Chinese Standards Shop Partner of Google-Books Database: 169760 (Nov 9, 2019)
 HOME   Quotation   Tax   Examples Standard-List   Contact-Us   View-Cart
  

GM/T 0024-2014

Chinese Standard: 'GM/T 0024-2014'
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusRelated Standard
GM/T 0024-2014English300 Add to Cart 0--15 minutes. Auto immediate delivery. SSL VPN specification Valid GM/T 0024-2014
GM/T 0024-2014Chinese34 Add to Cart <=1-day [PDF from Chinese Authority, or Standard Committee, or Publishing House]

 GM/T 0024-2014 -- Click to view a PDF In 0~10 minutes time, full copy of this English-PDF will be auto-immediately delivered to your email by our cloud-server.  
Detail Information of GM/T 0024-2014; GM/T0024-2014
Description (Translated English): National Cryptologic
Sector / Industry: Chinese Industry Standard (Recommended)
Classification of Chinese Standard: L80
Classification of International Standard: 35.040
Word Count Estimation: 35,370
Date of Issue: 2/13/2014
Date of Implementation: 2/13/2014
Quoted Standard: GM/T 0005; GM/T 0009; GM/T 0010; GM/T 0014; GM/T 0015
Drafting Organization: Shanghai Koal Software Co.
Administrative Organization: Password Industry Standardization Technical Committee
Regulation (derived from): The industry standard for the record Notice 2014 No. 4 (No. 172 overall)
Summary: This standard specifies the protocol SSL VPN technology, product functionality, performance and management and testing. This standard applies to the development of SSL VPN products can also be used to detect, manage and use of guidance SSL VPN products.

GM/T 0024-2014
GM
CRYPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Reference No.. 44625-2014
SSL VPN specification
SSL VPN技术规范
ISSUED ON. FEBRUARY 13, 2014
IMPLEMENTED ON. FEBRUARY 13, 2014
Issued by. National Cryptography Authority of China
Table of Contents
Foreword ... 3 
Introduction ... 4 
1 Scope ... 5 
2 Normative references ... 5 
3 Terms and definitions ... 5 
4 Symbols and abbreviations ... 7 
5 Cryptography algorithm and key type ... 8 
6 Protocol ... 10 
7 Product requirements ... 40 
8 Production detection ... 44 
9 Qualification determination ... 47 
Bibliography ... 48 
Foreword
This Standard was drafted in accordance with the rules given in GB/T
1.1-2009.
Attention is drawn to the possibility that some of the elements of this Standard
may be the subject of patent rights. The issuing authority shall not be held
responsible for identifying any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of
Cryptographic Industry Standardization Technical Committee.
Main drafting organizations of this Standard. Shanghai Geer Software Co.,
Ltd., Huawei Technologies Co., Ltd., Shenzhen Shen Xinfu Electronics
Technology Co., Ltd., Shenzhen Austrian Union Technology Co., Ltd., Net Yu
Shenzhou Technology (Beijing) Co., Ltd., Chengdu Weishitong Information
Industry Co., Ltd., Beijing Oriental Huaxin Information Technology Co., Ltd.,
China International Electronic Commerce Limited, Lenovo Network
Technology (Beijing) Limited, Shanghai Anderson Information Security Co.,
Ltd., Wuxi Jiangnan Information Security Engineering Technology Center,
Beijing Tianrong letter Network Security Technology Co., Ltd.
Main drafters of this Standard. Liu Ping, Tan Wuzheng, Huang Min, Zeng
Jianfa, Dan Bo, Liu Jianfeng, Luo Jun, Li Zhichao, Li Feibo, He Zhiyu, Chen
Kai, Zhu Zhengchao, Ni Yongnian, Han Lin.
SSL VPN specification
1 Scope
This Standard specifies the technical agreement, product functionality,
performance and management, and inspection of SSL VPN.
This Standard is applicable to the development of SSL VPN products. It can
be also used to guide the inspection, management and use of SSL VPN
products.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including
any amendments) applies.
GM/T 0005, Randomness testing specification
GM/T 0009, SM2 cryptography algorithm usage specification
GM/T 0010, SM2 cryptography algorithm encryption signature message
syntax specification
GM/T 0014, Digital certificate authentication system password protocol
specification
GM/T 0015, Digital certificate format specification based on SM2
cryptography algorithm
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1 digital certificate
also known as a public key certificate, a data structure that contains public
key owner information, public key, issuer information, expiration date, and
extended information signed by the certificate authority (CA); it can be divided
into personal certificate, institutional certificate and equipment certificate
according to category OR signature certificate and encryption certificate
according to use
3.2 identity based cryptography algorithm
the IBC algorithm is also known as the identity cipher algorithm; it is an
asymmetric cryptography algorithm that can be arbitrarily identified as a
public key and does not require a digital certificate to prove the public key
3.3 IBC identity
an IBC identity is a string that represents an entity's identity or attribute
3.4 IBC public parameter
IBC public parameter contains the public parameter information such as
name, calculation curve, identification coding method and key generation
algorithm of IBC key management center; the information is used to convert
the entity ID to public key
3.5 initialization vector / initialization value; IV
initial data used for data transformation and introduced to increase security or
synchronize cryptographic devices during password conversion
3.6 secure sockets layer protocol
a transport layer security protocol used to build a secure channel between
client and server
3.7 payload
the data format of the ISAKMP communication exchange message, the basic
unit of the ISAKMP message
3.8 session
the association between client and server created by the handshake protocol;
a session can be shared by multiple connections
3.9 SM1 algorithm
a packet cipher algorithm with a packet length of 128 bits and a key length of
128 bits
3.10 SM2 algorithm
an elliptic curve public key cryptography algorithm with key length of 256 bits
3.11 SM3 algorithm
A (0) = seed;
A (i) = HMAC (secret, A (i-1));
P_hash can iterate iteratively until the data of required length is generated.
5.1.5 Pseudo-random function PRF
The calculation method of PRF is as follows.
PRF (secret, label, seed) = P_SM3 (secret, label + seed)
5.2 Key type
5.2.1 Overview
In this Standard, it uses asymmetric cryptography algorithm to carry out
identity authentication and key exchange. Identify the pre-master key after
post-negotiation. Each party calculates the master key, and then derives the
work key. Use the work key for encryption and decryption and integrity
verification.
5.2.2 Server key
When server key is the key of asymmetric cryptography algorithm, including
signature key pair and encryption key pair. The signature key pair is
generated by the VPN self-password module. The encryption key is applied
to KMC through the CA Certification Center, used for negotiation of
server-side identity authentication and pre-master key during handshaking.
5.2.3 Client key
The client key is the key pair of the asymmetric cryptography algorithm,
including signature key pair and encryption key pair. The signature key pair is
generated by the VPN self-password module. The encryption key is applied
to KMC through the CA Certification Center, used for negotiation of
server-side identity authentication and pre-master key during handshaking.
5.2.4 Pre_master_secret
Pre_master_secret is the key material generated by both parties, used to
generate master secret.
5.2.5 Master_secret
The master secret is the key material consisted of pre-master secret, client
random number, server random number, constant string after calculation,
used to generate work key.
lower limit and y represents the upper limit; if it only needs to express the
upper limit, use . The length of all vectors is in bytes. The variable length
vector represents the actual length of the vector whose header size is the
minimum number of bytes that can accommodate the maximum length of the
variable length vector.
6.2.3 Enumerateds
Enumerateds are a field collection of a set of specific values. Usually each
field includes a name and a value. If it contains an unnamed value, this value
shall represent the specified maximum value. If it only includes a name
without defining a value, it shall only be used to refer to a state value and can
not be used in actual encoding. For example, enum {red (0), green (1), (255)}
color. Enumerated variable size is the minimum number of bytes that can hold
the maximum enumeration value.
6.2.4 Constructed types
Constructed Types are defined by struct, similar to the struct syntax of C
language. The fields in the struct are concatenated in sequence. If a struct is
included in another struct, it shall omit the name of the struct.
6.2.5 Variants
Variables types are defined by select, case, used to define structures that
depend on external information, similar to union or ASN.1 CHOICE in C
language.
6.3 Record layer protocol
The record layer prot......
Related standard:   GM/T 0022-2014  GM/T 0023-2014
   
 
Privacy   ···   Product Quality   ···   About Us   ···   Refund Policy   ···   Fair Trading   ···   Quick Response
Field Test Asia Limited | Taxed in Singapore: 201302277C | Copyright 2012-2019