SM2 user ID length checks

peterdettman · peterdettman · commit 49eb0d5f3f02 · 2025-10-30T14:33:07.000+07:00
diff --git a/core/src/main/java/org/bouncycastle/crypto/agreement/SM2KeyExchange.java b/core/src/main/java/org/bouncycastle/crypto/agreement/SM2KeyExchange.java
@@ -52,13 +52,7 @@ public void init(
         if (privParam instanceof ParametersWithID)
         {
             baseParam = (SM2KeyExchangePrivateParameters)((ParametersWithID)privParam).getParameters();
-            userID = ((ParametersWithID)privParam).getID();
-
-            if (userID.length >= 8192)
-            {
-                // The length in bits must be expressible in two bytes
-                throw new IllegalArgumentException("SM2 user ID must be less than 2^16 bits long");
-            }
+            userID = checkUserID(((ParametersWithID)privParam).getID());
         }
         else
         {
@@ -86,7 +80,7 @@ public byte[] calculateKey(int kLen, CipherParameters pubParam)
         if (pubParam instanceof ParametersWithID)
         {
             otherPub = (SM2KeyExchangePublicParameters)((ParametersWithID)pubParam).getParameters();
-            otherUserID = ((ParametersWithID)pubParam).getID();
+            otherUserID = checkUserID(((ParametersWithID)pubParam).getID());
         }
         else
         {
@@ -120,7 +114,7 @@ public byte[][] calculateKeyWithConfirmation(int kLen, byte[] confirmationTag, C
         if (pubParam instanceof ParametersWithID)
         {
             otherPub = (SM2KeyExchangePublicParameters)((ParametersWithID)pubParam).getParameters();
-            otherUserID = ((ParametersWithID)pubParam).getID();
+            otherUserID = checkUserID(((ParametersWithID)pubParam).getID());
         }
         else
         {
@@ -301,4 +295,15 @@ private byte[] digestDoFinal()
         digest.doFinal(result, 0);
         return result;
     }
+
+    private static byte[] checkUserID(byte[] userID)
+    {
+        // The length in bits must be expressible in two bytes
+        if (userID.length >= 8192)
+        {
+            throw new IllegalArgumentException("SM2 user ID must be less than 2^16 bits long");
+        }
+
+        return userID;
+    }
 }
diff --git a/core/src/main/java/org/bouncycastle/crypto/signers/SM2Signer.java b/core/src/main/java/org/bouncycastle/crypto/signers/SM2Signer.java
@@ -79,9 +79,9 @@ public void init(boolean forSigning, CipherParameters param)
             baseParam = ((ParametersWithID)param).getParameters();
             userID = ((ParametersWithID)param).getID();
 
+            // The length in bits must be expressible in two bytes
             if (userID.length >= 8192)
             {
-                // The length in bits must be expressible in two bytes
                 throw new IllegalArgumentException("SM2 user ID must be less than 2^16 bits long");
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -52,13 +52,7 @@ public void init(`
`52`	`52`	`if (privParam instanceof ParametersWithID)`
`53`	`53`	`{`
`54`	`54`	`baseParam = (SM2KeyExchangePrivateParameters)((ParametersWithID)privParam).getParameters();`
`55`		`- userID = ((ParametersWithID)privParam).getID();`
`56`		`-`
`57`		`- if (userID.length >= 8192)`
`58`		`- {`
`59`		`- // The length in bits must be expressible in two bytes`
`60`		`- throw new IllegalArgumentException("SM2 user ID must be less than 2^16 bits long");`
`61`		`- }`
	`55`	`+ userID = checkUserID(((ParametersWithID)privParam).getID());`
`62`	`56`	`}`
`63`	`57`	`else`
`64`	`58`	`{`
`@@ -86,7 +80,7 @@ public byte[] calculateKey(int kLen, CipherParameters pubParam)`
`86`	`80`	`if (pubParam instanceof ParametersWithID)`
`87`	`81`	`{`
`88`	`82`	`otherPub = (SM2KeyExchangePublicParameters)((ParametersWithID)pubParam).getParameters();`
`89`		`- otherUserID = ((ParametersWithID)pubParam).getID();`
	`83`	`+ otherUserID = checkUserID(((ParametersWithID)pubParam).getID());`
`90`	`84`	`}`
`91`	`85`	`else`
`92`	`86`	`{`
`@@ -120,7 +114,7 @@ public byte[][] calculateKeyWithConfirmation(int kLen, byte[] confirmationTag, C`
`120`	`114`	`if (pubParam instanceof ParametersWithID)`
`121`	`115`	`{`
`122`	`116`	`otherPub = (SM2KeyExchangePublicParameters)((ParametersWithID)pubParam).getParameters();`
`123`		`- otherUserID = ((ParametersWithID)pubParam).getID();`
	`117`	`+ otherUserID = checkUserID(((ParametersWithID)pubParam).getID());`
`124`	`118`	`}`
`125`	`119`	`else`
`126`	`120`	`{`
`@@ -301,4 +295,15 @@ private byte[] digestDoFinal()`
`301`	`295`	`digest.doFinal(result, 0);`
`302`	`296`	`return result;`
`303`	`297`	`}`
	`298`	`+`
	`299`	`+ private static byte[] checkUserID(byte[] userID)`
	`300`	`+ {`
	`301`	`+ // The length in bits must be expressible in two bytes`
	`302`	`+ if (userID.length >= 8192)`
	`303`	`+ {`
	`304`	`+ throw new IllegalArgumentException("SM2 user ID must be less than 2^16 bits long");`
	`305`	`+ }`
	`306`	`+`
	`307`	`+ return userID;`
	`308`	`+ }`
`304`	`309`	`}`
Original file line number	Diff line number	Diff line change
`@@ -79,9 +79,9 @@ public void init(boolean forSigning, CipherParameters param)`
`79`	`79`	`baseParam = ((ParametersWithID)param).getParameters();`
`80`	`80`	`userID = ((ParametersWithID)param).getID();`
`81`	`81`
	`82`	`+ // The length in bits must be expressible in two bytes`
`82`	`83`	`if (userID.length >= 8192)`
`83`	`84`	`{`
`84`		`- // The length in bits must be expressible in two bytes`
`85`	`85`	`throw new IllegalArgumentException("SM2 user ID must be less than 2^16 bits long");`
`86`	`86`	`}`
`87`	`87`	`}`