TLCP Stack ​

Overview ​

Transport Layer Cryptography Protocol (TLCP) is a secure communication protocol that complies with the GB/T 38636-2020 Information security technology-Transport layer cryptography protocol (TLCP). TLCP requires an encryption certificate and a signature certificate with their corresponding private keys in communication. Based on the open source version, the OpenSSL software released after openEuler 22.09 supports the TLCP and provides the following functions:

• Double certificates for SM series cryptographic algorithms based on TLCP
• ECC_SM4_CBC_SM3 and ECDHE_SM4_CBC_SM3 cipher suites
• SM2 certificates

Prerequisites ​

The version of the OpenSSL software installed in the openEuler operating system is later than 1.1.1m-4.

$ rpm -qa openssl
openssl-1.1.1m-6.oe2209.x86_64

How to Use ​

Scenario 1: Generating Two SM2 Certificates ​

According to the TLCP, two certificates are required for communication: signature certificate and encryption certificate. The signature certificate is used for identity authentication, and the encryption certificate is used for data encryption during key negotiation. CA is short for Certificate Authority. A certificate is generated only after the CSR certificate request file is issued by the CA. The following is a reference case that describes how to use a self-signed CA certificate to issue an entity certificate:

1. Prepare the configuration file openssl.cnf required for generating the certificates. The reference content is as follows (modified based on the OpenSSL source code apps/openssl.cnf):

   conf

   # This definition stops the following lines choking if HOME isn't
   # defined.
   HOME   = .
   
   # Extra OBJECT IDENTIFIER info:
   #oid_file  = $ENV::HOME/.oid
   oid_section  = new_oids
   
   # To use this configuration file with the "-extfile" option of the
   # "openssl x509" utility, name here the section containing the
   # X.509v3 extensions to use:
   # extensions  =
   # (Alternatively, use a configuration file that has only
   # X.509v3 extensions in its main [= default] section.)
   
   [ new_oids ]
   
   # We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
   # Add a simple OID like this:
   # testoid1=1.2.3.4
   # Or use config file substitution like this:
   # testoid2=${testoid1}.5.6
   
   # Policies used by the TSA examples.
   tsa_policy1 = 1.2.3.4.1
   tsa_policy2 = 1.2.3.4.5.6
   tsa_policy3 = 1.2.3.4.5.7
   
   ####################################################################
   [ ca ]
   default_ca = CA_default  # The default ca section
   
   ####################################################################
   [ CA_default ]
   
   dir  = ./demoCA  # Where everything is kept
   certs  = $dir/certs  # Where the issued certs are kept
   crl_dir  = $dir/crl  # Where the issued crl are kept
   database = $dir/index.txt # database index file.
   #unique_subject = no   # Set to 'no' to allow creation of
       # several certs with same subject.
   new_certs_dir = $dir/newcerts  # default place for new certs.
   
   certificate = $dir/cacert.pem  # The CA certificate
   serial  = $dir/serial   # The current serial number
   crlnumber = $dir/crlnumber # the current crl number
       # must be commented out to leave a V1 CRL
   crl  = $dir/crl.pem   # The current CRL
   private_key = $dir/private/cakey.pem# The private key
   
   x509_extensions = usr_cert  # The extensions to add to the cert
   
   # Comment out the following two lines for the "traditional"
   # (and highly broken) format.
   name_opt  = ca_default  # Subject Name options
   cert_opt  = ca_default  # Certificate field options
   
   # Extension copying option: use with caution.
   # copy_extensions = copy
   
   # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
   # so this is commented out by default to leave a V1 CRL.
   # crlnumber must also be commented out to leave a V1 CRL.
   # crl_extensions = crl_ext
   
   default_days = 365   # how long to certify for
   default_crl_days= 30   # how long before next CRL
   default_md = default  # use public key default MD
   preserve = no   # keep passed DN ordering
   
   # A few difference way of specifying how similar the request should look
   # For type CA, the listed attributes must be the same, and the optional
   # and supplied fields are just that :-)
   policy  = policy_match
   
   # For the CA policy
   [ policy_match ]
   countryName  = match
   stateOrProvinceName = match
   organizationName = match
   organizationalUnitName = optional
   commonName  = supplied
   emailAddress  = optional
   
   # For the 'anything' policy
   # At this point in time, you must list all acceptable 'object'
   # types.
   [ policy_anything ]
   countryName  = optional
   stateOrProvinceName = optional
   localityName  = optional
   organizationName = optional
   organizationalUnitName = optional
   commonName  = supplied
   emailAddress  = optional
   
   ####################################################################
   [ req ]
   default_bits  = 2048
   default_keyfile  = privkey.pem
   distinguished_name = req_distinguished_name
   attributes  = req_attributes
   x509_extensions = v3_ca # The extensions to add to the self signed cert
   
   # Passwords for private keys if not present they will be prompted for
   # input_password = secret
   # output_password = secret
   
   # This sets a mask for permitted string types. There are several options.
   # default: PrintableString, T61String, BMPString.
   # pkix  : PrintableString, BMPString (PKIX recommendation before 2004)
   # utf8only: only UTF8Strings (PKIX recommendation after 2004).
   # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
   # MASK:XXXX a literal mask value.
   # WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
   string_mask = utf8only
   
   # req_extensions = v3_req # The extensions to add to a certificate request
   
   [ req_distinguished_name ]
   countryName   = Country Name (2 letter code)
   countryName_default  = AU
   countryName_min   = 2
   countryName_max   = 2
   
   stateOrProvinceName  = State or Province Name (full name)
   stateOrProvinceName_default = Some-State
   
   localityName   = Locality Name (eg, city)
   
   0.organizationName  = Organization Name (eg, company)
   0.organizationName_default = Internet Widgits Pty Ltd
   
   # we can do this but it is not needed normally :-)
   #1.organizationName  = Second Organization Name (eg, company)
   #1.organizationName_default = World Wide Web Pty Ltd
   
   organizationalUnitName  = Organizational Unit Name (eg, section)
   #organizationalUnitName_default =
   
   commonName   = Common Name (e.g. server FQDN or YOUR name)
   commonName_max   = 64
   
   emailAddress   = Email Address
   emailAddress_max  = 64
   
   # SET-ex3   = SET extension number 3
   
   [ req_attributes ]
   challengePassword  = A challenge password
   challengePassword_min  = 4
   challengePassword_max  = 20
   
   unstructuredName  = An optional company name
   
   [ usr_cert ]
   
   # These extensions are added when 'ca' signs a request.
   
   # This goes against PKIX guidelines but some CAs do it and some software
   # requires this to avoid interpreting an end user certificate as a CA.
   
   basicConstraints=CA:FALSE
   
   # Here are some examples of the usage of nsCertType. If it is omitted
   # the certificate can be used for anything *except* object signing.
   
   # This is OK for an SSL server.
   # nsCertType   = server
   
   # For an object signing certificate this would be used.
   # nsCertType = objsign
   
   # For normal client use this is typical
   # nsCertType = client, email
   
   # and for everything including object signing:
   # nsCertType = client, email, objsign
   
   # This is typical in keyUsage for a client certificate.
   # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
   
   # This will be displayed in Netscape's comment listbox.
   nsComment   = "OpenSSL Generated Certificate"
   
   # PKIX recommendations harmless if included in all certificates.
   subjectKeyIdentifier=hash
   authorityKeyIdentifier=keyid,issuer
   
   # This stuff is for subjectAltName and issuerAltname.
   # Import the email address.
   # subjectAltName=email:copy
   # An alternative to produce certificates that aren't
   # deprecated according to PKIX.
   # subjectAltName=email:move
   
   # Copy subject details
   # issuerAltName=issuer:copy
   
   #nsCaRevocationUrl  = http://www.domain.dom/ca-crl.pem
   #nsBaseUrl
   #nsRevocationUrl
   #nsRenewalUrl
   #nsCaPolicyUrl
   #nsSslServerName
   
   # This is required for TSA certificates.
   # extendedKeyUsage = critical,timeStamping
   
   [ v3_req ]
   
   # Extensions to add to a certificate request
   
   basicConstraints = CA:FALSE
   keyUsage = nonRepudiation, digitalSignature
   
   [ v3enc_req ]
   
   # Extensions to add to a certificate request
   
   basicConstraints = CA:FALSE
   keyUsage = keyAgreement, keyEncipherment, dataEncipherment
   
   [ v3_ca ]
   
   # Extensions for a typical CA
   
   
   # PKIX recommendation.
   
   subjectKeyIdentifier=hash
   
   authorityKeyIdentifier=keyid:always,issuer
   
   basicConstraints = critical,CA:true
   
   # Key usage: this is typical for a CA certificate. However since it will
   # prevent it being used as an test self-signed certificate it is best
   # left out by default.
   keyUsage = cRLSign, keyCertSign
   
   # Some might want this also
   # nsCertType = sslCA, emailCA
   
   # Include email address in subject alt name: another PKIX recommendation
   # subjectAltName=email:copy
   # Copy issuer details
   # issuerAltName=issuer:copy
   
   # DER hex encoding of an extension: beware experts only!
   # obj=DER:02:03
   # Where 'obj' is a standard or added object
   # You can even override a supported extension:
   # basicConstraints= critical, DER:30:03:01:01:FF
   
   [ crl_ext ]
   
   # CRL extensions.
   # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
   
   # issuerAltName=issuer:copy
   authorityKeyIdentifier=keyid:always
   
   [ proxy_cert_ext ]
   # These extensions should be added when creating a proxy certificate
   
   # This goes against PKIX guidelines but some CAs do it and some software
   # requires this to avoid interpreting an end user certificate as a CA.
   
   basicConstraints=CA:FALSE
   
   # Here are some examples of the usage of nsCertType. If it is omitted
   # the certificate can be used for anything *except* object signing.
   
   # This is OK for an SSL server.
   # nsCertType   = server
   
   # For an object signing certificate this would be used.
   # nsCertType = objsign
   
   # For normal client use this is typical
   # nsCertType = client, email
   
   # and for everything including object signing:
   # nsCertType = client, email, objsign
   
   # This is typical in keyUsage for a client certificate.
   # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
   
   # This will be displayed in Netscape's comment listbox.
   nsComment   = "OpenSSL Generated Certificate"
   
   # PKIX recommendations harmless if included in all certificates.
   subjectKeyIdentifier=hash
   authorityKeyIdentifier=keyid,issuer
   
   # This stuff is for subjectAltName and issuerAltname.
   # Import the email address.
   # subjectAltName=email:copy
   # An alternative to produce certificates that aren't
   # deprecated according to PKIX.
   # subjectAltName=email:move
   
   # Copy subject details
   # issuerAltName=issuer:copy
   
   #nsCaRevocationUrl  = http://www.domain.dom/ca-crl.pem
   #nsBaseUrl
   #nsRevocationUrl
   #nsRenewalUrl
   #nsCaPolicyUrl
   #nsSslServerName
   
   # This really needs to be in place for it to be a proxy certificate.
   proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
   
   ####################################################################
   [ tsa ]
   
   default_tsa = tsa_config1 # the default TSA section
   
   [ tsa_config1 ]
   
   # These are used by the TSA reply generation only.
   dir  = ./demoCA  # TSA root directory
   serial  = $dir/tsaserial # The current serial number (mandatory)
   crypto_device = builtin  # OpenSSL engine to use for signing
   signer_cert = $dir/tsacert.pem  # The TSA signing certificate
       # (optional)
   certs  = $dir/cacert.pem # Certificate chain to include in reply
       # (optional)
   signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
   signer_digest  = sha256   # Signing digest to use. (Optional)
   default_policy = tsa_policy1  # Policy if request did not specify it
       # (optional)
   other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
   digests     = sha1, sha256, sha384, sha512  # Acceptable message digests (mandatory)
   accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
   clock_precision_digits  = 0 # number of digits after dot. (optional)
   ordering  = yes # Is ordering defined for timestamps?
       # (optional, default: no)
   tsa_name  = yes # Must the TSA name be included in the reply?
       # (optional, default: no)
   ess_cert_id_chain = no # Must the ESS cert id chain be included?
       # (optional, default: no)
   ess_cert_id_alg  = sha1 # algorithm to compute certificate
       # identifier (optional, default: sha1)

2. Generate a self-signed CA certificate.

   shell

   openssl ecparam -name SM2 -out SM2.pem
   openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=root ca' -keyout CA.key -newkey ec:SM2.pem -new -out CA.csr
   openssl x509 -sm3 -req -days 30 -in CA.csr -extfile ./openssl.cnf -extensions v3_ca -signkey CA.key -out CA.crt

3. Generate the server signature certificate and encryption certificate.

   shell

   openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=server sign' -keyout SS.key -newkey ec:SM2.pem -new -out SS.csr
   openssl x509 -sm3 -req -days 30 -in SS.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3_req -out SS.crt -CAcreateserial
   openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=server enc' -keyout SE.key -newkey ec:SM2.pem -new -out SE.csr
   openssl x509 -sm3 -req -days 30 -in SE.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3enc_req -out SE.crt -CAcreateserial

4. Generate the client signature certificate and encryption certificate.

   shell

   openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=client sign' -keyout CS.key -newkey ec:SM2.pem -new -out CS.csr
   openssl x509 -sm3 -req -days 30 -in CS.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3_req -out CS.crt -CAcreateserial
   openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=client enc' -keyout CE.key -newkey ec:SM2.pem -new -out CE.csr
   openssl x509 -sm3 -req -days 30 -in CE.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3enc_req -out CE.crt -CAcreateserial

Scenario 2: Using the OpenSSL CLI to Verify the TLCP Stack ​

The s_server/s_client tool provided by OpenSSL can be used to test the TLCP.

# Start the server.
openssl s_server  -verify 5 -accept 4433 \
    -cert SS.crt \
    -key SS.key \
    -dcert SE.crt \
    -dkey SE.key \
    -CAfile CA.crt

# Start the client.
openssl s_client -verify 5 -connect 127.0.0.1:4433 \
    -cert CS.crt \
    -key CS.key \
    -dcert CE.crt \
    -dkey CE.key \
    -CAfile CA.crt -tlcp

Scenario 3: Using OpenSSL APIs ​

Reference code on the server:

int main() {
    // Define the variables.
    SSL_CTX *ctx = NULL;
    const char *sign_cert_file = "SS.crt";
    const char *sign_key_file = "SS.key";
    const char *enc_cert_file = "SE.crt";
    const char *enc_key_file = "SE.key";

    // Generate the context.
    ctx = SSL_CTX_new(TLS_server_method());

    // Load the signature certificate and encryption certificate and their private keys.
    if (!SSL_CTX_use_gm_certificate_file(ctx, sign_cert_file, SSL_FILETYPE_PEM, SSL_USAGE_SIG))
        goto err;

    if (!SSL_CTX_use_gm_PrivateKey_file(ctx, sign_key_file, SSL_FILETYPE_PEM, SSL_USAGE_SIG))
        goto err;

    if (!SSL_CTX_use_gm_certificate_file(ctx, enc_cert_file, SSL_FILETYPE_PEM, SSL_USAGE_ENC))
        goto err;

    if (!SSL_CTX_use_gm_PrivateKey_file(ctx, enc_key_file, SSL_FILETYPE_PEM, SSL_USAGE_ENC))
        goto err;

    SSL_CTX_set_options(ctx, SSL_OP_ENCCERT_SECOND_POSITION);

    // The subsequent procedure is the same as that of the standard TLS.
    SSL *ssl = SSL_new(ctx);
}

Client reference code:

int main() {
    // Define the variables.
    SSL_CTX *ctx = NULL;
    const char *sign_cert_file = "CS.crt";
    const char *sign_key_file = "CS.key";
    const char *enc_cert_file = "CE.crt";
    const char *enc_key_file = "CE.key";

    // Generate the context.
    ctx = SSL_CTX_new(TLCP_client_method());

    // Load the signature certificate and encryption certificate and their private keys.
    if (!SSL_CTX_use_gm_certificate_file(ctx, sign_cert_file, SSL_FILETYPE_PEM, SSL_USAGE_SIG))
        goto err;

    if (!SSL_CTX_use_gm_PrivateKey_file(ctx, sign_key_file, SSL_FILETYPE_PEM, SSL_USAGE_SIG))
        goto err;

    if (!SSL_CTX_use_gm_certificate_file(ctx, enc_cert_file, SSL_FILETYPE_PEM, SSL_USAGE_ENC))
        goto err;

    if (!SSL_CTX_use_gm_PrivateKey_file(ctx, enc_key_file, SSL_FILETYPE_PEM, SSL_USAGE_ENC))
        goto err;

    // Set the cipher suite to ECC-SM4-CBC-SM3 or ECDHE-SM4-CBC-SM3.
    // This step is not mandatory. By default, ECC-SM4-CBC-SM3 is preferred.
    if(SSL_CTX_set_cipher_list(ctx, "ECC-SM4-CBC-SM3") <= 0)
        goto err;

    // The subsequent procedure is the same as that of the standard TLS.
    SSL *ssl = SSL_new(ctx);
}

KTLS Uninstallation ​

Overview ​

The Linux kernel protocol stack implements only the TCP/IP model and does not support the SSL/TLS session layer protocol. Currently, TLS encryption and decryption are implemented in user mode. However, in some scenarios, for example, when the kernel sends a file, multiple cross-state copies are generated, causing performance overhead. Therefore, the kernel implements KTLS. That is, the encryption context can be configured for the socket to offload data encryption to the kernel mode or lower-layer hardware.

The KTLS feature of the openEuler kernel 5.10 supports SM series cryptographic algorithms. Currently, the SM4-GCM and SM4-CCM algorithms are supported.

Prerequisites ​

Kernel 5.10.0-106 or later

$ rpm -qa kernel
kernel-5.10.0-106.1.0.55.oe2209.x86_64

How to Use ​

The method of calling SM series cryptographic algorithms is the same as that of calling other algorithms of the same type. For details, see the Linux kernel document.