SM2 user ID length checks

peterdettman · peterdettman · commit bfb80aed98e2 · 2025-10-30T14:00:43.000+07:00
diff --git a/core/src/main/java/org/bouncycastle/crypto/agreement/SM2KeyExchange.java b/core/src/main/java/org/bouncycastle/crypto/agreement/SM2KeyExchange.java
@@ -53,6 +53,12 @@ public void init(
         {
             baseParam = (SM2KeyExchangePrivateParameters)((ParametersWithID)privParam).getParameters();
             userID = ((ParametersWithID)privParam).getID();
+
+            if (userID.length >= 8192)
+            {
+                // The length in bits must be expressible in two bytes
+                throw new IllegalArgumentException("SM2 user ID must be less than 2^16 bits long");
+            }
         }
         else
         {
@@ -276,6 +282,7 @@ private byte[] getZ(Digest digest, byte[] userID, ECPoint pubPoint)
     private void addUserID(Digest digest, byte[] userID)
     {
         int len = userID.length * 8;
+//        assert len >>> 16 == 0;
 
         digest.update((byte)(len >>> 8));
         digest.update((byte)len);
diff --git a/core/src/main/java/org/bouncycastle/crypto/signers/SM2Signer.java b/core/src/main/java/org/bouncycastle/crypto/signers/SM2Signer.java
@@ -81,7 +81,8 @@ public void init(boolean forSigning, CipherParameters param)
 
             if (userID.length >= 8192)
             {
-                throw new IllegalArgumentException("SM2 user ID must be less than 2^13 bits long");
+                // The length in bits must be expressible in two bytes
+                throw new IllegalArgumentException("SM2 user ID must be less than 2^16 bits long");
             }
         }
         else
@@ -323,6 +324,8 @@ private byte[] getZ(byte[] userID)
     private void addUserID(Digest digest, byte[] userID)
     {
         int len = userID.length * 8;
+//        assert len >>> 16 == 0;
+
         digest.update((byte)(len >>> 8));
         digest.update((byte)len);
         digest.update(userID, 0, userID.length);

Original file line number	Diff line number	Diff line change
`@@ -53,6 +53,12 @@ public void init(`
`53`	`53`	`{`
`54`	`54`	`baseParam = (SM2KeyExchangePrivateParameters)((ParametersWithID)privParam).getParameters();`
`55`	`55`	`userID = ((ParametersWithID)privParam).getID();`
	`56`	`+`
	`57`	`+ if (userID.length >= 8192)`
	`58`	`+ {`
	`59`	`+ // The length in bits must be expressible in two bytes`
	`60`	`+ throw new IllegalArgumentException("SM2 user ID must be less than 2^16 bits long");`
	`61`	`+ }`
`56`	`62`	`}`
`57`	`63`	`else`
`58`	`64`	`{`
`@@ -276,6 +282,7 @@ private byte[] getZ(Digest digest, byte[] userID, ECPoint pubPoint)`
`276`	`282`	`private void addUserID(Digest digest, byte[] userID)`
`277`	`283`	`{`
`278`	`284`	`int len = userID.length * 8;`
	`285`	`+// assert len >>> 16 == 0;`
`279`	`286`
`280`	`287`	`digest.update((byte)(len >>> 8));`
`281`	`288`	`digest.update((byte)len);`
Original file line number	Diff line number	Diff line change
`@@ -81,7 +81,8 @@ public void init(boolean forSigning, CipherParameters param)`
`81`	`81`
`82`	`82`	`if (userID.length >= 8192)`
`83`	`83`	`{`
`84`		`- throw new IllegalArgumentException("SM2 user ID must be less than 2^13 bits long");`
	`84`	`+ // The length in bits must be expressible in two bytes`
	`85`	`+ throw new IllegalArgumentException("SM2 user ID must be less than 2^16 bits long");`
`85`	`86`	`}`
`86`	`87`	`}`
`87`	`88`	`else`
`@@ -323,6 +324,8 @@ private byte[] getZ(byte[] userID)`
`323`	`324`	`private void addUserID(Digest digest, byte[] userID)`
`324`	`325`	`{`
`325`	`326`	`int len = userID.length * 8;`
	`327`	`+// assert len >>> 16 == 0;`
	`328`	`+`
`326`	`329`	`digest.update((byte)(len >>> 8));`
`327`	`330`	`digest.update((byte)len);`
`328`	`331`	`digest.update(userID, 0, userID.length);`