Powered by Google-Search & Google-Books www.ChineseStandard.net Database: 169759 (May 9, 2021)
HOME   Quotation   Tax   Examples Standard-List   Contact-Us   Cart

GM/T 0024-2014 (GMT 0024-2014)

Chinese Standard: 'GM/T 0024-2014'
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)Related StandardStatusGoogle Book
GM/T 0024-2014English150 Add to Cart 0--10 minutes. Auto-delivered. SSL VPN specification GM/T 0024-2014 Valid GM/T 0024-2014
GM/T 0024-2014Chinese34 Add to Cart <=1-day [PDF from Chinese Authority, or Standard Committee, or Publishing House]

  In 0~10 minutes time, full copy of this English-PDF will be auto-delivered to your email. See samples for translation quality.  

Standard ID GM/T 0024-2014 (GM/T0024-2014)
Description (Translated English) SSL VPN specification
Sector / Industry Chinese Industry Standard (Recommended)
Classification of Chinese Standard L80
Classification of International Standard 35.040
Word Count Estimation 35,321
Date of Issue 2014/2/13
Date of Implementation 2014/2/13
Quoted Standard GM/T 0005; GM/T 0009; GM/T 0010; GM/T 0014; GM/T 0015
Drafting Organization Shanghai Koal Software Co.
Administrative Organization Password Industry Standardization Technical Committee
Regulation (derived from) The industry standard for the record Notice 2014 No. 4 (No. 172 overall)
Summary This standard specifies the protocol SSL VPN technology, product functionality, performance and management and testing. This standard applies to the development of SSL VPN products can also be used to detect, manage and use of guidance SSL VPN products.

GM/T 0024-2014
ICS 35.040
L 80
Reference No.. 44625-2014
SSL VPN specification
Issued by. National Cryptography Authority of China
Table of Contents
Foreword ... 3 
Introduction ... 4 
1 Scope ... 5 
2 Normative references ... 5 
3 Terms and definitions ... 5 
4 Symbols and abbreviations ... 7 
5 Cryptography algorithm and key type ... 8 
6 Protocol ... 10 
7 Product requirements ... 40 
8 Production detection ... 44 
9 Qualification determination ... 47 
Bibliography ... 48 
This Standard was drafted in accordance with the rules given in GB/T
Attention is drawn to the possibility that some of the elements of this Standard
may be the subject of patent rights. The issuing authority shall not be held
responsible for identifying any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of
Cryptographic Industry Standardization Technical Committee.
Main drafting organizations of this Standard. Shanghai Geer Software Co.,
Ltd., Huawei Technologies Co., Ltd., Shenzhen Shen Xinfu Electronics
Technology Co., Ltd., Shenzhen Austrian Union Technology Co., Ltd., Net Yu
Shenzhou Technology (Beijing) Co., Ltd., Chengdu Weishitong Information
Industry Co., Ltd., Beijing Oriental Huaxin Information Technology Co., Ltd.,
China International Electronic Commerce Limited, Lenovo Network
Technology (Beijing) Limited, Shanghai Anderson Information Security Co.,
Ltd., Wuxi Jiangnan Information Security Engineering Technology Center,
Beijing Tianrong letter Network Security Technology Co., Ltd.
Main drafters of this Standard. Liu Ping, Tan Wuzheng, Huang Min, Zeng
Jianfa, Dan Bo, Liu Jianfeng, Luo Jun, Li Zhichao, Li Feibo, He Zhiyu, Chen
Kai, Zhu Zhengchao, Ni Yongnian, Han Lin.
SSL VPN specification
1 Scope
This Standard specifies the technical agreement, product functionality,
performance and management, and inspection of SSL VPN.
This Standard is applicable to the development of SSL VPN products. It can
be also used to guide the inspection, management and use of SSL VPN
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including
any amendments) applies.
GM/T 0005, Randomness testing specification
GM/T 0009, SM2 cryptography algorithm usage specification
GM/T 0010, SM2 cryptography algorithm encryption signature message
syntax specification
GM/T 0014, Digital certificate authentication system password protocol
GM/T 0015, Digital certificate format specification based on SM2
cryptography algorithm
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1 digital certificate
also known as a public key certificate, a data structure that contains public
key owner information, public key, issuer information, expiration date, and
extended information signed by the certificate authority (CA); it can be divided
into personal certificate, institutional certificate and equipment certificate
according to category OR signature certificate and encryption certificate
according to use
3.2 identity based cryptography algorithm
the IBC algorithm is also known as the identity cipher algorithm; it is an
asymmetric cryptography algorithm that can be arbitrarily identified as a
public key and does not require a digital certificate to prove the public key
3.3 IBC identity
an IBC identity is a string that represents an entity's identity or attribute
3.4 IBC public parameter
IBC public parameter contains the public parameter information such as
name, calculation curve, identification coding method and key generation
algorithm of IBC key management center; the information is used to convert
the entity ID to public key
3.5 initialization vector / initialization value; IV
initial data used for data transformation and introduced to increase security or
synchronize cryptographic devices during password conversion
3.6 secure sockets layer protocol
a transport layer security protocol used to build a secure channel between
client and server
3.7 payload
the data format of the ISAKMP communication exchange message, the basic
unit of the ISAKMP message
3.8 session
the association between client and server created by the handshake protocol;
a session can be shared by multiple connections
3.9 SM1 algorithm
a packet cipher algorithm with a packet length of 128 bits and a key length of
128 bits
3.10 SM2 algorithm
an elliptic curve public key cryptography algorithm with key length of 256 bits
3.11 SM3 algorithm
A (0) = seed;
A (i) = HMAC (secret, A (i-1));
P_hash can iterate iteratively until the data of required length is generated.
5.1.5 Pseudo-random function PRF
The calculation method of PRF is as follows.
PRF (secret, label, seed) = P_SM3 (secret, label + seed)
5.2 Key type
5.2.1 Overview
In this Standard, it uses asymmetric cryptography algorithm to carry out
identity authentication and key exchange. Identify the pre-master key after
post-negotiation. Each party calculates the master key, and then derives the
work key. Use the work key for encryption and decryption and integrity
5.2.2 Server key
When server key is the key of asymmetric cryptography algorithm, including
signature key pair and encryption key pair. The signature key pair is
generated by the VPN self-password module. The encryption key is applied
to KMC through the CA Certification Center, used for negotiation of
server-side identity authentication and pre-master key during handshaking.
5.2.3 Client key
The client key is the key pair of the asymmetric cryptography algorithm,
including signature key pair and encryption key pair. The signature key pair is
generated by the VPN self-password module. The encryption key is applied
to KMC through the CA Certification Center, used for negotiation of
server-side identity authentication and pre-master key during handshaking.
5.2.4 Pre_master_secret
Pre_master_secret is the key material generated by both parties, used to
generate master secret.
5.2.5 Master_secret
The master secret is the key material consisted of pre-master secret, client
random number, server random number, constant string after calculation,
used to generate work key.
lower limit and y represents the upper limit; if it only needs to express the
upper limit, use . The length of all vectors is in bytes. The variable length
vector represents the actual length of the vector whose header size is the
minimum number of bytes that can accommodate the maximum length of the
variable length vector.
6.2.3 Enumerateds
Enumerateds are a field collection of a set of specific values. Usually each
field includes a name and a value. If it contains an unnamed value, this value
shall represent the specified maximum value. If it only includes a name
without defining a value, it shall only be used to refer to a state value and can
not be used in actual encoding. For example, enum {red (0), green (1), (255)}
color. Enumerated variable size is the minimum number of bytes that can hold
the maximum enumeration value.
6.2.4 Constructed types
Constructed Types are defined by struct, similar to the struct syntax of C
language. The fields in the struct are concatenated in sequence. If a struct is
included in another struct, it shall omit the name of the struct.
6.2.5 Variants
Variables types are defined by select, case, used to define structures that
depend on external information, similar to union or ASN.1 CHOICE in C
6.3 Record layer protocol
The record layer prot......
Related standard: GM/T 0022-2014    GM/T 0023-2014
Related PDF sample: GM/T 0015-2012    GM/T 0016-2012