SM2解密时，兼容GmSSL非压缩省略的04头的密文

2025-04-05 17:20:07 +08:00 · 2024-09-05 13:23:47 +08:00 · 2024-09-05 13:23:47 +08:00 · 2b30b8df24
commit 2b30b8df24
parent 1805018bd0
4 changed files with 37 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,12 +2,13 @@
 # 🚀Changelog

 -------------------------------------------------------------------------------------------------------------
-# 5.8.33(2024-09-04)
+# 5.8.33(2024-09-05)

 ### 🐣新特性
 * 【core   】      SyncFinisher增加setExecutorService方法（issue#IANKQ1@Gitee）
 * 【http   】      HttpConfig增加`setUseDefaultContentTypeIfNull`方法（issue#3719@Github）
 * 【core   】      用ArrayList重新实现权重随机类：WeightListRandom（pr#3720@Github）
+* 【crypto 】      SM2解密时，兼容GmSSL非压缩省略的04头的密文（issue#IAP1QJ@Gitee）

 ### 🐞Bug修复
 * 【json   】      修复JSONConfig.setDateFormat设置后toBean无效问题（issue#3713@Github）
--- a/hutool-core/src/test/java/cn/hutool/core/convert/ConvertToBooleanTest.java
+++ b/hutool-core/src/test/java/cn/hutool/core/convert/ConvertToBooleanTest.java
@ -1,8 +1,11 @@
 package cn.hutool.core.convert;

-import static org.junit.jupiter.api.Assertions.*;
+import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;

+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
 public class ConvertToBooleanTest {

 	@Test
@ -15,4 +18,9 @@ public class ConvertToBooleanTest {
 		final Boolean bBoolean = Convert.toBool(b);
 		assertFalse(bBoolean);
 	}
+
+	@Test
+	void toBooleanWithDefaultTest() {
+		Assertions.assertFalse(Convert.toBool("ddddd", false));
+	}
 }
--- a/hutool-crypto/src/main/java/cn/hutool/crypto/asymmetric/SM2.java
+++ b/hutool-crypto/src/main/java/cn/hutool/crypto/asymmetric/SM2.java
@ -1,6 +1,7 @@
 package cn.hutool.crypto.asymmetric;

 import cn.hutool.core.lang.Assert;
+import cn.hutool.core.util.ArrayUtil;
 import cn.hutool.core.util.HexUtil;
 import cn.hutool.crypto.BCUtil;
 import cn.hutool.crypto.CryptoException;
@ -292,6 +293,18 @@ public class SM2 extends AbstractAsymmetricCrypto<SM2> {
 	 * @since 5.1.6
 	 */
 	public byte[] decrypt(byte[] data, CipherParameters privateKeyParameters) throws CryptoException {
+		Assert.isTrue(data.length > 1, "Invalid SM2 cipher text, must be at least 1 byte long");
+		// 检查数据，gmssl等库生成的密文不包含04前缀（非压缩数据标识），此处检查并补充
+		// 参考：https://blog.csdn.net/softt/article/details/139978608
+		// 根据公钥压缩形态不同，密文分为两种压缩形式：
+		// C1( 03 + X ) + C3（32个字节）+ C2
+		// C1( 02 + X ) + C3（32个字节）+ C2
+		// 非压缩公钥正常形态为04 + X  + Y，由于各个算法库差异，04有时候会省略
+		// 非压缩密文正常形态为04 + C1 + C3 + C2
+		if (data[0] != 0x04 && data[0] != 0x02 && data[0] != 0x03) {
+			data = (byte[]) ArrayUtil.insert(data, 0, 0x04);
+		}
+
 		lock.lock();
 		final SM2Engine engine = getEngine();
 		try {
--- a/hutool-crypto/src/test/java/cn/hutool/crypto/asymmetric/SM2Test.java
+++ b/hutool-crypto/src/test/java/cn/hutool/crypto/asymmetric/SM2Test.java
@ -347,4 +347,17 @@ public class SM2Test {
 			sm2.encryptHex(emptyStr, KeyType.PublicKey);
 		});
 	}
+
+	@Test
+	void decryptFromGmSSLTest() {
+		// https://the-x.cn/zh-cn/cryptography/Sm2.aspx
+		// python gmssl加密后的内容无04标识，检查并补充
+		String privateKey = "MHcCAQEEICxTSOhWA4oYj2DI95zunPqHHEKZSi5QFLvWz57BfIGVoAoGCCqBHM9VAYItoUQDQgAEIGRS/PssvgZ8Paw2YeFaW4VXrkgceBELKPWcXmq/p3iMhHxYfcaFAa5AzvPJOmYmVzVwu9QygMMrg/30Ok1npw==";
+		final SM2 sm2 = new SM2(privateKey, null);
+		sm2.setMode(SM2Engine.Mode.C1C2C3);
+
+		String encrypt = "x0KA1DKkmuA/YZdmvMr8X+1ZQb7a19Pr5nSxxe2ItUYpDAioa263tm9u7vST38hAEUoOxxXftD+7bRQ7Y8v1tcFXeheKodetA6LrPIuh0QYZMdBqIKSKdmlGeVE0Vdm3excisbtC";
+		final byte[] decrypt = sm2.decrypt(encrypt, KeyType.PrivateKey);
+		assertEquals("123456", StrUtil.utf8Str(decrypt));
+	}
 }