SM2解密时，兼容GmSSL非压缩省略的04头的密文

2025-07-21 15:09:48 +08:00 · 2024-09-05 13:23:37 +08:00
parent c9cac93337
commit 38911594c8
7 changed files with 146 additions and 21 deletions
--- a/hutool-crypto/src/main/java/org/dromara/hutool/crypto/asymmetric/SM2.java
+++ b/hutool-crypto/src/main/java/org/dromara/hutool/crypto/asymmetric/SM2.java
@@ -31,6 +31,7 @@ import org.bouncycastle.crypto.signers.SM2Signer;
 import org.bouncycastle.crypto.signers.StandardDSAEncoding;
 import org.bouncycastle.util.BigIntegers;
 import org.bouncycastle.util.encoders.Hex;
+import org.dromara.hutool.core.array.ArrayUtil;
 import org.dromara.hutool.core.codec.binary.HexUtil;
 import org.dromara.hutool.core.lang.Assert;
 import org.dromara.hutool.crypto.CryptoException;
@@ -313,7 +314,20 @@ public class SM2 extends AbstractAsymmetricCrypto<SM2> {
 	 * @throws CryptoException 包括InvalidKeyException和InvalidCipherTextException的包装异常
 	 * @since 5.1.6
 	 */
-	public byte[] decrypt(final byte[] data, final CipherParameters privateKeyParameters) throws CryptoException {
+	public byte[] decrypt(byte[] data, final CipherParameters privateKeyParameters) throws CryptoException {
+		Assert.isTrue(data.length > 1, "Invalid SM2 cipher text, must be at least 1 byte long");
+		// 检查数据，gmssl等库生成的密文不包含04前缀（非压缩数据标识），此处检查并补充
+		// 参考：https://blog.csdn.net/softt/article/details/139978608
+		// 根据公钥压缩形态不同，密文分为两种压缩形式：
+		// C1( 03 + X ) + C3（32个字节）+ C2
+		// C1( 02 + X ) + C3（32个字节）+ C2
+		// 非压缩公钥正常形态为04 + X  + Y，由于各个算法库差异，04有时候会省略
+		// 非压缩密文正常形态为04 + C1 + C3 + C2
+		if (data[0] != 0x04 && data[0] != 0x02 && data[0] != 0x03) {
+			// 默认非压缩形态
+			data = ArrayUtil.insert(data, 0, 0x04);
+		}
+
 		lock.lock();
 		final SM2Engine engine = getEngine();
 		try {