尝试了各种方法，没有解决安卓与jre的javax.encrypto冲突的问题，下周准备返璞归真，不使用sm4而重新使用aes进行对称加密通信

2026-06-03 15:36:14 +08:00 · 2021-07-23 15:08:50 +08:00
parent 1e522e16f8
commit 4c21165f8d
8 changed files with 245 additions and 16 deletions
@@ -34,7 +34,7 @@ android {
    }
    compileSdkVersion 30
-    buildToolsVersion "30.0.3"
+    buildToolsVersion '30.0.3'
    sourceSets.main.jniLibs.srcDirs = ['libs']
@@ -75,8 +75,17 @@ android {
 }
 dependencies {
-    implementation files('libs\\gmhelper.jar')
+    implementation files('libs/gmhelper.jar')
-    implementation files('libs\\BaiduLBS_Android.jar')
+    implementation files('libs/BaiduLBS_Android.jar')
    implementation files('libs/vpnjce-1.0.jar')
    // 在依赖中添加对jre的依赖，以尝试解决android.jar中原生javax与java中的javax的冲突问题
    //noinspection GradlePath
 //    implementation files('C:/MyEnv/Java/jdk1.8.0_301/jre/lib/rt.jar')
 //    compileOnly files('C:/MyEnv/Java/jdk1.8.0_301/jre/lib/rt.jar')
 //    implementation files('C:/MyEnv/Java/jdk1.8.0_301/jre/lib/jce.jar')
 //    compileOnly files('C:/MyEnv/Java/jdk1.8.0_301/jre/lib/jce.jar')
 //    implementation files('libs\\jce.jar')
 //    testImplementation 'junit:junit:4.+'
    androidTestImplementation 'androidx.test.ext:junit:1.1.2'
@@ -18,14 +18,12 @@ import android.text.TextUtils;
 import androidx.annotation.RequiresApi;
 import com.pkusz.min_vpn_client.model.MINVpnSettingAPI;
 import com.pkusz.min_vpn_client.utils.AESHelperForConnection;
 import com.pkusz.min_vpn_client.utils.IPPackageUtil;
 import com.pkusz.min_vpn_client.utils.KeyManager;
 import com.pkusz.min_vpn_client.utils.RSACryptoForConnection;
 import com.pkusz.min_vpn_client.utils.RuleUtil;
 import com.pkusz.min_vpn_client.utils.SM2HelperForConnection;
 import com.pkusz.min_vpn_client.utils.SM3HelperForConnection;
 import com.pkusz.min_vpn_client.utils.SM4HelperForConnection;
 import com.pkusz.min_vpn_client.utils.SafetyInfoUtil;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
@@ -43,8 +41,6 @@ import logicface.LogicFace;
 import logicface.LogicFaceException;
 import mgmt.RegisterPrefixHelper;
 import packet.CPacket;
 import packet.Data;
 import packet.Interest;
 import packet.PacketException;
 import util.ByteHelper;
@@ -71,6 +67,8 @@ public class MINVpnConnection implements Runnable{
    private final byte[] mSharedSecret;
    private final String mSharedSecretString;
    private byte[] mEncryptedAESSeed;
    // 实际使用的密钥是：随机产生的密钥经过sm3哈希，取前16字节
    private byte[] realSecret;
    // 代理地址 todo:??
    private String mProxyHostName;
@@ -80,7 +78,7 @@ public class MINVpnConnection implements Runnable{
    private final boolean mAllow;
    private final Set<String> mPackages;
-    // todo: ??
+    // 服务器给客户端的tun网卡分配的IP地址
    private String allocatedAddress;
    // 待决Intent、回调函数（建立连接成功；建立连接失败；长时间不操作的超时回调）
@@ -127,8 +125,11 @@ public class MINVpnConnection implements Runnable{
        mServerPort=serverPort;
        mSharedSecret=sharedSecret;
        mSharedSecretString=new String(mSharedSecret);
-//        mEncryptedAESSeed= RSACryptoForConnection.encrypt5(mSharedSecretString);
+        mEncryptedAESSeed= SM2HelperForConnection.encryptWithSM2(mSharedSecretString);
-        mEncryptedAESSeed= SM2HelperForConnection.encrypt(mSharedSecretString);
+        realSecret= SM3HelperForConnection.getSM3Hash16(mSharedSecret);
        // 测试sm4
        SM4HelperForConnection.encryptWithSM4(realSecret, "sss".getBytes());
        // 代理地址（？）
        if(!TextUtils.isEmpty(proxyHostName)) {
@@ -218,7 +219,12 @@ public class MINVpnConnection implements Runnable{
                    byte[] ipPackageData = new byte[readLen];
                    System.arraycopy(buff1.array(), 0, ipPackageData, 0, readLen);
                    System.out.println("mSharedSecretString length: "+mSharedSecretString.length());
-                    byte[] encrytedIPPackage = SM4HelperForConnection.encryptWithSM4(mSharedSecretString, ipPackageData);
+                    System.out.println("realSecret length: "+realSecret.length);
                    byte[] encrytedIPPackage = SM4HelperForConnection.encryptWithSM4(realSecret, ipPackageData);
                    if(encrytedIPPackage==null){
                        System.out.println("sm4加密错误!!!");
                        return;
                    }
                    System.out.println("encryptedIPPackage len: " + encrytedIPPackage.length);
                    System.out.println("buff2 position: " + buff2.position());
                    buff2.put(encrytedIPPackage);
@@ -243,7 +249,12 @@ public class MINVpnConnection implements Runnable{
 //                face.registerIdentifier(new Identifier(this.localPrefix),5000,helper);
                    // 2. 接收服务器返回的数据包，放入buf2
-                    CPacket interest = face.receiveCPacket(-1);
+                    CPacket interest;
                    try {
                        interest = face.receiveCPacket(0);
                    }catch (Exception e){
                        continue;
                    }
                    System.out.println("recv interest packet, name : " + interest.getSrcIdentifier().toString());
                    System.out.println("兴趣包中装的数据长度 : " + interest.payload.getValue().length);
                    int dataLen = interest.payload.getValue().length;
@@ -256,7 +267,7 @@ public class MINVpnConnection implements Runnable{
                    System.arraycopy(buf2.array(), 0, decrpytedIPPackage, 0, buf2.position());
                    ByteBuffer buf3 = ByteBuffer.allocate(5000);
 //                    buf3.put(Objects.requireNonNull(AESHelperForConnection.decryptWithAES(mSharedSecretString, decrpytedIPPackage)));
-                    buf3.put(Objects.requireNonNull(SM4HelperForConnection.decryptWithSM4(mSharedSecretString, decrpytedIPPackage)));
+                    buf3.put(Objects.requireNonNull(SM4HelperForConnection.decryptWithSM4(realSecret, decrpytedIPPackage)));
                    int decryptedDataLen = buf3.position();
                    byte firstByte = buf3.get(0);
                    if (firstByte == 0) {
@@ -270,7 +281,7 @@ public class MINVpnConnection implements Runnable{
                            System.out.println("transfer data error: outputStream.write error");
                        }
                    }
-                } catch (SecurityException | LogicFaceException e) {
+                } catch (SecurityException e) {
                    e.printStackTrace();
                    System.out.println("transfer data error: recvFromServerAndReadThread.start error");
                }
@@ -22,4 +22,6 @@ public class IPPackageUtil {
        return null;
    }
 }
@@ -24,7 +24,7 @@ public class SM2HelperForConnection {
 //        return enRes;
 //    }
-    public static byte[] encrypt(String data){
+    public static byte[] encryptWithSM2(String data){
        byte[] enRes;
        try {
            enRes = BC_KeyManager.sm2encrypt(pubkey_ForNewVPN.getBytes(StandardCharsets.UTF_8),
@@ -0,0 +1,29 @@
 package com.pkusz.min_vpn_client.utils;
 /*
 * @Author: Wang Feng
 * @Description:
 * @Version: 1.0.0
 * @Date: 10:07 2021/7/22
 * @Copyright: MIN-Group；国家重大科技基础设施——未来网络北大实验室；深圳市信息论与未来网络重点实验室
 */
 import org.zz.gmhelper.SM3Util;
 import java.util.Arrays;
 public class SM3HelperForConnection {
    /**
     * 将传入参数使用sm3做哈希，然后返回前16个字节
     * @param randBytes
     * @return
     */
    public static byte[] getSM3Hash16(byte[] randBytes){
        System.out.println("sm3哈希之前的密钥："+new String(randBytes));
        byte[] hashRes=SM3Util.hash(randBytes);
        byte[] res=new byte[16];
        System.arraycopy(hashRes,0,res,0,16);
        System.out.println("sm3哈希得到的密钥："+res.length+" , "+new String(res));
        System.out.println("sm3哈希得到的密钥："+Arrays.toString(res));
        return res;
    }
 }
@@ -9,10 +9,15 @@ package com.pkusz.min_vpn_client.utils;
 import android.annotation.SuppressLint;
 import com.pkusz.min_vpn_client.utils.gmutil.sm4.VPN_SM4;
 import org.zz.gmhelper.SM4Util;
 import java.nio.charset.StandardCharsets;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 import java.util.Arrays;
 import java.util.Random;
 import javax.crypto.BadPaddingException;
@@ -20,6 +25,7 @@ import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.NoSuchPaddingException;
 import VMSConnection.Security.BC_KeyManager;
 import VMSConnection.Security.SM4.BC_SM4;
 public class SM4HelperForConnection {
    public static byte[] encryptWithSM4(String secret,byte[] rawText){
@@ -40,6 +46,38 @@ public class SM4HelperForConnection {
        }
    }
    public static byte[] encryptWithSM4(byte[] secretkey, byte[] origData) {
 //        try {
 //            return VPN_SM4.encrypt_ECB_Padding(secretkey, origData);
 //        } catch (Exception e){
 //            e.printStackTrace();
 //            return null;
 //        }
        try {
            return SM4Util.encrypt_ECB_Padding(secretkey,origData);
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException | IllegalBlockSizeException | BadPaddingException e) {
            e.printStackTrace();
            return null;
        }
    }
    public static byte[] decryptWithSM4(byte[] secretkey, byte[] crypted){
 //        System.out.println("sec: " + secretkey);
 //        System.out.println("cry: " + Arrays.toString(crypted));
 //        try {
 //            return VPN_SM4.decrypt_ECB_Padding(secretkey, crypted);
 //        } catch (Exception e){
 //            e.printStackTrace();
 //            return null;
 //        }
        try {
            return SM4Util.decrypt_ECB_Padding(secretkey,crypted);
        } catch (IllegalBlockSizeException | BadPaddingException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException e) {
            e.printStackTrace();
            return null;
        }
    }
    /**
     * 获取长度为16字节的随机种子/随机密钥
     * @return
@@ -0,0 +1,140 @@
 package com.pkusz.min_vpn_client.utils.gmutil.sm4;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import javax.vpncrypto.*;
 import javax.vpncrypto.spec.IvParameterSpec;
 import javax.vpncrypto.spec.SecretKeySpec;
 import java.security.*;
 /*
 * @Author: hongyu guo
 * @Description: sm4算法
 * 解尝试解决报错：Provider BC does not provide SM4/ECB/PKCS5Padding
 *
 * @Version: 1.0.0
 * @Date: 16:26 2021/03/04
 * @Copyright: MIN-Group；国家重大科技基础设施——未来网络北大实验室；深圳市信息论与未来网络重点实验室
 */
 public class VPN_SM4 {
    static {
        Security.addProvider(new BouncyCastleProvider());
    }
    public static final String ALGORITHM_NAME = "SM4";
    public static final String ALGORITHM_NAME_ECB_PADDING = "SM4/ECB/PKCS5Padding";
    public static final String ALGORITHM_NAME_ECB_NOPADDING = "SM4/ECB/NoPadding";
    public static final String ALGORITHM_NAME_CBC_PADDING = "SM4/CBC/PKCS5Padding";
    public static final String ALGORITHM_NAME_CBC_NOPADDING = "SM4/CBC/NoPadding";
    /**
     * SM4算法目前只支持128位（即密钥16字节）
     */
    public static final int DEFAULT_KEY_SIZE = 128;
    /**
     * 生成16字节的sm4 key
     * @param
     * @return byte[]
     * @throws NoSuchAlgorithmException
     * @author hongyu guo
     * @date 2021/3/15
    **/
    public static byte[] generateKey() throws NoSuchAlgorithmException, NoSuchProviderException {
        return generateKey(DEFAULT_KEY_SIZE);
    }
    public static byte[] generateKey(int keySize) throws NoSuchAlgorithmException, NoSuchProviderException {
        KeyGenerator kg = KeyGenerator.getInstance(ALGORITHM_NAME, BouncyCastleProvider.PROVIDER_NAME);
        kg.init(keySize, new SecureRandom());
        return kg.generateKey().getEncoded();
    }
    public static byte[] encrypt_ECB_Padding(byte[] key, byte[] data)
            throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException,
            NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException {
        Cipher cipher = generateECBCipher(ALGORITHM_NAME_ECB_PADDING, Cipher.ENCRYPT_MODE, key);
        return cipher.doFinal(data);
    }
    public static byte[] decrypt_ECB_Padding(byte[] key, byte[] cipherText)
            throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException,
            NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException {
        Cipher cipher = generateECBCipher(ALGORITHM_NAME_ECB_PADDING, Cipher.DECRYPT_MODE, key);
        return cipher.doFinal(cipherText);
    }
    public static byte[] encrypt_ECB_NoPadding(byte[] key, byte[] data)
            throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException,
            NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException {
        Cipher cipher = generateECBCipher(ALGORITHM_NAME_ECB_NOPADDING, Cipher.ENCRYPT_MODE, key);
        return cipher.doFinal(data);
    }
    public static byte[] decrypt_ECB_NoPadding(byte[] key, byte[] cipherText)
            throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException,
            NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException {
        Cipher cipher = generateECBCipher(ALGORITHM_NAME_ECB_NOPADDING, Cipher.DECRYPT_MODE, key);
        return cipher.doFinal(cipherText);
    }
    public static byte[] encrypt_CBC_Padding(byte[] key, byte[] iv, byte[] data)
            throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException,
            NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException,
            InvalidAlgorithmParameterException {
        Cipher cipher = generateCBCCipher(ALGORITHM_NAME_CBC_PADDING, Cipher.ENCRYPT_MODE, key, iv);
        return cipher.doFinal(data);
    }
    public static byte[] decrypt_CBC_Padding(byte[] key, byte[] iv, byte[] cipherText)
            throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException,
            NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException,
            InvalidAlgorithmParameterException {
        Cipher cipher = generateCBCCipher(ALGORITHM_NAME_CBC_PADDING, Cipher.DECRYPT_MODE, key, iv);
        return cipher.doFinal(cipherText);
    }
    public static byte[] encrypt_CBC_NoPadding(byte[] key, byte[] iv, byte[] data)
            throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException,
            NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException,
            InvalidAlgorithmParameterException {
        Cipher cipher = generateCBCCipher(ALGORITHM_NAME_CBC_NOPADDING, Cipher.ENCRYPT_MODE, key, iv);
        return cipher.doFinal(data);
    }
    public static byte[] decrypt_CBC_NoPadding(byte[] key, byte[] iv, byte[] cipherText)
            throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException,
            NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException,
            InvalidAlgorithmParameterException {
        Cipher cipher = generateCBCCipher(ALGORITHM_NAME_CBC_NOPADDING, Cipher.DECRYPT_MODE, key, iv);
        return cipher.doFinal(cipherText);
    }
    private static Cipher generateECBCipher(String algorithmName, int mode, byte[] key)
            throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException,
            InvalidKeyException {
        Cipher cipher = null;
        try {
            cipher = Cipher.getInstance(algorithmName, BouncyCastleProvider.PROVIDER_NAME);
        } catch (Exception e) {
            e.printStackTrace();
        }
        Key sm4Key = new SecretKeySpec(key, ALGORITHM_NAME);
        cipher.init(mode, sm4Key);
        return cipher;
    }
    private static Cipher generateCBCCipher(String algorithmName, int mode, byte[] key, byte[] iv)
            throws InvalidKeyException, InvalidAlgorithmParameterException, NoSuchAlgorithmException,
            NoSuchProviderException, NoSuchPaddingException {
        Cipher cipher = null;
        try {
            cipher = Cipher.getInstance(algorithmName, BouncyCastleProvider.PROVIDER_NAME);
        } catch (Exception e) {
            e.printStackTrace();
        }
        Key sm4Key = new SecretKeySpec(key, ALGORITHM_NAME);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
        cipher.init(mode, sm4Key, ivParameterSpec);
        return cipher;
    }
 }