChanged, this, &DeepinAuthFramework::SupportedEncryptsChanged);
+
+ /* Ф ┌Ф≈╤Е╟├Е┼═Е╞├Ф√╧Е╪▐Е⌡╨Е╝ О╪▄Е░▌Г╩╜Ф°┴Д©╝Ф■╧Е├█Х╟┐Ф∙╢ */
+ setEncryption(0, {1});
}
DeepinAuthFramework::~DeepinAuthFramework()
{
for (const QString &key : m_authenticateControllers->keys()) {
m_authenticateControllers->remove(key);
}
delete m_authenticateControllers;
- DestroyAuthenticate();
+ delete m_AES;
+
+ DestoryAuthenticate();
}
/**
@@ -81,7 +72,7 @@ void DeepinAuthFramework::CreateAuthenticate(const QString &account)
}
qInfo() << "Create PAM authenticate thread:" << account << m_PAMAuthThread;
m_account = account;
- DestroyAuthenticate();
+ DestoryAuthenticate();
m_cancelAuth = false;
m_waitToken = true;
int rc = pthread_create(&m_PAMAuthThread, nullptr, &PAMAuthWorker, this);
@@ -273,19 +264,81 @@ void DeepinAuthFramework::UpdateAuthState(const int state, const QString &messag
/**
* @brief Г╩⌠Ф²÷ PAM Х╝╓Х╞│Ф°█Е┼║
*/
-void DeepinAuthFramework::DestroyAuthenticate()
+void DeepinAuthFramework::DestoryAuthenticate()
{
if (m_PAMAuthThread == 0) {
return;
}
- qInfo() << "Destroy PAM authenticate thread";
+ qInfo() << "Destory PAM authenticate thread";
m_cancelAuth = true;
pthread_cancel(m_PAMAuthThread);
pthread_join(m_PAMAuthThread, nullptr);
m_PAMAuthThread = 0;
}
/**
+ * @brief Х╝╬Г╫╝Е┼═Е╞├Г╠╩Е·▀Е▓▄Е┼═Е╞├Ф√╧Е╪▐
+ *
+ * @param type
+ * @param method
+ */
+void DeepinAuthFramework::setEncryption(const int type, ArrayInt method)
+{
+ m_encryptType = type;
+ m_encryptMethod = method;
+}
+
+/**
+ * @brief Е┬²Е╖▀Е▄√Е┼═Е╞├Ф°█Е┼║
+ */
+void DeepinAuthFramework::initEncryptionService()
+{
+ if ((m_encryptionHandle = dlopen(OPENSSLNAME, RTLD_NOW)) == nullptr) {
+ qCritical() << "Failed to load" << OPENSSLNAME;
+ return;
+ }
+ m_F_AES_cbc_encrypt = reinterpret_cast<FUNC_AES_CBC_ENCRYPT>(dlsym(m_encryptionHandle, "AES_cbc_encrypt"));
+ m_F_AES_set_encrypt_key = reinterpret_cast<FUNC_AES_SET_ENCRYPT_KEY>(dlsym(m_encryptionHandle, "AES_set_encrypt_key"));
+ m_F_BIO_new = reinterpret_cast<FUNC_BIO_NEW>(dlsym(m_encryptionHandle, "BIO_new"));
+ m_F_BIO_puts = reinterpret_cast<FUNC_BIO_PUTS>(dlsym(m_encryptionHandle, "BIO_puts"));
+ m_F_BIO_s_mem = reinterpret_cast<FUNC_BIO_S_MEM>(dlsym(m_encryptionHandle, "BIO_s_mem"));
+ m_F_PEM_read_bio_RSAPublicKey = reinterpret_cast<FUNC_PEM_READ_BIO_RSAPUBLICKEY>(dlsym(m_encryptionHandle, "PEM_read_bio_RSAPublicKey"));
+ m_F_PEM_read_bio_RSA_PUBKEY = reinterpret_cast<FUNC_PEM_READ_BIO_RSA_PUBKEY>(dlsym(m_encryptionHandle, "PEM_read_bio_RSA_PUBKEY"));
+ m_F_RSA_public_encrypt = reinterpret_cast<FUNC_RSA_PUBLIC_ENCRYPT>(dlsym(m_encryptionHandle, "RSA_public_encrypt"));
+ m_F_RSA_size = reinterpret_cast<FUNC_RSA_SIZE>(dlsym(m_encryptionHandle, "RSA_size"));
+ m_F_RSA_free = reinterpret_cast<FUNC_RSA_FREE>(dlsym(m_encryptionHandle, "RSA_free"));
+ m_F_BIO_free = reinterpret_cast<FUNC_RSA_FREE>(dlsym(m_encryptionHandle, "BIO_free"));
+
+ m_BIO = m_F_BIO_new(m_F_BIO_s_mem());
+ m_F_BIO_puts(m_BIO, m_publicKey.toLatin1().data());
+
+ if (strncmp(m_publicKey.toLatin1().data(), PKCS8_HEADER, strlen(PKCS8_HEADER)) == 0) {
+ m_RSA = m_F_PEM_read_bio_RSA_PUBKEY(m_BIO, nullptr, nullptr, nullptr);
+ } else if (strncmp(m_publicKey.toLatin1().data(), PKCS1_HEADER, strlen(PKCS1_HEADER)) == 0) {
+ m_RSA = m_F_PEM_read_bio_RSAPublicKey(m_BIO, nullptr, nullptr, nullptr);
+ }
+
+ /* Г■÷Ф┬░Е╞╧Г╖╟Е┼═Е╞├Г └Е╞├И▓╔ */
+ srand(static_cast<unsigned int>(time(nullptr)));
+ int randNum = (10000000 + rand() % 10000000) % 100000000;
+ m_symmetricKey = QString::number(randNum) + QString::number(randNum);
+}
+
+/**
+ * @brief Е┼═Е╞├Е╞╧Г╖╟Е┼═Е╞├Г └Е╞├И▓╔Е╧╤Е▐▒И─│Г╩≥Х╝╓Х╞│Ф°█Е┼║
+ *
+ * @param account
+ */
+void DeepinAuthFramework::encryptSymmtricKey(const QString &account)
+{
+ int size = m_F_RSA_size(m_RSA);
+ char *ciphertext = new char[static_cast<unsigned long>(size)];
+ m_F_RSA_public_encrypt(m_symmetricKey.length(), reinterpret_cast<unsigned char *>(m_symmetricKey.toLatin1().data()), reinterpret_cast<unsigned char *>(ciphertext), m_RSA, 1);
+ m_authenticateControllers->value(account)->SetSymmetricKey(QByteArray(ciphertext, size));
+ delete[] ciphertext;
+}
+
+/**
* @brief Е┬⌡Е╩╨Х╝╓Х╞│Ф°█Е┼║
*
* @param account Г■╗Ф┬╥Е░█
@@ -324,46 +377,46 @@ void DeepinAuthFramework::CreateAuthController(const QString &account, const int
emit PINLenChanged(authControllerInter->pINLen());
emit PromptChanged(authControllerInter->prompt());
-
- int DAEncryptType;
- ArrayInt DAEncryptMethod;
- QString publicKey;
- // Х▌╥Е▐√И²·Е╞╧Г╖╟Е┼═Е╞├Е┘╛И▓╔
- QDBusReply<int> reply = authControllerInter->EncryptKey(
- EncryptHelper::ref().encryptType(),
- EncryptHelper::ref().encryptMethod(),
- DAEncryptMethod,
- publicKey);
- DAEncryptType = reply.value();
-
- // Д╫©Г■╗DAХ©■Е⌡·Г └Е┼═Е╞├Г╝≈ФЁ∙О╪⌡ Д╬▀Е╕┌О╪▄Е╕┌Ф·°Ф≤╞Ф╡║Ф°┴И─┌И┘█SM2Г╝≈ФЁ∙Г └DAО╪▄И┌ёД╧┬Е╟╠Д╫©Г■╗RSA
- EncryptHelper::ref().setEncryption(DAEncryptType, DAEncryptMethod);
- if (publicKey.isEmpty()) {
+ int encryptType;
+ ArrayInt encryptMethod;
+ QDBusReply<int> reply = authControllerInter->EncryptKey(m_encryptType, m_encryptMethod, encryptMethod, m_publicKey);
+ encryptType = reply.value();
+ if (encryptType != m_encryptType || encryptMethod != m_encryptMethod) {
+ qWarning() << "The current encryption method is not supported, use the default encryption method.";
+ m_encryptType = encryptType;
+ m_encryptMethod = encryptMethod;
+ }
+ if (m_publicKey.isEmpty()) {
qCritical() << "Failed to get the public key!";
return;
}
- EncryptHelper::ref().setPublicKey(publicKey);
- EncryptHelper::ref().initEncryptionService();
- m_authenticateControllers->value(account)->SetSymmetricKey(EncryptHelper::ref().encryptSymmetricalKey());
+
+ initEncryptionService();
+ encryptSymmtricKey(account);
}
/**
* @brief И■─Ф╞│Х╝╓Х╞│Ф°█Е┼║О╪▄Д╦▀Ф╛║Д╫©Г■╗Х╝╓Х╞│Ф°█Е┼║Е┴█И°─Х╕│Е┘┬Е┬⌡Е╩╨
*
* @param account Г■╗Ф┬╥Е░█
*/
-void DeepinAuthFramework::DestroyAuthController(const QString &account)
+void DeepinAuthFramework::DestoryAuthController(const QString &account)
{
if (!m_authenticateControllers->contains(account)) {
return;
}
AuthControllerInter *authControllerInter = m_authenticateControllers->value(account);
- qInfo() << "Destroy Authenticate Session:" << account << authControllerInter->path();
+ qInfo() << "Destory Authenticate Sesssion:" << account << authControllerInter->path();
authControllerInter->End(AT_All);
authControllerInter->Quit();
m_authenticateControllers->remove(account);
delete authControllerInter;
- EncryptHelper::ref().releaseResources();
+
+ if (m_encryptionHandle) {
+ m_F_RSA_free(m_RSA);
+ m_F_BIO_free(m_BIO);
+ dlclose(m_encryptionHandle);
+ }
}
/**
@@ -411,8 +464,29 @@ void DeepinAuthFramework::SendTokenToAuth(const QString &account, const int auth
}
qInfo() << "Send token to authentication:" << account << ", authType" << authType;
- QByteArray ba = EncryptHelper::ref().getEncryptedToken(token);
- m_authenticateControllers->value(account)->SetToken(authType, ba);
+ const int tokenSize = token.size();
+ const int padding = AES_BLOCK_SIZE - tokenSize % AES_BLOCK_SIZE;
+ const int blockCount = token.length() / AES_BLOCK_SIZE + 1;
+ const int bufferSize = blockCount * AES_BLOCK_SIZE;
+ char *tokenBuffer = new char[static_cast<size_t>(bufferSize)];
+ memset(tokenBuffer, padding, static_cast<size_t>(bufferSize));
+ memcpy(tokenBuffer, token.toLatin1().data(), static_cast<size_t>(tokenSize));
+ char *ciphertext = new char[static_cast<size_t>(bufferSize)];
+ memset(ciphertext, 0, static_cast<size_t>(bufferSize));
+ int ret = m_F_AES_set_encrypt_key(reinterpret_cast<unsigned char *>(m_symmetricKey.toLatin1().data()), m_symmetricKey.length() * 8, m_AES);
+ if (ret < 0) {
+ qCritical() << "Failed to set symmetric key!";
+ delete[] tokenBuffer;
+ delete[] ciphertext;
+ return;
+ }
+ unsigned char *iv = new unsigned char[AES_BLOCK_SIZE];
+ memset(iv, 0, AES_BLOCK_SIZE);
+ m_F_AES_cbc_encrypt(reinterpret_cast<unsigned char *>(tokenBuffer), reinterpret_cast<unsigned char *>(ciphertext), static_cast<size_t>(bufferSize), m_AES, iv, AES_ENCRYPT);
+ m_authenticateControllers->value(account)->SetToken(authType, QByteArray(ciphertext, bufferSize));
+ delete[] tokenBuffer;
+ delete[] ciphertext;
+ delete[] iv;
}
/**
@@ -613,7 +687,7 @@ bool DeepinAuthFramework::isDeepinAuthValid() const
{
qDebug() << Q_FUNC_INFO
<< ", frameworkState" << m_authenticateInter->frameworkState()
- << ", isServiceRegistered: " << QDBusConnection::systemBus().interface()->isServiceRegistered(AUTHENTICATE_SERVICE);
- return QDBusConnection::systemBus().interface()->isServiceRegistered(AUTHENTICATE_SERVICE)
+ << ", isServiceRegistered: " << QDBusConnection::systemBus().interface()->isServiceRegistered(AUTHRNTICATESERVICE);
+ return QDBusConnection::systemBus().interface()->isServiceRegistered(AUTHRNTICATESERVICE)
&& Available == GetFrameworkState();
}
diff --git a/src/libdde-auth/deepinauthframework.h b/src/libdde-auth/deepinauthframework.h
index 58d549a..195376b 100644
--- a/src/libdde-auth/deepinauthframework.h
+++ b/src/libdde-auth/deepinauthframework.h
@@ -1,23 +1,3 @@
-/*
-* Copyright (C) 2021 ~ 2021 Uniontech Software Technology Co.,Ltd.
-*
-* Author: Yin Jie <yinjie@uniontech.com>
-*
-* Maintainer: Yin Jie <yinjie@uniontech.com>
-*
-* This program is free software: you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation, either version 3 of the License, or
-* any later version.
-*
-* This program is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
#ifndef DEEPINAUTHFRAMEWORK_H
#define DEEPINAUTHFRAMEWORK_H
@@ -28,18 +8,23 @@
#include <com_deepin_daemon_authenticate_session2.h>
#include <memory>
#include <openssl/aes.h>
-#include <openssl/rsa.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/sm2.h>
-#include <openssl/sm4.h>
-#include <openssl/evp.h>
-#define AUTHENTICATE_SERVICE "com.deepin.daemon.Authenticate"
+#define AUTHRNTICATESERVICE "com.deepin.daemon.Authenticate"
+#define AUTHRNTICATEINTERFACE "com.deepin.daemon.Authenticate.Session"
using AuthInter = com::deepin::daemon::Authenticate;
using AuthControllerInter = com::deepin::daemon::authenticate::Session;
+using FUNC_AES_CBC_ENCRYPT = void (*)(const unsigned char *in, unsigned char *out, size_t length, const void *aes, unsigned char *ivec, const int enc);
+using FUNC_AES_SET_ENCRYPT_KEY = int (*)(const unsigned char *userKey, const int bits, void *aes);
+using FUNC_BIO_S_MEM = void *(*)();
+using FUNC_BIO_NEW = void *(*)(void *);
+using FUNC_BIO_PUTS = int (*)(void *, const char *);
+using FUNC_PEM_READ_BIO_RSA_PUBKEY = void *(*)(void *, void *, void *, void *);
+using FUNC_PEM_READ_BIO_RSAPUBLICKEY = void *(*)(void *, void *, void *, void *);
+using FUNC_RSA_PUBLIC_ENCRYPT = void *(*)(int flen, const unsigned char *from, unsigned char *to, void *rsa, int padding);
+using FUNC_RSA_SIZE = int (*)(void *);
+using FUNC_RSA_FREE = void (*)(void *);
class DeepinAuthFramework : public QObject
{
@@ -58,7 +43,7 @@ public:
/* Compatible with old authentication methods */
void CreateAuthenticate(const QString &account);
void SendToken(const QString &token);
- void DestroyAuthenticate();
+ void DestoryAuthenticate();
/* com.deepin.daemon.Authenticate */
int GetFrameworkState() const;
@@ -98,7 +83,7 @@ signals:
public slots:
/* New authentication framework */
void CreateAuthController(const QString &account, const int authType, const int appType);
- void DestroyAuthController(const QString &account);
+ void DestoryAuthController(const QString &account);
void StartAuthentication(const QString &account, const int authType, const int timeout);
void EndAuthentication(const QString &account, const int authType);
void SendTokenToAuth(const QString &account, const int authType, const QString &token);
@@ -111,6 +96,9 @@ private:
static int PAMConversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *app_data);
void UpdateAuthState(const int state, const QString &message);
+ void initEncryptionService();
+ void encryptSymmtricKey(const QString &account);
+
private:
AuthInter *m_authenticateInter;
pthread_t m_PAMAuthThread;
@@ -124,6 +112,22 @@ private:
QMap<QString, AuthControllerInter *> *m_authenticateControllers;
bool m_cancelAuth;
bool m_waitToken;
+
+ void *m_encryptionHandle;
+ FUNC_AES_CBC_ENCRYPT m_F_AES_cbc_encrypt;
+ FUNC_AES_SET_ENCRYPT_KEY m_F_AES_set_encrypt_key;
+ FUNC_BIO_NEW m_F_BIO_new;
+ FUNC_BIO_PUTS m_F_BIO_puts;
+ FUNC_BIO_S_MEM m_F_BIO_s_mem;
+ FUNC_PEM_READ_BIO_RSAPUBLICKEY m_F_PEM_read_bio_RSAPublicKey;
+ FUNC_PEM_READ_BIO_RSA_PUBKEY m_F_PEM_read_bio_RSA_PUBKEY;
+ FUNC_RSA_FREE m_F_RSA_free;
+ FUNC_RSA_FREE m_F_BIO_free;
+ FUNC_RSA_PUBLIC_ENCRYPT m_F_RSA_public_encrypt;
+ FUNC_RSA_SIZE m_F_RSA_size;
+ AES_KEY *m_AES;
+ void *m_BIO;
+ void *m_RSA;
};
#endif // DEEPINAUTHFRAMEWORK_H
diff --git a/src/libdde-auth/encrypt_helper.cpp b/src/libdde-auth/encrypt_helper.cpp
deleted file mode 100644
index acb01d7..0000000
--- a/src/libdde-auth/encrypt_helper.cpp
+++ /dev/null
@@ -1,190 +0,0 @@
-/*
-* Copyright (C) 2021 ~ 2021 Uniontech Software Technology Co.,Ltd.
-*
-* Author: Yin Jie <yinjie@uniontech.com>
-*
-* Maintainer: Yin Jie <yinjie@uniontech.com>
-*
-* This program is free software: you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation, either version 3 of the License, or
-* any later version.
-*
-* This program is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "encrypt_helper.h"
-#include "public_func.h"
-
-#include <QDebug>
-
-#define PKCS1_HEADER "-----BEGIN RSA PUBLIC KEY-----"
-#define PKCS8_HEADER "-----BEGIN PUBLIC KEY-----"
-
-EncryptHelper::EncryptHelper()
- : m_BIO(nullptr)
- , m_RSA(nullptr)
- , m_ecKey(nullptr)
-#ifndef PREFER_USING_GM
- , m_encryptType(ET_RSA)
-#else
- , m_encryptType(ET_SM2)
-#endif
- , m_encryptMethod({1})
-{
-
-}
-
-EncryptHelper::~EncryptHelper()
-{
- releaseResources();
-}
-
-/**
- * @brief Е┬²Е╖▀Е▄√Е┼═Е╞├Ф°█Е┼║О╪▄Е┬⌡Е╩╨Е╞╧Г╖╟Е┼═Е╞├Е╞├И▓╔
- */
-void EncryptHelper::initEncryptionService()
-{
- m_BIO = BIO_new(BIO_s_mem());
- BIO_puts(m_BIO, m_publicKey.toLatin1().data());
-
- if (ET_SM2 == m_encryptType) {
- PEM_read_bio_EC_PUBKEY(m_BIO, &m_ecKey, nullptr, nullptr);
- } else {
- if (strncmp(m_publicKey.toLatin1().data(), PKCS8_HEADER, strlen(PKCS8_HEADER)) == 0) {
- PEM_read_bio_RSA_PUBKEY(m_BIO, &m_RSA, nullptr, nullptr);
- } else if (strncmp(m_publicKey.toLatin1().data(), PKCS1_HEADER, strlen(PKCS1_HEADER)) == 0) {
- PEM_read_bio_RSAPublicKey(m_BIO, &m_RSA, nullptr, nullptr);
- }
- }
-
- /* Г■÷Ф┬░Е╞╧Г╖╟Е┼═Е╞├Г └Е╞├И▓╔ */
- srand(static_cast<unsigned int>(time(nullptr)));
- int randNum = (10000000 + rand() % 10000000) % 100000000;
- m_symmetricKey = QString::number(randNum) + QString::number(randNum);
-}
-
-/**
- * @brief Х╝╬Г╫╝Е┼═Е╞├Г╠╩Е·▀Е▓▄Е┼═Е╞├Ф√╧Е╪▐
- *
- * @param type И²·Е╞╧Г╖╟Е┼═Е╞├Г╠╩Е·▀
- * @param method И╩≤Х╝╓Д╪═{1}О╪▄Ф╡║Д╨╨Г÷╔И│⌠Д╦╨Д╩─Д╧┬
- */
-void EncryptHelper::setEncryption(const int type, ArrayInt method)
-{
- qInfo() << "Set encryption type: " << type;
- m_encryptType = type;
- m_encryptMethod = method;
-}
-
-/**
- * @brief Г■╗И²·Е╞╧Г╖╟Е┼═Е╞├Е┘╛И▓╔Е┼═Е╞├Е╞╧Г╖╟Е┼═Е╞├Г └Е╞├И▓╔
- *
- * @return Е┼═Е╞├Е░▌Г └Е╞╧Г╖╟Е┼═Е╞├Е╞├И▓╔
- */
-QByteArray EncryptHelper::encryptSymmetricalKey()
-{
- if (ET_SM2 == m_encryptType) {
- return SM2EncryptSymmetricalKey();
- }
-
- return RSAEncryptSymmetricalKey();
-}
-
-
-QByteArray EncryptHelper::RSAEncryptSymmetricalKey()
-{
- int size = RSA_size(m_RSA);
- char *ciphertext = new char[static_cast<unsigned long>(size)];
- RSA_public_encrypt(m_symmetricKey.length(), reinterpret_cast<unsigned char *>(m_symmetricKey.toLatin1().data()), reinterpret_cast<unsigned char *>(ciphertext), m_RSA, 1);
- QByteArray ba = QByteArray(ciphertext, size);
- delete[] ciphertext;
- return ba;
-}
-
-
-QByteArray EncryptHelper::SM2EncryptSymmetricalKey()
-{
- size_t csize = 0;
- size_t psize = m_symmetricKey.length();
- if (1 != sm2_ciphertext_size(m_ecKey, EVP_sm3(), psize, &csize)) {
- qCritical() << "Can't get sm2 ciphertext size";
- return "";
- }
-
- uint8_t *cipherText = new uint8_t[csize];
- if (1 != sm2_encrypt(m_ecKey, EVP_sm3(), (uint8_t *)m_symmetricKey.toStdString().c_str(), psize, cipherText, &csize)) {
- qCritical() << "Can't encrypt sm2 cipher";
- delete[] cipherText;
- return "";
- }
-
- QByteArray ba(reinterpret_cast<char*>(cipherText), csize);
- delete[] cipherText;
- return ba;
-}
-
-QByteArray EncryptHelper::getEncryptedToken(const QString &token)
-{
- const int tokenSize = token.size();
- const int padding = AES_BLOCK_SIZE - tokenSize % AES_BLOCK_SIZE;
- const int blockCount = token.length() / AES_BLOCK_SIZE + 1;
- const int bufferSize = blockCount * AES_BLOCK_SIZE;
- char *tokenBuffer = new char[static_cast<size_t>(bufferSize)];
- memset(tokenBuffer, padding, static_cast<size_t>(bufferSize));
- memcpy(tokenBuffer, token.toLatin1().data(), static_cast<size_t>(tokenSize));
- char *ciphertext = new char[static_cast<size_t>(bufferSize)];
- memset(ciphertext, 0, static_cast<size_t>(bufferSize));
- SM4_KEY sm4;
- AES_KEY aes;
- int ret = 0;
- if (ET_SM2 == m_encryptType) {
- SM4_set_key(reinterpret_cast<uint8_t *>(m_symmetricKey.toLatin1().data()), &sm4);
- } else {
- AES_set_encrypt_key(reinterpret_cast<unsigned char *>(m_symmetricKey.toLatin1().data()), m_symmetricKey.length() * 8, &aes);
- }
- if (ret < 0) {
- qCritical() << "Failed to set symmetric key!";
- delete[] tokenBuffer;
- delete[] ciphertext;
- return QByteArray();
- }
- unsigned char *iv = new unsigned char[AES_BLOCK_SIZE];
- memset(iv, 0, AES_BLOCK_SIZE);
- if (ET_SM2 == m_encryptType) {
- SM4_encrypt(reinterpret_cast<uint8_t *>(tokenBuffer), reinterpret_cast<uint8_t *>(ciphertext), &sm4);
- } else {
- AES_cbc_encrypt(reinterpret_cast<unsigned char *>(tokenBuffer), reinterpret_cast<unsigned char *>(ciphertext), static_cast<size_t>(bufferSize), &aes, iv, AES_ENCRYPT);
- }
-
- QByteArray ba = QByteArray(ciphertext, bufferSize);
- delete[] ciphertext;
- delete[] tokenBuffer;
- delete[] iv;
-
- return ba;
-}
-
-void EncryptHelper::releaseResources()
-{
- if (m_BIO) {
- BIO_free(m_BIO);
- m_BIO = nullptr;
- }
-
- if (m_RSA) {
- RSA_free(m_RSA);
- m_RSA = nullptr;
- }
-
- if (m_ecKey) {
- EC_KEY_free(m_ecKey);
- m_ecKey = nullptr;
- }
-}
diff --git a/src/libdde-auth/encrypt_helper.h b/src/libdde-auth/encrypt_helper.h
deleted file mode 100644
index 513c399..0000000
--- a/src/libdde-auth/encrypt_helper.h
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
-* Copyright (C) 2021 ~ 2021 Uniontech Software Technology Co.,Ltd.
-*
-* Author: Yin Jie <yinjie@uniontech.com>
-*
-* Maintainer: Yin Jie <yinjie@uniontech.com>
-*
-* This program is free software: you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation, either version 3 of the License, or
-* any later version.
-*
-* This program is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#pragma once
-
-#include <QObject>
-#include <QString>
-
-#include <openssl/aes.h>
-#include <openssl/rsa.h>
-#include <openssl/pem.h>
-#ifdef __cplusplus
-extern "C" {
-#endif
-#include <openssl/sm2.h>
-#include <openssl/sm4.h>
-#ifdef __cplusplus
-}
-#endif
-#include <types/arrayint.h>
-
-#include <DSingleton>
-
-class EncryptHelper : public Dtk::Core::DSingleton<EncryptHelper>
-{
- friend class Dtk::Core::DSingleton<EncryptHelper>;
-
-public:
- enum EncryptType {
- ET_RSA = 0,
- ET_SM2
- };
-
- void setEncryption(const int type, ArrayInt method = {1});
- QByteArray encryptSymmetricalKey();
- QByteArray getEncryptedToken(const QString &token);
- int encryptType() const { return m_encryptType; }
- ArrayInt encryptMethod() const { return m_encryptMethod; }
- void setPublicKey(const QString &publicKey) { m_publicKey = publicKey; }
- void initEncryptionService();
- void releaseResources();
-
-private:
- EncryptHelper();
- ~EncryptHelper();
-
- QByteArray RSAEncryptSymmetricalKey();
- QByteArray SM2EncryptSymmetricalKey();
-
-private:
- BIO *m_BIO;
- RSA *m_RSA;
- EC_KEY *m_ecKey;
- int m_encryptType;
- QString m_symmetricKey;
- QString m_publicKey;
- ArrayInt m_encryptMethod;
-};
diff --git a/src/lightdm-deepin-greeter/greeter_display_wayland.cpp b/src/lightdm-deepin-greeter/greeter_display_wayland.cpp
index 64cf536..d75e23b 100644
--- a/src/lightdm-deepin-greeter/greeter_display_wayland.cpp
+++ b/src/lightdm-deepin-greeter/greeter_display_wayland.cpp
@@ -144,7 +144,7 @@ void GreeterDisplayWayland::setupRegistry(Registry *registry)
Q_EMIT setOutputFinished();
});
}
- }
+ }
});
connect(registry, &Registry::outputDeviceAnnounced, this, [ this, registry ](quint32 name, quint32 version) {
@@ -550,7 +550,7 @@ QString GreeterDisplayWayland::getOutputDeviceName(const QString& model, const Q
// Ф┴╬Е┬╟Г╛╛Д╦─Д╦╙Г╨╞Ф∙╟Е╜≈И┐╗Е┬├
for (int i = 0; i < nameList.size(); ++i) {
bool ok = false;
- nameList[i].toInt(&ok, 10);
+ int num = nameList[i].toInt(&ok, 10);
if (ok && i >= 1) {
// name Ф≤╞Ф∙╟Е╜≈
// Ф╞■Е╕┌ model Д╦╨ HDMI-A-2-VA2430-H-3/W72211325199
diff --git a/src/lightdm-deepin-greeter/greeterworker.cpp b/src/lightdm-deepin-greeter/greeterworker.cpp
index c7e088b..fac2824 100644
--- a/src/lightdm-deepin-greeter/greeterworker.cpp
+++ b/src/lightdm-deepin-greeter/greeterworker.cpp
@@ -491,7 +491,7 @@ void GreeterWorker::destoryAuthentication(const QString &account)
qDebug() << "GreeterWorker::destoryAuthentication:" << account;
switch (m_model->getAuthProperty().FrameworkState) {
case Available:
- m_authFramework->DestroyAuthController(account);
+ m_authFramework->DestoryAuthController(account);
break;
default:
break;
diff --git a/tests/dde-lock/CMakeLists.txt b/tests/dde-lock/CMakeLists.txt
index 59abe1d..f8ccfa7 100644
--- a/tests/dde-lock/CMakeLists.txt
+++ b/tests/dde-lock/CMakeLists.txt
@@ -2,9 +2,6 @@ set(BIN_NAME dde-lock-test)
aux_source_directory(. LOCK_TEST)
-# Д╪≤Е┘┬Д╫©Г■╗Е⌡╫Е╞├
-add_definitions(-DPREFER_USING_GM)
-
set(LOCK_TEST_SRCS
${LOCK_TEST}
${authority_DBUS_SCRS}
@@ -61,5 +58,4 @@ target_link_libraries(${BIN_NAME} PRIVATE
KF5::WaylandClient
-lpthread
-lm
- -lcrypto
)
diff --git a/tests/dde-lock/ut_deepinauthframework.cpp b/tests/dde-lock/ut_deepinauthframework.cpp
index e37df3c..3503825 100644
--- a/tests/dde-lock/ut_deepinauthframework.cpp
+++ b/tests/dde-lock/ut_deepinauthframework.cpp
@@ -26,7 +26,7 @@ TEST_F(UT_DeepinAuthFramework, PAMTest)
{
// m_authFramework->CreateAuthenticate("uos");
// m_authFramework->SendToken("123");
-// m_authFramework->DestroyAuthenticate();
+// m_authFramework->DestoryAuthenticate();
}
TEST_F(UT_DeepinAuthFramework, DATest)
@@ -42,7 +42,7 @@ TEST_F(UT_DeepinAuthFramework, DATest)
// m_authFramework->StartAuthentication(UserName, 19, -1);
// m_authFramework->SendTokenToAuth(UserName, 1, "123");
// m_authFramework->EndAuthentication(UserName, 19);
-// m_authFramework->DestroyAuthController(UserName);
+// m_authFramework->DestoryAuthController(UserName);
// m_authFramework->GetFuzzyMFA(UserName);
// m_authFramework->GetMFAFlag(UserName);
diff --git a/tests/lightdm-deepin-greeter/CMakeLists.txt b/tests/lightdm-deepin-greeter/CMakeLists.txt
index 5b19ef6..3bebc81 100644
--- a/tests/lightdm-deepin-greeter/CMakeLists.txt
+++ b/tests/lightdm-deepin-greeter/CMakeLists.txt
@@ -2,9 +2,6 @@ set(BIN_NAME lightdm-deepin-greeter-test)
aux_source_directory(. GREETER_TEST)
-# Д╪≤Е┘┬Д╫©Г■╗Е⌡╫Е╞├
-add_definitions(-DPREFER_USING_GM)
-
set(GREETER_TEST_SRCS
${GREETER_TEST}
${authority_DBUS_SCRS}
@@ -72,5 +69,4 @@ target_link_libraries(${BIN_NAME} PRIVATE
KF5::WaylandClient
-lpthread
-lm
- -lcrypto
)
--
libgit2 1.3.0