文章总结: 文档详细分析了TLCP协议中ECDHESM4GCM_SM3密码套件的双向身份鉴别流程,包括客户端和服务器的握手步骤、证书交换、签名验证等关键环节。核心要点是协议使用SM2签名算法和ECDHE密钥交换,实现了双向身份鉴别,并提供了具体的随机数、证书数据和签名值示例。 综合评分: 83 文章分类: 渗透测试,安全工具,技术标准
TLCP 双向身份鉴别 — ECDHE_SM4_GCM_SM3(数据包私聊我)
原创
利刃信安 利刃信安
利刃信安
2026年7月3日 05:00 北京
在小说阅读器读本章
去阅读
TLCP 双向身份鉴别 — ECDHE_SM4_GCM_SM3
密码套件: ECDHE_SM4_GCM_SM3
传输协议: TLCP (TCP)
参考标准: GB/T 38636-2020 | GM/T 0009-2023 | GB/T 32918-2016
重要提示:ECDHE_SM4_GCM_SM3密码套件的TLCP协议仅支持双向身份鉴别!
协议分析详情
身份鉴别类型: 双向身份鉴别(显式)
0. 协议概览
- • 协议: TLCP
- • 签名算法: SM2
- • 密码套件:
0xe051(ECDHE_SM4_GCM_SM3) - • CertificateRequest: YES
- • CertificateVerify: YES
一、客户端验证服务端 (双向鉴别)
客户端随机数 (ClientHello)
- • tls.handshake.type == 1
- • Random:
bd59d2756bc3a517ebd22410f61b8a7843e5e2ede7601e83ea88d8e501e86650 - • GMT Unix Time: 2070-09-01 07:00:05 UTC
- • Random Bytes:
6bc3a517ebd22410f61b8a7843e5e2ede7601e83ea88d8e501e86650
服务端随机数 (ServerHello)
- • tls.handshake.type == 2
- • Random:
2c7a13eea140479cd86cf4d31b92060d45befec158bfba56fb80446310e680f7 - • GMT Unix Time: 1993-08-24 13:13:18 UTC
- • Random Bytes:
a140479cd86cf4d31b92060d45befec158bfba56fb80446310e680f7
规范引用
GB/T 38636-2020 第5页: 服务端密钥为非对称密码算法的密钥对。
加密证书长度 (Server Certificate)
- • tls.handshake.type == 11
- • Certificate Length: 532
- • 十六进制(3字节):
000214
签名证书 (Server Certificate)
- • 证书数据 (DER编码完整数据):
30820211308201b7a003020102020102300a06082a811ccf550183753062310b3009060355040613025858310b300906035504080c02585831143012060355040a0c0b6365727469666963617465310f300d060355040b0c0674657374696e311f301d06035504030c1663657274696669636174652e74657374696e2e636f6d301e170d3234303532323037303030365a170d3334303532303037303030365a3066310b3009060355040613025858310b300906035504080c02585831143012060355040a0c0b63657274696669636174653111300f060355040b0c08746573747369676e3121301f06035504030c1863657274696669636174652e746573747369676e2e636f6d3059301306072a8648ce3d020106082a811ccf5501822d03420004ca9fdb5aba25ed11906907d268c81140681204d57c3eee8ce8997b8d82cd957310dcd6dcdeb537e9feed7a2acacb6db29959615a74d0382ef700ffae319a77aea35a305830090603551d1304023000300b0603551d0f0404030206c0301d0603551d0e041604140ed167541756597c2aebc147a86636795d26000f301f0603551d23041830168014b17abca401d43178e3681dea8edb37a62ff6ed3a300a06082a811ccf550183750348003045022100a1f9daf70f86d65993fc3379c97aacdf28ab76608b04ed884edff3d54c08613f02206aba68df127d3a518b8331ff5e5d3de0973dae93ad27f6b67e06f040cf50a5f8
签名公钥
- • 规范引用: GM/T 0009-2023 SM2PublicKey = BITSTRING { 04‖X‖Y }
- • 签名公钥:
04ca9fdb5aba25ed11906907d268c81140681204d57c3eee8ce8997b8d82cd957310dcd6dcdeb537e9feed7a2acacb6db29959615a74d0382ef700ffae319a77ae - • X:
0xca9fdb5aba25ed11906907d268c81140681204d57c3eee8ce8997b8d82cd9573 - • Y:
0x10dcd6dcdeb537e9feed7a2acacb6db29959615a74d0382ef700ffae319a77ae
加密证书 (Server Certificate)
- • 证书数据 (DER编码完整数据):
30820210308201b5a003020102020103300a06082a811ccf550183753062310b3009060355040613025858310b300906035504080c02585831143012060355040a0c0b6365727469666963617465310f300d060355040b0c0674657374696e311f301d06035504030c1663657274696669636174652e74657374696e2e636f6d301e170d3234303532323037303030365a170d3334303532303037303030365a3064310b3009060355040613025858310b300906035504080c02585831143012060355040a0c0b63657274696669636174653110300e060355040b0c0774657374656e643120301e06035504030c1763657274696669636174652e74657374656e632e636f6d3059301306072a8648ce3d020106082a811ccf5501822d034200049bd6d635bbe97bcc0bbda3cb985f6146a5b15232da1e89b482d52c4b56fb86d07fdeb474f84e04e4591b2cd378ea6a50c005309fe8cea1375977e28cf65dee86a35a305830090603551d1304023000300b0603551d0f040403020338301d0603551d0e04160414301d5a5de80677eb27a18d085796a583c1e279cf301f0603551d23041830168014b17abca401d43178e3681dea8edb37a62ff6ed3a300a06082a811ccf550183750349003046022100c9b10501e4267b8d94d8dccdb78b914999726c3e7163a5e4f471f7fedd0a21da022100cf2e30446cc87ba384a24805ce517a382765273538af604284c915177bfb7a43
加密公钥 (SM2 非压缩格式)
- • 加密公钥:
049bd6d635bbe97bcc0bbda3cb985f6146a5b15232da1e89b482d52c4b56fb86d07fdeb474f84e04e4591b2cd378ea6a50c005309fe8cea1375977e28cf65dee86 - • X:
0x9bd6d635bbe97bcc0bbda3cb985f6146a5b15232da1e89b482d52c4b56fb86d0 - • Y:
0x7fdeb474f84e04e4591b2cd378ea6a50c005309fe8cea1375977e28cf65dee86
密码套件说明
- • 0xe051 (ECDHE_SM4_GCM_SM3): 采用 SM2 密钥协商 (ECDHE) 实现密钥交换
签名值 (ServerKeyExchange)
- • Server Key Exchange 消息 tls.handshake.type == 12
规范引用: GB/T 38636-2020 §6.4.5.4:
ECDHE: signed_params = client_random + server_random + params
ECC: signed_params = client_random + server_random + enc_cert_len + enc_cert
- • ECC-SM2-EXPORT Server Params (签名值 DER编码):
30440220097ca57c83823dc8378226899c8c1fa8422d41225c2b80d69c5e5b1f0568e54202202596c10643cbbbe747bd47d3318e331cf06a645aad4646f736cfebff03b845bf
- • R:
0x097ca57c83823dc8378226899c8c1fa8422d41225c2b80d69c5e5b1f0568e542 - • S:
0x2596c10643cbbbe747bd47d3318e331cf06a645aad4646f736cfebff03b845bf
User ID
- • 规范引用: GM/T 0009-2023
- • 十六进制:
31323334353637383132333435363738 - • 字符串:
"1234567812345678"
签名源数据
- • ECDHE模式: client_random + server_random + key_exchange_params(69B)
- • 总长度: 133 字节
- • 完整数据:
bd59d2756bc3a517ebd22410f61b8a7843e5e2ede7601e83ea88d8e501e866502c7a13eea140479cd86cf4d31b92060d45befec158bfba56fb80446310e680f70300294104a170464e73a6dc8ca65f5811493be3aef0157a8a310c3d4b8f1cf142d83ac13c80162f4207bd00a51ce39d8625067524b8b88b123f3202f73bc3172567e2417a
- • SM3(M):
48C9C9B283B2FB4920B6FE05A7E101211B0167965162A98F3A5880D70EC4F2E9
验签结果
- • 客户端验证服务端 (ServerKeyExchange签名): OK
二、服务端验证客户端
Certificate Request
- • tls.handshake.type == 13
- • Certificate type: ECDSA/SM2 Sign
- • 规范引用: GB/T 38636-2020 第5页
签名证书 (Client Certificate)
- • 证书数据 (DER编码完整数据):
30820211308201b7a003020102020102300a06082a811ccf550183753062310b3009060355040613025858310b300906035504080c02585831143012060355040a0c0b6365727469666963617465310f300d060355040b0c0674657374696e311f301d06035504030c1663657274696669636174652e74657374696e2e636f6d301e170d3234303532323037303030365a170d3334303532303037303030365a3066310b3009060355040613025858310b300906035504080c02585831143012060355040a0c0b63657274696669636174653111300f060355040b0c08746573747369676e3121301f06035504030c1863657274696669636174652e746573747369676e2e636f6d3059301306072a8648ce3d020106082a811ccf5501822d03420004ca9fdb5aba25ed11906907d268c81140681204d57c3eee8ce8997b8d82cd957310dcd6dcdeb537e9feed7a2acacb6db29959615a74d0382ef700ffae319a77aea35a305830090603551d1304023000300b0603551d0f0404030206c0301d0603551d0e041604140ed167541756597c2aebc147a86636795d26000f301f0603551d23041830168014b17abca401d43178e3681dea8edb37a62ff6ed3a300a06082a811ccf550183750348003045022100a1f9daf70f86d65993fc3379c97aacdf28ab76608b04ed884edff3d54c08613f02206aba68df127d3a518b8331ff5e5d3de0973dae93ad27f6b67e06f040cf50a5f8
签名公钥
- • 规范引用: GM/T 0009-2023 SM2PublicKey = BITSTRING { 04‖X‖Y }
- • 签名公钥:
04ca9fdb5aba25ed11906907d268c81140681204d57c3eee8ce8997b8d82cd957310dcd6dcdeb537e9feed7a2acacb6db29959615a74d0382ef700ffae319a77ae - • X:
0xca9fdb5aba25ed11906907d268c81140681204d57c3eee8ce8997b8d82cd9573 - • Y:
0x10dcd6dcdeb537e9feed7a2acacb6db29959615a74d0382ef700ffae319a77ae
加密证书 (Client Certificate)
- • 证书数据 (DER编码完整数据):
30820210308201b5a003020102020103300a06082a811ccf550183753062310b3009060355040613025858310b300906035504080c02585831143012060355040a0c0b6365727469666963617465310f300d060355040b0c0674657374696e311f301d06035504030c1663657274696669636174652e74657374696e2e636f6d301e170d3234303532323037303030365a170d3334303532303037303030365a3064310b3009060355040613025858310b300906035504080c02585831143012060355040a0c0b63657274696669636174653110300e060355040b0c0774657374656e643120301e06035504030c1763657274696669636174652e74657374656e632e636f6d3059301306072a8648ce3d020106082a811ccf5501822d034200049bd6d635bbe97bcc0bbda3cb985f6146a5b15232da1e89b482d52c4b56fb86d07fdeb474f84e04e4591b2cd378ea6a50c005309fe8cea1375977e28cf65dee86a35a305830090603551d1304023000300b0603551d0f040403020338301d0603551d0e04160414301d5a5de80677eb27a18d085796a583c1e279cf301f0603551d23041830168014b17abca401d43178e3681dea8edb37a62ff6ed3a300a06082a811ccf550183750349003046022100c9b10501e4267b8d94d8dccdb78b914999726c3e7163a5e4f471f7fedd0a21da022100cf2e30446cc87ba384a24805ce517a382765273538af604284c915177bfb7a43
加密公钥 (SM2 非压缩格式)
- • 加密公钥:
049bd6d635bbe97bcc0bbda3cb985f6146a5b15232da1e89b482d52c4b56fb86d07fdeb474f84e04e4591b2cd378ea6a50c005309fe8cea1375977e28cf65dee86 - • X:
0x9bd6d635bbe97bcc0bbda3cb985f6146a5b15232da1e89b482d52c4b56fb86d0 - • Y:
0x7fdeb474f84e04e4591b2cd378ea6a50c005309fe8cea1375977e28cf65dee86
签名值 (CertificateVerify)
- • 签名值 (DER编码):
3044022037b48f7de4fbb59bb7ed68e151670071f1478f40051f53ccc7a4b1e45219b131022063a479029326961be5cc5cf954daac2f91e7f5bbb59bfc0d0cff9bfa68a8486e
- • R:
0x37b48f7de4fbb59bb7ed68e151670071f1478f40051f53ccc7a4b1e45219b131 - • S:
0x63a479029326961be5cc5cf954daac2f91e7f5bbb59bfc0d0cff9bfa68a8486e
User ID
- • 十六进制:
31323334353637383132333435363738 - • 字符串:
"1234567812345678"
握手消息
- • 规范引用: GB/T 38636-2020 §6.4.5.9
- 1. ClientHello (type=1) len=67
- 2. ServerHello (type=2) len=87
- 3. Certificate (type=11) len=1627
- 4. ServerKeyExchange (type=12) len=145
- 5. CertificateRequest (type=13) len=8
- 6. ServerHelloDone (type=14) len=4
- 7. Certificate (type=11) len=1627
- 8. ClientKeyExchange (type=16) len=73
- • SM3(M):
0CAD4E830567095763F59CF598AF50B4AD7CE0570B363C1A79C7749039FD6653
验签结果
- • 服务端验证客户端 (CertificateVerify签名): OK
三、结论
| 验证项目 | 结果 | | — | — | | 客户端验证服务端 (ServerKeyExchange签名) | OK | | 服务端验证客户端 (CertificateVerify签名) | OK |
四、参考标准
- • GB/T 38636-2020: 信息安全技术 传输层密码协议
- • GB/T 32905-2016: 信息安全技术 SM3密码杂凑算法
- • GB/T 32918: 信息安全技术 SM2椭圆曲线公钥密码算法
- • GM/T 0009-2023: SM2密码算法使用规范
免责声明:
本文所载程序、技术方法仅面向合法合规的安全研究与教学场景,旨在提升网络安全防护能力,具有明确的技术研究属性。
任何单位或个人未经授权,将本文内容用于攻击、破坏等非法用途的,由此引发的全部法律责任、民事赔偿及连带责任,均由行为人独立承担,本站不承担任何连带责任。
本站内容均为技术交流与知识分享目的发布,若存在版权侵权或其他异议,请通过邮件联系处理,具体联系方式可点击页面上方的联系我。
本文转载自:利刃信安 利刃信安 利刃信安《TLCP 双向身份鉴别 — ECDHESM4GCM_SM3(数据包私聊我)》
版权声明
本站仅做备份收录,仅供研究与教学参考之用。
读者将信息用于其他用途的,全部法律及连带责任由读者自行承担,本站不承担任何责任。









评论