TKSS-1022: Need to re-create NativeSM4.SM4GCM instance when opmode is…

… changed
Tencent · Dec 30, 2024 · 7c2f2ed · 7c2f2ed
1 parent 1c4b508
commit 7c2f2ed
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 3 deletions.
diff --git a/kona-crypto/src/main/java/com/tencent/kona/crypto/provider/nativeImpl/NativeSM4.java b/kona-crypto/src/main/java/com/tencent/kona/crypto/provider/nativeImpl/NativeSM4.java
@@ -215,7 +215,7 @@ byte[] doFinal(byte[] data) {
             return encrypt ? encDoFinal(data) : decDoFinal(data);
         }
 
-        byte[] encDoFinal(byte[] data) {
+        private byte[] encDoFinal(byte[] data) {
             Objects.requireNonNull(data);
 
             byte[] lastOut = update(data);
@@ -229,7 +229,7 @@ byte[] encDoFinal(byte[] data) {
             return out;
         }
 
-        byte[] decDoFinal(byte[] data) {
+        private byte[] decDoFinal(byte[] data) {
             if (data == null || data.length < SM4_GCM_TAG_LEN) {
                 throw new IllegalArgumentException("data must not be less than 16-bytes");
             }

diff --git a/kona-crypto/src/main/java/com/tencent/kona/crypto/provider/nativeImpl/SM4Crypt.java b/kona-crypto/src/main/java/com/tencent/kona/crypto/provider/nativeImpl/SM4Crypt.java
@@ -33,6 +33,7 @@ class SM4Crypt extends SymmetricCipher {
 
     private static final Sweeper SWEEPER = Sweeper.instance();
 
+    private boolean opChanged = false;
     private boolean decrypting = false;
     private SM4Params paramSpec;
     private byte[] key;
@@ -62,6 +63,7 @@ void init(boolean decrypting,
                     "Wrong key size: expected 16-byte, actual " + key.length);
         }
 
+        this.opChanged = this.decrypting != decrypting;
         this.decrypting = decrypting;
         this.paramSpec = paramSpec;
         this.key = key;
@@ -85,7 +87,7 @@ private void init() {
                 break;
             case GCM:
                 gcmLastCipherBlock = new DataWindow(SM4_GCM_TAG_LEN);
-                if (sm4 == null) {
+                if (sm4 == null || opChanged) {
                     sm4 = new NativeSM4.SM4GCM(!decrypting, key, iv);
                     SWEEPER.register(this, new SweepNativeRef(sm4));
                 } else {

diff --git a/kona-crypto/src/test/java/com/tencent/kona/crypto/provider/SM4Test.java b/kona-crypto/src/test/java/com/tencent/kona/crypto/provider/SM4Test.java
@@ -731,6 +731,26 @@ public void testReusedIv4GCMCipher() throws Exception {
         Assertions.assertArrayEquals(MESSAGE, cleartext);
     }
 
+    @Test
+    public void testGCMWithBadTag() throws Exception {
+        SecretKey secretKey = new SecretKeySpec(KEY, "SM4");
+        GCMParameterSpec paramSpec = new GCMParameterSpec(
+                SM4_GCM_TAG_LEN * 8, GCM_IV);
+
+        Cipher cipher = Cipher.getInstance("SM4/GCM/NoPadding", PROVIDER);
+
+        cipher.init(Cipher.ENCRYPT_MODE, secretKey, paramSpec);
+        byte[] ciphertext = cipher.doFinal(MESSAGE);
+
+        // Change the tag bytes
+        ciphertext[ciphertext.length - 1] = 0x00;
+        ciphertext[ciphertext.length - 2] = 0x00;
+
+        cipher.init(Cipher.DECRYPT_MODE, secretKey, paramSpec);
+        Assertions.assertThrows(AEADBadTagException.class,
+                () -> cipher.doFinal(ciphertext));
+    }
+
     @Test
     public void testUpdateData() throws Exception {
         testUpdateData("SM4/CBC/NoPadding", new IvParameterSpec(IV), true);