CN103338215B - The method setting up TLS passage based on the close algorithm of state - Google Patents
The method setting up TLS passage based on the close algorithm of state Download PDFInfo
- Publication number
- CN103338215B CN103338215B CN201310317801.6A CN201310317801A CN103338215B CN 103338215 B CN103338215 B CN 103338215B CN 201310317801 A CN201310317801 A CN 201310317801A CN 103338215 B CN103338215 B CN 103338215B
- Authority
- CN
- China
- Prior art keywords
- client
- message
- key
- server end
- algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention relates to technical field of network security, it is provided that a kind of method setting up TLS escape way based on the close algorithm of state.The method includes handshake request stage, server-side certificate stage, client certificate stage and completes handshake phase.Close for state algorithm is incorporated in tls protocol and securely communicates by the present invention, achieve signature speed with shorter key length be substantially better than RSA Algorithm and be equivalent to the data security methods of 2048 level of securitys of RSA Algorithm, in addition, by using SM2KEPE Diffie-Hellman, client and server end all generate temporary key in the case of, just can calculate pre-master key, thus avoid when server end private key is stolen or reveals, assailant decrypted by this private key before the situation of content of encrypted transmission, greatly improve the safety of TLS passage.
Description
Technical field
The present invention relates to technical field of network security, set up based on the close algorithm of state particularly to one
TLS(Transport Layer Security, secure transport layers) method of passage.
Background technology
Cryptographic algorithm is for encryption and the mathematical function of deciphering, is the basis of cipher protocol, existing
The cryptographic algorithm of row mainly includes stream cipher, block cipher, public key cryptography, hash function etc.,
It mainly serves for ensuring the safety of information, it is provided that discriminating, integrity, resisting denying etc. service.Business
Refer to that the information of non-concerning security matters content is encrypted protection with password or safety certification is used
Cryptographic technique and password product, be mainly used in being not related to the unskilled labor business neck of state secret
Territory.Due to based on different encryption and decryption thought, prior art occurring in that multiple different password is calculated
Method, often set cryptographic algorithm has a processing mode of its uniqueness, the most often and incompatible, this
Result in technology based on algorithms of different or product cannot be general, limit sending out of safety product
Exhibition.Additionally, partial password algorithm is limited due to security intensity, undisclosed algorithm realizes to be had
Effect property demonstration, or just apply in the industry without strict safety examination, hold the most very much
Easily leave various cryptosecurity hidden danger, cause privacy of user leakage, trade secret stolen or property
The various problems such as safety is impaired.
In the case, it is necessary to the commercial cipher algorithm setting up unified security carrys out specification password skill
Art or the application of password product, the close algorithm of state is exactly to calculate at the commercial cipher that China is the most general
Method.The close algorithm of state refers to be calculated by the establishment of Password Management office of country disclosed a series of commercial ciphers
Method, it includes rivest, shamir, adelman SM2 based on elliptic curve ECC, data summarization algorithm
SM3 and symmetric encipherment algorithm SM4 etc..The China's commercial cipher algorithm that is disclosed as of the close algorithm of state carries
Supply the standard of safety applications, made the safety of algorithm accept simultaneously also by public algorithm complete
The inspection in the world so that relevant safety product can obtain the accreditation of international market.In patent Shen
Please number be CN201310045484.7, invention entitled set up TLS passage based on the close algorithm of state
The patent of method discloses a kind of network security that close for state theory of algorithm is converted into reality
TLS Path Setup method, but to have employed SM2PKEA close for the method for this patent application publication
Key exchange algorithm, pre-master key is produced by client, then is added by the PKI in server certificate
Close it is transferred to server end, so that server end uses private key deciphering to obtain pre-master key,
But, if the private key of server end is stolen or reveals, assailant can be deciphered by private key
The content of encrypted transmission before going out.Therefore, the safety of this kind of method has much room for improvement.
In order to solve the problems referred to above, the application puts forward a kind of method setting up TLS passage, energy
Safety when being enough greatly improved TLS Path Setup has raising greatly.
Summary of the invention
In view of this, embodiments provide one and set up TLS passage based on the close algorithm of state
Method, by use SM2KEPE Diffie-Hellman, at client and server end all
Generate temporary key in the case of, just can calculate pre-master key, thus avoid at server
End private key being when being stolen or reveal, assailant decrypted by this private key before encrypted transmission
The situation of content, greatly improves safety during TLS Path Setup.
The invention provides a kind of method setting up TLS passage based on the close algorithm of state, including:
The handshake request stage: server end initiates hello request message, client sends after receiving
Client hello message is as response, or client direct starting client hello message;Service
After device end receives described client hello message, send server end hello message as response;
The server-side certificate stage: server end sends server end SM2 successively to client
Certificate, server end cipher key exchange message and hello completion message;
In the client certificate stage: after client receives described hello completion message, send client
Cipher key exchange message;
Complete handshake phase: client sends changes cipher suite message and end, service
After device end receives client end, send and change cipher suite message and end;Double
Fang Jun receive the other side end and by checking after, with agreement security parameter carry out data
Safe transmission;
Wherein, described server end cipher key exchange message includes that client uses SM2 key to hand over
Scaling method calculates the information needed for pre-master key;Described Client Key Exchange message includes clothes
Business device end uses SM2 Diffie-Hellman to calculate the information needed for pre-master key.
Preferably, described server end cipher key exchange message includes: curve type, curve territory ginseng
Number, the PKI of server end temporary key pair, the PKI of server S M2 credential key pair, use
Family can distinguish mark and, use described server S M2 certificate private key to Hash Value Z, client
End random number, server end random number, server end temporary public key and server S M2 certificate
The SM3 cryptographic Hash of the PKI of double secret key carries out the signed data after signature computing;
Described Client Key Exchange message includes: user can distinguish identifier, two pairs of clients
The PKI of temporary key pair;
Described two pairs of client temporary keys to be client at server end temporary key to institute
Curve on produce.
Preferably, described client is by by described two pairs of client temporary keys pair, and clothes
Information in business device end cipher key exchange message, as parameter, uses SM2 Diffie-Hellman to produce
The pre-master key that client and server end is shared;
Described server end by by described server end temporary key to, described server S M2
Certificate counterpart keys pair, and the information in Client Key Exchange message is as parameter, uses
SM2 Diffie-Hellman produces the pre-master key that client and server end is shared.
Preferably, in request stage of shaking hands, described client hello message comprises both sides and sets up
The associated safety parameter of escape way, after server end receives described client hello message, as
Fruit can find the cipher suite of coupling from the security parameter of this message, then close by described coupling
Code external member is included in the server end hello message of response;If can not find the password set of coupling
Part, then respond fatal warning message.
Preferably, in the server-side certificate stage, client receives described hello and completes to disappear
After breath, should verify that server end SM2 certificate is the most effective, authentication server end key exchanges
In message, signature value is the most effective, and whether checks the security parameter in server end hello message
Can accept;If can accept, client continues handshake procedure, otherwise responds fatal warning
Message.
Preferably, if desired carrying out client identity checking, described method further comprises the steps of:
In the server-side certificate stage, after following server end cipher key exchange message closely, also send visitor
Family end SM2 certificate request;
In the client certificate stage, if client once received client SM2 certificate request, then first
First send client SM2 certificate to server end, send Client Key Exchange message
After, also send client SM2 certification authentication message;Server end utilizes the client received
Client is verified by SM2 certificate and client SM2 certification authentication message;Wherein,
Client SM2 certification authentication message refers to the private key using client SM2 certificate corresponding
SM3 cryptographic Hash is carried out the signature value that signature computing is obtained;SM3 cryptographic Hash is to use SM3
Hash algorithm uses the Hash that SM3 hash algorithm computing obtains to client Z value and handshake information
Value;Handshake information includes starting to all transmissions of this message and reception from client hello message
Message, but do not comprise this message.
Preferably, complete handshake phase, described end content be use change after close
The pseudo random number of 12 bytes that code external member and key are encrypted, wherein said encryption uses SM4
Symmetric encipherment algorithm, described pseudo random number according to send out handshaking information digest value calculating and
Obtain;Calculate if the digest algorithm that the cipher suite of handshake request stage match uses is SM3
Method, then add by client SM2 certificate counterpart keys before the summary original text sending out handshaking information
To the Hash Value that calculates of PKI, and calculate described digest value the most again.
Preferably, when sending client SM2 certification authentication message, signature original text sends into safety
Hardware use SM3 algorithm make an abstract and in described secure hardware, described summary signed
Name;Wherein, the calculating of described summary and described signature is all to carry out in described secure hardware.
Preferably, when sending client SM2 certification authentication message, add in signature original text
PKI and user by double secret key corresponding to described client SM2 certificate can distinguish that mark calculates
The Hash Value drawn.
Preferably, it is being directed to use with digest algorithm and is using based on certain digest algorithm
Key entry-hashing (Keyed-Hashing for Message for information identity checking
HMAC), spread function P_hash and pseudo-random function PRF Authentication, is called for short:
Algorithm time, the digest algorithm of use is SM3 digest algorithm.
By technique scheme, close for state algorithm is incorporated and carries out safety in tls protocol by the present invention
Communication, achieves signature speed with shorter key length and is substantially better than RSA Algorithm and is equivalent to
The data security methods of 2048 level of securitys of RSA Algorithm, additionally, by using SM2KEPE
Diffie-Hellman, client and server end all generate temporary key in the case of,
Pre-master key can be calculated, thus avoid when server end private key is stolen or reveals, attack
Person decrypted by this private key before the situation of content of encrypted transmission, greatly improve TLS
Safety during Path Setup.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or scheme of the prior art, below by right
In embodiment, the required accompanying drawing used is briefly described, it should be apparent that, describe below
In accompanying drawing be some embodiments of the present invention, for those of ordinary skills,
On the premise of not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the message interaction process of client and server end in one embodiment of the present of invention
Sequential chart.
Detailed description of the invention
Technical scheme in the embodiment of the present invention is carried out clear, complete below in conjunction with each accompanying drawing
Description, it is clear that described embodiment is a part of embodiment of the present invention rather than complete
The embodiment in portion.Based on the embodiment in the present invention, those of ordinary skill in the art are not doing
The every other embodiment obtained on the premise of going out creative work, broadly falls into present invention protection
Scope.
In one embodiment of the invention, it is provided that a kind of by using SM2KEPE key
Exchange algorithm sets up the method for TLS passage.As it is shown in figure 1, described method includes step:
The handshake request stage: client starting client hello message (Client_hello);Clothes
After business device end receives described client hello message, send server end hello message
(Server_hello) as responding;
The server-side certificate stage: server end sends server end SM2 successively to client
Certificate (SM2certificate), server end cipher key exchange message (Server_key_exchange)
And hello completion message (Server_hello_done);
In the client certificate stage: after client receives described hello completion message, send client
Cipher key exchange message (client_key_exchange);
Complete handshake phase: client sends changes cipher suite message
(Change_cipher_spec) and end (finished), server end receives client
After end, send and change cipher suite message (Change_cipher_spec) and terminate
Message (finished).
Wherein, bag in described server end cipher key exchange message (Server_key_exchange)
Including client uses SM2 Diffie-Hellman to calculate the information needed for pre-master key;Described client
End cipher key exchange message (client_key_exchange) includes that server end uses SM2 close
Key exchange algorithm calculates the information needed for pre-master key.
Below the specific operation process of each message is described further.Wherein, shake hands please
Ask the stage, described Client_hello message comprises both sides and sets up the associated safety ginseng of escape way
Number (including protocol version, session id, cipher suite, compression method and client random number etc.).
After server end receives described Client_hello message, if can be from the security parameter of this message
Find the cipher suite of coupling, then the cipher suite of described coupling is included in Server_hello
As the reply to Client_hello message in message.If can not find the cipher suite of coupling,
Server end will respond fatal warning message (handshake failure).Wherein Client_hello
All cipher suites that the security parameter of message comprises client support (include state close algorithm SM2
Cipher suite), the message that server end is replied can select the password that a kind of both sides support
External member, in the present invention, is defaulted as both sides and uses SM2 cipher suite.
In the code of an example of the present invention, the structure of Client_hello message is as follows:
struct{
ProtocolVersion client_version;
Random random;
SessionID session_id;
CipherSuite cipher_suites<2..2^16-1>;
CompressionMethod compression_methods<1..2^8-1>;
}ClientHello;
The explanation of the several variablees wherein used and being defined as follows:
A.client_version, presentation protocol version, structure is:
ProtocolVersion:
struct{
uint8major,minor;
}ProtocolVersion;
B.random, the random information produced for client, including time and random number, structure:
struct{
uint32gmt_unix_time;
Opaque random_bytes[28];
}Random;
C.session_id, session identification, it is defined as:
Opaque SessionID<0..32>
Session_id is a variable length field, and its value is determined by server end.Without can
Security parameter is consulted in session identification or the hope reused, and this field should be empty, otherwise represents client
This session is reused in end hope.This session identification be probably before connection identifier, currently connect
Mark or other be in the connection identifier of connection status.Session identification should be always maintained at after generating
To being deleted by time-out or the connection relevant to this session runs into fatal error and be closed.One meeting
When words lost efficacy or were closed, relative connection all should be forced closed.
D.cipher_suites, represents the cipher suit list that client is supported, client should
The priority orders arrangement used according to cipher suite, the cipher suite that priority is the highest should come
The first.If session identity fields is not empty, this field should be including at least the session institute that will reuse
The cipher suite used.Cipher suite is defined as:
uint8CipherSuite[2];
Each cipher suite includes a Diffie-Hellman, and an AES and key are long
Degree, and a checking algorithm.Server end will select one therewith in cipher suit list
The cipher suite joined, without the cipher suite that can mate, should return failure warning of shaking hands and disappear
Cease handshake_failure and close connection.
E.compression_methods, the compression algorithm list that client is supported, client
The priority orders arrangement that should use according to compression algorithm, the compression algorithm that priority is the highest should be arranged
In first place.It is defined as:
enum{null(0),(255)}Compression Method;
Server end will select a compression algorithm matched in compression algorithm list.Row
Must comprise pneumatics compression algorithm in table, such client and server end can negotiate consistent
Compression algorithm.
Said process describes the Client_hello message of client as the first of handshake procedure
The mode of bar message, which is primarily adapted for use in and establishes escape way, at existing passage
In by client initiate shake hands to renegotiate the security parameter of passage.But in reality, overall process
Also can first first be initiated by server end, now first server end initiates hello request message work
For Article 1 message, client starts new holding using Client_hello message as response
Hands process.After client sends Client_hello message, waiting for server end is responded
Server_hello message, now in addition to the Server_hello message of this response, the other side is transmitted across
Any message come is regarded as being fatal error, will result directly in handshake procedure and unsuccessfully terminates.
In the code of an example of the present invention, the structure of Server_hello message is as follows:
struct{
ProtocolVersion server_version;
Random random;
SessionID session_id;
CipherSuite cipher_suite;
Compression Method compression_method;
}ServerHello;
Being described as follows of the several variablees wherein used:
A.server_version, represents the protocol version that service end is supported.
B.random, represents the random number that service end produces.
C.session_id, the session identification that service end uses, if in client hello message
Session identification is not empty, and service end exists the session identification of coupling, then service end is reused and is somebody's turn to do
The session establishment of mark correspondence newly connects, and carries in the service end hello message responded and visitor
The session identification that family end is consistent, otherwise service end produces a new session identification, is used for setting up
One new session.
D.cipher_suite, the password set that service end is chosen from client hello message
Part.For the session reused, this field is deposited and is reused the cipher suite that session uses.
E.compression_method, choose from client hello message one of service end
Compression algorithm, for the session reused, this field is deposited and is reused the compression algorithm that session uses.
Subsequently, in the server-side certificate stage, server end must be by server end SM2 certificate
And server end cipher key exchange message (Server_key_exchange) issues client.Clothes
Business device end cipher key exchange message includes that client uses SM2 Diffie-Hellman to calculate pre-master
Information needed for key: curve type, curve field parameter, the public affairs of server end temporary key pair
Key, the PKI of server S M2 credential key pair, user can distinguish mark and, use described
Server S M2 certificate private key to Hash Value Z, client random number, server end random number,
The SM3 cryptographic Hash of the PKI of server end temporary public key and server S M2 credential key pair
Carry out the signed data after signature computing.
In the code of an example of the present invention, the structure of Server_key_exchange message
As follows:
struct{
ECCurveType curve_type(named_curve);
NamedCurve namedcurve;
ECPoint publicTemp;
ECPoint publicUser;
HASH_DSA hash_dsa;
UserID userID;
SM2Signature sm2signature;
}Server Key Exchange
curve_type
This field represents use curve type, uses name curve for this algorithm, is worth for 0x03.
namedcurve
This field represents the curve field parameter (two byte) relevant to temporary public key, for this calculation
Method uses state's close recommendation curve, negligible this parameter (0xXXXX).
publicTemp
ECPoint is defined as follows
struct{
opaque point<1..2^8-1>;
}ECPoint;
This field represents that (this PKI point is non-depressed for the temporary public key that uses state close recommendation curve to produce
Contracting, there is the length of a byte to represent PKI length before this field, this length comprises uncompressed
Point identification (0x04) this byte).
publicUser
It is defined as above, is only intended to identification server end subscriber identity.This PKI and server end
PKI in SM2 certificate is consistent.
hash_dsa
This field (two bytes) represents that the hash algorithm used when calculating signature value and signature are calculated
Method, this cipher suite ignores this field, and hash algorithm should use SM3 hash algorithm, signature
Algorithm should use SM2 signature algorithm (signature band Z value).
userID
UserID is defined as follows
struct{
opaque identifier<1..2^8-1>;
}UserID;
This field represents that (length having a byte before this field represents for the distinguished mark of user
This identification length), this key external member ignores this UserID, uses the UserID of the close acquiescence of state.
sm2signature
SM2Signature is defined as follows
struct{
SM2Signature sm2signature<0..2^16-1>;
}CertificateVerify;
Wherein the structure of SM2Signature is as follows.
SM2Signature::=SEQUENCE{
r INTEGER,
s INTEGER
}
This field represents that the private key that the cryptographic Hash to SM3 uses server certificate corresponding uses
SM2 signature algorithm is signed.
As follows for the hash value of SM2 signature.
Server Key Exchange.sm2signature.sm3_hash=SM3 (Z value
+Client Hello.random+ServerHello.random+
Server Key Exchange.public Temp+Server Key Exchange.public User)
Note: have two byte representation signature value length before sm2signatur;
Server Key Exchange.public Temp and public User do not comprise length, comprise from
0x04(contains 0x04) the PKI point that starts;
The calculating of Z value, User ID uses acquiescence ID of the close recommendation of state.
Server end sends after having sent Server_key_exchange message
Server_hello_done message represents that whole hello message completes, and services after having sent this message
Device end can wait the response message of client.And client receives Server_hello_done and disappears
After breath, should verify that server side certificate is the most effective, authentication server end cipher key exchange message
Middle signature value is the most effective, and checks the security parameter in the Server_hello message of server end
Whether can accept.If can accept, client continues handshake procedure, otherwise sends one
The fatal warning of Handshake failure.
In the client certificate stage, client_key_exchange message includes that server end makes
The information needed for pre-master key is calculated: user can distinguish identifier with SM2 Diffie-Hellman,
The PKI of two pairs of client temporary keys pair;Wherein, described two pairs of client temporary keys are to being
Client produces on the server end temporary key curve to place.
Client is by by described two pairs of client temporary keys pair, and server end key is handed over
The information in message of changing, as parameter, uses SM2 Diffie-Hellman to produce client and service
The pre-master key that device end is shared;Server end by by described server end temporary key to, institute
State server S M2 certificate counterpart keys pair, and the information in Client Key Exchange message is made
For parameter, the pre-master using SM2 Diffie-Hellman to produce client and server end shared is close
Key.Client and server end all generate temporary key in the case of, just can calculate pre-
Master key, thus avoid when server end private key is stolen or reveals, assailant is by this private
Key decrypt before the situation of content of encrypted transmission, when greatly improving TLS Path Setup
Safety.
Subsequently, server end utilizes pre-master key and security parameter to produce master key, uses main close
Key and security parameter produce key piecemeal, key piecemeal comprise SM4 algorithm initialization vector and
Symmetric cryptographic key, this symmetric cryptographic key as the key negotiated in this handshake procedure is
Data in subsequent message provide encipherment protection.Wherein, in the method for the present invention, key exchanges
Algorithm uses SM2KEPE AES.
In the code of an example of the present invention, the structure of client_key_exchange message
As follows:
struct{
UserID userID;
ECPoint public Temp;
ECPoint public User;
}Client Key Exchange
userID
UserID is defined as follows
struct{
opaque identifier<1..2^8-1>;
}UserID;
This field represents that (length having a byte before this field represents for the distinguished mark of user
This identification length).This key external member ignores this UserID, uses the UserID of the close acquiescence of state.
publicTemp
ECPoint is defined as follows
struct{
opaque point<1..2^8-1>;
}ECPoint;
This field represents that (this PKI point is non-depressed for the temporary public key that uses state close recommendation curve to produce
Contracting, there is the length of a byte to represent PKI length before this field, this length comprises uncompressed
Point identification (0x04) this byte).
publicUser
PublicUser is defined as above.
Finally, completing handshake phase, Change_cipher_spec message represents that we are the most more
Changing cipher suite, this message content only one of which value is the byte of 1, be used for notifying recipient with
After message this cipher suite negotiated and key will be used to communicate.End mark
Will we's handshake procedure terminates, this message key negotiated in this handshake procedure and password
The algorithm protection of external member, the recipient of message must check the correctness of message content.This stage
In, a side have sent end of shaking hands, and have received the other side shake hands end also
By verification, show that escape way is set up, this passage the most just can be used with the peace of agreement
Population parameter carries out Security Data Transmission.More specifically, terminate (finished) message content it is
Use the pseudo random number of 12 bytes that the cipher suite after changing and key are encrypted, described puppet
Random number obtains according to the calculating of digest value sending out handshaking information.If negotiating summary
When algorithm is SM3 algorithm, can add by server end before the summary original text sending out handshaking information
The Hash Value that in SM2 certificate, PKI calculates, calculates digest value the most again.Wherein,
The calculation of Hash Value sees official standard document (the Password Management office of country of SM2 algorithm
Dispatch " the SM2 ellipse curve public key cipher algorithm " Part I of in December, 2010: general provisions,
Page 54, Section 5.5 " other information of user "), add this Hash Value and can further improve SM2
The safety of algorithm.
In the code of an example of the present invention, the structure of finished message is as follows:
struct{
Opaque verify_data[12];
}Finished;
Wherein, verify_data is verification data, and these data use pseudo-random function PRF to produce:
PRF(master_secret,finished_label,SM3(handshake_messages))
[0..11];
In above-mentioned expression formula, finished_lable is end-tag, for sent by client
End, this label is character string " client finished ";For service end, this label
It is character string " server finished ".
Handshake_messages refers to start until this message from Client_hello message
(do not include this message, password specification change message and hello ask message) all with shake hands
Relevant message, including type and the length field of handshake information.
Said method is the handshake procedure of a standard, is generally used for known client, built
Found the situation of escape way or the occasion that safety is relatively low.In some cases (than such as relating to gold
Rong'an congruence application or the client in the face of the unknown), may also need to client identity is carried out
Checking.If desired client identity checking is carried out, with further reference to what Fig. 1 was represented by dotted lines
Interacting message step, the authentication method of the present invention also includes:
In the server-side certificate stage, follow server end cipher key exchange message closely
(Server_key_exchange) client certificate request (SM2 is also sent after
Certificate_request);
In the client certificate stage, if client once received client certificate request, first to
Server end sends client SM2 certificate (SM2certificate), is sending the exchange of careful key
After message (client_key_exchange), also send client SM2 certification authentication message (SM2
Certificate_verify), client SM2 certification authentication message refers to use client SM2 card
The private key that book is corresponding carries out the signature value that signature computing is obtained to SM3 cryptographic Hash.SM3 Hash
Value is to use SM3 hash algorithm to client Z value and handshake information
(handshake_messages) cryptographic Hash that SM3 hash algorithm computing obtains is used.Shake hands
Message includes starting to all transmissions of this message and the message of reception from client hello message,
But do not comprise this message.
Server end utilizes the client SM2 certificate received and the certification authentication of client SM2 to disappear
Client is verified by breath.
In the code of an example of the present invention, the structure of SM2certificate_verify message
As follows:
struct{
SM2Signature sm2signature;
}CertificateVerify;
Wherein the structure of SM2Signature is as follows.
SM2Signature::=SEQUENCE{
r INTEGER,
s INTEGER
}
As follows for the hash value of SM2 signature:
CertificateVerify.sm2signature.sm3_hash=SM3(handshake_message
s);
Sm3_hash refers to the result of hash computing, and the content of computing is from client hello message
Start, until all and relevant message of shaking hands of this message (not including this message), to wrap
Include type and the length field of handshake information.
During whole, either one is after sequentially having sent we's message, if not receiving the other side
Expected from receive the response or receiveing the response of receiving is not inconsistent (for empty, content false or do not pass through
Checking etc.), it is accordingly to be regarded as there occurs fatal error, sends a Handshake failure at once and cause
Life is reported to the police and terminated, and this connects.
In above-mentioned proof procedure, for being further ensured that safety, sending client SM2
During certification authentication message, the client private key used is deposited in hardware device (such as USBKey
Deng) in, private key in this hardware device is the most reproducible can not derive, and ensures that key is pacified with this
Entirely.Further, the digest value of signature original text (i.e. uses the hash that SM3 algorithm calculates
Value) and this signature value also by deposit private key hardware device calculate, be further ensured that key safety
Do not affected by client device.Can also select client before server end, checking
SM2 certificate is authenticated, it is judged that whether this certificate is to be signed and issued by superior certificates trusty.
In sum, the invention provides a kind of side setting up TLS passage based on the close algorithm of state
Method, close for state algorithm is incorporated in tls protocol and securely communicates, with shorter key by the method
Length achieves signature speed and is substantially better than RSA Algorithm and is equivalent to RSA Algorithm 2048 peace
The data security methods of full rank, additionally, by using SM2KEPE Diffie-Hellman,
Client and server end all generate temporary key in the case of, just can calculate pre-master close
Key, thus avoid when server end private key is stolen or reveals, assailant is come by this private key
The situation of the content of encrypted transmission before decrypting, greatly improves peace during TLS Path Setup
Quan Xing.
Embodiment of above is merely to illustrate the present invention, and not limitation of the present invention, relevant
The those of ordinary skill of technical field, without departing from the spirit and scope of the present invention,
Can also make a variety of changes and modification, the technical scheme of the most all equivalents falls within the present invention
Category, the scope of patent protection of the present invention should be defined by the claims.
Claims (8)
1. the method setting up TLS passage based on the close algorithm of state, described method includes step:
The handshake request stage: server end initiates hello request message, client sends client after receiving
Hello message is as response, or client direct starting client hello message;Server end receives described
After client hello message, send server end hello message as response;
The server-side certificate stage: server end sends server end SM2 certificate successively to client, service
Device end cipher key exchange message and hello completion message;The client certificate stage: client receives described hello
After completion message, send Client Key Exchange message;
Complete handshake phase: client sends changes cipher suite message and end, and server end receives
After client end, send and change cipher suite message and end;Both sides all receive the knot of the other side
Bundle message and by checking after, with agreement security parameter carry out Security Data Transmission;
It is characterized in that, described server end cipher key exchange message includes that client uses the exchange of SM2 key
Algorithm calculates the information needed for pre-master key;Described Client Key Exchange message includes that server end uses
SM2 Diffie-Hellman calculates the information needed for pre-master key;
Wherein, described server end cipher key exchange message includes: curve type, curve field parameter, server
The end PKI of temporary key pair, the PKI of server S M2 credential key pair, user can distinguish mark and,
Use server S M2 certificate private key to Hash Value Z, client random number, server end random number, service
The SM3 cryptographic Hash of the PKI of device end temporary public key and server S M2 credential key pair carries out computing of signing
After signed data;Described Client Key Exchange message includes: user can distinguish identifier, two couples of clients
The PKI of end temporary key pair;Described two pairs of client temporary keys are to being that client is the closeest at server end
Key is to generation on the curve at place;
Wherein, described client is by by described two pairs of client temporary keys pair, and server end key
Information in exchange message, as parameter, uses SM2 Diffie-Hellman to produce client and server end altogether
The pre-master key enjoyed;Described server end is by demonstrate,proving described server end temporary key, server S M2
Book counterpart keys pair, and the information in Client Key Exchange message is as parameter, uses SM2 key to hand over
Scaling method produces the pre-master key that client and server end is shared.
Method the most according to claim 1, it is characterised in that in request stage of shaking hands, described visitor
Comprising both sides in the end hello message of family and set up the associated safety parameter of escape way, server end receives described visitor
After the end hello message of family, if the cipher suite of coupling can be found from the security parameter of this message, then by institute
The cipher suite stating coupling is included in the server end hello message of response;If can not find the password of coupling
External member, then respond fatal warning message;Wherein, described cipher suite is to use SM2 signature algorithm, SM3
Hash algorithm, SM4 symmetric encipherment algorithm and the cipher suite of SM2KEPE Diffie-Hellman combination.
Method the most according to claim 1, it is characterised in that in the server-side certificate stage, visitor
After family termination receives described hello completion message, should verify that server end SM2 certificate is the most effective, test
In card server end cipher key exchange message, signature value is the most effective, and checks the peace in server end hello message
Whether population parameter can accept;If can accept, client continues handshake procedure, otherwise responds fatal report
Alarm message.
Method the most according to claim 1, it is characterised in that if desired carry out client identity and test
Card, described method further comprises the steps of:
In the server-side certificate stage, after following server end cipher key exchange message closely, also send client SM2
Certificate request;
In the client certificate stage, if client once received client SM2 certificate request, first to service
Device end sends client SM2 certificate, after having sent Client Key Exchange message, also sends client
SM2 certification authentication message;Server end utilizes the client SM2 certificate and client SM2 certificate received
Client is verified by checking message;
Wherein, client SM2 certification authentication message refers to the private key pair using client SM2 certificate corresponding
SM3 cryptographic Hash carries out the signature value that signature computing is obtained;SM3 cryptographic Hash is to use SM3 hash algorithm
Client Z value and handshake information are used the cryptographic Hash that SM3 hash algorithm computing obtains;Handshake information includes
Start to all transmissions of certification authentication message of client SM2 and the message of reception from client hello message,
But do not comprise client SM2 certification authentication message.
Method the most according to claim 2, it is characterised in that complete handshake phase, described knot
Bundle message content is the pseudo random number of 12 bytes using the cipher suite after changing and key to be encrypted, its
Described in encryption use SM4 symmetric encipherment algorithm, described pseudo random number is according to the summary sending out handshaking information
The calculating of value and obtain;Calculate if the digest algorithm that the cipher suite of handshake request stage match uses is SM3
Method, then add by the PKI of client SM2 certificate counterpart keys pair before the summary original text sending out handshaking information
The Hash Value calculated, and calculate described digest value the most again.
Method the most according to claim 4, it is characterised in that test sending client SM2 certificate
During card message, signature original text is sent into and is used SM3 algorithm to make an abstract and in described secure hardware in secure hardware
Described summary is signed;Wherein, the calculating of described summary and described signature is all at described secure hardware
In carry out.
7. according to the method described in claim 4, it is characterised in that sending client SM2 certificate
Checking message time, signature original text in add the double secret key corresponding by described client SM2 certificate PKI and
User can distinguish the Hash Value that mark calculates.
8. according to the method described in claim 1, it is characterised in that be directed to use with digest algorithm with
And use the key entry-hashing (HMAC) for information identity checking based on digest algorithm, extension
During the algorithm of function P_hash and pseudo-random function PRF, the digest algorithm of use is SM3 digest algorithm.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310317801.6A CN103338215B (en) | 2013-07-26 | 2013-07-26 | The method setting up TLS passage based on the close algorithm of state |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310317801.6A CN103338215B (en) | 2013-07-26 | 2013-07-26 | The method setting up TLS passage based on the close algorithm of state |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103338215A CN103338215A (en) | 2013-10-02 |
CN103338215B true CN103338215B (en) | 2016-12-28 |
Family
ID=49246312
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310317801.6A Active CN103338215B (en) | 2013-07-26 | 2013-07-26 | The method setting up TLS passage based on the close algorithm of state |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103338215B (en) |
Families Citing this family (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104378374B (en) * | 2014-11-14 | 2017-11-07 | 国家超级计算深圳中心(深圳云计算中心) | A kind of method and system that communication is set up based on SSL |
CN104539429B (en) * | 2014-12-30 | 2017-09-22 | 飞天诚信科技股份有限公司 | A kind of method and apparatus and system for positioning the close certificate of state |
CN107623571B (en) * | 2016-07-15 | 2020-10-09 | 腾讯科技(深圳)有限公司 | Handshake processing method, client and server |
CN106453380B (en) * | 2016-10-28 | 2019-12-31 | 美的智慧家居科技有限公司 | Key agreement method and device |
CN107147497B (en) * | 2017-05-02 | 2018-07-06 | 北京海泰方圆科技股份有限公司 | Information processing method and device |
CN109302369B (en) * | 2017-07-24 | 2021-03-16 | 贵州白山云科技股份有限公司 | Data transmission method and device based on key verification |
CN107896147B (en) * | 2017-12-07 | 2020-07-28 | 福建联迪商用设备有限公司 | Method and system for negotiating temporary session key based on national cryptographic algorithm |
CN108111311B (en) * | 2017-12-25 | 2021-11-19 | 福建升腾资讯有限公司 | Method for realizing bank counter electronic signature based on state cryptographic algorithm |
CN108429620B (en) * | 2018-01-25 | 2021-10-12 | 新华三技术有限公司 | Method and system for establishing secure connection, client and server |
CN108650227B (en) * | 2018-03-30 | 2021-03-30 | 苏州科达科技股份有限公司 | Handshaking method and system based on datagram secure transmission protocol |
CN108650277A (en) * | 2018-05-24 | 2018-10-12 | 哈工大机器人(合肥)国际创新研究院 | A kind of data encryption and transmission method |
CN110690969B (en) * | 2018-07-06 | 2023-06-16 | 武汉信安珞珈科技有限公司 | Method and system for achieving bidirectional SSL/TLS authentication through multiparty cooperation |
CN109040055A (en) * | 2018-07-30 | 2018-12-18 | 美通云动(北京)科技有限公司 | The method for realizing Web secure access using domestic password |
CN110839240B (en) * | 2018-08-17 | 2022-07-05 | 阿里巴巴集团控股有限公司 | Method and device for establishing connection |
CN109040318B (en) * | 2018-09-25 | 2021-05-04 | 网宿科技股份有限公司 | HTTPS connection method of CDN (content delivery network) and CDN node server |
CN109462705B (en) | 2018-11-30 | 2020-04-17 | 广州华多网络科技有限公司 | Voice communication method and device based on channel |
CN111314274B (en) * | 2019-07-30 | 2023-02-10 | 厦门雅迅网络股份有限公司 | Vehicle-mounted terminal and center platform bidirectional authentication method and system |
CN110708304A (en) * | 2019-09-27 | 2020-01-17 | 苏州浪潮智能科技有限公司 | Information processing method and device |
CN110995414B (en) * | 2019-12-23 | 2023-08-11 | 中金金融认证中心有限公司 | Method for establishing channel in TLS1_3 protocol based on cryptographic algorithm |
CN111555881A (en) * | 2020-03-23 | 2020-08-18 | 中安云科科技发展(山东)有限公司 | Method and system for realizing national secret SSL protocol by using SDF and SKF |
CN111756726A (en) * | 2020-06-23 | 2020-10-09 | 上海缔安科技股份有限公司 | SIP security authentication method supporting State cipher algorithm |
CN111654510B (en) * | 2020-06-28 | 2022-08-16 | 福建捷宇电脑科技有限公司 | Signing terminal with national encryption function and signing data transmission method |
CN112738064A (en) * | 2020-12-25 | 2021-04-30 | 北京航天云路有限公司 | Method for improving security of SSH protocol based on SM2 and SM4 cryptographic algorithm |
CN112702582B (en) * | 2021-01-06 | 2022-07-15 | 贵州大学 | Secure transmission method and device for monitoring video based on SM2 |
CN113037480A (en) * | 2021-03-25 | 2021-06-25 | 北京华宇信息技术有限公司 | JSSE-based national secret encryption communication method and device and storage medium |
CN113364776A (en) * | 2021-06-04 | 2021-09-07 | 北银金融科技有限责任公司 | Method and system for verifying block link point usage cryptographic algorithm communication |
CN113810373B (en) * | 2021-08-11 | 2023-04-07 | 长沙证通云计算有限公司 | Ceph visual one-key deployment method based on national cryptographic algorithm |
CN115883130A (en) * | 2022-10-24 | 2023-03-31 | 广州大学 | Vehicle-mounted ECU identity authentication method through secret key |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102281287A (en) * | 2011-06-23 | 2011-12-14 | 北京交通大学 | TLS (transport layer security)-based separation mechanism mobile signaling protection system and method |
CN103118027A (en) * | 2013-02-05 | 2013-05-22 | 中金金融认证中心有限公司 | Transport layer security (TLS) channel constructing method based on cryptographic algorithm |
-
2013
- 2013-07-26 CN CN201310317801.6A patent/CN103338215B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102281287A (en) * | 2011-06-23 | 2011-12-14 | 北京交通大学 | TLS (transport layer security)-based separation mechanism mobile signaling protection system and method |
CN103118027A (en) * | 2013-02-05 | 2013-05-22 | 中金金融认证中心有限公司 | Transport layer security (TLS) channel constructing method based on cryptographic algorithm |
Non-Patent Citations (1)
Title |
---|
The TLS Protocol Version 1.0;T.Dierks 等;《RFC 2246》;19990131;第26页第1行至第79页最后一行,图1 * |
Also Published As
Publication number | Publication date |
---|---|
CN103338215A (en) | 2013-10-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103338215B (en) | The method setting up TLS passage based on the close algorithm of state | |
CN103118027B (en) | The method of TLS passage is set up based on the close algorithm of state | |
CN109347809A (en) | A kind of application virtualization safety communicating method towards under autonomous controllable environment | |
CN109728909B (en) | Identity authentication method and system based on USBKey | |
CN104158653B (en) | A kind of safety communicating method based on the close algorithm of business | |
WO2019020051A1 (en) | Method and apparatus for security authentication | |
CN108111301A (en) | The method and its system for realizing SSH agreements are exchanged based on rear quantum key | |
CN105915342A (en) | Application program communication processing system, an application program communication processing device, an application program communication processing apparatus and an application program communication processing method | |
CN104935553B (en) | Unified identity authentication platform and authentication method | |
EP1905186A2 (en) | Cryptographic authentication, and/or establishment of shared cryptographic keys, using a signing key encrypted with a non-one-time-pad encryption, including (but not limited to) techniques with improved security against malleability attacks | |
CN106850207B (en) | Identity identifying method and system without CA | |
CN107888560A (en) | A kind of mobile intelligent terminal mail security Transmission system and method | |
CN104468126B (en) | A kind of safe communication system and method | |
CN109194656A (en) | A kind of method of distribution wireless terminal secure accessing | |
WO2016058404A1 (en) | Entity authentication method and device based on pre-shared key | |
CN112637136A (en) | Encrypted communication method and system | |
CN106685983A (en) | Data recovery method and device based on SSL protocol | |
KR102017758B1 (en) | Health device, gateway device and method for securing protocol using the same | |
CN111914291A (en) | Message processing method, device, equipment and storage medium | |
WO2010066127A1 (en) | Safe communication method and device for mobile financial service based on application layer | |
CN114143117B (en) | Data processing method and device | |
US11722466B2 (en) | Methods for communicating data utilizing sessionless dynamic encryption | |
CN108206739A (en) | Key generation method and device | |
Du et al. | A study of man-in-the-middle attack based on SSL certificate interaction | |
CN106712939A (en) | Offline key transmission method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |