refactor: improve credential transmission security

The changes refactor the credential transmission logic for disk
encryption/decryption operations to use a common helper function.
Previously each operation (re-encryption and decryption) had duplicate
pipe creation and credential serialization code. Now this logic is
centralized in sendCredentialsViaFd() which handles:
1. Pipe creation for secure credentials transfer
2. Credentials serialization using QDataStream
3. FD creation and cleanup
4. Synchronous/asynchronous D-Bus calls

Benefits include:
1. Reduced code duplication
2. More consistent error handling
3. Improved log messages with method context
4. Proper pipe cleanup in all cases
5. Better separation of concerns

Log:
Improved security message when transmitting encryption credentials

Influence:
1. Verify disk encryption still works with valid credentials
2. Test with invalid credentials to check error handling
3. Verify decryption works for encrypted devices
4. Check logs for credential transmission errors
5. Test cancellation during credential transmission

refactor: 改进凭据传输安全性

该提交重构了磁盘加密/解密操作的凭据传输逻辑，改用通用辅助函数。之前每个
操作（重新加密和解密）都有重复的管道创建和凭据序列化代码。现在这些逻辑集
中在sendCredentialsViaFd()中，处理：
1. 用于安全凭据传输的管道创建
2. 使用QDataStream进行凭据序列化
3. 文件描述符创建和清理
4. 同步/异步D-Bus调用

优点包括：
1. 减少代码重复
2. 更一致的错误处理
3. 改进的带方法上下文的日志消息
4. 所有情况下正确的管道清理
5. 更好的关注点分离

Log:
改进传输加密凭据时的安全消息显示

Influence:
1. 验证使用有效凭据时磁盘加密仍能工作
2. 使用无效凭据测试错误处理
3. 验证对加密设备的解密功能
4. 检查凭据传输错误的日志
5. 测试凭据传输期间的取消操作

Author: Johnson-zs

src/plugins/filemanager/dfmplugin-disk-encrypt-entry/menu/diskencryptmenuscene.cpp

@@ -398,51 +398,24 @@ void DiskEncryptMenuScene::doReencryptDevice(const DeviceEncryptParam &param)
                          kDaemonBusPath,
                          kDaemonBusIface,
                          QDBusConnection::systemBus());
-    if (iface.isValid()) {
-        // Create anonymous pipe for secure credential transmission
-        int pipefd[2];
-        if (pipe(pipefd) == -1) {
-            fmCritical() << "Failed to create anonymous pipe for credentials";
-            return;
-        }
-
-        // Prepare credentials data using QDataStream for reliable serialization
-        QByteArray credentials;
-        QDataStream stream(&credentials, QIODevice::WriteOnly);
-        QVariantMap params {
-            { encrypt_param_keys::kKeyDevice, param.devDesc },
-            { encrypt_param_keys::kKeyPassphrase, toBase64(param.key) },
-            { encrypt_param_keys::kKeyExportToPath, param.exportPath },
-        };
-        if (!tpmToken.isEmpty()) params.insert(encrypt_param_keys::kKeyTPMToken, tpmToken);
-        stream << params;
-
-        // Write credentials to pipe and close write end immediately
-        ssize_t written = write(pipefd[1], credentials.constData(), credentials.size());
-        close(pipefd[1]);   // Close write end immediately after writing
-
-        if (written != credentials.size()) {
-            fmCritical() << "Failed to write credentials to pipe, written:" << written << "expected:" << credentials.size();
-            close(pipefd[0]);
-            return;
-        }
+    if (!iface.isValid()) {
+        fmCritical() << "Failed to create D-Bus interface for re-encryption";
+        return;
+    }
 
-        // Create file descriptor for D-Bus transmission
-        QDBusUnixFileDescriptor fd(pipefd[0]);
-        if (!fd.isValid()) {
-            fmCritical() << "Failed to create valid file descriptor from pipe";
-            close(pipefd[0]);
-            return;
-        }
+    // Prepare credentials data
+    QVariantMap params {
+        { encrypt_param_keys::kKeyDevice, param.devDesc },
+        { encrypt_param_keys::kKeyPassphrase, toBase64(param.key) },
+        { encrypt_param_keys::kKeyExportToPath, param.exportPath },
+    };
+    if (!tpmToken.isEmpty())
+        params.insert(encrypt_param_keys::kKeyTPMToken, tpmToken);
 
-        fmDebug() << "Starting device re-encryption via fd";
-        iface.asyncCall("SetupAuthArgs", QVariant::fromValue(fd));
+    // Send credentials via fd
+    fmDebug() << "Starting device re-encryption via fd";
+    if (sendCredentialsViaFd(iface, "SetupAuthArgs", params, true)) {
         QApplication::setOverrideCursor(Qt::WaitCursor);
-
-        // Close read end (D-Bus service will have its own copy)
-        close(pipefd[0]);
-    } else {
-        fmCritical() << "Failed to create D-Bus interface for re-encryption";
     }
 }
 
@@ -452,57 +425,26 @@ void DiskEncryptMenuScene::doDecryptDevice(const DeviceEncryptParam &param)
                          kDaemonBusPath,
                          kDaemonBusIface,
                          QDBusConnection::systemBus());
-    if (iface.isValid()) {
-        // Create anonymous pipe for secure credential transmission
-        int pipefd[2];
-        if (pipe(pipefd) == -1) {
-            fmCritical() << "Failed to create anonymous pipe for credentials";
-            return;
-        }
-
-        // Prepare credentials data using QDataStream for reliable serialization
-        QByteArray credentials;
-        QDataStream stream(&credentials, QIODevice::WriteOnly);
-        QVariantMap params {
-            { encrypt_param_keys::kKeyJobType, param.jobType },
-            { encrypt_param_keys::kKeyDevice, param.devDesc },
-            { encrypt_param_keys::kKeyDeviceName, param.deviceDisplayName },
-            { encrypt_param_keys::kKeyPassphrase, toBase64(param.key) }
-        };
-        stream << params;
-
-        // Write credentials to pipe and close write end immediately
-        ssize_t written = write(pipefd[1], credentials.constData(), credentials.size());
-        close(pipefd[1]);   // Close write end immediately after writing
-
-        if (written != credentials.size()) {
-            fmCritical() << "Failed to write credentials to pipe, written:" << written << "expected:" << credentials.size();
-            close(pipefd[0]);
-            return;
-        }
-
-        // Create file descriptor for D-Bus transmission
-        QDBusUnixFileDescriptor fd(pipefd[0]);
-        if (!fd.isValid()) {
-            fmCritical() << "Failed to create valid file descriptor from pipe";
-            close(pipefd[0]);
-            return;
-        }
-
-        fmDebug() << "Calling Decryption D-Bus method via fd";
-        QDBusReply<bool> ret = iface.call("Decryption", QVariant::fromValue(fd));
-        if (ret.value()) {
-            QApplication::setOverrideCursor(Qt::WaitCursor);
-        } else {
-            fmCritical() << "Decryption failed to start";
-        }
+    if (!iface.isValid()) {
+        fmCritical() << "Failed to create D-Bus interface for decryption";
+        return;
+    }
 
-        // Close read end (D-Bus service will have its own copy)
-        close(pipefd[0]);
+    // Prepare credentials data
+    QVariantMap params {
+        { encrypt_param_keys::kKeyJobType, param.jobType },
+        { encrypt_param_keys::kKeyDevice, param.devDesc },
+        { encrypt_param_keys::kKeyDeviceName, param.deviceDisplayName },
+        { encrypt_param_keys::kKeyPassphrase, toBase64(param.key) }
+    };
 
+    // Send credentials via fd
+    fmDebug() << "Calling Decryption D-Bus method via fd";
+    if (sendCredentialsViaFd(iface, "Decryption", params, false)) {
+        QApplication::setOverrideCursor(Qt::WaitCursor);
         EventsHandler::instance()->autoStartDFM();
     } else {
-        fmCritical() << "Failed to create D-Bus interface for decryption";
+        fmCritical() << "Decryption failed to start";
     }
 }
 
@@ -658,6 +600,54 @@ QString DiskEncryptMenuScene::getBase64Of(const QString &fileName)
     return QString(contents.toBase64());
 }
 
+bool DiskEncryptMenuScene::sendCredentialsViaFd(QDBusInterface &iface, const QString &method,
+                                                  const QVariantMap &params, bool asyncCall)
+{
+    // Create anonymous pipe for secure credential transmission
+    int pipefd[2];
+    if (pipe(pipefd) == -1) {
+        fmCritical() << "[sendCredentialsViaFd] Failed to create anonymous pipe for credentials";
+        return false;
+    }
+
+    // Prepare credentials data using QDataStream for reliable serialization
+    QByteArray credentials;
+    QDataStream stream(&credentials, QIODevice::WriteOnly);
+    stream << params;
+
+    // Write credentials to pipe and close write end immediately
+    ssize_t written = write(pipefd[1], credentials.constData(), credentials.size());
+    close(pipefd[1]);   // Close write end immediately after writing
+
+    if (written != credentials.size()) {
+        fmCritical() << "[sendCredentialsViaFd] Failed to write credentials to pipe, written:" << written << "expected:" << credentials.size();
+        close(pipefd[0]);
+        return false;
+    }
+
+    // Create file descriptor for D-Bus transmission
+    QDBusUnixFileDescriptor fd(pipefd[0]);
+    if (!fd.isValid()) {
+        fmCritical() << "[sendCredentialsViaFd] Failed to create valid file descriptor from pipe";
+        close(pipefd[0]);
+        return false;
+    }
+
+    // Call D-Bus method with file descriptor
+    fmDebug() << "[sendCredentialsViaFd] Calling D-Bus method:" << method << "via fd";
+    if (asyncCall) {
+        iface.asyncCall(method, QVariant::fromValue(fd));
+    } else {
+        QDBusReply<bool> reply = iface.call(method, QVariant::fromValue(fd));
+        close(pipefd[0]);
+        return reply.value();
+    }
+
+    // Close read end (D-Bus service will have its own copy)
+    close(pipefd[0]);
+    return true;
+}
+
 void DiskEncryptMenuScene::onUnlocked(bool ok, dfmmount::OperationErrorInfo info, QString clearDev)
 {
     QApplication::restoreOverrideCursor();

src/plugins/filemanager/dfmplugin-disk-encrypt-entry/menu/diskencryptmenuscene.h

@@ -13,6 +13,7 @@
 #include <dfm-mount/dmount.h>
 
 #include <QUrl>
+#include <QDBusInterface>
 
 class QAction;
 
@@ -60,6 +61,10 @@ class DiskEncryptMenuScene : public dfmbase::AbstractMenuScene
     static QString generateTPMToken(const QString &device, bool pin);
     static QString getBase64Of(const QString &fileName);
 
+    // Send credentials via file descriptor for secure D-Bus transmission
+    static bool sendCredentialsViaFd(QDBusInterface &iface, const QString &method,
+                                     const QVariantMap &params, bool asyncCall = false);
+
     static void onUnlocked(bool ok, dfmmount::OperationErrorInfo, QString);
     static void onMounted(bool ok, dfmmount::OperationErrorInfo, QString);