TLCP双向身份鉴别—ECC_SM4_GCM_SM3(数据包私聊我)

admin 2026-07-05 06:24:29 网络安全文章 来源:ZONE.CI 全球网 0 阅读模式

文章总结: 本文详细分析了TLCP协议中基于密码套件ECCSM4GCM_SM3的双向身份鉴别过程,涵盖客户端与服务端的证书交换、签名验证及密钥协商。分析遵循GB/T38636-2020等标准,通过抓包数据展示了ServerKeyExchange签名与验签成功等关键步骤,验证了协议实现的正确性。 综合评分: 73 文章分类: 漏洞分析


cover_image

TLCP 双向身份鉴别 — ECC_SM4_GCM_SM3(数据包私聊我)

原创

利刃信安 利刃信安

利刃信安

2026年7月3日 06:00 北京

在小说阅读器读本章

去阅读

TLCP 双向身份鉴别 — ECC_SM4_GCM_SM3

密码套件ECC_SM4_GCM_SM3 传输协议: TLCP (TCP) 参考标准: GB/T 38636-2020 | GM/T 0009-2023 | GB/T 32918-2016


协议分析详情

身份鉴别类型: 双向身份鉴别(显式)

0. 协议概览

  • • 协议: TLCP
  • • 签名算法: SM2
  • • 密码套件0xe053 (ECC_SM4_GCM_SM3)
  • • CertificateRequest: YES
  • • CertificateVerify: YES

一、客户端验证服务端 (双向鉴别)

客户端随机数 (ClientHello)

  • • tls.handshake.type == 1
  • • Random3c966a4d5a6949933dea9d3ad91703d3449296c56045379e4c9710e67c0c2b29
  • • GMT Unix Time: 2002-03-18 22:29:33 UTC
  • • Random Bytes5a6949933dea9d3ad91703d3449296c56045379e4c9710e67c0c2b29

服务端随机数 (ServerHello)

  • • tls.handshake.type == 2
  • • Randoma7d9bcd145795f12a786e41ca959304b8ca1ebad5cc7ae517527ae5317702862
  • • GMT Unix Time: 2059-03-28 08:12:01 UTC
  • • Random Bytes45795f12a786e41ca959304b8ca1ebad5cc7ae517527ae5317702862

规范引用

GB/T 38636-2020 第5页: 服务端密钥为非对称密码算法的密钥对。


加密证书长度 (Server Certificate)

  • • tls.handshake.type == 11
  • • Certificate Length: 532
  • • 十六进制(3字节)000214

签名证书 (Server Certificate)

  • • 证书数据 (DER编码完整数据):
30820211308201b7a003020102020102300a06082a811ccf550183753062310b3009060355040613025858310b300906035504080c02585831143012060355040a0c0b6365727469666963617465310f300d060355040b0c0674657374696e311f301d06035504030c1663657274696669636174652e74657374696e2e636f6d301e170d3234303532323037303030365a170d3334303532303037303030365a3066310b3009060355040613025858310b300906035504080c02585831143012060355040a0c0b63657274696669636174653111300f060355040b0c08746573747369676e3121301f06035504030c1863657274696669636174652e746573747369676e2e636f6d3059301306072a8648ce3d020106082a811ccf5501822d03420004ca9fdb5aba25ed11906907d268c81140681204d57c3eee8ce8997b8d82cd957310dcd6dcdeb537e9feed7a2acacb6db29959615a74d0382ef700ffae319a77aea35a305830090603551d1304023000300b0603551d0f0404030206c0301d0603551d0e041604140ed167541756597c2aebc147a86636795d26000f301f0603551d23041830168014b17abca401d43178e3681dea8edb37a62ff6ed3a300a06082a811ccf550183750348003045022100a1f9daf70f86d65993fc3379c97aacdf28ab76608b04ed884edff3d54c08613f02206aba68df127d3a518b8331ff5e5d3de0973dae93ad27f6b67e06f040cf50a5f8

签名公钥

  • • 规范引用: GM/T 0009-2023 SM2PublicKey = BITSTRING { 04‖X‖Y }
  • • 签名公钥04ca9fdb5aba25ed11906907d268c81140681204d57c3eee8ce8997b8d82cd957310dcd6dcdeb537e9feed7a2acacb6db29959615a74d0382ef700ffae319a77ae
  • • X0xca9fdb5aba25ed11906907d268c81140681204d57c3eee8ce8997b8d82cd9573
  • • Y0x10dcd6dcdeb537e9feed7a2acacb6db29959615a74d0382ef700ffae319a77ae

加密证书 (Server Certificate)

  • • 证书数据 (DER编码完整数据):
30820210308201b5a003020102020103300a06082a811ccf550183753062310b3009060355040613025858310b300906035504080c02585831143012060355040a0c0b6365727469666963617465310f300d060355040b0c0674657374696e311f301d06035504030c1663657274696669636174652e74657374696e2e636f6d301e170d3234303532323037303030365a170d3334303532303037303030365a3064310b3009060355040613025858310b300906035504080c02585831143012060355040a0c0b63657274696669636174653110300e060355040b0c0774657374656e643120301e06035504030c1763657274696669636174652e74657374656e632e636f6d3059301306072a8648ce3d020106082a811ccf5501822d034200049bd6d635bbe97bcc0bbda3cb985f6146a5b15232da1e89b482d52c4b56fb86d07fdeb474f84e04e4591b2cd378ea6a50c005309fe8cea1375977e28cf65dee86a35a305830090603551d1304023000300b0603551d0f040403020338301d0603551d0e04160414301d5a5de80677eb27a18d085796a583c1e279cf301f0603551d23041830168014b17abca401d43178e3681dea8edb37a62ff6ed3a300a06082a811ccf550183750349003046022100c9b10501e4267b8d94d8dccdb78b914999726c3e7163a5e4f471f7fedd0a21da022100cf2e30446cc87ba384a24805ce517a382765273538af604284c915177bfb7a43

加密公钥 (SM2 非压缩格式)

  • • 加密公钥049bd6d635bbe97bcc0bbda3cb985f6146a5b15232da1e89b482d52c4b56fb86d07fdeb474f84e04e4591b2cd378ea6a50c005309fe8cea1375977e28cf65dee86
  • • X0x9bd6d635bbe97bcc0bbda3cb985f6146a5b15232da1e89b482d52c4b56fb86d0
  • • Y0x7fdeb474f84e04e4591b2cd378ea6a50c005309fe8cea1375977e28cf65dee86

密码套件说明

  • • 0xe053 (ECC_SM4_GCM_SM3): 采用 SM2 公钥加密 (ECC) 实现密钥交换

签名值 (ServerKeyExchange)

  • • Server Key Exchange 消息 tls.handshake.type == 12

规范引用: GB/T 38636-2020 §6.4.5.4:

ECDHE: signed_params = client_random + server_random + params

ECC: signed_params = client_random + server_random + enc_cert_len + enc_cert

  • • ECC-SM2-EXPORT Server Params (签名值 DER编码):
3045022100cf056f8b3840d06f2cf3d6e5a4f1fd5677533395d60c7e862b459715cbf9b58102204f79b93891edc523e94349ca0485f72a2eb7f3484b0d35411dbdb7e4d0ab86e3
  • • R0xcf056f8b3840d06f2cf3d6e5a4f1fd5677533395d60c7e862b459715cbf9b581
  • • S0x4f79b93891edc523e94349ca0485f72a2eb7f3484b0d35411dbdb7e4d0ab86e3

User ID

  • • 规范引用: GM/T 0009-2023
  • • 十六进制31323334353637383132333435363738
  • • 字符串"1234567812345678"

签名源数据

  • • ECC模式: client_random + server_random + enc_cert_len(3B) + enc_cert
  • • 总长度: 32 + 32 + 3 + 532 = 599 字节
  • • 完整数据:
3c966a4d5a6949933dea9d3ad91703d3449296c56045379e4c9710e67c0c2b29a7d9bcd145795f12a786e41ca959304b8ca1ebad5cc7ae517527ae531770286200021430820210308201b5a003020102020103300a06082a811ccf550183753062310b3009060355040613025858310b300906035504080c02585831143012060355040a0c0b6365727469666963617465310f300d060355040b0c0674657374696e311f301d06035504030c1663657274696669636174652e74657374696e2e636f6d301e170d3234303532323037303030365a170d3334303532303037303030365a3064310b3009060355040613025858310b300906035504080c02585831143012060355040a0c0b63657274696669636174653110300e060355040b0c0774657374656e643120301e06035504030c1763657274696669636174652e74657374656e632e636f6d3059301306072a8648ce3d020106082a811ccf5501822d034200049bd6d635bbe97bcc0bbda3cb985f6146a5b15232da1e89b482d52c4b56fb86d07fdeb474f84e04e4591b2cd378ea6a50c005309fe8cea1375977e28cf65dee86a35a305830090603551d1304023000300b0603551d0f040403020338301d0603551d0e04160414301d5a5de80677eb27a18d085796a583c1e279cf301f0603551d23041830168014b17abca401d43178e3681dea8edb37a62ff6ed3a300a06082a811ccf550183750349003046022100c9b10501e4267b8d94d8dccdb78b914999726c3e7163a5e4f471f7fedd0a21da022100cf2e30446cc87ba384a24805ce517a382765273538af604284c915177bfb7a43
  • • SM3(M)26503CA0B8EF9969204216E5C55C82A2689F4023DB3EAB159461B124CDE0C99B

验签结果

  • • 客户端验证服务端 (ServerKeyExchange签名): OK

二、服务端验证客户端

Certificate Request

  • • tls.handshake.type == 13
  • • Certificate type: ECDSA/SM2 Sign
  • • 规范引用: GB/T 38636-2020 第5页

签名证书 (Client Certificate)

  • • 证书数据 (DER编码完整数据):
30820211308201b7a003020102020102300a06082a811ccf550183753062310b3009060355040613025858310b300906035504080c02585831143012060355040a0c0b6365727469666963617465310f300d060355040b0c0674657374696e311f301d06035504030c1663657274696669636174652e74657374696e2e636f6d301e170d3234303532323037303030365a170d3334303532303037303030365a3066310b3009060355040613025858310b300906035504080c02585831143012060355040a0c0b63657274696669636174653111300f060355040b0c08746573747369676e3121301f06035504030c1863657274696669636174652e746573747369676e2e636f6d3059301306072a8648ce3d020106082a811ccf5501822d03420004ca9fdb5aba25ed11906907d268c81140681204d57c3eee8ce8997b8d82cd957310dcd6dcdeb537e9feed7a2acacb6db29959615a74d0382ef700ffae319a77aea35a305830090603551d1304023000300b0603551d0f0404030206c0301d0603551d0e041604140ed167541756597c2aebc147a86636795d26000f301f0603551d23041830168014b17abca401d43178e3681dea8edb37a62ff6ed3a300a06082a811ccf550183750348003045022100a1f9daf70f86d65993fc3379c97aacdf28ab76608b04ed884edff3d54c08613f02206aba68df127d3a518b8331ff5e5d3de0973dae93ad27f6b67e06f040cf50a5f8

签名公钥

  • • 规范引用: GM/T 0009-2023 SM2PublicKey = BITSTRING { 04‖X‖Y }
  • • 签名公钥04ca9fdb5aba25ed11906907d268c81140681204d57c3eee8ce8997b8d82cd957310dcd6dcdeb537e9feed7a2acacb6db29959615a74d0382ef700ffae319a77ae
  • • X0xca9fdb5aba25ed11906907d268c81140681204d57c3eee8ce8997b8d82cd9573
  • • Y0x10dcd6dcdeb537e9feed7a2acacb6db29959615a74d0382ef700ffae319a77ae

加密证书 (Client Certificate)

  • • 证书数据 (DER编码完整数据):
30820210308201b5a003020102020103300a06082a811ccf550183753062310b3009060355040613025858310b300906035504080c02585831143012060355040a0c0b6365727469666963617465310f300d060355040b0c0674657374696e311f301d06035504030c1663657274696669636174652e74657374696e2e636f6d301e170d3234303532323037303030365a170d3334303532303037303030365a3064310b3009060355040613025858310b300906035504080c02585831143012060355040a0c0b63657274696669636174653110300e060355040b0c0774657374656e643120301e06035504030c1763657274696669636174652e74657374656e632e636f6d3059301306072a8648ce3d020106082a811ccf5501822d034200049bd6d635bbe97bcc0bbda3cb985f6146a5b15232da1e89b482d52c4b56fb86d07fdeb474f84e04e4591b2cd378ea6a50c005309fe8cea1375977e28cf65dee86a35a305830090603551d1304023000300b0603551d0f040403020338301d0603551d0e04160414301d5a5de80677eb27a18d085796a583c1e279cf301f0603551d23041830168014b17abca401d43178e3681dea8edb37a62ff6ed3a300a06082a811ccf550183750349003046022100c9b10501e4267b8d94d8dccdb78b914999726c3e7163a5e4f471f7fedd0a21da022100cf2e30446cc87ba384a24805ce517a382765273538af604284c915177bfb7a43

加密公钥 (SM2 非压缩格式)

  • • 加密公钥049bd6d635bbe97bcc0bbda3cb985f6146a5b15232da1e89b482d52c4b56fb86d07fdeb474f84e04e4591b2cd378ea6a50c005309fe8cea1375977e28cf65dee86
  • • X0x9bd6d635bbe97bcc0bbda3cb985f6146a5b15232da1e89b482d52c4b56fb86d0
  • • Y0x7fdeb474f84e04e4591b2cd378ea6a50c005309fe8cea1375977e28cf65dee86

签名值 (CertificateVerify)

  • • 签名值 (DER编码):
304402205a124816aaceb5c0e0ee98aa7299f02fdecfe2a40cd3f063a62bf50740a7fdae022060b59cf54eb9873b1a6da973c823496dd34e6480a1d286d476d1054f827c44c5
  • • R0x5a124816aaceb5c0e0ee98aa7299f02fdecfe2a40cd3f063a62bf50740a7fdae
  • • S0x60b59cf54eb9873b1a6da973c823496dd34e6480a1d286d476d1054f827c44c5

User ID

  • • 十六进制31323334353637383132333435363738
  • • 字符串"1234567812345678"

握手消息

  • • 规范引用: GB/T 38636-2020 §6.4.5.9
  1. 1. ClientHello (type=1) len=53
  2. 2. ServerHello (type=2) len=81
  3. 3. Certificate (type=11) len=1627
  4. 4. ServerKeyExchange (type=12) len=77
  5. 5. CertificateRequest (type=13) len=8
  6. 6. ServerHelloDone (type=14) len=4
  7. 7. Certificate (type=11) len=1627
  8. 8. ClientKeyExchange (type=16) len=161
  • • SM3(M)D413F8DF7B69B4A34353506A512EC7DF6255EBF0C6CCA1358B195843648D9895

验签结果

  • • 服务端验证客户端 (CertificateVerify签名): OK

三、结论

| 验证项目 | 结果 | | — | — | | 客户端验证服务端 (ServerKeyExchange签名) | OK | | 服务端验证客户端 (CertificateVerify签名) | OK |

四、参考标准

  • • GB/T 38636-2020: 信息安全技术 传输层密码协议
  • • GB/T 32905-2016: 信息安全技术 SM3密码杂凑算法
  • • GB/T 32918: 信息安全技术 SM2椭圆曲线公钥密码算法
  • • GM/T 0009-2023: SM2密码算法使用规范

免责声明:

本文所载程序、技术方法仅面向合法合规的安全研究与教学场景,旨在提升网络安全防护能力,具有明确的技术研究属性。

任何单位或个人未经授权,将本文内容用于攻击、破坏等非法用途的,由此引发的全部法律责任、民事赔偿及连带责任,均由行为人独立承担,本站不承担任何连带责任。

本站内容均为技术交流与知识分享目的发布,若存在版权侵权或其他异议,请通过邮件联系处理,具体联系方式可点击页面上方的联系我

本文转载自:利刃信安 利刃信安 利刃信安《TLCP 双向身份鉴别 — ECCSM4GCM_SM3(数据包私聊我)》

评论:0   参与:  0