From 8e9bce5c9f4d63c29c01713c99ecfb60bd0e9c31 Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Fri, 7 Sep 2018 22:29:15 +0800 Subject: [PATCH] Created TLS Cipher Suites with GM algorithms (markdown) --- TLS-Cipher-Suites-with-GM-algorithms.md | 47 +++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 TLS-Cipher-Suites-with-GM-algorithms.md diff --git a/TLS-Cipher-Suites-with-GM-algorithms.md b/TLS-Cipher-Suites-with-GM-algorithms.md new file mode 100644 index 0000000..f1a420d --- /dev/null +++ b/TLS-Cipher-Suites-with-GM-algorithms.md @@ -0,0 +1,47 @@ +A TLS cipher suite is a combination of digital signature algorithm, key exchange protocol (or key transport scheme), symmetric encryption with MAC (or AEAD), and pseudo-random functions based on hash functions. The GM standards introduce several new crypto algorithms that can be used to combine pure GM cipher suites. We also want to support some algorithms (such as SHA-256) to be compatible with existing the GM/T 0024 protocol. + +The algorithms and schemes: + +* Digital signature algorithms: SM2SIGN, SM9SIGN +* Key exchange: SM2DH, SM2DHE, SM9DH, SM9DHE +* Key transport: SM2ENC, SM9ENC +* Symmetric encryption: SM4-CBC-SM3, SM4-CBC-SHA256, SM1-CBC-SM3, SSF33-CBC-SM3, ZUC +* AEAD: SM4-CCM, SM4-GCM, ZUC-128EEA3, ZUC-Poly1305 +* PRF: SM3, SHA256 + +## Cipher Suite Number (2-byte) + +The TLS protocol use 2-byte number to present cipher suite. The number registry is maintained by IANA. Only 0xFF, 0x00-0xFF 256 numbers are reserved for private use. GM/T 0024 SSL VPN specification use 0xE0, number, but these 12 numbers are not registered to AINA, so these cipher suites might be conflicts with future new cipher suites. + +We have two design strategies: + +1. Follow OSCCA to continue use numbers after 0xE0 +2. Use the 256 preserved numbers for private use. + + + +## Elliptic curve domain parameter (2-byte number) + +31-255 unassigned +261-507 unassigned +508-511, 65024-65279 reserved for private use + +## TLS Signature Algorithms (1 byte) + +* 4-6, 9-223 reserved +* 224-255 reserved for private use + +## Hash Algorithms + +* 7, 9-223 reserved +* 224-255 reserved for private use + + + + + + + + + +