GM/T 0128-2023 Specification of datagram transport layer cryptography protocol
1 Scope
This document specifies datagram transport layer cryptography protocol, including record layer protocols, handshake protocol suite, and key computation.
This document is applicable to the development, testing, management and use of datagram transport layer cryptography protocol related products (such as gateways, terminals, etc.).
2 Normative references
The following documents contain provisions which, through reference in this text, constitute provisions of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 38636-2020 Information security technology - Transport layer cryptography protocol (TLCP)
GM/Z 4001 Cryptology terminology
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GM/Z 4001 and the following apply.
3.1
path maximum transmission unit
minimum value of the link maximum transmission unit (MTU) that can be supported by any communication link on the path between the source node and the destination node of the communication
3.2
user datagram protocol
connectionless transport protocol, which provides a method for applications to send encapsulated IP packets without establishing a connection
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
AEAD: Authenticated Encryption with Associated Data
DTLCP: Datagram Transport Layer Cryptography Protocol
MAC: Message Authentication Codes
PMTU: Path Maximum Transmission Unit
UDP: User Datagram Protocol
5 Cryptographic algorithms and key types
5.1 General
DTLCP is based on Transport Layer Cryptography Protocol (TLCP) and is improved focusing on the characteristics of user datagram protocol. It adopts cryptographic technology to provide confidentiality and data integrity between two applications using UDP protocol. The cryptographic algorithms used in the protocol include asymmetric cryptographic algorithm, block cipher algorithm, cryptographic hash algorithm, data expansion function and pseudo-random function (PRF). The types of keys used in the protocol include server key, client key, pre-master secret, master secret and work key.
5.2 Cryptographic algorithm
5.2.1 Asymmetric cryptographic algorithm
It is used for identity authentication, digital signature, key exchange, etc.
5.2.2 Block cipher algorithm
It is used for encryption protection of key exchange data and message data. The operation mode used shall be Galois Counter Mode (GCM) or Cipher Block Chaining (CBC) Mode.
5.2.3 Cryptographic hash algorithm
It is used for checking the generation and integrity of symmetric keys.
5.2.4 Data expansion function P_hash
The definition and usage method of P_hash function shall meet the requirements of 5.2.4 in GB/T 38636-2020.
5.2.5 Pseudo-random function (PRF)
The calculation methods of PRF shall meet the requirements of 5.2.5 in GB/T 38636-2020.
5.3 Key types
Foreword i
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Cryptographic algorithms and key types
5.1 General
5.2 Cryptographic algorithm
5.3 Key types
6 Protocols
6.1 General
6.2 Definition of data type
6.3 Record layer protocol
6.4 Handshake protocol suite
6.5 Key computation
Bibliography
GM/T 0128-2023 Specification of datagram transport layer cryptography protocol
1 Scope
This document specifies datagram transport layer cryptography protocol, including record layer protocols, handshake protocol suite, and key computation.
This document is applicable to the development, testing, management and use of datagram transport layer cryptography protocol related products (such as gateways, terminals, etc.).
2 Normative references
The following documents contain provisions which, through reference in this text, constitute provisions of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 38636-2020 Information security technology - Transport layer cryptography protocol (TLCP)
GM/Z 4001 Cryptology terminology
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GM/Z 4001 and the following apply.
3.1
path maximum transmission unit
minimum value of the link maximum transmission unit (MTU) that can be supported by any communication link on the path between the source node and the destination node of the communication
3.2
user datagram protocol
connectionless transport protocol, which provides a method for applications to send encapsulated IP packets without establishing a connection
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
AEAD: Authenticated Encryption with Associated Data
DTLCP: Datagram Transport Layer Cryptography Protocol
MAC: Message Authentication Codes
PMTU: Path Maximum Transmission Unit
UDP: User Datagram Protocol
5 Cryptographic algorithms and key types
5.1 General
DTLCP is based on Transport Layer Cryptography Protocol (TLCP) and is improved focusing on the characteristics of user datagram protocol. It adopts cryptographic technology to provide confidentiality and data integrity between two applications using UDP protocol. The cryptographic algorithms used in the protocol include asymmetric cryptographic algorithm, block cipher algorithm, cryptographic hash algorithm, data expansion function and pseudo-random function (PRF). The types of keys used in the protocol include server key, client key, pre-master secret, master secret and work key.
5.2 Cryptographic algorithm
5.2.1 Asymmetric cryptographic algorithm
It is used for identity authentication, digital signature, key exchange, etc.
5.2.2 Block cipher algorithm
It is used for encryption protection of key exchange data and message data. The operation mode used shall be Galois Counter Mode (GCM) or Cipher Block Chaining (CBC) Mode.
5.2.3 Cryptographic hash algorithm
It is used for checking the generation and integrity of symmetric keys.
5.2.4 Data expansion function P_hash
The definition and usage method of P_hash function shall meet the requirements of 5.2.4 in GB/T 38636-2020.
5.2.5 Pseudo-random function (PRF)
The calculation methods of PRF shall meet the requirements of 5.2.5 in GB/T 38636-2020.
5.3 Key types
Contents of GM/T 0128-2023
Foreword i
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Cryptographic algorithms and key types
5.1 General
5.2 Cryptographic algorithm
5.3 Key types
6 Protocols
6.1 General
6.2 Definition of data type
6.3 Record layer protocol
6.4 Handshake protocol suite
6.5 Key computation
Bibliography