SM2 user ID length checks

peterdettman · peterdettman · commit 759ddffb3dfa · 2025-10-30T15:08:07.000+07:00
diff --git a/crypto/src/crypto/agreement/SM2KeyExchange.cs b/crypto/src/crypto/agreement/SM2KeyExchange.cs
@@ -1,4 +1,5 @@
 ﻿using System;
+using System.Diagnostics;
 
 using Org.BouncyCastle.Crypto.Digests;
 using Org.BouncyCastle.Crypto.Parameters;
@@ -40,15 +41,15 @@ public virtual void Init(ICipherParameters privParam)
         {
             SM2KeyExchangePrivateParameters baseParam;
 
-            if (privParam is ParametersWithID)
+            if (privParam is ParametersWithID withID)
             {
-                baseParam = (SM2KeyExchangePrivateParameters)((ParametersWithID)privParam).Parameters;
-                mUserID = ((ParametersWithID)privParam).GetID();
+                baseParam = (SM2KeyExchangePrivateParameters)withID.Parameters;
+                mUserID = CheckUserID(withID.GetID());
             }
             else
             {
                 baseParam = (SM2KeyExchangePrivateParameters)privParam;
-                mUserID = new byte[0];
+                mUserID = Array.Empty<byte>();
             }
 
             mInitiator = baseParam.IsInitiator;
@@ -65,15 +66,15 @@ public virtual byte[] CalculateKey(int kLen, ICipherParameters pubParam)
             SM2KeyExchangePublicParameters otherPub;
             byte[] otherUserID;
 
-            if (pubParam is ParametersWithID)
+            if (pubParam is ParametersWithID withID)
             {
-                otherPub = (SM2KeyExchangePublicParameters)((ParametersWithID)pubParam).Parameters;
-                otherUserID = ((ParametersWithID)pubParam).GetID();
+                otherPub = (SM2KeyExchangePublicParameters)withID.Parameters;
+                otherUserID = CheckUserID(withID.GetID());
             }
             else
             {
                 otherPub = (SM2KeyExchangePublicParameters)pubParam;
-                otherUserID = new byte[0];
+                otherUserID = Array.Empty<byte>();
             }
 
             byte[] za = GetZ(mDigest, mUserID, mStaticPubPoint);
@@ -99,15 +100,15 @@ public virtual byte[][] CalculateKeyWithConfirmation(int kLen, byte[] confirmati
             SM2KeyExchangePublicParameters otherPub;
             byte[] otherUserID;
 
-            if (pubParam is ParametersWithID)
+            if (pubParam is ParametersWithID withID)
             {
-                otherPub = (SM2KeyExchangePublicParameters)((ParametersWithID)pubParam).Parameters;
-                otherUserID = ((ParametersWithID)pubParam).GetID();
+                otherPub = (SM2KeyExchangePublicParameters)withID.Parameters;
+                otherUserID = CheckUserID(withID.GetID());
             }
             else
             {
                 otherPub = (SM2KeyExchangePublicParameters)pubParam;
-                otherUserID = new byte[0];
+                otherUserID = Array.Empty<byte>();
             }
 
             if (mInitiator && confirmationTag == null)
@@ -256,19 +257,29 @@ private byte[] GetZ(IDigest digest, byte[] userID, ECPoint pubPoint)
             return DigestUtilities.DoFinal(digest);
         }
 
-        private void AddUserID(IDigest digest, byte[] userID)
+        private static void AddUserID(IDigest digest, byte[] userID)
         {
             uint len = (uint)(userID.Length * 8);
+            Debug.Assert(len >> 16 == 0);
 
             digest.Update((byte)(len >> 8));
             digest.Update((byte)len);
             digest.BlockUpdate(userID, 0, userID.Length);
         }
 
-        private void AddFieldElement(IDigest digest, ECFieldElement v)
+        private static void AddFieldElement(IDigest digest, ECFieldElement v)
         {
             byte[] p = v.GetEncoded();
             digest.BlockUpdate(p, 0, p.Length);
         }
+
+        private static byte[] CheckUserID(byte[] userID)
+        {
+            // The length in bits must be expressible in two bytes
+            if (userID.Length >= 8192)
+                throw new ArgumentException("SM2 user ID must be less than 2^16 bits long");
+
+            return userID;
+        }
     }
 }
diff --git a/crypto/src/crypto/signers/SM2Signer.cs b/crypto/src/crypto/signers/SM2Signer.cs
@@ -1,4 +1,5 @@
 ﻿using System;
+using System.Diagnostics;
 
 using Org.BouncyCastle.Crypto.Digests;
 using Org.BouncyCastle.Crypto.Parameters;
@@ -65,8 +66,9 @@ public virtual void Init(bool forSigning, ICipherParameters parameters)
                 baseParam = withID.Parameters;
                 userID = withID.GetID();
 
+                // The length in bits must be expressible in two bytes
                 if (userID.Length >= 8192)
-                    throw new ArgumentException("SM2 user ID must be less than 2^13 bits long");
+                    throw new ArgumentException("SM2 user ID must be less than 2^16 bits long");
             }
             else
             {
@@ -287,15 +289,17 @@ private byte[] GetZ(byte[] userID)
             return DigestUtilities.DoFinal(digest);
         }
 
-        private void AddUserID(IDigest digest, byte[] userID)
+        private static void AddUserID(IDigest digest, byte[] userID)
         {
-            int len = userID.Length * 8;
+            uint len = (uint)(userID.Length * 8);
+            Debug.Assert(len >> 16 == 0);
+
             digest.Update((byte)(len >> 8));
             digest.Update((byte)len);
             digest.BlockUpdate(userID, 0, userID.Length);
         }
 
-        private void AddFieldElement(IDigest digest, ECFieldElement v)
+        private static void AddFieldElement(IDigest digest, ECFieldElement v)
         {
             byte[] p = v.GetEncoded();
             digest.BlockUpdate(p, 0, p.Length);

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`using System;`
	`2`	`+using System.Diagnostics;`
`2`	`3`
`3`	`4`	`using Org.BouncyCastle.Crypto.Digests;`
`4`	`5`	`using Org.BouncyCastle.Crypto.Parameters;`
`@@ -40,15 +41,15 @@ public virtual void Init(ICipherParameters privParam)`
`40`	`41`	`{`
`41`	`42`	`SM2KeyExchangePrivateParameters baseParam;`
`42`	`43`
`43`		`- if (privParam is ParametersWithID)`
	`44`	`+ if (privParam is ParametersWithID withID)`
`44`	`45`	`{`
`45`		`- baseParam = (SM2KeyExchangePrivateParameters)((ParametersWithID)privParam).Parameters;`
`46`		`- mUserID = ((ParametersWithID)privParam).GetID();`
	`46`	`+ baseParam = (SM2KeyExchangePrivateParameters)withID.Parameters;`
	`47`	`+ mUserID = CheckUserID(withID.GetID());`
`47`	`48`	`}`
`48`	`49`	`else`
`49`	`50`	`{`
`50`	`51`	`baseParam = (SM2KeyExchangePrivateParameters)privParam;`
`51`		`- mUserID = new byte[0];`
	`52`	`+ mUserID = Array.Empty<byte>();`
`52`	`53`	`}`
`53`	`54`
`54`	`55`	`mInitiator = baseParam.IsInitiator;`
`@@ -65,15 +66,15 @@ public virtual byte[] CalculateKey(int kLen, ICipherParameters pubParam)`
`65`	`66`	`SM2KeyExchangePublicParameters otherPub;`
`66`	`67`	`byte[] otherUserID;`
`67`	`68`
`68`		`- if (pubParam is ParametersWithID)`
	`69`	`+ if (pubParam is ParametersWithID withID)`
`69`	`70`	`{`
`70`		`- otherPub = (SM2KeyExchangePublicParameters)((ParametersWithID)pubParam).Parameters;`
`71`		`- otherUserID = ((ParametersWithID)pubParam).GetID();`
	`71`	`+ otherPub = (SM2KeyExchangePublicParameters)withID.Parameters;`
	`72`	`+ otherUserID = CheckUserID(withID.GetID());`
`72`	`73`	`}`
`73`	`74`	`else`
`74`	`75`	`{`
`75`	`76`	`otherPub = (SM2KeyExchangePublicParameters)pubParam;`
`76`		`- otherUserID = new byte[0];`
	`77`	`+ otherUserID = Array.Empty<byte>();`
`77`	`78`	`}`
`78`	`79`
`79`	`80`	`byte[] za = GetZ(mDigest, mUserID, mStaticPubPoint);`
`@@ -99,15 +100,15 @@ public virtual byte[][] CalculateKeyWithConfirmation(int kLen, byte[] confirmati`
`99`	`100`	`SM2KeyExchangePublicParameters otherPub;`
`100`	`101`	`byte[] otherUserID;`
`101`	`102`
`102`		`- if (pubParam is ParametersWithID)`
	`103`	`+ if (pubParam is ParametersWithID withID)`
`103`	`104`	`{`
`104`		`- otherPub = (SM2KeyExchangePublicParameters)((ParametersWithID)pubParam).Parameters;`
`105`		`- otherUserID = ((ParametersWithID)pubParam).GetID();`
	`105`	`+ otherPub = (SM2KeyExchangePublicParameters)withID.Parameters;`
	`106`	`+ otherUserID = CheckUserID(withID.GetID());`
`106`	`107`	`}`
`107`	`108`	`else`
`108`	`109`	`{`
`109`	`110`	`otherPub = (SM2KeyExchangePublicParameters)pubParam;`
`110`		`- otherUserID = new byte[0];`
	`111`	`+ otherUserID = Array.Empty<byte>();`
`111`	`112`	`}`
`112`	`113`
`113`	`114`	`if (mInitiator && confirmationTag == null)`
`@@ -256,19 +257,29 @@ private byte[] GetZ(IDigest digest, byte[] userID, ECPoint pubPoint)`
`256`	`257`	`return DigestUtilities.DoFinal(digest);`
`257`	`258`	`}`
`258`	`259`
`259`		`- private void AddUserID(IDigest digest, byte[] userID)`
	`260`	`+ private static void AddUserID(IDigest digest, byte[] userID)`
`260`	`261`	`{`
`261`	`262`	`uint len = (uint)(userID.Length * 8);`
	`263`	`+ Debug.Assert(len >> 16 == 0);`
`262`	`264`
`263`	`265`	`digest.Update((byte)(len >> 8));`
`264`	`266`	`digest.Update((byte)len);`
`265`	`267`	`digest.BlockUpdate(userID, 0, userID.Length);`
`266`	`268`	`}`
`267`	`269`
`268`		`- private void AddFieldElement(IDigest digest, ECFieldElement v)`
	`270`	`+ private static void AddFieldElement(IDigest digest, ECFieldElement v)`
`269`	`271`	`{`
`270`	`272`	`byte[] p = v.GetEncoded();`
`271`	`273`	`digest.BlockUpdate(p, 0, p.Length);`
`272`	`274`	`}`
	`275`	`+`
	`276`	`+ private static byte[] CheckUserID(byte[] userID)`
	`277`	`+ {`
	`278`	`+ // The length in bits must be expressible in two bytes`
	`279`	`+ if (userID.Length >= 8192)`
	`280`	`+ throw new ArgumentException("SM2 user ID must be less than 2^16 bits long");`
	`281`	`+`
	`282`	`+ return userID;`
	`283`	`+ }`
`273`	`284`	`}`
`274`	`285`	`}`