fix(auth):fix auth decrypt (#669)

gateway/spacegate-lib/src/plugin/auth.rs

@@ -461,6 +461,10 @@ fn success_auth_result_to_req(auth_result: AuthResult, config: &AuthConfig, req:
     let auth_resp: AuthResp = auth_result.into();
     parts.headers.extend(hashmap_header_to_headermap(auth_resp.headers.clone())?);
     if let Some(new_body) = auth_resp.body {
+        parts.headers.insert(
+            header::CONTENT_LENGTH,
+            HeaderValue::from_str(&format!("{}", new_body.as_bytes().len())).map_err(|e| TardisError::format_error(&format!("[SG.Filter.Auth] error parse str :{e}"), ""))?,
+        );
         body = SgBody::full(new_body);
     };
     Ok(Request::from_parts(parts, body))

gateway/spacegate-lib/src/plugin/auth/tests.rs

@@ -340,26 +340,26 @@ async fn test_auth_plugin_crypto() {
 fn crypto_req(body: &str, serv_pub_key: &str, front_pub_key: &str, need_crypto_resp: bool) -> (String, String) {
     let pub_key = TardisFuns::crypto.sm2.new_public_key_from_public_key(serv_pub_key).unwrap();
 
-    let sm4_key = TardisFuns::crypto.key.rand_16_bytes();
-    let sm4_key_hex = TardisFuns::crypto.hex.encode(sm4_key);
-    let sm4_iv = TardisFuns::crypto.key.rand_16_bytes();
-    let sm4_iv_hex = TardisFuns::crypto.hex.encode(sm4_iv);
+    let sm4_key = TardisFuns::crypto.key.rand_16_hex();
+    // let sm4_key_hex = TardisFuns::crypto.hex.encode(sm4_key);
+    let sm4_iv = TardisFuns::crypto.key.rand_16_hex();
+    // let sm4_iv_hex = TardisFuns::crypto.hex.encode(sm4_iv);
 
-    let key = TardisFuns::crypto.hex.decode(sm4_key_hex.clone()).unwrap();
-    let iv = TardisFuns::crypto.hex.decode(sm4_iv_hex.clone()).unwrap();
+    // let key = TardisFuns::crypto.hex.decode(sm4_key_hex.clone()).unwrap();
+    // let iv = TardisFuns::crypto.hex.decode(sm4_iv_hex.clone()).unwrap();
 
-    assert_eq!(key.as_slice(), sm4_key);
-    assert_eq!(iv.as_slice(), sm4_iv);
+    // assert_eq!(key.as_slice(), sm4_key);
+    // assert_eq!(iv.as_slice(), sm4_iv);
 
-    let data = TardisFuns::crypto.sm4.encrypt_cbc(body, sm4_key, sm4_iv).unwrap();
-    assert_eq!(TardisFuns::crypto.sm4.decrypt_cbc(&data, key.as_slice(), iv.as_slice()).unwrap(), body);
+    let data = TardisFuns::crypto.sm4.encrypt_cbc(body, &sm4_key, &sm4_iv).unwrap();
+    assert_eq!(TardisFuns::crypto.sm4.decrypt_cbc(&data, &sm4_key, &sm4_iv).unwrap(), body);
 
     let sign_data = TardisFuns::crypto.digest.sm3(&data).unwrap();
 
     let sm4_encrypt = if need_crypto_resp {
-        pub_key.encrypt(&format!("{sign_data} {sm4_key_hex} {sm4_iv_hex} {front_pub_key}",)).unwrap()
+        pub_key.encrypt(&format!("{sign_data} {sm4_key} {sm4_iv} {front_pub_key}",)).unwrap()
     } else {
-        pub_key.encrypt(&format!("{sign_data} {sm4_key_hex} {sm4_iv_hex}",)).unwrap()
+        pub_key.encrypt(&format!("{sign_data} {sm4_key} {sm4_iv}",)).unwrap()
     };
     let base64_encrypt = TardisFuns::crypto.base64.encode(sm4_encrypt);
     (data, base64_encrypt)

support/auth/src/serv/auth_crypto_serv.rs

@@ -84,8 +84,8 @@ pub async fn decrypt_req(
 
     if input_keys.len() == 4 {
         let input_sm3_digest = input_keys[0];
-        let input_sm4_key = TardisFuns::crypto.hex.decode(input_keys[1])?;
-        let input_sm4_iv = TardisFuns::crypto.hex.decode(input_keys[2])?;
+        let input_sm4_key = input_keys[1];
+        let input_sm4_iv = input_keys[2];
         let input_pub_key = input_keys[3];
 
         if let Some(body) = body.as_ref() {
@@ -113,8 +113,8 @@ pub async fn decrypt_req(
         }
     } else if input_keys.len() == 3 {
         let input_sm3_digest = input_keys[0];
-        let input_sm4_key = TardisFuns::crypto.hex.decode(input_keys[1])?;
-        let input_sm4_iv = TardisFuns::crypto.hex.decode(input_keys[2])?;
+        let input_sm4_key = input_keys[1];
+        let input_sm4_iv = input_keys[2];
         if let Some(body) = body.as_ref() {
             if input_sm3_digest != TardisFuns::crypto.digest.sm3(body)? {
                 trace!(

support/enhance-wasm/Cargo.toml

@@ -22,7 +22,7 @@ lazy_static.workspace = true
 # crypto
 base64 = { version = "0.21" }
 hex = { version = "0.4" }
-libsm = { version = "=0.5.0" }
+libsm = { version = "=0.6.0" }
 num-bigint = { version = "0.4.3" }
 
 # wasm
@@ -33,22 +33,22 @@ wasm-bindgen-futures = { version = "0" }
 serde-wasm-bindgen = { version = "0" }
 js-sys = { version = "0" }
 web-sys = { version = "0", features = [
-    'Headers',
-    'Request',
-    'RequestInit',
-    'RequestCredentials',
-    'RequestMode',
-    'Response',
-    'Window',
-    'console',
-    'BroadcastChannel',
-    'Storage',
+  'Headers',
+  'Request',
+  'RequestInit',
+  'RequestCredentials',
+  'RequestMode',
+  'Response',
+  'Window',
+  'console',
+  'BroadcastChannel',
+  'Storage',
 ] }
 wasm-bindgen-test = { version = "0" }
 
 # see: https://github.com/rust-random/getrandom/issues/231
 # see: https://github.com/rustwasm/wasm-bindgen/pull/3031
-getrandom = { version = "^0.2", features = ["js"]}
+getrandom = { version = "^0.2", features = ["js"] }
 
 # TODO
 rand = { version = "0.8" }

support/enhance-wasm/src/mini_tardis/crypto.rs

@@ -148,7 +148,7 @@ pub mod sm {
             let cipher = Cipher::new(hex_key.as_bytes(), Mode::Cbc)
                 .map_err(|error| TardisError::format_error(&format!("[Tardis.Crypto] SM4 new cipher error:{error}"), "406-tardis-crypto-sm4-cipher-error"))?;
             let encrypted_data = cipher
-                .encrypt(data.as_bytes(), hex_iv.as_bytes())
+                .encrypt("".as_bytes(), data.as_bytes(), hex_iv.as_bytes())
                 .map_err(|error| TardisError::format_error(&format!("[Tardis.Crypto] SM4 encrypt error:{error}"), "406-tardis-crypto-sm4-encrypt-error"))?;
             Ok(hex::encode(encrypted_data))
         }
@@ -158,7 +158,7 @@ pub mod sm {
                 .map_err(|error| TardisError::format_error(&format!("[Tardis.Crypto] SM4 new cipher error:{error}"), "406-tardis-crypto-sm4-cipher-error"))?;
             let encrypted_data = hex::decode(encrypted_data)?;
             let data = cipher
-                .decrypt(encrypted_data.as_slice(), hex_iv.as_bytes())
+                .decrypt("".as_bytes(), encrypted_data.as_slice(), hex_iv.as_bytes())
                 .map_err(|error| TardisError::format_error(&format!("[Tardis.Crypto] SM4 decrypt error:{error}"), "406-tardis-crypto-sm4-decrypt-error"))?;
             Ok(String::from_utf8(data)?)
         }