альность и контроль целостности данных, передаваемых на транспортном коммуникаци-онном уровне часть протокола TLS используется протоколами Handshake, Change Cipher Spec и Alert.


Чтобы посмотреть этот PDF файл с форматированием и разметкой, скачайте его и откройте на своем компьютере.
ÃÎÑÓÄÀÐÑÒÂÅÍÍÛÉÑÒÀÍÄÀÐÒ
ÑÒÁ34.101.65-2014
ÐÅÑÏÓÁËÈÊÈÁÅËÀÐÓÑÜ
Èíôîðìàöèîííûåòåõíîëîãèèèáåçîïàñíîñòü
ÏÐÎÒÎÊÎËÇÀÙÈÒÛÒÐÀÍÑÏÎÐÒÍÎÃÎÓÐÎÂÍß(TLS)
Iíôàðìàöûéíûÿòýõíàëîãiiiáÿñïåêà
ÏÐÀÒÀÊÎËÀÕÎÂÛÒÐÀÍÑÏÀÐÒÍÀÃÀ’ÇÐÎ’ÍÞ(TLS)
Ãîññòàíäàðò
Ìèíñê
ÑÒÁ34.101.65-2014
ÓÄÊ004.056.5.057.4(083.74)(476)ÌÊÑ35.240.01ÊÏ05
Êëþ÷åâûåñëîâà
:òðàíñïîðòíûéóðîâåíü,êðèïòîãðàôè÷åñêèéïðîòîêîë,øèôðîâà-
íèå,êîíòðîëüöåëîñòíîñòè,àóòåíòèôèêàöèÿ
Ïðåäèñëîâèå
Öåëè,îñíîâíûåïðèíöèïû,ïîëîæåíèÿïîãîñóäàðñòâåííîìóðåãóëèðîâàíèþèóïðàâ-
ëåíèþâîáëàñòèòåõíè÷åñêîãîíîðìèðîâàíèÿèñòàíäàðòèçàöèèóñòàíîâëåíûÇàêîíîìÐåñ-
ïóáëèêèÁåëàðóñü¾Îòåõíè÷åñêîìíîðìèðîâàíèèèñòàíäàðòèçàöèè¿.
1ÐÀÇÐÀÁÎÒÀÍó÷ðåæäåíèåìÁåëîðóññêîãîãîñóäàðñòâåííîãîóíèâåðñèòåòà¾Íàó÷-
íî-èññëåäîâàòåëüñêèéèíñòèòóòïðèêëàäíûõïðîáëåììàòåìàòèêèèèíôîðìàòèêè¿(ÍÈÈ
ÏÏÌÈ)
ÂÍÅÑÅÍÎïåðàòèâíî-àíàëèòè÷åñêèìöåíòðîìïðèÏðåçèäåíòåÐåñïóáëèêèÁåëàðóñü
2ÓÒÂÅÐÆÄÅÍÈÂÂÅÄÅÍÂÄÅÉÑÒÂÈÅïîñòàíîâëåíèåìÃîññòàíäàðòàÐåñïóáëè-
êèÁåëàðóñüîò22ìàÿ2014ã.23
3ÍàñòîÿùèéñòàíäàðòðàçðàáîòàííàîñíîâåäîêóìåíòàRFC5246:2008TheTransport
LayerSecurity(TLS)Protocol.Version1.2(Ïðîòîêîëçàùèòûòðàíñïîðòíîãîóðîâíÿ.Âåð-
ñèÿ1.2).ÄîêóìåíòRFC5246ðàçðàáîòàíÑïåöèàëüíîéêîìèññèåéèíòåðíåò-ðàçðàáîòîê
Èçäàííàðóññêîìÿçûêå
II
ÑÒÁ34.101.65-2014
Ñîäåðæàíèå
1Îáëàñòüïðèìåíåíèÿ................................................................1
2Íîðìàòèâíûåññûëêè................................................................1
3Òåðìèíûèîïðåäåëåíèÿ.............................................................2
4Ñîêðàùåíèÿ,ñîãëàøåíèÿèîáîçíà÷åíèÿ............................................4
5Îáùèåïîëîæåíèÿ...................................................................4
6Êðèïòîíàáîðûèìåòîäûàóòåíòèôèêàöèè..........................................5
6.1Êðèïòîíàáîðû.....................................................................
5
6.2Àëãîðèòìûêðèïòîíàáîðîâ.......................................................
5
6.3Ìåòîäûàóòåíòèôèêàöèè.........................................................
9
7ÏðîòîêîëRecord....................................................................10
7.1Îáùèåñâåäåíèÿ...................................................................
10
7.2Ñîñòîÿíèÿñîåäèíåíèÿ............................................................
11
7.3Âûïîëíåíèåïðîòîêîëà............................................................
13
7.4Ôîðìèðîâàíèåêëþ÷åé............................................................
18
8ÏðîòîêîëHandshake.................................................................18
8.1Ñîñòîÿíèåñåàíñà..................................................................
18
8.2Øàãèïðîòîêîëà...................................................................
19
8.3Ñîîáùåíèÿïðîòîêîëà.............................................................
22
8.4Ñîîáùåíèå
HelloRequest
.........................................................
23
8.5Ñîîáùåíèå
ClientHello
..........................................................
23
8.6Ñîîáùåíèå
ServerHello
..........................................................
25
8.7Ðàñøèðåíèÿïðèâåòñòâåííûõñîîáùåíèé.........................................
26
8.8Ñîîáùåíèåñåðâåðà
Certificate
.................................................
30
8.9Ñîîáùåíèå
ServerKeyExchange
...................................................
31
8.10Ñîîáùåíèå
CertificateRequest
..................................................
31
8.11Ñîîáùåíèå
ServerHelloDone
.....................................................
32
8.12Ñîîáùåíèåêëèåíòà
Certificate
.................................................
33
8.13Ñîîáùåíèå
ClientKeyExchange
...................................................
33
8.14Ñîîáùåíèå
CertificateVerify
...................................................
34
8.15Ñîîáùåíèå
Finished
..............................................................
34
8.16Âû÷èñëåíèåìàñòåð-êëþ÷à........................................................
35
9ÏðîòîêîëChangeCipherSpec.......................................................36
10ÏðîòîêîëAlert......................................................................36
10.1Ñèãíàëüíûåñîîáùåíèÿ...........................................................
36
10.2Ñîîáùåíèÿîçàêðûòèèñîåäèíåíèÿ..............................................
37
10.3Ñîîáùåíèÿîáîøèáêàõ...........................................................
38
ÏðèëîæåíèåÀ(îáÿçàòåëüíîå)Òðàêòîâàíèåêëþ÷åâûõñëîâ...........................41
ÏðèëîæåíèåÁ(îáÿçàòåëüíîå)Ïðàâèëàîïèñàíèÿäàííûõ..............................42
ÏðèëîæåíèåÂ(îáÿçàòåëüíîå)ÊðèïòîíàáîðûñåìåéñòâàBIGN_WITH_BELT........48
Áèáëèîãðàôèÿ..........................................................................59
III
ÑÒÁ34.101.65-2014
ÃÎÑÓÄÀÐÑÒÂÅÍÍÛÉÑÒÀÍÄÀÐÒÐÅÑÏÓÁËÈÊÈÁÅËÀÐÓÑÜ
Èíôîðìàöèîííûåòåõíîëîãèèèáåçîïàñíîñòü
ÏÐÎÒÎÊÎËÇÀÙÈÒÛÒÐÀÍÑÏÎÐÒÍÎÃÎÓÐÎÂÍß(TLS)
Iíôàðìàöûéíûÿòýõíàëîãiiiáÿñïåêà
ÏÐÀÒÀÊÎËÀÕÎÂÛÒÐÀÍÑÏÀÐÒÍÀÃÀ’ÇÐÎ’ÍÞ(TLS)
Informationtechnologyandsecurity
TheTransportLayerSecurityProtocol
Äàòàââåäåíèÿ2014-09-01
1Îáëàñòüïðèìåíåíèÿ
Íàñòîÿùèéñòàíäàðòóñòàíàâëèâàåòïðîòîêîëçàùèòûòðàíñïîðòíîãî(êîììóíèêàöè-
îííîãî)óðîâíÿ,èçâåñòíûéêàêïðîòîêîëTLS(TransportLayerSecurity)âåðñèè1.2.Ñòàí-
äàðòîïðåäåëÿåòäåéñòâèÿñòîðîíïðîòîêîëàèôîðìàòûñîîáùåíèé,êîòîðûìèñòîðîíû
îáìåíèâàþòñÿ.
Íàñòîÿùèéñòàíäàðòïðèìåíÿåòñÿïðèðàçðàáîòêåñðåäñòâêðèïòîãðàôè÷åñêîéçàùè-
òûèíôîðìàöèè,ïåðåäàâàåìîéâñåòèÈíòåðíåò.
2Íîðìàòèâíûåññûëêè
Âíàñòîÿùåìñòàíäàðòåèñïîëüçîâàíûññûëêèíàñëåäóþùèåòåõíè÷åñêèåíîðìàòèâ-
íûåïðàâîâûåàêòûâîáëàñòèòåõíè÷åñêîãîíîðìèðîâàíèÿèñòàíäàðòèçàöèè(äàëåå
ÒÍÏÀ):
ÑÒÁ34.101.19-2012Èíôîðìàöèîííàÿòåõíîëîãèèèáåçîïàñíîñòü.Ôîðìàòûñåðòèôè-
êàòîâèñïèñêîâîòîçâàííûõñåðòèôèêàòîâèíôðàñòðóêòóðûîòêðûòûõêëþ÷åé
ÑÒÁ34.101.31-2011Èíôîðìàöèîííûåòåõíîëîãèè.Çàùèòàèíôîðìàöèè.Êðèïòîãðà-
ôè÷åñêèåàëãîðèòìûøèôðîâàíèÿèêîíòðîëÿöåëîñòíîñòè
ÑÒÁ34.101.45-2013Èíôîðìàöèîííûåòåõíîëîãèèèáåçîïàñíîñòü.Àëãîðèòìûýëåê-
òðîííîéöèôðîâîéïîäïèñèèòðàíñïîðòàêëþ÷àíàîñíîâåýëëèïòè÷åñêèõêðèâûõ
ÑÒÁ34.101.47-2012Èíôîðìàöèîííûåòåõíîëîãèèèáåçîïàñíîñòü.Êðèïòîãðàôè÷åñêèå
àëãîðèòìûãåíåðàöèèïñåâäîñëó÷àéíûõ÷èñåë
ÃÎÑÒ34.973-91(ÈÑÎ8824-87)Èíôîðìàöèîííàÿòåõíîëîãèÿ.Âçàèìîñâÿçüîòêðûòûõ
ñèñòåì.Ñïåöèôèêàöèÿàáñòðàêòíî-ñèíòàêñè÷åñêîéíîòàöèèâåðñèè1(ÀÑÍ.1)
ÃÎÑÒ34.974-91(ÈÑÎ8825-87)Èíôîðìàöèîííàÿòåõíîëîãèÿ.Âçàèìîñâÿçüîòêðûòûõ
ñèñòåì.Îïèñàíèåáàçîâûõïðàâèëêîäèðîâàíèÿäëÿàáñòðàêòíî-ñèíòàêñè÷åñêîéíîòàöèè
âåðñèè1(ÀÑÍ.1)
ÃÎÑÒ27463-87Ñèñòåìûîáðàáîòêèèíôîðìàöèè.7-áèòíûåêîäèðîâàííûåíàáîðûñèì-
âîëîâ
Ïðèìå÷àíèåÏðèïîëüçîâàíèèíàñòîÿùèìñòàíäàðòîìöåëåñîîáðàçíîïðîâåðèòüäåéñòâèå
ÒÍÏÀïîêàòàëîãó,ñîñòàâëåííîìóïîñîñòîÿíèþíà1ÿíâàðÿòåêóùåãîãîäà,èïîñîîòâåò-
ñòâóþùèìèíôîðìàöèîííûìóêàçàòåëÿì,îïóáëèêîâàííûìâòåêóùåìãîäó.
Åñëèññûëî÷íûåÒÍÏÀçàìåíåíû(èçìåíåíû),òîïðèïîëüçîâàíèèíàñòîÿùèìñòàíäàðòîì
ñëåäóåòðóêîâîäñòâîâàòüñÿçàìåíåííûìè(èçìåíåííûìè)ÒÍÏÀ.Åñëèññûëî÷íûåÒÍÏÀîò-
ìåíåíûáåççàìåíû,òîïîëîæåíèå,âêîòîðîìäàíàññûëêàíàíèõ,ïðèìåíÿåòñÿâ÷àñòè,íå
çàòðàãèâàþùåéýòóññûëêó.
1
ÑÒÁ34.101.65-2014
3Òåðìèíûèîïðåäåëåíèÿ
Âíàñòîÿùåìñòàíäàðòåïðèìåíÿþòòåðìèíû,óñòàíîâëåííûåâÑÒÁ34.101.19,
ÑÒÁ34.101.31,ÑÒÁ34.101.45èÑÒÁ34.101.47,àòàêæåñëåäóþùèåòåðìèíûññîîòâåò-
ñòâóþùèìèîïðåäåëåíèÿìè:
3.1àëãîðèòìñæàòèÿ
:Àëãîðèòì,êîòîðûéâûïîëíÿåòîáðàòèìîåñæàòèåäàííûõäëÿ
óìåíüøåíèÿèõðàçìåðàïðèïåðåäà÷åïîêàíàëàìñâÿçè;âíàñòîÿùåìñòàíäàðòåàëãîðèòì
ñæàòèÿèñïîëüçóåòñÿâñåãäàâìåñòåñàëãîðèòìîìâîññòàíîâëåíèÿñæàòûõäàííûõ.
3.2àóòåíòèôèêàöèÿ
:Ïðîâåðêàïîäëèííîñòèñòîðîíû.
3.3êëèåíò(client)
:Ñòîðîíà,êîòîðàÿèíèöèèðóåòâûïîëíåíèåïðîòîêîëàTLS.
3.4êëþ÷èìèòîçàùèòûêëèåíòà(clientwriteMACkey)
:Êðèïòîãðàôè÷åñêèé
êëþ÷,èñïîëüçóåìûéäëÿèìèòîçàùèòûäàííûõ,îòïðàâëÿåìûõêëèåíòîì.
3.5êëþ÷èìèòîçàùèòûñåðâåðà(serverwriteMACkey)
:Êðèïòîãðàôè÷åñêèé
êëþ÷,èñïîëüçóåìûéäëÿèìèòîçàùèòûäàííûõ,îòïðàâëÿåìûõñåðâåðîì.
3.6êëþ÷øèôðîâàíèÿêëèåíòà(clientwriteencryptionkey)
:Êðèïòîãðàôè÷å-
ñêèéêëþ÷,èñïîëüçóåìûéäëÿøèôðîâàíèÿäàííûõ,îòïðàâëÿåìûõêëèåíòîì.
3.7êëþ÷øèôðîâàíèÿñåðâåðà(serverwriteencryptionkey)
:Êðèïòîãðàôè÷å-
ñêèéêëþ÷,èñïîëüçóåìûéäëÿøèôðîâàíèÿäàííûõ,îòïðàâëÿåìûõñåðâåðîì.
3.8êðèïòîíàáîð(ciphersuite)
:Êðèïòîîïðåäåëåíèå,äîïîëíåííîåàëãîðèòìîìôîð-
ìèðîâàíèÿîáùåãîêëþ÷à,êîòîðûéèñïîëüçóåòñÿâïðîòîêîëåHandshakeäëÿïîñòðîåíèÿ
ïðåäâàðèòåëüíîãîìàñòåð-êëþ÷à.
3.9êðèïòîîïðåäåëåíèå(cipherspec)
:Òî÷íîîïðåäåëåííûéïåðå÷åíüàëãîðèòìîâ
øèôðîâàíèÿ,èìèòîçàùèòû,ãåíåðàöèèïñåâäîñëó÷àéíûõ÷èñåë,êîòîðûåèñïîëüçóþòñÿâ
ïðîòîêîëåRecordäëÿîáåñïå÷åíèÿêîíôèäåíöèàëüíîñòèèêîíòðîëÿöåëîñòíîñòèäàííûõ.
ÑÒÁ34.101.65-2014
êîë,êîòîðûéîáåñïå÷èâàåòâçàèìíóþàóòåíòèôèêàöèþñòîðîíïðîòîêîëà,êîíôèäåíöèàëü-
íîñòüèêîíòðîëüöåëîñòíîñòèäàííûõ,ïåðåäàâàåìûõìåæäóñòîðîíàìèíàòðàíñïîðòíîì
êîììóíèêàöèîííîìóðîâíå.
3.17ïðîòîêîëAlert
:Ïðîòîêîëîáìåíàñèãíàëüíûìèñîîáùåíèÿìè;÷àñòüïðîòîêîëà
TLS.
3.18ïðîòîêîëChangeCipherSpec
:Ïðîòîêîëîïîâåùåíèÿîïåðåõîäåêíîâûì
ñîñòîÿíèÿìñîåäèíåíèÿïîñëåñîãëàñîâàíèÿïàðàìåòðîâñâÿçè;÷àñòüïðîòîêîëàTLS.
3.19ïðîòîêîëHandshake
:Ïðîòîêîëóñòàíîâêè,âîçîáíîâëåíèÿèëèïåðåóñòàíîâêè
ñâÿçè;÷àñòüïðîòîêîëàTLS.
3.20ïðîòîêîëRecord
:Ïðîòîêîë,îáåñïå÷èâàþùèéîáðàòèìîåñæàòèå,êîíôèäåíöè-
àëüíîñòüèêîíòðîëüöåëîñòíîñòèäàííûõ,ïåðåäàâàåìûõíàòðàíñïîðòíîìêîììóíèêàöè-
îííîìóðîâíå;÷àñòüïðîòîêîëàTLS;èñïîëüçóåòñÿïðîòîêîëàìèHandshake,ChangeCipher
SpecèAlert.
3.21ñåàíñ(session)
:Ëîãè÷åñêàÿñâÿçüìåæäóêëèåíòîìèñåðâåðîì,êîòîðàÿîïèñû-
âàåòñÿèäåíòèôèêàòîðîì,ïàðàìåòðàìèçàùèòûèäðóãèìèñîãëàñîâàííûìèìåæäóñòîðî-
íàìèäàííûìè,êîòîðûåìîãóòáûòüèñïîëüçîâàíûâíåñêîëüêèõñîåäèíåíèÿõ.
3.22ñåðâåð(server)
:Ñòîðîíà,êîòîðàÿâûïîëíÿåòïðîòîêîëTLSñêëèåíòàìèïîèõ
çàïðîñàì.
3.23ñèãíàëüíîåñîîáùåíèå(alertmessage)
:Ñîîáùåíèåîçàêðûòèèñîåäèíåíèÿ
èëèñîîáùåíèåîâíåøòàòíîéñèòóàöèèâîâðåìÿâûïîëíåíèÿïðîòîêîëàTLS.
3.24ñîãëàñîâàíèåïàðàìåòðîâñâÿçè(negotiate)
:Ñîãëàñîâàíèåìåæäóêëèåí-
òîìèñåðâåðîìàëãîðèòìàñæàòèÿ,êðèïòîíàáîðîâ,ìåòîäààóòåíòèôèêàöèè,ïàðàìåòðîâ
çàùèòû;÷àñòüïðîòîêîëàHandshake.
3.25ñîåäèíåíèå(connection)
:Câÿçüìåæäóñòîðîíàìèíàòðàíñïîðòíîìêîììóíè-
êàöèîííîìóðîâíå.
3.26ñîñòîÿíèåñîåäèíåíèÿ(connectionstate)
:Íàáîðïàðàìåòðîâ,îïðåäåëÿþ-
ùèõñïîñîáîáðàáîòêèïðèíèìàåìûõèëèîòïðàâëÿåìûõâðàìêàõñîåäèíåíèÿäàííûõ,â
òîì÷èñëåïîðÿäêîâûéíîìåðîáðàáàòûâàåìîãîôðàãìåíòàäàííûõ,ñîñòîÿíèÿàëãîðèòìîâ
êðèïòîîïðåäåëåíèÿ,ñîñòîÿíèåàëãîðèòìàñæàòèÿ;ñîñòîÿíèåñîåäèíåíèÿôîðìèðóåòñÿïî
ïàðàìåòðàìçàùèòûñåàíñà.
3.27ñîêðàùåííàÿóñòàíîâêàñâÿçè;âîçîáíîâëåíèåñâÿçè(abbreviated
handshake;sessionresume)
:Ñîãëàñîâàíèåïàðàìåòðîâñâÿçè,êîòîðîåâûïîëíÿåòñÿâ
íà÷àëåñîåäèíåíèÿèçàêàí÷èâàåòñÿïðèâÿçêîéêñîçäàííîìóðàíååñåàíñó,ôîðìèðîâàíè-
åìïîïàðàìåòðàìçàùèòûýòîãîñåàíñàíîâûõñîñòîÿíèéñîåäèíåíèÿèïåðåõîäîìêýòèì
ñîñòîÿíèÿì.
3.28óñòàíîâêàñâÿçè(handshake;fullhandshake)
:Ñîãëàñîâàíèåïàðàìåòðîâñâÿ-
çè,êîòîðîåâûïîëíÿåòñÿâíà÷àëåñîåäèíåíèÿèçàêàí÷èâàåòñÿñîçäàíèåìíîâîãîñåàíñà,
ôîðìèðîâàíèåìïîïàðàìåòðàìçàùèòûýòîãîñåàíñàíîâûõñîñòîÿíèéñîåäèíåíèÿèïåðå-
õîäîìêýòèìñîñòîÿíèÿì.
3.29ôðàãìåíò(record)
:Ïîðöèÿäàííûõ,îòïðàâëÿåìûõèëèïðèíèìàåìûõíàòðàíñ-
ïîðòíîìêîììóíèêàöèîííîìóðîâíå.
3.30ýôåìåðíûéêëþ÷(ephemeralkey)
:Êðèïòîãðàôè÷åñêèéêëþ÷,êîòîðûéãå-
íåðèðóåòñÿ,èñïîëüçóåòñÿèóíè÷òîæàåòñÿïðèóñòàíîâêåñâÿçè.
3
ÑÒÁ34.101.65-2014
3.31ÿâíàÿ÷àñòüñèíõðîïîñûëêè(explicitnonce)
:×àñòüñèíõðîïîñûëêè,êîòî-
ðàÿïåðåäàåòñÿâìåñòåñîáðàáîòàííûìèíàíåéäàííûìè.
4Ñîêðàùåíèÿ,ñîãëàøåíèÿèîáîçíà÷åíèÿ
Âíàñòîÿùåìñòàíäàðòåïðèìåíÿþòñëåäóþùååñîêðàùåíèå:
ÝÖÏýëåêòðîííàÿöèôðîâàÿïîäïèñü.
Âíàñòîÿùåìñòàíäàðòåêëþ÷åâûåñëîâà¾ÄÎËÆÅÍ¿,¾ÍÅËÜÇß¿,¾ÑËÅÄÓÅÒ¿,
¾ÍÅÑËÅÄÓÅÒ¿,¾ÐÅÊÎÌÅÍÄÓÅÒÑß¿è¾ÌÎÆÅÒ¿,âûäåëåííûåïðîïèñíûìèáóê-
âàìè,äîëæíûèíòåðïðåòèðîâàòüñÿ,êàêîïèñàíîâïðèëîæåíèèÀ.
Âíàñòîÿùåìñòàíäàðòåäëÿîïèñàíèÿôîðìàòîâäàííûõèñïîëüçóþòñÿñîãëàøåíèÿè
îáîçíà÷åíèÿ,îïðåäåëåííûåâïðèëîæåíèèÁ.Ïðèìåíÿåìûéñèíòàêñèñîñíîâàííàÿçûêå
ïðîãðàììèðîâàíèÿÑè[1]èïðàâèëàõ,çàäàííûõâ[2].
5Îáùèåïîëîæåíèÿ
Íàñòîÿùèéñòàíäàðòîïðåäåëÿåòêðèïòîãðàôè÷åñêèéïðîòîêîë,ïðåäíàçíà÷åííûéäëÿ
çàùèòûñîåäèíåíèéìåæäóêëèåíòîìèñåðâåðîìâñåòèÈíòåðíåò.Äàííûéïðîòîêîëñî-
îòâåòñòâóåòñïåöèôèêàöèè[3],ååðàñøèðåíèÿì[4],[5]è,ñëåäóÿýòèìäîêóìåíòàì,îáî-
çíà÷àåòñÿTLS.Äåéñòâèÿñòîðîíïðîòîêîëàèôîðìàòûïåðåñûëàåìûõìåæäóñòîðîíàìè
ñîîáùåíèéîïðåäåëÿþòñÿñòàêîéñòåïåíüþäåòàëèçàöèè,êîòîðàÿïîçâîëÿåòðàçðàáàòûâàòü
ïîëíîñòüþñîâìåñòèìûåìåæäóñîáîéðåàëèçàöèèTLS.
TLSîáåñïå÷èâàåòàóòåíòèôèêàöèþñòîðîíïðîòîêîëà,êîíôèäåíöèàëüíîñòüèêîí-
òðîëüöåëîñòíîñòèïåðåäàâàåìûõìåæäóñòîðîíàìèäàííûõ.TLSâñòðàèâàåòñÿâñòåêêîì-
ìóíèêàöèîííûõïðîòîêîëîâïîâåðõòðàíñïîðòíîãîóðîâíÿèîáåñïå÷èâàåòçàùèòóäàííûõ
ýòîãîóðîâíÿ.TLSâûïîëíÿåòñÿíåçàâèñèìîîòïðîòîêîëîââåðõíåãîóðîâíÿèïðîçðà÷åí
äëÿíèõ.
Äëÿîðãàíèçàöèèçàùèòûèñïîëüçóþòñÿêðèïòîãðàôè÷åñêèåàëãîðèòìû,êîòîðûå
îôîðìëÿþòñÿââèäåêðèïòîíàáîðîâ.ÂTLSïðåäóñìîòðåíàâîçìîæíîñòüðàñøèðåíèÿïå-
ðå÷íÿêðèïòîíàáîðîâ.ÐàñøèðÿåìîñòüTLSèçáàâëÿåòîòíåîáõîäèìîñòèñîçäàâàòüèðåàëè-
çîâûâàòüíîâûéïðîòîêîëäëÿêàæäîãîíîâîãîíàáîðàêðèïòîãðàôè÷åñêèõàëãîðèòìîâ.Â
ïðèëîæåíèèÂîïðåäåëåíûêðèïòîíàáîðû,îñíîâàííûåíàêðèïòîãðàôè÷åñêèõàëãîðèòìàõ
äåéñòâóþùèõÒÍÏÀ.
ÂTLSïðåäóñìîòðåíàâîçìîæíîñòüñîõðàíåíèÿñîñòîÿíèéñåàíñîâ,÷òîïîçâîëÿåòâîñ-
ñòàíàâëèâàòüñâÿçüìåæäóñòîðîíàìè,àíåóñòàíàâëèâàòüååêàæäûéðàççàíîâî.Âîç-
ìîæíîñòüñîõðàíåíèÿñîñòîÿíèéñåàíñîâñíèæàåòíàãðóçêóíàñåðâåðèóìåíüøàåòîáúåì
ïåðåñûëàåìûõìåæäóñòîðîíàìèäàííûõ.
TLSÿâëÿåòñÿîáúåäèíåíèåìíåñêîëüêèõñóáïðîòîêîëîâ,ðàçáèòûõíàäâàóðîâíÿ.Íà
íèæíåìóðîâíåäåéñòâóåòïðîòîêîëRecord,êîòîðûéîáåñïå÷èâàåòçàùèùåííûéòðàíñïîðò
äàííûõ,ïîñòóïàþùèõîòïðèêëàäíûõïðîòîêîëîâ.Íàâåðõíåìóðîâíåäåéñòâóþòïðîòî-
êîëûHandshake,ChangeCipherSpec,Alertèïðèêëàäíûåïðîòîêîëû.
ÏðîòîêîëRecordîáåñïå÷èâàåòêîíôèäåíöèàëüíîñòüèêîíòðîëüöåëîñòíîñòèòðàíñ-
ïîðòèðóåìûõäàííûõ.Äëÿîáåñïå÷åíèÿêîíôèäåíöèàëüíîñòèèñïîëüçóþòñÿñèììåòè÷íûå
àëãîðèòìûøèôðîâàíèÿ,àäëÿêîíòðîëÿöåëîñòíîñòèàëãîðèòìûèìèòîçàùèòû.Äëÿ
êàæäîãîñîåäèíåíèÿñòîðîíûâûðàáàòûâàþòóíèêàëüíûåîáùèåêëþ÷èøèôðîâàíèÿè
èìèòîçàùèòû.Êëþ÷èñòðîÿòñÿïîñåêðåòíûìäàííûì,ñîãëàñîâàííûìñïîìîùüþäðóãèõ
ïðîòîêîëîâ(êàêïðàâèëî,Handshake).ÏðîòîêîëRecordìîæåòâûïîëíÿòüñÿáåçøèôðîâà-
4
ÑÒÁ34.101.65-2014
íèÿèèìèòîçàùèòû.Îäíàêîðåæèìû,îáåñïå÷èâàþùèåèêîíôèäåíöèàëüíîñòü,èêîíòðîëü
öåëîñòíîñòè,ÿâëÿþòñÿîñíîâíûìè.
ÏðîòîêîëHandshakeïîçâîëÿåòêëèåíòóèñåðâåðóàóòåíòèôèöèðîâàòüäðóãäðóãà,à
òàêæåñîãëàñîâàòüêðèïòîãðàôè÷åñêèåàëãîðèòìûèîáùèåêëþ÷èäîòîãî,êàêïðèêëàä-
íîéïðîòîêîëíà÷íåòïðèåìèëèïåðåäà÷óäàííûõ.Àóòåíòèôèêàöèÿñòîðîí,êàêïðàâèëî,
ïðîèçâîäèòñÿñïîìîùüþàñèììåòðè÷íûõàëãîðèòìîâ(àëãîðèòìîâñîòêðûòûìêëþ÷îì).
Àóòåíòèôèêàöèÿìîæåòáûòüíåîáÿçàòåëüíîé,íî,êàêïðàâèëî,õîòÿáûîäíàñòîðîíàïðî-
âåðÿåòïîäëèííîñòüäðóãîé.Îáùèåêëþ÷èñîãëàñóþòñÿòàê,÷òîáûèõíåìîãîïðåäåëèòü
çëîóìûøëåííèê,êîòîðûéïåðåõâàòûâàåòâñåñîîáùåíèÿïðîòîêîëà.Áîëååòîãî,âðåæè-
ìàõñàóòåíòèôèêàöèåéîáùèåêëþ÷èíåäîñòóïíûçëîóìûøëåííèêó,äàæååñëèîíâûäàåò
ñåáÿçàîäíóèçñòîðîíïðîòîêîëà.ÏðîòîêîëHandshakeñòðîèòñÿòàê,÷òîâñÿêîåèçìåíåíèå
ïåðåñûëàåìûõìåæäóñòîðîíàìèäàííûõáóäåòâûÿâëåíîýòèìèñòîðîíàìè.
ÏðîòîêîëChangeCipherSpecñîîáùàåòîñìåíåïàðàìåòðîâçàùèòûíàíîâûå,ñîãëà-
ñîâàííûåïðèâûïîëíåíèèïðîòîêîëàHandshake.
ÏðîòîêîëAlertèçâåùàåòîçàêðûòèèñîåäèíåíèéèîáîøèáêàõ,ïðîèçîøåäøèõïðè
âûïîëíåíèèTLS.
6Êðèïòîíàáîðûèìåòîäûàóòåíòèôèêàöèè
6.1Êðèïòîíàáîðû
Êðèïòîíàáîðîïðåäåëÿåò:

àëãîðèòìûøèôðîâàíèÿ(çàøèôðîâàíèÿèðàñøèôðîâàíèÿ),êîòîðûåèñïîëüçóþòñÿ
äëÿîáåñïå÷åíèÿêîíôèäåíöèàëüíîñòèäàííûõ,ïåðåäàâàåìûõìåæäóêëèåíòîìèñåðâåðîì;

àëãîðèòìèìèòîçàùèòû,êîòîðûéèñïîëüçóåòñÿäëÿêîíòðîëÿöåëîñòíîñòèäàííûõ;

àëãîðèòìãåíåðàöèèïñåâäîñëó÷àéíûõ÷èñåë,êîòîðûéèñïîëüçóåòñÿäëÿãåíåðàöèè
êëþ÷åéèñèíõðîïîñûëîêïîìàñòåð-êëþ÷ó,àòàêæåäëÿâåðèôèêàöèèñîîáùåíèé;

àëãîðèòìôîðìèðîâàíèÿîáùåãîêëþ÷à,êîòîðûéèñïîëüçóåòñÿäëÿñîãëàñîâàíèÿèëè
ïåðåäà÷èïðåäâàðèòåëüíîãîìàñòåð-êëþ÷àñïîñëåäóþùèìïîñòðîåíèåììàñòåð-êëþ÷à.
Âêëþ÷åííûåâêðèïòîíàáîðàëãîðèòìûøèôðîâàíèÿ,èìèòîçàùèòûèãåíåðàöèèïñåâ-
äîñëó÷àéíûõ÷èñåëâñîâîêóïíîñòèñîñòàâëÿþòêðèïòîîïðåäåëåíèå.Êàæäîìóêðèïòîíà-
áîðóíàçíà÷àåòñÿóíèêàëüíûéèäåíòèôèêàòîðòèïà
CipherSuite
:
uint8
CipherSuite[2];
Èäåíòèôèêàòîð
{0,0}
çàðåçåðâèðîâàíäëÿêðèïòîíàáîðà
TLS_NULL_WITH_NULL_NULL
:
CipherSuiteTLS_NULL_WITH_NULL_NULL={0,0};
Âýòîìêðèïòîíàáîðåâñåàëãîðèòìûÿâëÿþòñÿ¾ïóñòûìè¿(îáîçíà÷àþòñÿ
null
),ò.å.
íåâûïîëíÿþòíèêàêèõâû÷èñëåíèé.Äëÿ¾ïóñòûõ¿àëãîðèòìîâäëèíûêëþ÷åé,ñèíõðîïî-
ñûëîêèèìèòîâñòàâîêïîëàãàþòñÿðàâíûìè0.
6.2Àëãîðèòìûêðèïòîíàáîðîâ
6.2.1Àëãîðèòìûøèôðîâàíèÿ
Äëÿøèôðîâàíèÿìîãóòèñïîëüçîâàòüñÿàëãîðèòìûïîòî÷íîãîøèôðîâàíèÿ,àëãîðèò-
ìûáëî÷íîãîøèôðîâàíèÿèëèàëãîðèòìûîäíîâðåìåííîãîøèôðîâàíèÿèèìèòîçàùèòû.
Òèïàëãîðèòìàçàäàåòñÿñïîìîùüþïåðå÷èñëåíèÿ
enum
{stream,block,aead}CipherType;
5
ÑÒÁ34.101.65-2014
Ýëåìåíò
stream
ýòîãîïåðå÷èñëåíèÿóêàçûâàåòíàïîòî÷íîåøèôðîâàíèå,ýëåìåíò
block
íàáëî÷íîå,ýëåìåíò
aead
íàîäíîâðåìåííîåøèôðîâàíèåèèìèòîçàùèòó.
Ïðèïîòî÷íîìçàøèôðîâàíèèîòêðûòûéòåêñòïîáèòîâîñóììèðóåòñÿñãàììîé(äâî-
è÷íîéïîñëåäîâàòåëüíîñòüþ),ïîëó÷åííîéñïîìîùüþêëþ÷åçàâèñèìîãîãåíåðàòîðàïñåâ-
äîñëó÷àéíûõ÷èñåë.Ãàììàìîæåòâûðàáàòûâàòüñÿäëÿêàæäîãîîòäåëüíîãîôðàãìåíòà,
ïåðåäàâàåìîãîâðàìêàõñîåäèíåíèÿ,èëèäëÿâñåõôðàãìåíòîâñðàçó.Âïåðâîìñëó÷àåïðè
ãåíåðàöèèãàììûäîëæíàèñïîëüçîâàòüñÿñèíõðîïîñûëêà,óíèêàëüíàÿäëÿîáðàáàòûâàå-
ìîãîôðàãìåíòà(íàïðèìåð,íîìåðôðàãìåíòà).Âîâòîðîìñëó÷àåñîñòîÿíèåãåíåðàòîðà
ãàììûäîëæíîñîõðàíÿòüñÿïîñëåçàøèôðîâàíèÿî÷åðåäíîãîôðàãìåíòàèèñïîëüçîâàòüñÿ
ïðèçàøèôðîâàíèèñëåäóþùåãî.
Ïðèáëî÷íîìçàøèôðîâàíèèêàæäûéáëîêîòêðûòîãîòåêñòàïðåîáðàçóåòñÿâáëîê
øèôðòåêñòà.Øèôðîâàíèåâûïîëíÿåòñÿâðåæèìåñöåïëåíèÿáëîêîâ.Ïåðåäçàøèôðîâà-
íèåìîòêðûòûéòåêñòäîïîëíÿåòñÿíåçíà÷àùèìèáàéòàìè,÷òîáûïîëó÷èòüñòðîêóáàéòîâ,
äëèíàêîòîðîéêðàòíàäëèíåáëîêààëãîðèòìà.Ïðèçàøèôðîâàíèèèñïîëüçóåòñÿñèíõðî-
ïîñûëêà,êîòîðàÿïåðåäàåòñÿâìåñòåñøèôðòåêñòîì.
Àëãîðèòìûîäíîâðåìåííîãîøèôðîâàíèÿèèìèòîçàùèòûýòîàëãîðèòìóñòàíîâêè
çàùèòûèàëãîðèòìñíÿòèÿçàùèòû.Àëãîðèòìóñòàíîâêèçàùèòûáåðåòíàâõîäêëþ÷,ñèí-
õðîïîñûëêó,êðèòè÷åñêèåäàííûå,äëÿêîòîðûõáóäåòîáåñïå÷èâàòüñÿøèôðîâàíèåèèìè-
òîçàùèòà,èîòêðûòûåäàííûå,äëÿêîòîðûõáóäåòîáåñïå÷èâàòüñÿòîëüêîèìèòîçàùèòà.
Àëãîðèòìóñòàíîâêèçàùèòûâîçâðàùàåòçàøèôðîâàííûåêðèòè÷åñêèåäàííûåèèìèòîâ-
ñòàâêóîòêðûòûõèêðèòè÷åñêèõäàííûõ.Àëãîðèòìñíÿòèÿçàùèòûáåðåòíàâõîäêëþ÷,
ñèíõðîïîñûëêó,èìèòîâñòàâêó,çàøèôðîâàííûåêðèòè÷åñêèåäàííûåèîòêðûòûåäàííûå.
Àëãîðèòìñíÿòèÿçàùèòûëèáîðàñøèôðîâûâàåòêðèòè÷åñêèåäàííûå,ëèáîâîçâðàùàåò
ïðèçíàêíàðóøåíèÿöåëîñòíîñòèäàííûõ.
Äîïóñòèìûåàëãîðèòìûøèôðîâàíèÿçàäàþòñÿòèïîì
BulkCipherAlgorithm
:
enum
{null,...}BulkCipherAlgorithm;
Ýëåìåíò
null
ñîîòâåòñòâóåò¾ïóñòîìó¿àëãîðèòìóøèôðîâàíèÿ,êîòîðûéíåèçìåíÿåò
ïîñòóïàþùèåíàåãîâõîääàííûå.Àëãîðèòì
null
êëàññèôèöèðóåòñÿêàêàëãîðèòìïîòî÷-
íîãîøèôðîâàíèÿ.
6.2.2Àëãîðèòìûèìèòîçàùèòû
Äîïóñòèìûåàëãîðèòìûèìèòîçàùèòûçàäàþòñÿòèïîì
MACAlgorithm
:
enum
{null,...}MACAlgorithm;
Ýëåìåíò
null
ñîîòâåòñòâóåò¾ïóñòîìó¿àëãîðèòìóèìèòîçàùèòû,êîòîðûéíåâû÷èñ-
ëÿåòèìèòîâñòàâêó.
Åñëèâêà÷åñòâåàëãîðèòìîâøèôðîâàíèÿâûáðàíûàëãîðèòìûòèïà
aead
,òîâêà÷åñòâå
àëãîðèòìàèìèòîçàùèòûäîëæåíáûòüâûáðàí
null
.
6.2.3Àëãîðèòìûãåíåðàöèèïñåâäîñëó÷àéíûõ÷èñåë
Àëãîðèòìãåíåðàöèèïñåâäîñëó÷àéíûõ÷èñåëïðèíèìàåòíàâõîäòðèïàðàìåòðà,êî-
òîðûåîáîçíà÷àþòñÿ
ÑÒÁ34.101.65-2014
Âû÷èñëåíèå
enum
{...}PRFAlgorithm;
6.2.4Àëãîðèòìûôîðìèðîâàíèÿîáùåãîêëþ÷à
Àëãîðèòìôîðìèðîâàíèÿîáùåãîêëþ÷àÿâëÿåòñÿèíòåðàêòèâíûì.Ýòîçíà÷èò,÷òîåãî
âûïîëíÿþòñîâìåñòíîêëèåíòèñåðâåð,îáìåíèâàÿñüìåæäóñîáîéñîîáùåíèÿìè,êîòîðûå
ñîäåðæàòïðîìåæóòî÷íûåðåçóëüòàòûâû÷èñëåíèé.Ñîîáùåíèÿàëãîðèòìàýòîñîîáùå-
íèÿïðîòîêîëàHandshake,îïèñàííûåâ8.3.Ïîçàâåðøåíèèàëãîðèòìàñòîðîíûôîðìèðó-
þòïðåäâàðèòåëüíûéìàñòåð-êëþ÷,èçâåñòíûéòîëüêîèì.Ïîýòîìóêëþ÷óèñëó÷àéíûì
äàííûì,âûðàáàòûâàåìûìêàæäîéèçñòîðîí,ñòðîèòñÿîêîí÷àòåëüíûéìàñòåð-êëþ÷.
Âêðèïòîíàáîðå,âîîáùåãîâîðÿ,ìîæíîîïðåäåëèòüëþáîéàëãîðèòìôîðìèðîâàíèÿ
îáùåãîêëþ÷à.Òåìíåìåíååâîñíîâíîéñïåöèôèêàöèè[3]èååðàñøèðåíèè[4]îïèñàíû
ñåìüòèïîâòàêèõàëãîðèòìîâ,êîòîðûåïîêðûâàþòáîëüøèíñòâîñóùåñòâóþùèõíàñåãî-
äíÿøíèéäåíüðåøåíèé.Äëÿîïèñàíèÿýòèõòèïîâèñïîëüçóþòñÿîáîçíà÷åíèÿ,áëèçêèåê
îáîçíà÷åíèÿìÑÒÁ34.101.45:
G
ýëåìåíòàääèòèâíîé(àëãåáðàè÷åñêîé)ãðóïïû,êîòîðûé
ïîðîæäàåòöèêëè÷åñêóþãðóïïó
h
G
i
ïîðÿäêà
q
;
d
S
;d
C
2f
1
;
2
;:::;q

1
g
ëè÷íûåêëþ÷è
ñåðâåðàèêëèåíòàñîîòâåòñòâåííî;
Q
S
=
d
S
G
,
Q
C
=
d
C
G
îòêðûòûåêëþ÷èñòîðîí.
DH_anon
(ïðîòîêîëÄèôôèÕåëëìàíàáåçàóòåíòèôèêàöèèñòîðîí).Ñåðâåðâñî-
îáùåíèè
ServerKeyExchange
ïåðåcûëàåòêëèåíòóîïèñàíèåãðóïïû
h
G
i
èñâîéîòêðûòûé
êëþ÷
Q
S
.Êëèåíòâñîîáùåíèè
ClientKeyExchange
ïåðåñûëàåòñåðâåðóñâîéîòêðûòûé
êëþ÷
Q
C
.Ñòîðîíûâû÷èñëÿþòîáùèéêëþ÷
d
S
d
C
G
=
d
S
Q
C
=
d
C
Q
S
,ïîêîòîðîìóñòðîèò-
ñÿïðåäâàðèòåëüíûéìàñòåð-êëþ÷.Ñåðòèôèêàòûíåèñïîëüçóþòñÿ.
DH_xed
(ïðîòîêîëÄèôôèÕåëëìàíàcîñòàòè÷åñêèìêëþ÷îì).Ñåðâåðâñîîáùå-
íèè
Certificate
ïåðåäàåòñâîéñåðòèôèêàò,êîòîðûéñîäåðæèòîïèñàíèå
h
G
i
èîòêðûòûé
êëþ÷
Q
S
.Ñîîáùåíèå
ServerKeyExchange
íåïåðåäàåòñÿ.Êëèåíòâñîîáùåíèè
Certificate
(ïîçàïðîñóñåðâåðà)ïåðåäàåòâñâîåìñåðòèôèêàòåñòàòè÷åñêèé(íåèçìåíÿåìûé)îòêðû-
òûéêëþ÷
Q
C
.Åñëèçàïðîñàîòñåðâåðàíåò,òîêëèåíòïåðåäàåòýôåìåðíûé(îäíîðàçîâûé)
îòêðûòûéêëþ÷
Q
C
âñîîáùåíèè
ClientKeyExchange
.Ñòîðîíûâû÷èñëÿþòîáùèéêëþ÷
d
S
d
C
G
,ïîêîòîðîìóîïðåäåëÿåòñÿïðåäâàðèòåëüíûéìàñòåð-êëþ÷.
DHE
(ïðîòîêîëÄèôôèÕåëëìàíàcýôåìåðíûìèêëþ÷àìè).Ñåðâåðâñîîáùåíèè
Certificate
ïåðåäàåòêëèåíòóñåðòèôèêàò,îòêðûòûéêëþ÷êîòîðîãîìîæíîèñïîëüçî-
7
ÑÒÁ34.101.65-2014
âàòüäëÿïðîâåðêèÝÖÏ.Çàòåìñåðâåðâñîîáùåíèè
ServerKeyExchange
ïåðåäàåòîïèñà-
íèåãðóïïû
h
G
i
,ñâîéýôåìåðíûéîòêðûòûéêëþ÷
Q
S
èïîäïèñûâàåòýòèäàííûå,àòàêæå
ñëó÷àéíûåäàííûåîáåèõñòîðîí,íàëè÷íîìêëþ÷å,êîòîðûéñîîòâåòñòâóåòïåðåäàííîìó
ñåðòèôèêàòó.ÊëèåíòïðîâåðÿåòÝÖÏèâñîîáùåíèè
ClientKeyExchange
ïåðåäàåòñâîéîò-
êðûòûéêëþ÷
Q
C
.Ñòîðîíûâû÷èñëÿþòîáùèéêëþ÷
d
S
d
C
G
=
d
S
Q
C
=
d
C
Q
S
,ïîêîòîðîìó
ñòðîèòñÿïðåäâàðèòåëüíûéìàñòåð-êëþ÷.
T
(òðàíñïîðò).Ñåðâåðâñîîáùåíèè
Certificate
ïåðåäàåòñâîéñåðòèôèêàò,îòêðûòûé
êëþ÷êîòîðîãîìîæíîèñïîëüçîâàòüäëÿøèôðîâàíèÿ.Êëèåíòâûïîëíÿåòíàýòîìêëþ÷å
çàøèôðîâàíèåïðåäâàðèòåëüíîãîìàñòåð-êëþ÷àèïåðåäàåòçàøèôðîâàííûéêëþ÷âñîîá-
ùåíèè
ClientKeyExchange
.Ñåðâåðâûïîëíÿåòðàñøèôðîâàíèåíàñâîåìëè÷íîìêëþ÷å.
Ñîîáùåíèå
ServerKeyExchange
íåïåðåäàåòñÿ.
PSK
(íàîñíîâåïðåäâàðèòåëüíîãîðàñïðåäåëåíèÿñåêðåòîâ,îòàíãëèéñêîãîpre-shared
key).Êëèåíòèñåðâåðïðåäâàðèòåëüíîðàñïðåäåëÿþòìåæäóñîáîéíàáîðîáùèõñåêðåòîâ.
Êëèåíòâûáèðàåòñåêðåòèçíàáîðàèâñîîáùåíèè
ClientKeyExchange
ïåðåäàåòèäåíòèôè-
êàòîðâûáðàííîãîñåêðåòà.Äëÿïîìîùèïðèâûáîðåñåêðåòàñåðâåðâ
ServerKeyExchange
ìîæåòïåðåäàòüïîäñêàçêó(íàïðèìåð,íîìåðñåêðåòà).Åñëèïîäñêàçêàíåíóæíà,òîñî-
îáùåíèå
ServerKeyExchange
íåïåðåäàåòñÿ.Ïðåäâàðèòåëüíûéìàñòåð-êëþ÷ñòðîèòñÿïî
âûáðàííîìóñåêðåòó.Ñåðòèôèêàòûíåèñïîëüçóþòñÿ.
DHE_PSK
(ñîâìåùåíèåPSKèDHE).Ñåðâåðâñîîáùåíèè
ServerKeyExchange
ïåðå-
äàåòîïèñàíèåãðóïïû
h
G
i
èñâîéýôåìåðíûéîòêðûòûéêëþ÷
Q
S
.Äîïîëíèòåëüíîñåðâåð
ìîæåòïåðåäàòüâ
ServerKeyExchange
PSK-ïîäñêàçêó.Êëèåíòâ
ClientKeyExchange
ïå-
ðåäàåòñâîéýôåìåðíûéîòêðûòûéêëþ÷
Q
èèäåíòèôèêàòîðâûáðàííîãîPSK-ñåêðåòà.
Ñòîðîíûîïðåäåëÿþòîáùèéêëþ÷ÄèôôèÕåëëìàíà
d
S
d
C
G
=
d
S
Q
C
=
d
C
Q
S
èîáùèé
PSK-ñåêðåò.Ïðåäâàðèòåëüíûéìàñòåð-êëþ÷ÿâëÿåòñÿðåçóëüòàòîìêîíêàòåíàöèèýòèõîá-
ùèõñåêðåòíûõäàííûõ.Ñåðòèôèêàòûíåèñïîëüçóþòñÿ.
T_PSK
(ñîâìåùåíèåPSKèòðàíñïîðòà).Äîïîëíèòåëüíîêñîîáùåíèÿììåõàíèçìà
PSK,ñåðâåðâñîîáùåíèè
Certificate
ïîñûëàåòêëèåíòóñâîéñåðòèôèêàò,îòêðûòûéêëþ÷
êîòîðîãîìîæíîèñïîëüçîâàòüäëÿøèôðîâàíèÿ.Êëèåíòâûïîëíÿåòíàýòîìêëþ÷åçàøèô-
ðîâàíèåïðåäâàðèòåëüíîãîìàñòåð-êëþ÷àèïåðåäàåòçàøèôðîâàííûéêëþ÷âñîîáùåíèè
ClientKeyExchange
âìåñòåñèäåíòèôèêàòîðîìâûáðàííîãîPSK-ñåêðåòà.Ñåðâåðâûïîë-
íÿåòðàñøèôðîâàíèåíàñâîåìëè÷íîìêëþ÷åèîáúåäèíÿåòïîëó÷åííûéïðåäâàðèòåëüíûé
ìàñòåð-êëþ÷ñîáùèìPSK-ñåêðåòîì.
Ïðèìå÷àíèå1Îïèñàíèåãðóïïû
h
G
i
ìîæåòçàäàâàòüñÿÿâíîèëèêîñâåííî.ßâíîåîïè-
ñàíèåçàäàåòñÿíàáîðîìïàðàìåòðîâ,îïèñûâàþùèõñòðóêòóðóãðóïïû,ååïîðÿäîê,ïðàâèëà
ïðåäñòàâëåíèÿýëåìåíòîâèäð.ÊëèåíòÄÎËÆÅÍïðîâåðÿòüêîððåêòíîñòüïðèñëàííîãîåìó
ÿâíîãîîïèñàíèÿãðóïïû
h
G
i
.Êîñâåííîåîïèñàíèåçàäàåòñÿññûëêîéíàôèêñèðîâàííûåïàðà-
ìåòðû,èçâåñòíûåêëèåíòóèñåðâåðó,íàïðèìåð,íàïàðàìåòðûèçÒÍÏÀèëèèçñåðòèôèêàòà
ñåðâåðà.
Ïðèìå÷àíèå2ÂàëãîðèòìàõòèïàDH_anoníåèñïîëüçóþòñÿíèñåðòèôèêàòû,íèîáùèå
ñåêðåòíûåäàííûåè,òàêèìîáðàçîì,íåïðîâåðÿåòñÿïîäëèííîñòüñòîðîí.Ïîýòîìóàëãîðèòìû
òèïàDH_anoníåîáåñïå÷èâàþòçàùèòóîòàòàê¾ïðîòèâíèêïîñåðåäèíå¿,èèõðåêîìåíäóåòñÿ
èñïîëüçîâàòüòîëüêîâñïåöèàëüíûõñëó÷àÿõ.
Ïðèìå÷àíèå3ÂàëãîðèòìàõòèïàDH_xed,Tïðèêîìïðîìåòàöèèëè÷íîãîêëþ÷àñåðâå-
ðàâñåñîîáùåíèÿïðåäûäóùèõñîåäèíåíèéTLSìîãóòáûòüðàñêðûòû.Äàííûåàëãîðèòìû
8
ÑÒÁ34.101.65-2014
íåîáåñïå÷èâàþòçàùèòóîòàòàêïî¾÷òåíèþíàçàä¿èèõðåêîìåíäóåòñÿèñïîëüçîâàòüòîëü-
êîâñïåöèàëüíûõñëó÷àÿõ.Çàùèòóîò¾÷òåíèÿíàçàä¿íåîáåñïå÷èâàþòòàêæåàëãîðèòìû
òèïàPSK(ïðèêîìïðîìåòàöèèPSK-ñåêðåòà)èT_PSK(ïðèêîìïðîìåòàöèèPSK-ñåêðåòàè
ëè÷íîãîêëþ÷àñåðâåðà).
Ïðèìå÷àíèå4ÀëãîðèòìûòèïàPSKíåîáåñïå÷èâàþòçàùèòóîòñëîâàðíûõàòàêïîïîä-
áîðóPSK-ñåêðåòàñîñòîðîíûçëîóìûøëåííèêà,êîòîðûéïåðåõâàòûâàåòâñåñîîáùåíèÿïðî-
òîêîëà.ÀëãîðèòìûòèïàDHE_PSK,Ò_PSKçàùèùàþòîòòàêèõàòàê,íîíåîáåñïå÷èâàþò
çàùèòóîòñëîâàðíûõàòàêçëîóìûøëåííèêà,êîòîðûéâûäàåòñåáÿçàñåðâåð(DHE_PSK)
èëèÿâëÿåòñÿòàêîâûì(T_PSK)èïûòàåòñÿóçíàòüPSK-ñåêðåòóêëèåíòà.
Ïðèìå÷àíèå5Åñëèêëèåíò
C
âçàèìîäåéñòâóåòññåðâåðîì
A
,êîíòðîëèðóåìûìçëîóìûø-
ëåííèêîì,èèñïîëüçóåòàëãîðèòìôîðìèðîâàíèÿîáùåãîêëþ÷àòèïàT,òîçëîóìûøëåííèê
ìîæåòïðîâåñòèàòàêó,îïèñàííóþâ[6].Çëîóìûøëåííèêìîæåòîðãàíèçîâàòüçàùèùåííîåñî-
åäèíåíèåìåæäó
C
èäðóãèìñåðâåðîì
S
,ïðèêîòîðîìè
S
áóäóòñ÷èòàòü,÷òîâçàèìîäåéñòâó-
þòñ
A
èíåñìîãóòîáíàðóæèòü,÷òîâçàèìîäåéñòâóþòìåæäóñîáîé.ÑËÅÄÓÅÒó÷èòûâàòü
âîçìîæíîñòüäàííîéàòàêèïðèèñïîëüçîâàíèèàëãîðèòìîâòèïàT.
6.3Ìåòîäûàóòåíòèôèêàöèè
6.3.1Àóòåíòèôèêàöèÿñåðâåðà
Àóòåíòèôèêàöèÿñåðâåðàîñíîâàíà,êàêïðàâèëî,íàïðîâåðêåñåðòèôèêàòàîòêðû-
òîãîêëþ÷àñåðâåðàèíàïðîâåðêåâëàäåíèÿñåðâåðîìñîîòâåòñòâóþùèìëè÷íûìêëþ-
÷îì.ÓñïåøíîåçàâåðøåíèåïðîòîêîëàHandshakeîçíà÷àåò,÷òîàóòåíòèôèêàöèÿçàâåðøå-
íàóñïåøíî:ñåðòèôèêàòñåðâåðàäåéñòâèòåëåíèñåðâåðäåéñòâèòåëüíîâëàäååòëè÷íûì
êëþ÷îì.Âàëãîðèòìàõôîðìèðîâàíèÿîáùåãîêëþ÷àíàîñíîâåïðåäâàðèòåëüíîðàñïðå-
äåëåííûõñåêðåòîâïðîâîäèòñÿíåÿâíàÿàóòåíòèôèêàöèÿñåðâåðà,îñíîâàííàÿíàïðîâåðêå
âëàäåíèÿPSK-ñåêðåòîì.ÓñïåøíîåçàâåðøåíèåïðîòîêîëàHandshakeîçíà÷àåò,÷òîñåðâåð
äåéñòâèòåëüíîâëàäååòýòèìñåêðåòîì.Åñëèñåêðåòðàñïðåäåëÿëñÿïîçàùèùåííûìêàíà-
ëàìòîëüêîêëèåíòóèñåðâåðó,òîâëàäåíèåñåêðåòîìäîêàçûâàåòêëèåíòóïîäëèííîñòü
ñåðâåðà.
6.3.2Àóòåíòèôèêàöèÿêëèåíòà
Äëÿàóòåíòèôèêàöèèêëèåíòàñåðâåð,êàêïðàâèëî,çàïðàøèâàåòåãîñåðòèôèêàòâ
ñîîáùåíèè
CertificateRequest
.Ñåðòèôèêàòäîëæåíñîäåðæàòüîòêðûòûéêëþ÷îïðå-
äåëåííîãîàëãîðèòìàÝÖÏ.Ñåðâåðóêàçûâàåòâ
CertificateRequest
ñïèñîêïîäõîäÿùèõ
òèïîâîòêðûòûõêëþ÷åé.Äàííûåòèïûçàäàþòñÿîäíèìáàéòîìèíàçûâàþòñÿìåòîäàìè
àóòåíòèôèêàöèèêëèåíòà.Äîïóñòèìûåìåòîäûàóòåíòèôèêàöèèêëèåíòàçàäàþòñÿòèïîì
enum
{...,(255)}ClientCertificateType;
Âîòâåòíàçàïðîññåðâåðàêëèåíòïðåäñòàâëÿåòñåðòèôèêàòîäíîãîèççàïðàøèâàåìûõ
òèïîâèïîäïèñûâàåòíàëè÷íîìêëþ÷å,ñîîòâåòñòâóþùåìîòêðûòîìóêëþ÷óñåðòèôèêàòà,
îïðåäåëåííûåäàííûå.Ïðèýòîìèñïîëüçóåòñÿïàðà¾àëãîðèòìõýøèðîâàíèÿ,àëãîðèòìû
ÝÖÏ¿.Äàííàÿïàðàèñïîëüçóåòñÿòàêæåâíåêîòîðûõàëãîðèòìàõôîðìèðîâàíèÿîáùåãî
êëþ÷à.Âàëãîðèòìàõôîðìèðîâàíèÿîáùåãîêëþ÷àíàîñíîâåïðåäâàðèòåëüíîðàñïðåäå-
ëåííûõñåêðåòîâïðîâîäèòñÿíåÿâíàÿàóòåíòèôèêàöèÿêëèåíòà.Ïðèñîáëþäåíèèìåðçà-
9
ÑÒÁ34.101.65-2014
ùèòûPSK-ñåêðåòàóñïåøíîåçàâåðøåíèåHandshakeîçíà÷àåò,÷òîêëèåíòäåéñòâèòåëüíî
çíàåòýòîòñåêðåò,ò.å.ÿâëÿåòñÿïîäëèííûì.
6.3.3Àëãîðèòìûõýøèðîâàíèÿèýëåêòðîííîéöèôðîâîéïîäïèñè
Ïàðà¾àëãîðèòìõýøèðîâàíèÿ,àëãîðèòìûÝÖÏ¿çàäàåòñÿñëåäóþùèìòèïîì:
struct
{
HashAlgorithmhash;
SignatureAlgorithmsignature;
}SignatureAndHashAlgorithm;
Ïîëå
hash
îïðåäåëÿåòàëãîðèòìõýøèðîâàíèÿèîïèñûâàåòñÿñëåäóþùèìòèïîì:
enum
{none(0),...,(255)}HashAlgorithm;
Ýëåìåíò
none
îçíà÷àåò,÷òîàëãîðèòìûÝÖÏíåòðåáóþòõýøèðîâàíèÿäàííûõïåðåä
âûðàáîòêîéèëèïðîâåðêîéïîäïèñè.
Ïîëå
signature
îïðåäåëÿåòàëãîðèòìûÝÖÏèîïèñûâàåòñÿñëåäóþùèìòèïîì:
enum
{anonymous(0),...,(255)}SignatureAlgorithm;
Ýëåìåíò
anonymous
îçíà÷àåò,÷òîïîäïèñüíåâûðàáàòûâàåòñÿ.
7ÏðîòîêîëRecord
7.1Îáùèåñâåäåíèÿ
ÏðîòîêîëRecordïîëó÷àåòäàííûåäëÿïåðåäà÷è,ðàçáèâàåòèõíàôðàãìåíòû,ïðè
íåîáõîäèìîñòèñæèìàåò,âû÷èñëÿåòèìèòîâñòàâêó,çàøèôðîâûâàåòèïåðåäàåòïîëó÷åí-
íûéðåçóëüòàò.Ïîñëåïîëó÷åíèÿäàííûåðàñøèôðîâûâàþòñÿ,ïðîâåðÿåòñÿèõöåëîñòíîñòü,
ïðèíåîáõîäèìîñòèäàííûåïðåîáðàçóþòñÿèçñæàòîéôîðìûâèñõîäíóþ,îáúåäèíÿþòñÿè
äîñòàâëÿþòñÿïðîòîêîëàìâåðõíèõóðîâíåé.
ÏðîòîêîëRecordèñïîëüçóåòñÿïðîòîêîëàìèHandshake,ChangeCipherSpecèAlert,
êîòîðûåîïèñûâàþòñÿâñëåäóþùèõðàçäåëàõ,àòàêæåïðèêëàäíûìèïðîòîêîëàìè.Êàæ-
äûéôðàãìåíòäàííûõïðèïåðåäà÷åïðîòîêîëîìRecordäîïîëíÿåòñÿïîëÿìè,êîòîðûå
óêàçûâàþòíàòèïñîäåðæèìîãîèäëèíóôðàãìåíòà.
Òèïñîäåðæèìîãîÿâëÿåòñÿýëåìåíòîìïåðå÷èñëåíèÿ
enum
{
change_cipher_spec(20),alert(21),handshake(22),
application_data(23),(255)
}ContentType;
Çíà÷åíèÿ
change_cipher_spec
,
alert
,
handshake
è
application_data
óêàçûâàþòíà
òî,÷òîäàííûåîòïðàâëåíûïðîòîêîëàìèChangeCipherSpec,Alert,Handshakeèïðèêëàä-
íûìïðîòîêîëîìñîîòâåòñòâåííî.
Ïåðå÷èñëåíèå
ContentType
ìîæåòáûòüðàñøèðåíîâáóäóùåì.Íîïîêàðåàëèçàöèè
TLSÍÅÄÎËÆÍÛïîñûëàòüäàííûå,òèïûñîäåðæèìîãîêîòîðûõîòëè÷íûîòîïðåäå-
ëåííûõâûøå.ÅñëèñòîðîíàTLSïîëó÷àåòñîîáùåíèåññîäåðæèìûìíåîïðåäåëåííîãîòè-
ïà,òîîíàÄÎËÆÍÀâûñëàòüêðèòè÷åñêîåñèãíàëüíîåñîîáùåíèå
unexpected_message
(ñì.10.3).
10
ÑÒÁ34.101.65-2014
Ëþáîéïðîòîêîë,ïðåäíàçíà÷åííûéäëÿèñïîëüçîâàíèÿïîâåðõTLS,äîëæåíáûòüòùà-
òåëüíîïðîäóìàííàïðåäìåòçàùèòûîòâîçìîæíûõàòàê.Ýòîçíà÷èò,÷òîðàçðàáîò÷èê
ïðîòîêîëàâåðõíåãîóðîâíÿäîëæåíáûòüîñâåäîìëåíîòîì,êàêèåìåõàíèçìûáåçîïàñíî-
ñòèïîääåðæèâàåòïðîòîêîëTLS,àêàêèåíåò,èíåïîëàãàòüñÿíàïîñëåäíèå.Â÷àñòíîñòè,
ðàçðàáîò÷èêäîëæåíó÷èòûâàòü,÷òîâTLSòèïñîäåðæèìîãîèäëèíàôðàãìåíòàíåçàùè-
ùàþòñÿøèôðîâàíèåì.Ïîýòîìó,åñëèýòèäàííûåÿâëÿþòñÿêðèòè÷åñêèìè,ðàçðàáîò÷èêó
ñëåäóåòïðèíÿòüìåðûäëÿìèíèìèçàöèèóòå÷êèèíôîðìàöèèïðèïåðåäà÷å(íàïðèìåð,
ñëåäóåòäîïîëíÿòüôðàãìåíòûíåèñïîëüçóåìûìèáàéòàìèèëèìàñêèðîâàòüòðàôèê).
7.2Ñîñòîÿíèÿñîåäèíåíèÿ
Ëîãè÷åñêèñîåäèíåíèåTLSîïèñûâàåòñÿ÷åòûðüìÿñîñòîÿíèÿìè:èìåþòñÿòåêóùèå
(àêòèâíûå)ñîñòîÿíèÿ÷òåíèÿèçàïèñè,àòàêæåîæèäàåìûåñîñòîÿíèÿ÷òåíèÿèçàïèñè.
Ñîñòîÿíèåýòîñòðóêòóðàäàííûõ,êîòîðàÿîïðåäåëÿåòèñïîëüçóåìûåàëãîðèòìûñæà-
òèÿ,øèôðîâàíèÿèèìèòîçàùèòû,àòàêæåñîñòîÿíèÿèïàðàìåòðûýòèõàëãîðèòìîâ.Â
òîì÷èñëåñîñòîÿíèåîïðåäåëÿåòêëþ÷èøèôðîâàíèÿèèìèòîçàùèòû,êîòîðûåèñïîëüçó-
þòñÿèëèáóäóòèñïîëüçîâàòüñÿäëÿçàùèòûñîåäèíåíèÿâîäíîìèçíàïðàâëåíèé¾÷òåíèÿ
èëèçàïèñè¿.
ÏðîòîêîëRecordîáðàáàòûâàåòîòïðàâëÿåìûåäàííûåñèñïîëüçîâàíèåìòåêóùåãî
ñîñòîÿíèÿçàïèñè,àïðèíèìàåìûåñèñïîëüçîâàíèåìòåêóùåãîñîñòîÿíèÿ÷òåíèÿ.Íà-
÷àëüíûåòåêóùèåñîñòîÿíèÿóñòàíàâëèâàþòñÿïóñòûìè.Âýòèõñîñòîÿíèÿõøèôðîâàíèå,
ñæàòèåèèìèòîçàùèòàíåèñïîëüçóþòñÿ.Ïóñòîåñîñòîÿíèåñîîòâåòñòâóåòêðèïòîíàáîðó
TLS_NULL_WITH_NULL_NULL
.
Ñîñòîÿíèÿ÷òåíèÿèçàïèñèðàçäåëÿþòîáùèåïàðàìåòðûçàùèòû.Ïàðàìåòðûçàùè-
òûäëÿîæèäàåìûõñîñòîÿíèéóñòàíàâëèâàþòñÿïðîòîêîëîìHandshake.ÏðîòîêîëChange
CipherSpecìîæåòïåðåâîäèòüîæèäàåìîåñîñòîÿíèåâòåêóùååñïåðåíîñîìïàðàìåòðîâ
çàùèòû,ïðèýòîìðàíååóñòàíîâëåííîåòåêóùååñîñòîÿíèåçàìåíÿåòñÿîæèäàåìûì,àîæè-
äàåìîåñîñòîÿíèåñáðàñûâàåòñÿâïóñòîå.Åñëèäëÿñîñòîÿíèÿíåóñòàíîâëåíûïàðàìåòðû
çàùèòû,òîåãîíåëüçÿñäåëàòüòåêóùèì.
Ïàðàìåòðûçàùèòûîïèñûâàþòñÿñëåäóþùåéñòðóêòóðîé:
struct
{
ConnectionEndentity;
PRFAlgorithmprf_algorithm;
BulkCipherAlgorithmbulk_cipher_algorithm;
CipherTypecipher_type;
uint8
enc_key_length;
uint8
block_length;
uint8
fixed_iv_length;
uint8
record_iv_length;
MACAlgorithmmac_algorithm;
uint8
mac_length;
uint8
mac_key_length;
CompressionMethodcompression_algorithm;
opaque
master_secret[48];
opaque
client_random[32];
11
ÑÒÁ34.101.65-2014
opaque
server_random[32];
}SecurityParameters;
Ïîëÿñòðóêòóðû
enum
{server,client}ConnectionEnd;
enum
{null(0),(255)}CompressionMethod;
Ýëåìåíòû
server
è
client
ïåðå÷èñëåíèÿ
ConnectionEnd
ñîîòâåòñòâóþòñåðâåðóèêëè-
åíòó.Ýëåìåíò
null
ÑÒÁ34.101.65-2014
Ïîñëåòîãî,êàêïàðàìåòðûçàùèòûñîãëàñîâàíû,íåîáõîäèìûåêëþ÷èèñèíõðîïîñûë-
êèïîñòðîåíû,îæèäàåìûåñîñòîÿíèÿñîåäèíåíèÿìîãóòáûòüïåðåâåäåíûâòåêóùèå.Ñìåíà
ñîñòîÿíèéÄÎËÆÍÀáûòüó÷òåíàïðèîáðàáîòêåâñåõñëåäóþùèõôðàãìåíòîâäàííûõ.
Êàæäîåñîñòîÿíèåñîåäèíåíèÿâêëþ÷àåòñëåäóþùèåýëåìåíòû:

ñîñòîÿíèåàëãîðèòìàñæàòèÿ;

ñîñòîÿíèåàëãîðèòìàøèôðîâàíèÿ,âòîì÷èñëåêëþ÷øèôðîâàíèÿäëÿäàííîãîñîåäè-
íåíèÿ.Äëÿàëãîðèòìàïîòî÷íîãîøèôðîâàíèÿâýòîìñîñòîÿíèèñîõðàíÿåòñÿâñÿèíôîð-
ìàöèÿ,íåîáõîäèìàÿäëÿïðîäîëæåíèÿøèôðîâàíèÿñëåäóþùèõôðàãìåíòîâäàííûõ;

ñîñòîÿíèåàëãîðèòìàèìèòîçàùèòû,âòîì÷èñëåêëþ÷èìèòîçàùèòû;

ïîðÿäêîâûéíîìåð
seq_num
.
Äëÿñîñòîÿíèé÷òåíèÿèçàïèñèäîëæíûïîääåðæèâàòüñÿíåçàâèñèìûåïîðÿäêîâûå
íîìåðà.ÏîðÿäêîâûéíîìåðÄÎËÆÅÍñáðàñûâàòüñÿâ0âñÿêèéðàç,êîãäàñîñòîÿíèåñî-
åäèíåíèÿñòàíîâèòñÿòåêóùèì,èóâåëè÷èâàòüñÿíàåäèíèöóïîñëåîáðàáîòêè(ïåðåäà÷èèëè
ïðèåìà)êàæäîãîôðàãìåíòàäàííûõ.Ïîðÿäêîâûéíîìåðÿâëÿåòñÿ÷èñëîìòèïà
uint64
è
íåìîæåòïðåâûøàòüçíà÷åíèÿ
2
64

1
.Ïîðÿäêîâûåíîìåðàíåäîëæíûïîâòîðÿòüñÿ.Ïî-
ýòîìóïðèäîñòèæåíèèìàêñèìàëüíîãîïîðÿäêîâîãîíîìåðàðåàëèçàöèèTLSäîëæíûïå-
ðåóñòàíàâëèâàòüñîåäèíåíèå.
7.3Âûïîëíåíèåïðîòîêîëà
7.3.1Ôðàãìåíòàöèÿ
ÏðîòîêîëRecordïðèíèìàåòíåñòðóêòóðèðîâàííûåäàííûåîòïðîòîêîëîââåðõíåãî
óðîâíÿíåïóñòûìèáëîêàìèïðîèçâîëüíîéäëèíû.Ïðîòîêîëïðåîáðàçóåòáëîêèâñòðóê-
òóðûòèïà
TLSPlaintext
,ñîäåðæàùèåôðàãìåíòûèçíåáîëåå÷åì
2
14
áàéòîâ.Ïðîòîêîë
Recordíåîáÿçàòåëüíîñîõðàíÿåòðàçìåðïîñòóïàþùèõáëîêîâ,ò.å.íåñêîëüêîáëîêîâäàí-
íûõ,ïîëó÷åííûõîòîäíîãîèòîãîæåïðîòîêîëàâåðõíåãîóðîâíÿ,ÌÎÃÓÒáûòüîáú-
åäèíåíûâîäèíôðàãìåíò,èëè,íàîáîðîò,îäèíáëîêÌÎÆÅÒáûòüðàçáèòíàíåñêîëüêî
ôðàãìåíòîâ.Òèï
TLSPlaintext
îïðåäåëÿåòñÿñëåäóþùèìîáðàçîì:
struct
{
ContentTypetype;
ProtocolVersionversion;
uint16
length;
opaque
fragment[TLSPlaintext.length];
}TLSPlaintext;
Ïîëÿñòðóêòóðû
TLSPlaintext
èìåþòñëåäóþùååçíà÷åíèå:

type
òèïñîäåðæèìîãîïåðåäàâàåìûõäàííûõ(ñì.7.1);

version
èñïîëüçóåìàÿâåðñèÿTLS;

length
äëèíàâáàéòàõïîëÿ
TLSPlaintext.fragment
.ÄëèíàÍÅÄÎËÆÍÀáûòü
áîëüøå
2
14
;

fragment
ôðàãìåíòäàííûõîòïðîòîêîëàâåðõíåãîóðîâíÿ,çàäàííîãîïîëåì
TLSPlaintext.type
.
Òèï
ProtocolVersion
îïðåäåëÿåòñÿñëåäóþùèìîáðàçîì:
struct
{
uint8
major;
uint8
minor;
13
ÑÒÁ34.101.65-2014
}ProtocolVersion;
Ïîëÿ
major
è
minor
çàäàþòñòàðøóþèìëàäøóþ÷àñòèíîìåðàâåðñèèïðîòîêîëà.Íà-
ñòîÿùèéñòàíäàðòîïðåäåëÿåòïðîòîêîëTLSâåðñèè1.2,êîòîðîìóñîîòâåòñòâóåòçíà÷åíèå
{3,3}
.
ÐåàëèçàöèèTLSÍÅÄÎËÆÍÛïîñûëàòüôðàãìåíòûíóëåâîéäëèíûñòèïîìñî-
äåðæèìîãî
change_cipher_spec
,
alert
è
handshake
.Ôðàãìåíòûíóëåâîéäëèíûñòèïîì
ñîäåðæèìîãî
application_data
ÌÎÃÓÒâûñûëàòüñÿ,íàïðèìåð,äëÿàíàëèçàïîìåõâêà-
íàëåñâÿçè.
Ôðàãìåíòûñðàçëè÷íûìèòèïàìèñîäåðæèìîãîÌÎÃÓÒ÷åðåäîâàòüñÿ.Ôðàãìåíòû
ïðèêëàäíûõïðîòîêîëîâ,êàêïðàâèëî,èìåþòáîëååíèçêèéïðèîðèòåòäëÿïåðåäà÷èïî
ñðàâíåíèþñôðàãìåíòàìèäðóãèõòèïîâ.ÒåìíåìåíååôðàãìåíòûÄÎËÆÍÛäîñòàâëÿòü-
ñÿíàñåòåâîéóðîâåíüâòîìæåïîðÿäêå,âêàêîìêíèìïðèìåíÿëàñüçàùèòàïðîòîêîëîì
Record.Åñëèñòîðîíàïîëó÷àåòôðàãìåíòïðèêëàäíîãîïðîòîêîëàâîâðåìÿâûïîëíåíèÿ
Handshake,òîýòîòôðàãìåíòÄÎËÆÅÍîáðàáàòûâàòüñÿñèñïîëüçîâàíèåìïàðàìåòðîâ
çàùèòû,óñòàíîâëåííûõïîçàâåðøåíèèïðåäûäóùåãîñåàíñàHandshake.
7.3.2Ñæàòèåèâîññòàíîâëåíèåñæàòûõäàííûõ
Âñåôðàãìåíòûñæèìàþòñÿñïîìîùüþàëãîðèòìàñæàòèÿ,îïðåäåëåííîãîâòåêóùåì
ñîñòîÿíèèñåàíñà.Âñåãäàñóùåñòâóåòàêòèâíûéàëãîðèòìñæàòèÿ.Ïåðâîíà÷àëüíîîíîïðå-
äåëÿåòñÿêàê¾ïóñòîé¿èçàäàåòñÿèäåíòèôèêàòîðîì
struct
{
ContentTypetype;
ProtocolVersionversion;
uint16
length;
opaque
fragment[TLSCompressed.length];
}TLSCompressed;
Ïîëÿñòðóêòóðû
TLSCompressed
èìåþòñëåäóþùååçíà÷åíèå:

type
ïîëå,àíàëîãè÷íîå
TLSPlaintext.type
;

version
ïîëå,àíàëîãè÷íîå
TLSPlaintext.version
;

length
äëèíàâáàéòàõïîëÿ
TLSCompressed.fragment
.ÄëèíàÍÅÄÎËÆÍÀáûòü
áîëüøå,÷åì
2
14
+1024
;

fragment
cæàòîåïîëå
TLSPlaintext.fragment
.
Ñîñòîÿíèåàëãîðèòìàñæàòèÿèíèöèàëèçèðóþòñÿçíà÷åíèÿìèïîóìîë÷àíèþâòîòìî-
ìåíò,êîãäàñîñòîÿíèåñîåäèíåíèÿñòàíîâèòñÿàêòèâíûì.
Ñæàòèåäîëæíîâûïîëíÿòüñÿáåçïîòåðèèíôîðìàöèè.Ïðèñæàòèèäëèíàñîäåðæèìî-
ãîíåìîæåòóâåëè÷èâàòüñÿ(çàñ÷åòäîïîëíèòåëüíûõçàãîëîâêîâ,òàáëèöñæàòèÿèäð.)áî-
ëåå÷åìíà1024áàéòîâ.Åñëèîáúåìäàííûõ,âîññòàíîâëåííûõèç
TLSCompressed.fragment
,
ïðåâûñèò
2
14
áàéòîâ,òîÄÎËÆÍÎáûòüîòïðàâëåíîêðèòè÷åñêîåñèãíàëüíîåñîîáùåíèå
decompression_failure
(ñì.10.3).
ÂîññòàíîâëåíèåñæàòûõäàííûõÄÎËÆÍÎáûòüðåàëèçîâàíîòàê,÷òîáûâîññòàíîâ-
ëåíèåíåìîãëîïðèâåñòèêïåðåïîëíåíèþâíóòðåííèõáóôåðîâïàìÿòè.
Ïðèìå÷àíèå1ÍåêîòîðûåàëãîðèòìûñæàòèÿäëÿTLSïðèâîäÿòñÿâ[7].
14
ÑÒÁ34.101.65-2014
Ïðèìå÷àíèå2Èçâåñòíûàòàêèíàïðèêëàäíûåïðîòîêîëû,âêîòîðûõçëîóìûøëåííèê
çíàåòôîðìàòôðàãìåíòàîòêðûòûõäàííûõèäàæå÷àñòè÷íîóïðàâëÿåòåãîñîäåðæè-
ìûì.Çëîóìûøëåííèêèñïîëüçóåòóðîâåíüñæàòèÿ(ðàçíèöóìåæäó
TLSPlaintext.length
è
TLSCompressed.length
)äëÿîïðåäåëåíèÿíåäîñòàþùèõ÷àñòåéôðàãìåíòà.Ñëåäóåòó÷è-
òûâàòüâîçìîæíîñòüòàêèõàòàêïðèïðîåêòèðîâàíèèïàêåòîâïðèêëàäíûõïðîòîêîëîâèïëà-
íèðîâàíèèñæàòèÿâTLS.
7.3.3Çàùèòàäàííûõ
Àëãîðèòìûçàøèôðîâàíèÿèèìèòîçàùèòûïðåîáðàçóþòñòðóêòóðóòèïà
TLSCompressed
âñòðóêòóðóòèïà
TLSCiphertext
.Àëãîðèòìðàñøèôðîâàíèÿâûïîë-
íÿåòîáðàòíûéïðîöåññ.
Òèï
TLSCiphertext
îïðåäåëÿåòñÿñëåäóþùèìîáðàçîì:
struct
{
ContentTypetype;
ProtocolVersionversion;
uint16
length;
select(SecurityParameters.cipher_type){
case
stream:GenericStreamCipher;
case
block:GenericBlockCipher;
case
aead:GenericAEADCipher;
}fragment;
}TLSCiphertext;
Ïîëÿñòðóêòóðû
TLSCiphertext
èìåþòñëåäóþùååçíà÷åíèå:

type
ïîëå,àíàëîãè÷íîå
TLSCompressed.type
;

version
ïîëå,àíàëîãè÷íîå
TLSCompressed.version
;

length
äëèíàâáàéòàõïîëÿ
TLSCiphertext.fragment
.Äëèíàíåäîëæíàáûòü
áîëüøå,÷åì
2
14
+2048
;

fragment
çàøèôðîâàííîåïîëå
TLSCompressed.fragment
âìåñòåñèìèòîâñòàâêîé.
7.3.3.1Ïîòî÷íîåøèôðîâàíèå
Àëãîðèòìûïîòî÷íîãîøèôðîâàíèÿïðåîáðàçóþòñòðóêòóðó
TLSCompressed.fragment
âñòðóêòóðó
TLSCiphertext.fragment
òèïà
GenericStreamCipher
èíàîáîðîò.
Òèï
GenericStreamCipher
îïðåäåëÿåòñÿñëåäóþùèìîáðàçîì:
stream-ciphered
struct
{
opaque
content[TLSCompressed.length];
opaque
MAC[SecurityParameters.mac_length];
}GenericStreamCipher;
ÏîëÿñòðóêòóðûTLSCompressedèìåþòñëåäóþùååçíà÷åíèå:

content
ïîëå,àíàëîãè÷íîå
TLSCiphertext.fragment
;

MAC
èìèòîâñòàâêà,âû÷èñëåííàÿñïîìîùüþàëãîðèòìà,çàäàííîãîïîëåì
seq_num+TLSCompressed.type+TLSCompressed.version+
TLSCompressed.length+TLSCompressed.fragment,
15
ÑÒÁ34.101.65-2014
ãäå
seq_num
ïîðÿäêîâûéíîìåðôðàãìåíòà.Èìèòîâñòàâêàâû÷èñëÿåòñÿäîçàøèôðîâà-
íèÿîòïðàâëÿåìîãîôðàãìåíòàèïîñëåðàñøèôðîâàíèÿïðèíÿòîãî.
Çàøèôðîâûâàåòñÿñîñòàâíàÿñòðîêà
content+mac
.Äëèíà
TLSCiphertext.length
ðàâíàñóììåçíà÷åíèéïîëåé
TLSCompressed.length
è
struct
{
opaque
IV[SecurityParameters.record_iv_length];
block-ciphered
struct
{
opaque
content[TLSCompressed.length];
opaque
MAC[SecurityParameters.mac_length];
uint8
padding[GenericBlockCipher.padding_length];
uint8
padding_length;
};
}GenericBlockCipher;
Ïîëÿñòðóêòóðû
GenericBlockCipher
èìåþòñëåäóþùååçíà÷åíèå:

IV
ñèíõðîïîñûëêà,êîòîðóþÑËÅÄÓÅÒâûáèðàòüñëó÷àéíîèêîòîðàÿÄÎËÆ-
ÍÀáûòüíåïðåäñêàçóåìîé.Äëÿàëãîðèòìîâáëî÷íîãîøèôðîâàíèÿäëèíàñèíõðîïîñûëêè
îïðåäåëÿåòñÿïîëåì
ÑÒÁ34.101.65-2014
òîãî,÷òîáûîáùàÿäëèíàçàøèôðîâûâàåìûõäàííûõáûëàêðàòíàäëèíåáëîêà,
íåîáõîäèìîâûáðàòüäîïîëíåíèå,äëèíàêîòîðîãîäîëæíàïðèíèìàòüîäíîèç
ñëåäóþùèõçíà÷åíèé:6,14,22,...,254.Äîïîëíåíèåìèíèìàëüíîéäëèíûáó-
äåòñîñòîÿòüèç6áàéòîâ,êàæäûéèçêîòîðûõñîäåðæèòçíà÷åíèå6.Òàêèì
îáðàçîì,ïîñëåäíèå8áàéòîâñòðóêòóðû
GenericBlockCipher
äîèõçàøèôðîâà-
íèÿáóäóòèìåòüñëåäóþùèéâèä:XX06060606060606,ãäåXXïîñëåäíèé
áàéòèìèòîâñòàâêè(ïîëåMAC).
Ïðèìå÷àíèå1Ïðèøèôðîâàíèèâðåæèìåñöåïëåíèÿáëîêîââåñüôðàãìåíòîòêðûòîãî
òåêñòàÄÎËÆÅÍáûòüèçâåñòåíäîïåðåäà÷èêàêîé-ëèáî÷àñòèñîîòâåòñòâóþùåãîøèôðòåê-
ñòà.
Ïðèìå÷àíèå2Â[8]îïèñàíààòàêàíàìåõàíèçìäîïîëíåíèÿäàííûõïåðåäçàøèôðîâàíèåì,
îñíîâàííàÿíàçàìåðàõâðåìåíèâû÷èñëåíèÿèìèòîâñòàâêèðàñøèôðîâàííûõäàííûõ.Äëÿ
çàùèòûîòäàííîéàòàêèðåàëèçàöèèÄÎËÆÍÛîáðàáàòûâàòüçàøèôðîâàííûåôðàãìåíòû
äàííûõçàîäíîèòîæåâðåìÿ,âíåçàâèñèìîñòèîòòîãî,êàêîåäîïîëíåíèåïîëó÷åíîïðèðàñ-
øèôðîâàíèè,êîððåêòíîåèëèíåò.Äëÿýòîãîðåêîìåíäóåòñÿâû÷èñëÿòüèìèòîâñòàâêóäàæå
âòîìñëó÷àå,êîãäàäîïîëíåíèåíåêîððåêòíî,èòîëüêîïîñëåýòîãîáðàêîâàòüôðàãìåíò.Äëÿ
çàùèòûîòàòàêè,ïðåäëîæåííîéâ[9],ðåêîìåíäóåòñÿèïðèêîððåêòíîì,èïðèíåêððåêòíîì
äîïîëíåíèèâû÷èñëÿòüèìèòîâñòàâêóçàìàêñèìàëüíîåâðåìÿ.Ýòîâðåìÿ,çàêîòîðûåáûëè
áûâûïîëíåíûâû÷èñëåíèÿ,åñëèáûäîïîëíåíèåèìåëîíóëåâóþäëèíó.
7.3.3.3Îäíîâðåìåííîåøèôðîâàíèåèèìèòîçàùèòà
Àëãîðèòìóñòàíîâêèçàùèòûïðåîáðàçóåòñòðóêòóðó
TLSCompressed.fragment
â
ñòðóêòóðó
TLSCiphertext.fragment
òèïà
GenericAEADCipher
,ààëãîðèòìñíÿòèÿçàùè-
òûâûïîëíÿåòîáðàòíîåïðåîáðàçîâàíèå.
Òèï
GenericAEADCipher
îïðåäåëÿåòñÿñëåäóþùèìîáðàçîì:
struct
{
opaque
nonce_explicit[SecurityParameters.record_iv_length];
aead-ciphered
struct
{
opaque
content[TLSCompressed.length];
};
}GenericAEADCipher;
Ïðèóñòàíîâêåçàùèòûêëèåíòèñïîëüçóåòêëþ÷øèôðîâàíèÿ
client_write_key

ñåðâåð
server_write_key
.Êëþ÷èèìèòîçàùèòûíåèñïîëüçóþòñÿ.Êàæäûéêðèïòîíà-
áîð,ïîääåðæèâàþùèéàëãîðèòìûîäíîâðåìåííîãîøèôðîâàíèÿèèìèòîçàùèòû,ÄÎË-
ÆÅÍîïðåäåëÿòü,êàêèìîáðàçîìôîðìèðóåòñÿñèíõðîïîñûëêà.
Ñèíõðîïîñûëêàñîñòîèòèçäâóõ÷àñòåéÿâíîé,êîòîðàÿïåðåäàåòñÿâìåñòåñôðàã-
ìåíòàìèäàííûõ,èíåÿâíîé,êîòîðàÿîïðåäåëÿåòñÿïîïàðàìåòðàìçàùèòûèíåïåðåäàåòñÿ
âìåñòåñäàííûìè.
ßâíàÿ÷àñòüñèíõðîïîñûëêèðàçìåùàåòñÿâïîëå
GenericAEAEDCipher.
nonce_explicit
.Íåÿâíóþ÷àñòüÑËÅÄÓÅÒîïðåäåëÿòüïîñòðîêå
client_write_iv
(ïðèîòïðàâêåäàííûõêëèåíòîì)èëè
server_write_iv
(ïðèîòïðàâêåäàííûõñåðâåðîì).
Ôîðìèðîâàíèåýòèõñòðîêîïèñûâàåòñÿâ7.4.
Êðèòè÷åñêèìèäàííûìèàëãîðèòìîâîäíîâðåìåííîãîøèôðîâàíèÿèèìèòîçàùèòûÿâ-
ëÿåòñÿïîëå
TLSCompressed.fragment
.Äîïîëíèòåëüíûåîòêðûòûåäàííûå,îáîçíà÷àåìûå
additional_data
,îïðåäåëÿþòñÿñëåäóþùèìîáðàçîì:
17
ÑÒÁ34.101.65-2014
additional_data=seq_num+TLSCompressed.type+
TLSCompressed.version+TLSCompressed.length,
ãäå
seq_num
ïîðÿäêîâûéíîìåðôðàãìåíòà.
Äëèíàâûõîäíûõäàííûõàëãîðèòìàóñòàíîâêèçàùèòû,êàêïðàâèëî,áîëüøå,÷åìäëè-
íàêðèòè÷åñêèõäàííûõ(ò.å.áîëüøåçíà÷åíèÿïîëÿ
TLSCompressed.length
).Óâåëè÷åíèå
äëèíûîïðåäåëÿåòñÿñïåöèôèêîéèñïîëüçóåìîãîàëãîðèòìà.Òàêêàêàëãîðèòìûîäíîâðå-
ìåííîãîøèôðîâàíèÿèèìèòîçàùèòûìîãóòâêëþ÷àòüâñåáÿìåõàíèçìûâûðàâíèâàíèÿ
äàííûõíàãðàíèöóáëîêà,äëèíàâûõîäíûõäàííûõàëãîðèòìàóñòàíîâêèçàùèòûìîæåò
ìåíÿòüñÿâçàâèñèìîñòèîòçíà÷åíèÿïîëÿ
TLSCompressed.length
.Ïðèóñòàíîâêåçàùèòû
äëèíàêðèòè÷åñêèõäàííûõÍÅÄÎËÆÍÀóâåëè÷èâàòüñÿáîëåå÷åìíà1024áàéòîâ.
Åñëèïðèîáðàáîòêåäàííûõàëãîðèòìñíÿòèÿçàùèòûâîçâðàòèëïðèçíàêíàðóøåíèÿ
öåëîñòíîñòèäàííûõ,òîÄÎËÆÍÎáûòüîòïðàâëåíîêðèòè÷åñêîåñèãíàëüíîåñîîáùåíèå
bad_record_mac
(ñì.10.3).
7.4Ôîðìèðîâàíèåêëþ÷åé
ÏðîòîêîëRecordèñïîëüçóåòàëãîðèòìãåíåðàöèèïñåâäîñëó÷àéíûõ÷èñåëäëÿôîð-
ìèðîâàíèÿêëþ÷åéòåêóùåãîñîñòîÿíèÿñîåäèíåíèÿ.Ñïîìîùüþýòîãîàëãîðèòìàìîãóò
òàêæåôîðìèðîâàòüñÿñèíõðîïîñûëêèàëãîðèòìîâîäíîâðåìåííîãîøèôðîâàíèÿèèìèòî-
çàùèòû.
Ïðèãåíåðàöèèèñïîëüçóþòñÿïàðàìåòðûçàùèòû(ñì.7.2),âûðàáîòàííûåñòîðîíà-
ìèïîïðîòîêîëóHandshake.Ïîìàñòåð-êëþ÷óèñëó÷àéíûìäàííûìêëèåíòàèñåðâåðà
ãåíåðèðóåòñÿñòðîêàáàéòîâ
key_block
:
key_block=PRF(SecurityParameters.master_secret,
"keyexpansion",SecurityParameters.server_random+
SecurityParameters.client_random);
Êëþ÷èèñèíõðîïîñûëêèôîðìèðóþòñÿïîýòîéñòðîêåâñëåäóþùåìïîðÿäêå(îáúåêòû
íóëåâîéäëèíûñ÷èòàþòñÿïóñòûìè):

êëþ÷
client_write_MAC_key
äëèíû
ÑÒÁ34.101.65-2014

ñåðòèôèêàòñòîðîíûñåðòèôèêàòîòêðûòîãîêëþ÷àñòîðîíû.Ôîðìàòñåðòèôèêàòà
äîëæåíñîîòâåòñòâîâàòüÑÒÁ34.101.19.Ýòîòýëåìåíòñîñòîÿíèÿìîæåòîòñóòñòâîâàòü;

àëãîðèòìñæàòèÿ;

êðèïòîîïðåäåëåíèå;

ìàñòåð-êëþ÷ñåêðåòíàÿñòðîêàèç48áàéòîâ,îáùàÿäëÿêëèåíòàèñåðâåðà;

ôëàãâîçîáíîâëåíèÿïðèçíàê,êîòîðûéîïðåäåëÿåò,ìîæåòëèñåàíñèñïîëüçîâàòüñÿ
äëÿñîçäàíèÿïîíåìóíîâûõñîñòîÿíèéñîåäèíåíèÿ.
Ïîñîñòîÿíèþñåàíñàñîçäàþòñÿïàðàìåòðûçàùèòû,ïîêîòîðûìçàòåìôîðìèðóþò-
ñÿñîñòîÿíèÿñîåäèíåíèÿ.ÝòèñîñòîÿíèÿèñïîëüçóþòñÿïðîòîêîëîìRecordïðèçàùèòå
äàííûõïðèêëàäíûõïðîòîêîëîâ.Áëàãîäàðÿíàëè÷èþâïðîòîêîëåHandshakeìåõàíèçìîâ
âîçîáíîâëåíèÿèïåðåóñòàíîâêèñâÿçè,ñèñïîëüçîâàíèåìîäíîãîèòîãîæåñåàíñàìîæåò
áûòüóñòàíîâëåíîìíîæåñòâîñîåäèíåíèé.
8.2Øàãèïðîòîêîëà
ÏðèóñòàíîâêåñâÿçèêëèåíòèñåðâåðñîãëàñóþòâåðñèþTLS,âûáèðàþòêðèïòîãðàôè-
÷åñêèåàëãîðèòìû,ïðîâîäÿòàóòåíòèôèêàöèþäðóãäðóãà(ïðèíåîáõîäèìîñòè),ôîðìèðó-
þòîáùèéñåêðåòíûéêëþ÷.ÏðèóñòàíîâêåñâÿçèïðîòîêîëHandshakeñîñòîèòèçñëåäóþ-
ùèõýòàïîâ:

îáìåíïðèâåòñòâåííûìèñîîáùåíèÿìèñöåëüþñîãëàñîâàíèÿàëãîðèòìîâøèôðîâàíèÿ,
ïåðåäà÷èñëó÷àéíûõäàííûõ,ïðîâåðêèâîçîáíîâëÿåìîñòèñåàíñà;

îáìåííåîáõîäèìûìèêðèïòîãðàôè÷åñêèìèïàðàìåòðàìèäëÿñîãëàñîâàíèÿêëèåíòîì
èñåðâåðîìïðåäâàðèòåëüíîãîìàñòåð-êëþ÷à
ÑÒÁ34.101.65-2014
Ñïîìîùüþñîîáùåíèé
ClientHello
è
ServerHello
ñîãëàñóþòñÿñëåäóþùèåïàðàìåò-
ðûñâÿçè:âåðñèÿïðîòîêîëà,èäåíòèôèêàòîðñåàíñà,êðèïòîíàáîðèàëãîðèòìñæàòèÿ.Äî-
ïîëíèòåëüíîñïîìîùüþäàííûõñîîáùåíèéñòîðîíûîáìåíèâàþòñÿñëó÷àéíûìèäàííûìè
êëèåíòà
ClientHello.random
èñåðâåðà
ServerHello.random
.
Äëÿôîðìèðîâàíèÿîáùåãîêëþ÷àèñïîëüçóåòñÿäî÷åòûðåõñîîáùåíèé:ñîîá-
ùåíèÿñåðâåðà
Certificate
,
ServerKeyExchange
èñîîáùåíèÿêëèåíòà
Certificate
,
ClientKeyExchange
.TLSäîïóñêàåòðàçðàáîòêóíîâûõàëãîðèòìîâôîðìèðîâàíèÿîáùåãî
êëþ÷àïóòåìîïðåäåëåíèÿôîðìàòîâóêàçàííûõñîîáùåíèéèïðàâèëèõîáðàáîòêè.Îáùèé
êëþ÷ÄÎËÆÅÍáûòüäîñòàòî÷íîäëèííûì,ðåêîìåíäóåòñÿèñïîëüçîâàòüêëþ÷äëèíîéíå
ìåíåå48áàéòîâ.
Åñëèñåðâåðäîëæåíáûòüàóòåíòèôèöèðîâàí,òîñëåäîìçàïðèâåòñòâåííûìèñîîáùå-
íèÿìèîíîòïðàâëÿåòñâîéñåðòèôèêàòâñîîáùåíèè
Certificate
.Äîïîëíèòåëüíî,åñëè
òðåáóåòñÿ,ìîæåòáûòüîòïðàâëåíîñîîáùåíèå
ServerKeyExchange
(íàïðèìåð,åñëèñåð-
âåðíåèìååòñåðòèôèêàòàèëèåãîñåðòèôèêàòñîäåðæèòòîëüêîîòêðûòûéêëþ÷ÝÖÏ).
Ñåðâåðìîæåòïîòðåáîâàòüñåðòèôèêàòîòêëèåíòà,åñëèñåðâåðàóòåíòèôèöèðóåòñÿè
åñëèçàïðîññåðòèôèêàòàïðåäóñìîòðåíâûáðàííûìêðèïòîíàáîðîì.Ñåðâåðîòïðàâëÿ-
åòñîîáùåíèå
ServerHelloDone
,óêàçûâàþùååíàòî,÷òîôàçàîáìåíàïðèâåòñòâåííû-
ìèñîîáùåíèÿìèçàêîí÷åíà,èæäåòîòâåòàêëèåíòà.Åñëèñåðâåðîòïðàâèëñîîáùåíèå
CertificateRequest
,òîêëèåíòÄÎËÆÅÍîòïðàâèòüñîîáùåíèå
Certificate
,àçàòåì
ñîîáùåíèå
ClientKeyExchange
.Ñîäåðæàíèåñîîáùåíèÿ
ClientKeyExchange
çàâèñèòîòàë-
ãîðèòìàñîòêðûòûìêëþ÷îì,êîòîðûéáûëâûáðàíïðèîáìåíåñîîáùåíèÿìè
ClientHello
è
ServerHello
.Åñëèêëèåíòïîñëàëñåðòèôèêàòîòêðûòîãîêëþ÷à,êîòîðûéìîæåòèñïîëü-
çîâàòüñÿäëÿïðîâåðêèÝÖÏ,òîîòïðàâëÿåòñÿñîîáùåíèå
CertificateVerify
ñàòðèáóòîì
digitally-
signed
.Ýòîñîîáùåíèåîòïðàâëÿåòñÿäëÿòîãî,÷òîáûäîêàçàòüâëàäåíèåëè÷-
íûìêëþ÷îì,ñîîòâåòñòâóþùèìîòêðûòîìóêëþ÷óñåðòèôèêàòà.
Ïîñëåâûïîëíåíèÿîïèñàííûõäåéñòâèéêëèåíòîòïðàâëÿåòñîîáùåíèå
ChangeCipherSpec
èïåðåâîäèòîæèäàåìîåñîñòîÿíèåçàïèñèñîåäèíåíèÿ,ñîäåðæà-
ùååñîãëàñîâàííîåêðèïòîîïðåäåëåíèå,âòåêóùåå.Ñðàçóïîñëåýòîãîêëèåíòïîñûëàåò
ñîîáùåíèå
Finished
,çàùèùåííîåñïîìîùüþàëãîðèòìîâèêëþ÷åéèçíîâîãîêðèïòîîïðå-
äåëåíèÿ.Âîòâåòñåðâåðâûïîëíÿåòàíàëîãè÷íûåäåéñòâèÿ:îòïðàâëÿåòñâîåñîîáùåíèå
ChangeCipherSpec
,ïåðåâîäèòñâîåîæèäàåìîåñîñòîÿíèåçàïèñèâòåêóùååèïîñûëàåò
ñâîåñîîáùåíèå
Finished
,çàùèùåííîåñèñïîëüçîâàíèåìñîãëàñîâàííîãîêðèïòîîïðåäå-
ëåíèÿ.Ïðèïîëó÷åíèè
ChangeCipherSpec
ñòîðîíûïåðåâîäÿòñâîèîæèäàåìûåñîñòîÿíèÿ
÷òåíèÿâòåêóùèå.Ñòîðîíûïðîâåðÿþòñîîáùåíèÿ
Finished
èíàýòîìóñòàíîâêàñâÿçè
çàâåðøàåòñÿ.
Ïîñëåóñòàíîâêèñâÿçèêëèåíòèñåðâåðìîãóòíà÷àòüîáìåíäàííûìèïðèêëàäíûõ
ïðîòîêîëîâ.Íàðèñóíêå1èçîáðàæåíïîëíûéîáìåíñîîáùåíèÿìèïðèóñòàíîâêåñâÿçè.
Çâåçäî÷êîéïîìå÷åíûíåîáÿçàòåëüíûåñîîáùåíèÿ,ñèìâîëîì¾+¿ñîîáùåíèÿ,ñâÿçàí-
íûåñàóòåíòèôèêàöèåéêëèåíòà.Ñîîáùåíèÿ
ChangeCipherSpec
,âûäåëåííûåêâàäðàòíû-
ìèñêîáêàìè,íåîòíîñÿòñÿêïðîòîêîëóHandshake.
ÄàííûåïðèêëàäíûõïðîòîêîëîâÍÅËÜÇßïîñûëàòüäîòîãî,êàêçàâåðøèòñÿóñòà-
íîâêàñâÿçè(ò.å.äîòîãî,êàêáóäåòñîãëàñîâàíèïðèìåíåíêðèïòîíàáîð,îòëè÷íûéîò
TLS_NULL_WITH_NULL_NULL
).
20
ÑÒÁ34.101.65-2014
êëèåíò
ñåðâåð
ClientHello
!
ServerHello
Certificate
*

ServerKeyExchange
*
CertificateRequest
*+
ServerHelloDone
Certificate
*
ClientKeyExchange
CertificateVerify
*+
!
[ChangeCipherSpec]
Finished

[ChangeCipherSpec]
Finished
[Äàííûåïðèêëàäíîãîïðîòîêîëà]
$
[Äàííûåïðèêëàäíîãîïðîòîêîëà]
Ðèñóíîê1ÏîëíûéîáìåíñîîáùåíèÿìèïðîòîêîëàHandshake
Êîãäàêëèåíòèñåðâåððåøàþòâîçîáíîâèòüèëèïåðåóñòàíîâèòüñâÿçü,èñïîëüçóÿïàðà-
ìåòðûóæåñóùåñòâóþùåãîñåàíñà(âìåñòîòîãî,÷òîáûñîãëàñîâûâàòüíîâûåïàðàìåòðû),
âûïîëíÿåòñÿñîêðàùåííûéîáìåíñîîáùåíèÿìè.
Êëèåíòîòïðàâëÿåòñîîáùåíèå
ClientHello
,âêîòîðîìóêàçûâàåòèäåíòèôèêàòîðñå-
àíñà,êîòîðûéäîëæåíèñïîëüçîâàòüñÿäëÿâîçîáíîâëåíèÿñâÿçè.Ïðèïîëó÷åíèèäàííîãî
ñîîáùåíèÿñåðâåðïðîâåðÿåòñïèñîêñåàíñîâ,êîòîðûåáûëèñîçäàíûðàíåå(êýøñåàíñîâ),
èèùåòñåàíññïðèñëàííûìèäåíòèôèêàòîðîì.Åñëèñîâïàäåíèåíàéäåíî,èñåðâåðæåëàåò
âîçîáíîâèòüñâÿçü,èñïîëüçóÿíàéäåííûéñåàíñ,òîîíîòïðàâëÿåòñîîáùåíèå
ServerHello
ñòåìæåñàìûìèäåíòèôèêàòîðîìñåàíñà.ÏîñëåýòîãîêëèåíòèñåðâåðÄÎËÆÍÛîò-
ïðàâèòüñîîáùåíèÿ
ChangeCipherSpec
èïåðåéòèêïåðåñûëêåñîîáùåíèé
Finished
.Íà
ðèñóíêå2èçîáðàæåíñîêðàùåííûéîáìåíñîîáùåíèÿìèìåæäóêëèåíòîìèñåðâåðîìïðè
âîçîáíîâëåíèèñâÿçè.Àíàëîãè÷íûéîáìåíâûïîëíÿåòñÿïðèïåðåóñòàíîâêåñâÿçè.
Åñëèñåðâåðíåíàøåëñåàíññíóæíûìèäåíòèôèêàòîðîì,òîîíãåíåðèðóåòíîâîå
çíà÷åíèåèäåíòèôèêàòîðà.Ïîñëå÷åãîêëèåíòèñåðâåðâûïîëíÿþòïîëíûéîáìåíñîîáùå-
íèÿìèïîïðîòîêîëóHandshake.
êëèåíò
ñåðâåð
ClientHello
!
ServerHello

[ChangeCipherSpec]
Finished
[ChangeCipherSpec]
!
Finished
[Äàííûåïðèêëàäíîãîïðîòîêîëà]
$
[Äàííûåïðèêëàäíîãîïðîòîêîëà]
Ðèñóíîê2ÑîêðàùåííûéîáìåíñîîáùåíèÿìèïðîòîêîëàHandshake
21
ÑÒÁ34.101.65-2014
8.3Ñîîáùåíèÿïðîòîêîëà
ÑîîáùåíèÿïðîòîêîëàHandshakeïåðåäàþòñÿïðîòîêîëóRecord,êîòîðûéïîìåùàåò
èõâîäíóèëèáîëååñòðóêòóð
TLSPlaintext
.Äàííûåñòðóêòóðûîáðàáàòûâàþòñÿèïåðå-
äàþòñÿâñîîòâåòñòâèèñòåêóùèìàêòèâíûìñîñòîÿíèåìñåàíñà.
ÑîîáùåíèÿïðîòîêîëàHandshakeîïðåäåëÿþòñÿñëåäóþùèìîáðàçîì:
struct
{
HandshakeTypemsg_type;
uint24
length;
select(HandshakeType){
case
hello_request:HelloRequest;
case
client_hello:ClientHello;
case
server_hello:ServerHello;
case
certificate:Certificate;
case
server_key_exchange:ServerKeyExchange;
case
certificate_request:CertificateRequest;
case
server_hello_done:ServerHelloDone;
case
certificate_verify:CertificateVerify;
case
client_key_exchange:ClientKeyExchange;
case
finished:Finished;
}body;
}Handshake;
enum
{
hello_request(0),client_hello(1),server_hello(2),
certificate(11),server_key_exchange(12),
certificate_request(13),server_hello_done(14),
certificate_verify(15),client_key_exchange(16),
finished(20),(255)
}HandshakeType;
Ïîëÿñòðóêòóðû
Handshake
èìåþòñëåäóþùååçíà÷åíèå:

msg_type
òèïñîîáùåíèÿ,êîòîðûéîïèñûâàåòñÿïåðå÷èñëåíèåì
ÑÒÁ34.101.65-2014
8.4Ñîîáùåíèå
HelloRequest
Ñîîáùåíèå
HelloRequest
ñåðâåðÌÎÆÅÒîòïðàâèòüâëþáîåâðåìÿ.Äàííîåñîîá-
ùåíèåñîîáùàåòêëèåíòó,÷òîîíäîëæåíñíîâàíà÷àòüñîãëàñîâàíèåïàðàìåòðîâñâÿçè.
Âîòâåòíàñîîáùåíèå
HelloRequest
êëèåíò,åñëèïîñ÷èòàåòíóæíûì,äîëæåíîòïðàâèòü
ñîîáùåíèå
ClientHello
.Ñîîáùåíèå
HelloRequest
íåïðåäíàçíà÷åíîäëÿòîãî,÷òîáûîïðå-
äåëèòü,êàêàÿèçñòîðîíÿâëÿåòñÿêëèåíòîì,àêàêàÿñåðâåðîì.ÑåðâåðóÍÅÑËÅÄÓÅÒ
îòïðàâëÿòüñîîáùåíèåñðàçóïîñëåòîãî,êàêêëèåíòèíèöèèðîâàëñîåäèíåíèå(îòïðàâèë
ñîîáùåíèå
ClientHello
).
Êëèåíòóñëåäóåòèãíîðèðîâàòüñîîáùåíèå
HelloRequest
,åñëèâìîìåíòåãîïîëó÷å-
íèÿîíóæåíàõîäèòñÿâïðîöåññåóñòàíîâêèñâÿçè.ÊëèåíòÌÎÆÅÒïðîèãíîðèðîâàòü
ñîîáùåíèå,åñëèîííåæåëàåòïåðåóñòàíàâëèâàòüñâÿçü.Êëèåíòòàêæåìîæåòîòâåòèòü
ñèãíàëüíûìñîîáùåíèåì
no_renegotiation
(ñì.10.3).
Ìåæäóîòïðàâêîé
HelloRequest
èïîëó÷åíèåì
ClientHello
ñåðâåðóìîãóòïðèõîäèòü
îòêëèåíòàôðàãìåíòûäàííûõïðèêëàäíûõïðîòîêîëîâ.Îæèäàåòñÿ,÷òîñåðâåðïîëó÷èò
òîëüêîìàëîå÷èñëîòàêèõôðàãìåíòîâ,ïîñêîëüêóñîîáùåíèÿïðîòîêîëàHandshakeïðè
ïåðåñûëêåèìåþòïðèîðèòåòíàääàííûìèïðèêëàäíûõïðîòîêîëîâ.Åñëèñåðâåðîòïðàâ-
ëÿåò
HelloRequest
,íîíåïîëó÷àåòâîòâåò
ClientHello
,òîîíìîæåòçàêðûòüñîåäèíåíèå
ñêðèòè÷åñêèìñèãíàëüíûìñîîáùåíèåì.
Ïîñëåîòïðàâêèñîîáùåíèÿ
HelloRequest
,ñåðâåðóÍÅÑËÅÄÓÅÒïîâòîðÿòüçàïðîñ
äîòåõïîð,ïîêàíåçàâåðøèòñÿïîñëåäóþùèéîáìåíñîîáùåíèÿìèïðîòîêîëàHandshake.
Ñîîáùåíèå
HelloRequest
èìååòñëåäóþùóþñòðóêòóðó:
struct
{}HelloRequest;
ÝòîñîîáùåíèåÍÅÄÎËÆÍÎó÷èòûâàòüñÿïðèâû÷èñëåíèèõýø-çíà÷åíèé,èñïîëüçó-
åìûõâñîîáùåíèÿõ
Finished
è
CertificateVerify
.
8.5Ñîîáùåíèå
ClientHello
Êëèåíòïîñûëàåòñîîáùåíèå
ClientHello
ïðèóñòàíîâêåñâÿçè(ïîëíîéèëèñîêðàùåí-
íîé).Êëèåíòòàêæåìîæåòïîñëàòüýòîñîîáùåíèåïîñëåóñòàíîâêèñâÿçèëèáîâîòâåòíà
ñîîáùåíèå
HelloRequest
,ëèáîïîñîáñòâåííîéèíèöèàòèâåñöåëüþïåðåóñòàíîâêèñâÿçè.
Ñîîáùåíèå
ClientHello
îïðåäåëÿåòñÿñëåäóþùèìîáðàçîì:
struct
{
ProtocolVersionclient_version;
Randomrandom;
SessionIDsession_id;
CipherSuitecipher_suites2..2^16-2&#x-822;&#x-82.;&#x-83.;&#x-822;&#x-82^;&#x-821;&#x-836;&#x-164;&#x--83;-16;⎝;
CompressionMethodcompression_methods1..2^8-1&#x-811;&#x-80.;&#x-81.;&#x-812;&#x-81^;&#x-818;&#x-162;&#x--80;-16;�;
select(extensions_present){
case
false
:
struct
{};
case
true
:
Extensionextensions0..2^16-1&#x-820;&#x-83.;&#x-82.;&#x-822;&#x-82^;&#x-831;&#x-826;&#x-165;&#x--82;-16;�;
};
}ClientHello;
23
ÑÒÁ34.101.65-2014
struct
{
uint32
gmt_unix_time;
opaque
random_bytes[28];
}Random;
opaque
SessionID0..32&#x-820;&#x-82.;&#x-83.;&#x-823;&#x-822;&#x-165;;
Ïîëÿñòðóêòóðû
ClientHello
èìåþòñëåäóþùååçíà÷åíèå:

client_version
âåðñèÿTLS,êîòîðóþêëèåíòïðåäëàãàåòèñïîëüçîâàòüâòå÷åíèå
ñåàíñà.Òèïäàííîãîïîëÿîïðåäåëåíâ7.3.1;

random
ñòðóêòóðàñîñëó÷àéíûìèäàííûìè,ñãåíåðèðîâàííûìèêëèåíòîì;

session_id
èäåíòèôèêàòîðñåàíñà,ïàðàìåòðûçàùèòûêîòîðîãîêëèåíòïðåäëàãà-
åòèñïîëüçîâàòüâäàííîìñîåäèíåíèè.Âýòîìïîëåçàäàåòñÿïóñòàÿñòðîêà,åñëèêëèåíò
æåëàåòñîçäàòüíîâûéñåàíñ.Íåïóñòàÿñòðîêàìîæåòñîîòâåòñòâîâàòüèäåíòèôèêàòîðó,èñ-
ïîëüçîâàííîìóâ1)ñîåäèíåíèè,êîòîðîåáûëîçàêðûòî,2)òåêóùåìñîåäèíåíèè,3)äðóãîì
àêòèâíîìâíàñòîÿùååâðåìÿñîåäèíåíèè.Âòîðîéâàðèàíòïðèâîäèòòîëüêîêîáíîâëåíèþ
ïîëÿ
random
èïðîèçâîäíûõîòíåãîïàðàìåòðîâñîåäèíåíèÿ.Òðåòèéâàðèàíòïîçâîëÿåò
óñòàíîâèòüíåñêîëüêîíåçàâèñèìûõáåçîïàñíûõñîåäèíåíèéïîñîêðàùåííîéñõåìåîáìåíà
ñîîáùåíèÿìèïðîòîêîëàHandshake(ýòèíåçàâèñèìûåñîåäèíåíèÿìîãóòóñòàíàâëèâàòüñÿ
ïîñëåäîâàòåëüíîèëèîäíîâðåìåííî);

cipher_suites
ñïèñîêèäåíòèôèêàòîðîâêðèïòîíàáîðîâ,ïîääåðæèâàåìûõêëè-
åíòîì.Ñïèñîêóïîðÿäî÷èâàåòñÿêëèåíòîìâïîðÿäêåóáûâàíèÿïðèîðèòåòà.Åñëèïîëå
session_id
íåïóñòîå(ïîäðàçóìåâàåòñÿçàïðîñíàâîçîáíîâëåíèåèëèïåðåóñòàíîâêóñâÿ-
çè),òîñïèñîêÄÎËÆÅÍñîäåðæàòüêðèïòîíàáîð
ServerHello.cipher_suite
,ñîãëàñîâàí-
íûéâñåàíñåñèäåíòèôèêàòîðîì
session_id
.Ñåðâåðâûáèðàåòêðèïòîíàáîðèçïîëó÷åí-
íîãîñïèñêàèëè,åñëèîòñóòñòâóþòïðèåìëåìûåäëÿíåãîâàðèàíòû,îòïðàâëÿåòêðèòè÷å-
ñêîåñèãíàëüíîåñîîáùåíèå
handshake_failure
(ñì.10.3)èçàêðûâàåòñîåäèíåíèå.Åñëè
ñïèñîêñîäåðæèòêðèïòîíàáîðû,êîòîðûåñåðâåðíåðàñïîçíàåò,íåïîääåðæèâàåòèëèíå
æåëàåòèñïîëüçîâàòü,òîîíÄÎËÆÅÍïðîèãíîðèðîâàòüýòèêðèïòîíàáîðû,àîñòàâøèåñÿ
êðèïòîíàáîðûîáðàáîòàòüîáû÷íûìîáðàçîì;

ÑÒÁ34.101.65-2014

random_bytes
28áàéòîâ,ñãåíåðèðîâàííûõñïîìîùüþêðèïòîãðàôè÷åñêèñòîéêîãî
ãåíåðàòîðàñëó÷àéíûõèëèïñåâäîñëó÷àéíûõ÷èñåë.
Èäåíòèôèêàòîðñåàíñàñòàíîâèòñÿäåéñòâèòåëüíûì,êîãäàïðîòîêîëHandshakeçàâåð-
øàåòñÿñîîáùåíèÿìè
Finished
,èñîõðàíÿåòñÿäîòåõïîð,ïîêàíåáóäåòóäàëåíïîèñòå÷å-
íèèñðîêàõðàíåíèÿñîñòîÿíèÿñåàíñàèëèèç-çàîøèáêèâñîåäèíåíèè,ñâÿçàííîìñäàííûì
ñåàíñîì.Ôàêòè÷åñêîåçíà÷åíèåèäåíòèôèêàòîðàñåàíñàîïðåäåëÿåòñÿñåðâåðîì.
Òàêêàêèäåíòèôèêàòîðñåàíñàïåðåäàåòñÿâíåçàøèôðîâàííîìâèäå,ñåðâåðÍÅÄÎË-
ÆÅÍïîìåùàòüâèäåíòèôèêàòîðêîíôèäåíöèàëüíóþèíôîðìàöèþ.Öåëîñòíîñòüèäåíòè-
ôèêàòîðàêîíòðîëèðóåòñÿîòëîæåííî(ïðèîáðàáîòêå
Finished
),ïîýòîìóñòîðîíûäîëæíû
êîððåêòíîîáðàáàòûâàòüëþáûå,äàæåçàâåäîìîíåâåðíûåèäåíòèôèêàòîðû,êîòîðûåìî-
æåòïîñûëàòüçëîóìûøëåííèê.
Ñîîáùåíèÿ
ClientHello
ìîãóòñîäåðæàòüðàñøèðåíèÿ.Äëÿïðîâåðêèíàëè÷èÿðàñøè-
ðåíèéñëåäóåòïðîâåðèòü,÷òîñîîáùåíèåíåçàêàí÷èâàåòñÿïîëåì
struct
{
ProtocolVersionserver_version;
Randomrandom;
SessionIDsession_id;
CipherSuitecipher_suite;
CompressionMethodcompression_method;
select(extensions_present){
case
false
:
struct
{};
case
true
:
25
ÑÒÁ34.101.65-2014
Extensionextensions0..2^16-1&#x-820;&#x-83.;&#x-82.;&#x-822;&#x-82^;&#x-831;&#x-826;&#x-165;&#x--82;-16;�;
};
}ServerHello;
Ïîëÿñòðóêòóðû
ServerHello
èìåþòñëåäóþùååçíà÷åíèå:

server_version
ïîëåñîäåðæèòñîãëàñîâàííóþìåæäóêëèåíòîìèñåðâåðîìâåðñèþ
TLS.Òèïäàííîãîïîëÿîïðåäåëåíâ7.3.1;

random
ïîëåñîñëó÷àéíûìèäàííûìè,ñãåíåðèðîâàííûìèñåðâåðîì.Òèïäàííî-
ãîïîëÿîïðåäåëåíâ8.5.Ñëó÷àéíûåäàííûåÄÎËÆÍÛãåíåðèðîâàòüñÿíåçàâèñèìîîò
ClientHello.random
;

session_id
èäåíòèôèêàòîðñåàíñà,ñîîòâåòñòâóþùåãîäàííîìóñîåäèíåíèþ.Åñëè
ïîëå
session_id
âñîîáùåíèè
ClientHello
íåáûëîïóñòûì,òîñåðâåðèùåòïðèñëàí-
íûéèäåíòèôèêàòîðâêýøåñåàíñîâ.Åñëèñåàíññíóæíûìèäåíòèôèêàòîðîìíàéäåí,è
ñåðâåðæåëàåòóñòàíîâèòüñâÿçü,èñïîëüçóÿñîñòîÿíèåýòîãîñåàíñà,òîîíîòâå÷àåòòåì
æåèäåíòèôèêàòîðîì,êîòîðûéáûëïðèñëàíêëèåíòîì.Ýòîòîòâåòñåðâåðàóêàçûâàåòíà
âîçîáíîâëåíèåñâÿçèèòðåáóåòîòñòîðîíïåðåõîäàñðàçóêñîîáùåíèÿì
Finished
.Âïðî-
òèâíîìñëó÷àåïîëå
session_id
äîëæíîñîäåðæàòüçíà÷åíèå,ñîîòâåòñòâóþùååíîâîìó
ñåàíñó.Ñåðâåðìîæåòâåðíóòüïóñòîåïîëå
session_id
,÷òîáûóêàçàòüíàòî,÷òîñåàíñ
íåáóäåòêýøèðîâàòüñÿèíåìîæåòèñïîëüçîâàòüñÿäëÿâîçîáíîâëåíèÿñâÿçèâáóäóùåì.
Ïðèâîçîáíîâëåíèèñâÿçèäîëæåíèñïîëüçîâàòüñÿòîòñàìûéêðèïòîíàáîð,êîòîðûéáûë
ñîãëàñîâàíðàíåå.Îòñåðâåðàíåòðåáóåòñÿâîçîáíîâëÿòüñâÿçü,äàæååñëèñåàíññíóæíûì
èäåíòèôèêàòîðîìèìååòñÿâêýøå.ÊëèåíòûÄÎËÆÍÛáûòüãîòîâûâûïîëíèòüïîëíîå
ñîãëàñîâàíèåïàðàìåòðîâñâÿçè(âêëþ÷àÿñîãëàñîâàíèåêðèïòîíàáîðîâ)âñÿêèéðàçïðè
çàïðîñåíàâîçîáíîâëåíèåñâÿçè;

cipher_suite
èäåíòèôèêàòîðêðèïòîíàáîðà,êîòîðûéñåðâåðâûáðàëèçñïèñêà,ïå-
ðåäàííîãîêëèåíòîìâïîëå
ClientHello.cipher_suites
.Ïðèâîçîáíîâëåíèèñâÿçèñåðâåð
íåâûáèðàåòêðèïòîíàáîð,àçàäàåòåãîïîñîõðàíåííîìóñîñòîÿíèþñåàíñà;

struct
{
ExtensionTypeextension_type;
opaque
extension_data0..2^16-1&#x-820;&#x-83.;&#x-82.;&#x-822;&#x-83^;&#x-821;&#x-826;&#x-165;&#x--82;-16;�;
}Extension;
Ïîëÿñòðóêòóðû
Extension
èìåþòñëåäóþùååçíà÷åíèå:

extension_type
òèïðàñøèðåíèÿ;
26
ÑÒÁ34.101.65-2014

extension_data
äàííûåðàñøèðåíèÿ,ò.å.èíôîðìàöèÿ,ñïåöèôè÷åñêàÿäëÿêîí-
êðåòíîãîòèïàðàñøèðåíèÿ.
Âëîæåííûéòèï
ExtensionType
îïðåäåëÿåòñÿñëåäóþùèìîáðàçîì:
enum
{
signature_algorithms(13),renegotiation_info(65281),(65535)
}ExtensionType;
Ïðèìå÷àíèåÍåêîòîðûåðàñïðîñòðàíåííûåäîïîëíèòåëüíûåðàñøèðåíèÿîïðåäåëåíûâ[10].
Âñîîáùåíèå
ServerHello
ÍÅËÜÇßâêëþ÷àòüðàñøèðåíèÿñòèïîì,êîòîðûé
íåâñòðå÷àåòñÿâñîîòâåòñòâóþùåìñîîáùåíèè
ClientHello
.Åñëèêëèåíòïîëó÷à-
åòâ
ServerHello
ðàñøèðåíèÿñòèïîì,êîòîðûéíåáûëóêàçàíâñîîòâåòñòâóþùåì
ClientHello
,òîîíÄÎËÆÅÍïðåðâàòüóñòàíîâêóñâÿçèññèãíàëüíûìñîîáùåíèåì
unsupported_extension
(ñì.10.3).Òåìíåìåíååïðåäóñìîòðåíàâîçìîæíîñòüèñïîëüçî-
âàíèÿðàñøèðåíèé,îðèåíòèðîâàííûõíàîòïðàâêóñåðâåðîì.Òàêèåðàñøèðåíèÿñïóñòûì
ïîëåì
extension_data
êëèåíòïîñûëàåòñåðâåðóâñîîáùåíèè
ClientHello
.Ýòèìêëèåíò
äåìîíñòðèðóåòñåðâåðó,÷òîîíìîæåòîáðàáàòûâàòüðàñøèðåíèåäàííîãîòèïà.Âîòâåò
íàñîîáùåíèåêëèåíòàñåðâåðâûñûëàåòðàñøèðåíèåòîãîæåòèïà,íîóæåñçàïîëíåí-
íûìèäàííûìè.ÏðèðåàëèçàöèèTLSñëåäóåòó÷èòûâàòü,÷òîâñîîáùåíèÿõ
ClientHello
,
ServerHello
ðàñøèðåíèÿðàçëè÷íûõòèïîâÌÎÃÓÒâñòðå÷àòüñÿâëþáîìïîðÿäêå.Ðàñ-
øèðåíèÿîäíîãîòèïàÍÅËÜÇßâêëþ÷àòüâñïèñîêáîëååîäíîãîðàçà.
Ðàñøèðåíèåìîæåòïîñûëàòüñÿèïðèóñòàíîâêåñâÿçè,èïðèååâîçîáíîâëåíèè.Íåîá-
õîäèìîñòüîòïðàâêèðàñøèðåíèÿïðèâîçîáíîâëåíèèñâÿçèîáúÿñíÿåòñÿòåì,÷òîêëèåíò,
êîòîðûéçàïðàøèâàåòâîçîáíîâëåíèå,íåçíàåòíàâåðíÿêà,ïðèìåòëèñåðâåðçàïðîñíà
âîçîáíîâëåíèåèëèíåò.Ñëåäîâàòåëüíî,êëèåíòóÑËÅÄÓÅÒîòïðàâèòüñåðâåðóòåæåðàñ-
øèðåíèÿ,êàêèåáûîíïîñëàë,åñëèáûíà÷èíàëíîâûéñåàíñ.
Âîáùåìñëó÷àå,ïðèîïèñàíèèêàæäîãîðàñøèðåíèÿòðåáóåòñÿîïðåäåëèòüñïîñîá
åãîîáðàáîòêèêàêïðèïîëíîì,òàêèïðèñîêðàùåííîìîáìåíåñîîáùåíèÿìèïðîòîêîëà
Handshake.Ñäðóãîéñòîðîíû,áîëüøèíñòâîèñïîëüçóåìûõðàñøèðåíèéTLSïðèìåíÿþò-
ñÿòîëüêîïðèóñòàíîâêåñâÿçè.Ïðèâîçîáíîâëåíèèñâÿçèñåðâåðíåîáðàáàòûâàåòòàêèå
ðàñøèðåíèÿ,äàæååñëèîíèïðèñóòñòâóþòâñîîáùåíèè
ClientHello
,èíåâêëþ÷àåòèõâ
ñîîáùåíèå
ServerHello
.
Ïðèðàçðàáîòêåíîâûõðàñøèðåíèéíåîáõîäèìîó÷èòûâàòüñëåäóþùåå:

ñåðâåðìîæåòîòêàçàòüñÿîáðàáàòûâàòüðàñøèðåíèåêàêèç-çàîøèáêè,òàêèââèäó
îòñóòñòâèÿíåîáõîäèìîñòèïîääåðæèâàòüîïðåäåëåííûåôóíêöèîíàëüíûåâîçìîæíîñòè.Â
ïåðâîìñëó÷àåñëåäóåòèñïîëüçîâàòüñèãíàëüíûåñîîáùåíèÿîáîøèáêå.Âîâòîðîìñëó÷àå
ñåðâåðóñëåäóåòîáúÿñíèòüîòêàçâïîëå
extension_data
;

ðàñøèðåíèÿäîëæíû,ïîâîçìîæíîñòè,ðàçðàáàòûâàòüñÿòàê,÷òîáûïðåäîòâðàùàòü
àòàêó,êîòîðàÿíàâÿçûâàåòèñïîëüçîâàíèå(èëèíàîáîðîòîòêëþ÷àåò)îïðåäåëåííûåôóíê-
öèîíàëüíûåâîçìîæíîñòèïóòåììàíèïóëÿöèèñîîáùåíèÿìèïðîòîêîëàHandshake.Ïîä-
ëèííîñòüñîîáùåíèéïðîòîêîëàHandshake,âòîì÷èñëåïîäëèííîñòüðàñøèðåíèé,êîí-
òðîëèðóåòñÿïðèîáðàáîòêå
Finished
.Òåìíåìåíååíåîáõîäèìîóäåëÿòüîñîáîåâíèìàíèå
ñëó÷àÿì,êîãäàðàñøèðåíèåèçìåíÿåòñìûñëñîîáùåíèé,ïîñûëàåìûõïðèóñòàíîâêåñâÿçè.
Ïîêàóñòàíîâêàñâÿçèíåçàâåðøåíà,çëîóìûøëåííèêìîæåòìîäèôèöèðîâàòüñîîáùåíèÿ
èâñòàâèòü,óäàëèòüèëèïåðåìåñòèòüðàñøèðåíèÿ;
27
ÑÒÁ34.101.65-2014

ñóùåñòâóåòòåõíè÷åñêàÿâîçìîæíîñòüèñïîëüçîâàòüðàñøèðåíèÿäëÿèçìåíåíèÿáàçî-
âûõêîíñòðóêòèâíûõñõåìïðîòîêîëàTLS,íàïðèìåð,ñõåìûñîãëàñîâàíèÿêðèïòîíàáîðà.
Ïîääåðæèâàòüèçìåíåíèåáàçîâûõñõåìíåðåêîìåíäóåòñÿ.Áîëååïîäõîäÿùèìáóäåòîïðå-
äåëèòüíîâóþâåðñèþTLS.
8.7.1Ðàñøèðåíèå
signature_algorithms
Êëèåíòèñïîëüçóåòðàñøèðåíèåñòèïîì
signature_algorithms
,÷òîáûóêàçàòüñåð-
âåðó,êàêèåïàðû¾àëãîðèòìõýøèðîâàíèÿ,àëãîðèòìûÝÖÏ¿ìîãóòèñïîëüçîâàòüñÿïðè
âûðàáîòêåèïðîâåðêåÝÖÏ.Ïîëå
extension_data
ýòîãîðàñøèðåíèÿñîäåðæèòçíà-
÷åíèå
supported_signature_algorithms
,êîòîðîåÿâëÿåòñÿñïèñêîìñýëåìåíòàìèòèïà
SignatureAndHashAlgorithm
:
SignatureAndHashAlgorithmsupported_signature_algorithms
2..2^16-2&#x-822;&#x-83.;&#x-82.;&#x-822;&#x-83^;&#x-821;&#x-826;&#x-165;&#x--82;-16;�;
Ýëåìåíòûâñïèñêåóêàçûâàþòñÿâïîðÿäêåóáûâàíèÿïðèîðèòåòà.
Åñëèêëèåíòïîääåðæèâàåòòîëüêîîïðåäåëåííóþïàðó¾àëãîðèòìõýøèðîâàíèÿ,àë-
ãîðèòìûÝÖÏ¿,êîòîðàÿïîóìîë÷àíèþèñïîëüçóåòñÿâìåñòåññîãëàñóåìûìèêðèïòîíàáî-
ðàìè,òîîíÌÎÆÅÒîïóñòèòüðàñøèðåíèå
signature_algorithms
.Åñëèêëèåíòíåïîä-
äåðæèâàåòïàðóïîóìîë÷àíèþèëèïîääåðæèâàåòäðóãèåïàðû(èíàìåðåâàåòñÿèõèñ-
ïîëüçîâàòüäëÿïðîâåðêèñîîáùåíèéñåðâåðà,ò.å.äëÿïðîâåðêèñåðòèôèêàòîâèïîäïèñè
â
ServerKeyExchange
),òîêëèåíòÄÎËÆÅÍâûñëàòüðàñøèðåíèå
signature_algorithms
,
ïåðå÷èñëèâïîääåðæèâàåìûåïàðû.
ÑåðâåðàìÍÅËÜÇßïîñûëàòüðàñøèðåíèåñòèïîì
signature_algorithms
.Ñåðâåðû
ÄÎËÆÍÛïîääåðæèâàòüïîëó÷åíèåýòîãîðàñøèðåíèÿ.
Êîãäàâûïîëíÿåòñÿâîçîáíîâëåíèåñåàíñà,ðàñøèðåíèåñòèïîì
signature_algorithms
íåâêëþ÷àåòñÿâñîîáùåíèå
ServerHello
èñåðâåðèãíîðèðóåòäàííîåðàñøèðåíèåâñîîá-
ùåíèè
ClientHello
.
8.7.2Ðàñøèðåíèå
renegotiation_info
Ðàñøèðåíèåñòèïîì
renegotiation_info
èñïîëüçóåòñÿäëÿñâÿçûâàíèÿñîåäèíåíèÿ,
âêîòîðîìâûïîëíÿåòñÿïåðåóñòàíîâêàñâÿçè,ñïðåäûäóùèìñîåäèíåíèåì.Òàêîåñâÿçûâà-
íèåçàùèùàåòîòàòàê,âêîòîðûõçëîóìûøëåííèêñíà÷àëàóñòàíàâëèâàåòñâÿçüññåðâå-
ðîì,àçàòåìèíèöèèðóåòïåðåóñòàíîâêóñâÿçèèïåðåäàåòâûïîëíåíèåïðîòîêîëàêëèåíòó.
Ïîçàâåðøåíèèàòàêèìåæäóêëèåíòîìèñåðâåðîìóñòàíàâëèâàåòñÿîáû÷íîåçàùèùåííîå
ñîåäèíåíèå,íîñåðâåðîøèáî÷íîñ÷èòàåò,÷òîîíîÿâëÿåòñÿïðîäîëæåíèåìïðåäûäóùåãî
ñîåäèíåíèÿ,êîòîðîåáûëîóñòàíîâëåíîñîçëîóìûøëåííèêîì.
Åñëèêëèåíòèñåðâåðõîòÿòèñïîëüçîâàòüìåõàíèçìïåðåóñòàíîâêèñâÿçè,òîîíè
ÄÎËÆÍÛõðàíèòüòðèäîïîëíèòåëüíûõïàðàìåòðàñîåäèíåíèÿ:

secure_renegotiation
ôëàãòîãî,÷òîïîääåðæèâàåòñÿïåðåóñòàíîâêàñâÿçè;

client_verify_data
ïîëå
verify_data
ñîîáùåíèÿ
Finished
,êîòîðîåáûëîâûñëàíî
êëèåíòîìïîçàâåðøåíèèïðåäûäóùåãîñåàíñàïðîòîêîëàHandshake;

server_verify_data
ïîëå
verify_data
ñîîáùåíèÿ
Finished
,êîòîðîåáûëîâûñëàíî
ñåðâåðîìïîçàâåðøåíèèïðåäûäóùåãîñåàíñàïðîòîêîëàHandshake.
Ýòèïàðàìåòðûêàñàþòñÿñîåäèíåíèÿâöåëîì(âîáîèõíàïðàâëåíèÿõ).Ïàðàìåòðûíå
îòíîñÿòñÿêñåàíñó,èïîýòîìóèõíåòðåáóåòñÿñîõðàíÿòüâêýøåñåàíñîâ.
Ñîäåðæèìîåðàñøèðåíèÿîïèñûâàåòñÿñëåäóþùèìîáðàçîì:
28
ÑÒÁ34.101.65-2014
struct
{
opaque
renegotiated_connection0..255&#x-840;&#x-84.;&#x-85.;&#x-842;&#x-845;&#x-845;&#x-168;;
}RenegotiationInfo;
Ïðèóñòàíîâêåñâÿçèïîëå
renegotiated_connection
óñòàíàâëèâàåòñÿïóñòûìêàêâ
ñîîáùåíèè
ClientHello
,òàêèâñîîáùåíèè
ServerHello
.Ïðèïåðåóñòàíîâêåñâÿçèïî-
ëåóñòàíàâëèâàåòñÿðàâíûì
client_verify_data
(12áàéòîâ)âñîîáùåíèè
ClientHello
è
client_verify_data+server_verify_data
(24áàéòà)âñîîáùåíèè
ServerHello
.
Äåéñòâèÿêëèåíòàïðèóñòàíîâêåñâÿçè
.Åñëèêëèåíòñîáèðàåòñÿïåðåóñòàíàâëè-
âàòüñâÿçü,òîïðèóñòàíîâêåñâÿçè(ïîëíîéèëèñîêðàùåííîé)îíÄÎËÆÅÍâêëþ÷èòü
ðàñøèðåíèå
renegotiation_info
ñïóñòûìñîäåðæèìûìâñâîåñîîáùåíèå
ClientHello
.
Ïîñëåïîëó÷åíèÿñîîáùåíèÿ
ServerHello
îòñåðâåðàêëèåíòÄÎËÆÅÍïðîâåðèòü,÷òî
ýòîñîîáùåíèåâêëþ÷àåòðàñøèðåíèå
renegotiation_info
.Îòñóòñòâèåðàñøèðåíèÿîçíà-
÷àåò,÷òîñåðâåðíåïîääåðæèâàåòáåçîïàñíóþïåðåóñòàíîâêóñâÿçè.Åñëèðàñøèðåíèåîò-
ñóòñòâóåò,òîêëèåíòäîëæåíñáðîñèòüôëàã
secure_renegotiation
â0.Áîëååòîãî,êëèåíò
ìîæåòðàçîðâàòüñâÿçü,åñëèáåçîïàñíàÿïåðåóñòàíîâêàÿâëÿåòñÿäëÿíåãîêðèòè÷íîé.
Ïðèìå÷àíèåÇäåñüèäàëååâïàðàãðàôåðàçðûâñâÿçèîçíà÷àåòîòïðàâêóñèãíàëüíîãî
ñîîáùåíèÿ
handshake_failure
ñïîñëåäóþùèìçàêðûòèåìñîåäèíåíèÿ.
Åñëèðàñøèðåíèåïðèñóòñòâóåò,òîêëèåíòóñòàíàâëèâàåòôëàã
secure_renegotiation
â1.ÊëèåíòÄÎËÆÅÍïðîâåðèòü,÷òîäëèíàïîëÿ
renegotiated_connection
ðàâíÿåòñÿ0.
Åñëèïîñëåäíååóñëîâèåíàðóøàåòñÿ,òîêëèåíòÄÎËÆÅÍðàçîðâàòüñâÿçü.
Ïîñëåóñòàíîâêèñâÿçèêëèåíòäîëæåíñîõðàíèòüàòðèáóòû
client_verify_data
è
server_verify_data
.
Äåéñòâèÿêëèåíòàïðèïåðåóñòàíîâêåñâÿçè
.Ïðèïåðåóñòàíîâêåñâÿçèêëèåíò
ïðîâåðÿåòçíà÷åíèåôëàãà
secure_renegotiation
.Åñëèôëàãðàâíÿåòñÿ0,òîêëèåíòíå
äîëæåíèíèöèèðîâàòüïåðåóñòàíîâêó.Åñëèôëàãðàâíÿåòñÿ0èïåðåóñòàíîâêóèíèöèèðî-
âàëñåðâåð,òîêëèåíòóÐÅÊÎÌÅÍÄÓÅÒÑßîòâåðãíóòüåå.ÏðèýòîìêëèåíòÄÎËÆÅÍ
âûñëàòüïðåäóïðåäèòåëüíîåñèãíàëüíîåñîîáùåíèå
no_renegotiate
.
Åñëèôëàãðàâíÿåòñÿ1,òîêëèåíòìîæåòïåðåóñòàíàâëèâàòüñâÿçü.Êëèåíòâêëþ÷à-
åòðàñøèðåíèå
renegotiation_info
âñâîåñîîáùåíèå
ClientHello
.Âñîäåðæèìîìðàñ-
øèðåíèÿäîëæíàïåðåäàâàòüñÿñòðîêà
client_verify_data
.Ïîñëåïîëó÷åíèÿñîîáùåíèÿ
ServerHello
êëèåíòÄÎËÆÅÍïðîâåðèòü,÷òîðàñøèðåíèå
renegotiation_info
âíåì
ïðèñóòñòâóåò,ïåðâàÿïîëîâèíàïîëÿ
renegotiated_connection
ñîâïàäàåòññîõðàíåííûì
çíà÷åíèåì
client_verify_data
,àâòîðàÿïîëîâèíàñîâïàäàåòññîõðàíåííûìçíà÷åíèåì
server_verify_data
.ÏðèíàðóøåíèèëþáîãîèçýòèõóñëîâèéêëèåíòÄÎËÆÅÍïðåðâàòü
ïåðåóñòàíîâêóñâÿçè.
Ïîñëåïåðåóñòàíîâêèñâÿçèêëèåíòäîëæåíñîõðàíèòüíîâûåçíà÷åíèÿ
client_verify_data
è
server_verify_data
.
Äåéñòâèÿñåðâåðàïðèóñòàíîâêåñâÿçè
.Ïðèóñòàíîâêåñâÿçè(ïîëíîéèëèñîêðà-
ùåííîé)ñåðâåðÄÎËÆÅÍïðîâåðèòü,÷òîñîîáùåíèå
ClientHello
âêëþ÷àåòðàñøèðåíèå
renegotiation_info
.Îòñóòñòâèåðàñøèðåíèÿîçíà÷àåò,÷òîêëèåíòíåïîääåðæèâàåòáåç-
îïàñíóþïåðåóñòàíîâêóñâÿçè.Åñëèðàñøèðåíèåîòñóòñòâóåò,òîñåðâåðäîëæåíñáðîñèòü
ôëàã
secure_renegotiation
â0.Áîëååòîãî,ñåðâåðìîæåòðàçîðâàòüñâÿçü,åñëèáåçîïàñ-
íàÿïåðåóñòàíîâêàÿâëÿåòñÿäëÿíåãîêðèòè÷íîé.
29
ÑÒÁ34.101.65-2014
Åñëèðàñøèðåíèå
renegotiation_info
âêëþ÷åíîâ
ClientHello
,òîñåðâåðïðîâåðÿ-
åò,÷òîåãîñîäåðæèìîåÿâëÿåòñÿïóñòûì.ÏðèíàðóøåíèèýòîãîóñëîâèÿñåðâåðÄÎË-
ÆÅÍðàçîðâàòüñâÿçü.Åñëèñîäåðæèìîåðàñøèðåíèÿïóñòî,òîñåðâåðóñòàíàâëèâàåòôëàã
secure_renegotiation
â1èâîçâðàùàåòòàêîåæåïóñòîåðàñøèðåíèåâñâîåìñîîáùåíèè
ServerHello
.
Ïîñëåóñòàíîâêèñâÿçèñåðâåðäîëæåíñîõðàíèòüàòðèáóòû
client_verify_data
è
server_verify_data
.
Äåéñòâèÿñåðâåðàïðèïåðåóñòàíîâêåñâÿçè
.Ïðèïåðåóñòàíîâêåñâÿçèêëèåíò
ïðîâåðÿåòçíà÷åíèåôëàãà
secure_renegotiation
.Åñëèôëàãðàâíÿåòñÿ0,òîñåðâåðíå
äîëæåíèíèöèèðîâàòüïåðåóñòàíîâêó.Åñëèôëàãðàâíÿåòñÿ0èïåðåóñòàíîâêóèíèöèèðî-
âàëêëèåíò,òîñåðâåðóÐÅÊÎÌÅÍÄÓÅÒÑßîòâåðãíóòüåå.
Åñëèôëàãðàâíÿåòñÿ1,òîñåðâåðìîæåòïåðåóñòàíàâëèâàòüñâÿçü.Ñåðâåðïðîâå-
ðÿåòðàñøèðåíèå
renegotiation_info
âñîîáùåíèè
ClientHello
.Åñëèðàñøèðåíèÿíåò
èëèåãîñîäåðæèìîåîòëè÷àåòñÿîò
client_verify_data
,òîñåðâåðÄÎËÆÅÍðàçî-
ðâàòüñâÿçü.Âïðîòèâíîìñëó÷àåñåðâåðôîðìèðóåòðàñøèðåíèå
renegotiation_info
ïî
server_verify_data
,
client_verify_data
èîòïðàâëÿåòåãîâñîîáùåíèè
ServerHello
.
Ïîñëåïåðåóñòàíîâêèñâÿçèñåðâåðäîëæåíñîõðàíèòüíîâûåçíà÷åíèÿ
client_verify_data
è
server_verify_data
.
8.8Ñîîáùåíèåñåðâåðà
Certificate
ÑåðâåðÄÎËÆÅÍïîñûëàòüñîîáùåíèå
Certificate
âñåãäà,êîãäàâñîãëàñîâàí-
íîìàëãîðèòìåôîðìèðîâàíèÿîáùåãîêëþ÷àèñïîëüçóþòñÿåãîñåðòèôèêàòû.Ñîîáùåíèå
Certificate
îáÿçàòåëüíîâûñûëàåòñÿïðèèñïîëüçîâàíèèàëãîðèòìîâòèïàDH_xed,T,
DHEèT_PSK.Äàííîåñîîáùåíèåâñåãäàñëåäóåòñðàçóçàñîîáùåíèåì
ServerHello
.
Ñîîáùåíèå
Certificate
îïðåäåëÿåòñÿñëåäóþùèìîáðàçîì:
struct
{
ASN.1Certcertificate_list0..2^24-1&#x-820;&#x-82.;&#x-83.;&#x-822;&#x-82^;&#x-822;&#x-834;&#x-164;&#x--83;-16;⎝;
}Certificate;
opaque
ASN.1Cert1..2^24-1&#x-821;&#x-82.;&#x-83.;&#x-822;&#x-82^;&#x-832;&#x-824;&#x-165;&#x--82;-16;⎝;
Ïîëå
certificate_list
ñòðóêòóðû
Certificate
îïðåäåëÿåòïîñëåäîâàòåëüíîñòü(öå-
ïî÷êó)ñåðòèôèêàòîâ.ÍåïîñðåäñòâåííûéñåðòèôèêàòñåðâåðàÄÎËÆÅÍáûòüïåðâûìâ
ñïèñêå.ÊàæäûéñëåäóþùèéñåðòèôèêàòâñïèñêåÄÎËÆÅÍèñïîëüçîâàòüñÿäëÿïðîâåð-
êèïîäïèñèïðåäûäóùåãî.Òàêêàêäëÿïðèçíàíèÿñåðòèôèêàòîâòðåáóåòñÿ,÷òîáûîòêðû-
òûåêëþ÷èêîðíåâûõóäîñòîâåðÿþùèõöåíòðîâðàñïðåäåëÿëèñüîòäåëüíî,ñàìîïîäïèñàí-
íûéñåðòèôèêàòêîðíåâîãîóäîñòîâåðÿþùåãîöåíòðàìîæåòíåóêàçûâàòüñÿâöåïî÷êå,ïðè
óñëîâèè,÷òîïîëó÷àòåëüåãîóæåèìååòèìîæåòïðîâåðèòüåãîïîäëèííîñòü.
Êñåðòèôèêàòàì,îòïðàâëÿåìûìñåðâåðîì,ïðèìåíÿþòñÿñëåäóþùèåïðàâèëà:

ñåðòèôèêàòûÄÎËÆÍÛñîîòâåòñòâîâàòüÑÒÁ34.101.19;

îòêðûòûéêëþ÷ñåðòèôèêàòàñåðâåðà(ïåðâûéñåðòèôèêàòâñïèñêå)èñâÿçàííûåñ
êëþ÷îìïàðàìåòðûÄÎËÆÍÛáûòüñîâìåñòèìûñâûáðàííûìàëãîðèòìîìôîðìèðîâà-
íèÿîáùåãîêëþ÷à.
Ïðèìå÷àíèåÄëÿóïðàâëåíèÿâûáîðîìñåðòèôèêàòîâ,ìîãóòèñïîëüçîâàòüñÿðàñøèðåíèÿ
server_name
è
trusted_ca_keys
,îïðåäåëåííûåâ[10].
30
ÑÒÁ34.101.65-2014
Åñëèêëèåíòâûñëàëðàñøèðåíèå
signature_algorithms
âñâîåìñîîáùåíèè
ClientHello
,òîâñåñåðòèôèêàòû,ïðåäîñòàâëåííûåñåðâåðîì,ÄÎËÆÍÛáûòüïîäïèñà-
íûñèñïîëüçîâàíèåìïàð¾àëãîðèòìõýøèðîâàíèÿ,àëãîðèòìûÝÖÏ¿èçýòîãîðàñøèðåíèÿ.
ÏàðûÌÎÃÓÒáûòüðàçëè÷íûèñåðòèôèêàò,ñîäåðæàùèéîòêðûòûéêëþ÷îäíîãîàëãî-
ðèòìàÝÖÏ,ìîæåòáûòüïîäïèñàíñïîìîùüþäðóãîãîàëãîðèòìà.Àëãîðèòìûôîðìèðî-
âàíèÿîáùåãîêëþ÷àíåíàêëàäûâàþòîãðàíè÷åíèéíààëãîðèòìûïîäïèñèñåðòèôèêàòîâ.
Ïîýòîìóñåðòèôèêàòìîæåòáûòüïîäïèñàíñïîìîùüþëþáîéñîãëàñîâàííîéïàðû¾àëãî-
ðèòìõýøèðîâàíèÿ,àëãîðèòìûÝÖÏ¿,âíåçàâèñèìîñòèîòíàçíà÷åíèÿîòêðûòîãîêëþ÷à
ñåðòèôèêàòà.
Åñëèñåðâåðèìååòíåñêîëüêîñåðòèôèêàòîâ,òîîíâûáèðàåòîäèíèçíèõíàîñíîâå
ïðèâåäåííûõâûøåïðàâèë.Ìîãóòèñïîëüçîâàòüñÿäîïîëíèòåëüíûåïðàâèëà,ó÷èòûâàþ-
ùèå,íàïðèìåð,ñåòåâûåàäðåñàñòîðîíïðîòîêîëà,ëîêàëüíóþêîíôèãóðàöèþ,íàñòðîéêè
áåçîïàñíîñòè.Åñëèñåðâåðèìååòòîëüêîîäèíñåðòèôèêàò,òîåìóÑËÅÄÓÅÒïðîâåðèòü,
÷òîñåðòèôèêàòóäîâëåòâîðÿåòçàäàííûìïðàâèëàì.
8.9Ñîîáùåíèå
ServerKeyExchange
Ñîîáùåíèå
ServerKeyExchange
ñåðâåðîòïðàâëÿåòïîñëåñîîáùåíèÿ
Certificate
,åñ-
ëèñîãëàñîâàíèåïàðàìåòðîâñâÿçèâûïîëíÿåòñÿññåðòèôèêàòàìè,èëèïîñëåñîîáùåíèÿ
ServerHello
,åñëèñåðòèôèêàòûíåèñïîëüçóþòñÿ.Ñîîáùåíèå
ServerKeyExchange
ñîäåð-
æèòêðèïòîãðàôè÷åñêèåäàííûå(íàïðèìåð,ýôåìåðíûéîòêðûòûéêëþ÷),ñïîìîùüþêî-
òîðûõêëèåíòìîæåòñôîðìèðîâàòüïðåäâàðèòåëüíûéìàñòåð-êëþ÷
ÑÒÁ34.101.65-2014
ëèáîçà
ServerKeyExchange
,ëèáîçà
ServerHello
,âçàâèñèìîñòèîòòîãî,âûñûëàëîñü
ServerKeyExchange
èëèíåò.
Ñîîáùåíèå
CertificateRequest
îïðåäåëÿåòñÿñëåäóþùèìîáðàçîì:
struct
{
ClientCertificateTypecertificate_types1..2^8-1&#x-801;&#x-81.;&#x-81.;&#x-812;&#x-81^;&#x-818;&#x-161;&#x--81;-16;�;
SignatureAndHashAlgorithm
supported_signature_algorithms2^16-1&#x-772;&#x-78^;&#x-771;&#x-776;&#x-154;&#x--77;-15;�;
DistinguishedNamecertificate_authorities0..2^16-1&#x-820;&#x-82.;&#x-83.;&#x-822;&#x-82^;&#x-831;&#x-826;&#x-165;&#x--82;-16;�;
}CertificateRequest;
opaque
DistinguishedName1..2^16-1&#x-821;&#x-82.;&#x-83.;&#x-822;&#x-82^;&#x-831;&#x-826;&#x-165;&#x--82;-16;�;
ÏîëÿñòðóêòóðûCerticateRequestèìåþòñëåäóþùååçíà÷åíèå:

certificate_types
ñïèñîêìåòîäîâàóòåíòèôèêàöèè,ò.å.òèïîâñåðòèôèêàòîâ,êî-
òîðûåêëèåíòóïðåäëàãàåòñÿïðåäúÿâèòü(ñì.6.3.2);

supported_signature_algorithms
ñïèñîêïàð¾àëãîðèòìõýøèðîâàíèÿ,àëãîðèòìû
ÝÖÏ¿,êîòîðûåñåðâåðìîæåòèñïîëüçîâàòüïðèïðîâåðêåïîäïèñèñåðòèôèêàòîâ,âïîðÿäêå
óáûâàíèÿïðèîðèòåòà.Òèïäàííîãîïîëÿîïðåäåëÿåòñÿâ6.3.3;

certificate_authorities
ñïèñîêîòëè÷èòåëüíûõèìåíïðèçíàâàåìûõóäîñòîâåðÿ-
þùèõöåíòðîâ.Ôîðìàòèìåíîïðåäåëåíâ[11].Êàæäîåèìÿâñïèñêåêîäèðóåòñÿñòðî-
êîéáàéòîâ(îêòåòîâ)ïîîòëè÷èòåëüíûìïðàâèëàì,îïèñàííûìâÑÒÁ34.101.19(ïðèëîæå-
íèåÁ).Ýëåìåíòûñïèñêàìîãóòîïðåäåëÿòüæåëàòåëüíûåêîðíåâûåèëèïðîìåæóòî÷íûå
óäîñòîâåðÿþùèåöåíòðûè,òàêèìîáðàçîì,ñïèñîêçàäàåòïðîñòðàíñòâîäîâåðèÿ.Åñëè
ñïèñîêïóñò,òîêëèåíòÌÎÆÅÒîòïðàâèòüëþáîéñåðòèôèêàò,òèïêîòîðîãîóêàçàíâ
certificate_types
(ïðèóñëîâèè,÷òîóêëèåíòàíåòäîïîëíèòåëüíûõîãðàíè÷åíèé).
Ïîëÿ
certificate_types
è
supported_signature_algorithms
ñòðóêòóðû
CertificateRequest
ñâÿçàíûñëåäóþùèìèïðàâèëàìè:

êàæäûéñåðòèôèêàò,ïðåäîñòàâëåííûéêëèåíòîì,ÄÎËÆÅÍáûòüïîäïèñàíñèñ-
ïîëüçîâàíèåìîäíîéèçïàð¾àëãîðèòìõýøèðîâàíèÿ,àëãîðèòìûÝÖÏ¿,óêàçàííîéâïîëå
supported_signature_algorithms
;

íåïîñðåäñòâåííûéñåðòèôèêàòêëèåíòàÄÎËÆÅÍèìåòüòèï,âêëþ÷åííûéâ
certificate_types
.Åñëèêëþ÷ñåðòèôèêàòàÿâëÿåòñÿêëþ÷îìïîäïèñè,òîîíÄÎËÆÅÍ
áûòüïðèãîäåíêèñïîëüçîâàíèþñíåêîòîðîéïàðîé¾àëãîðèòìõýøèðîâàíèÿ,àëãîðèòìû
ÝÖÏ¿èçïîëÿ
supported_signature_algorithms
.Òèïñåðòèôèêàòàíåîãðàíè÷èâàåòàë-
ãîðèòì,èñïîëüçóåìûéäëÿïîäïèñèñåðòèôèêàòà.
Ïðèìå÷àíèåÅñëèñåðâåð,êîòîðûéíåïðåäúÿâèëñâîéñåðòèôèêàò,çàïðàøèâàåòñåðòèôè-
êàòêëèåíòà,òîýòîñ÷èòàåòñÿîøèáêîéòèïà
handshake_failure
(ñì.10.3).
8.11Ñîîáùåíèå
ServerHelloDone
Ñîîáùåíèå
ServerHelloDone
ñåðâåðîòïðàâëÿåòäëÿòîãî,÷òîáûèçâåñòèòüêëèåíòà
îçàâåðøåíèèïåðåñûëêè
ServerHello
èäðóãèõñîîáùåíèé,íóæíûõäëÿôîðìèðîâàíèÿ
îáùåãîêëþ÷à.Ñîîáùåíèåîçíà÷àåò,÷òîêëèåíòìîæåòïðèñòóïèòüêâûïîëíåíèþñâîåé
÷àñòèàëãîðèòìàôîðìèðîâàíèÿîáùåãîêëþ÷à.Ïîñëåîòïðàâêè
ServerHelloDone
ñåðâåð
îæèäàåòîòâåòêëèåíòà.
32
ÑÒÁ34.101.65-2014
Ïîëó÷èâñîîáùåíèå
ServerHelloDone
,êëèåíòóÑËÅÄÓÅÒïðîâåðèòü,÷òîñåðâåð
ïðåäñòàâèëäåéñòâèòåëüíûéñåðòèôèêàò(åñëèñåðòèôèêàòïðåäîñòàâëÿëñÿ)èïàðàìåòðû,
óêàçàííûåñåðâåðîìâ
ServerHello
,ïðèåìëåìû.
Ñîîáùåíèå
ServerHelloDone
îïðåäåëÿåòñÿñëåäóþùèìîáðàçîì:
struct
{}ServerHelloDone;
8.12Ñîîáùåíèåêëèåíòà
Certificate
Ñîîáùåíèåêëèåíòà
Certificate
ÿâëÿåòñÿïåðâûìñîîáùåíèåì,êîòîðîåêëèåíòïîñû-
ëàåòñåðâåðóïîñëåïîëó÷åíèÿîòíåãîñîîáùåíèÿ
ServerHelloDone
.ÑîîáùåíèåCerticate
âûñûëàåòñÿòîëüêîòîãäà,êîãäàñåðâåðçàïðîñèëñåðòèôèêàòêëèåíòà.Åñëèóêëèåíòà
íåòïîäõîäÿùèõñåðòèôèêàòîâ,òîîíÄÎËÆÅÍîòïðàâèòüñîîáùåíèå
Certificate
áåç
ñåðòèôèêàòîâ(ïîëå
certificate_list
ýòîãîñîîáùåíèÿèìååòíóëåâóþäëèíó).
Åñëèñîîáùåíèåêëèåíòà
Certificate
íåñîäåðæèòñåðòèôèêàòîâèëèíåêîòîðûé
ñåðòèôèêàòèçñïèñêàíåïðèåìëåì(íàïðèìåð,áûëïîäïèñàííåäîâåðåííûìóäîñòîâå-
ðÿþùèìöåíòðîì),òîñåðâåðÌÎÆÅÒ,ïîñâîåìóóñìîòðåíèþ,ëèáîïðîäîëæèòüîá-
ìåíñîîáùåíèÿìèáåçàóòåíòèôèêàöèèêëèåíòà,ëèáîîòâåòèòüñèãíàëüíûìñîîáùåíèåì
handshake_failure
.
Ôîðìàòñîîáùåíèÿ
Certificate
îïðåäåëåíâ8.8.Âýòîìñîîáùåíèèêëèåíòïåðåäàåò
ñåðâåðóöåïî÷êóñåðòèôèêàòîâ.ÍåïîñðåäñòâåííûéñåðòèôèêàòêëèåíòàÄÎËÆÅÍáûòü
ïåðâûìâñïèñêå.Ñåðâåðèñïîëüçóåòïåðåäàííóþöåïî÷êóïðèâåðèôèêàöèèñîîáùåíèÿ
CertificateVerify
(íàïðèìåð,åñëèèñïîëüçóåòñÿàëãîðèòìôîðìèðîâàíèÿîáùåãîêëþ-
÷àòèïàDHE),ëèáîïðèâû÷èñëåíèèïðåäâàðèòåëüíîãîìàñòåð-êëþ÷à(åñëèèñïîëüçóåòñÿ
àëãîðèòìôîðìèðîâàíèÿîáùåãîêëþ÷àòèïàDH_xed).
Êñåðòèôèêàòàì,îòïðàâëÿåìûìêëèåíòîì,ïðèìåíÿþòñÿñëåäóþùèåïðàâèëà:

ñåðòèôèêàòûÄÎËÆÍÛñîîòâåòñòâîâàòüÑÒÁ34.101.19;

ñåðòèôèêàòêëèåíòà(ïåðâûéñåðòèôèêàòâñïèñêå)ÄÎËÆÅÍèìåòüîäèíèçòèïîâ,
ïåðå÷èñëåííûõâñîîáùåíèè
CertificateRequest
;

cåðòèôèêàòêëèåíòàÄÎËÆÅÍñîîòâåòñòâîâàòüàëãîðèòìóôîðìèðîâàíèÿîáùåãî
êëþ÷àèçñîãëàñîâàííîãîêðèïòîíàáîðàèâñåìñîãëàñîâàííûìðàñøèðåíèÿì;

åñëèñïèñîê
certificate_authorities
âñîîáùåíèè
CertificateRequest
íåáûëïó-
ñòûì,òîíåêîòîðîìóñåðòèôèêàòóâöåïî÷êåÑËÅÄÓÅÒáûòüâûïóùåííûìîäíèìèçïå-
ðå÷èñëåííûõóäîñòîâåðÿþùèõöåíòðîâ;

ñåðòèôèêàòûÄÎËÆÍÛáûòüïîäïèñàíûñèñïîëüçîâàíèåìïîäõîäÿùåéïàðû¾àëãî-
ðèòìõýøèðîâàíèÿ,àëãîðèòìûÝÖÏ¿,êàêýòîîïèñàíîâ8.7.
8.13Ñîîáùåíèå
ClientKeyExchange
Ñîîáùåíèå
ClientKeyExchange
âñåãäàîòïðàâëÿåòñÿêëèåíòîì.Åñëèêëèåíòîòïðàâëÿ-
åòñîîáùåíèå
Certificate
,òîñðàçóçàíèìîíÄÎËÆÅÍîòïðàâèòü
ClientKeyExchange
.
Âïðîòèâíîìñëó÷àå,
ClientKeyExchange
ÄÎËÆÍÎáûòüïåðâûìñîîáùåíèåì,îòïðàâ-
ëåííûìêëèåíòîìïîñëåòîãî,êàêîíïîëó÷èë
ServerHelloDone
.
Ñîîáùåíèå
ClientKeyExchange
èñïîëüçóåòñÿñòîðîíàìèäëÿçàâåðøåíèÿïðîöåññà
ôîðìèðîâàíèÿïðåäâàðèòåëüíîãîìàñòåð-êëþ÷à
ÑÒÁ34.101.65-2014
Ôîðìàò
ClientKeyExchange
îïðåäåëÿåòñÿâçàâèñèìîñòèîòèñïîëüçóåìîãîàëãîðèòìà
ôîðìèðîâàíèÿîáùåãîêëþ÷à.
8.14Ñîîáùåíèå
CertificateVerify
Ñîîáùåíèå
CertificateVerify
èñïîëüçóåòñÿäëÿÿâíîéâåðèôèêàöèèñåðòèôèêàòà
êëèåíòà.Îíîïîñûëàåòñÿòîëüêîâòîìñëó÷àå,êîãäàêëèåíòïðåäñòàâèëñâîéñåðòèôèêàòè
îòêðûòûéêëþ÷ýòîãîñåðòèôèêàòàìîæåòèñïîëüçîâàòüñÿâàëãîðèòìàõÝÖÏ.Ñîîáùåíèå
CertificateVerify
îòïðàâëÿåòñÿñðàçóïîñëåñîîáùåíèÿ
ClientKeyExchange
.
Ñîîáùåíèå
CertificateVerify
îïðåäåëÿåòñÿñëåäóþùèìîáðàçîì:
struct
{
digitally-
signed
struct
{
opaque
handshake_messages[handshake_messages_length];
}
}CertificateVerify;
Ïîäïèñàííîåïîëå
handshake_messages
ñîäåðæèòâñåñîîáùåíèÿïðîòîêîëà
Handshake,îòîñëàííûåèïîëó÷åííûåêëèåíòîì,íà÷èíàÿññîîáùåíèÿ
ClientHello
èçàêàí÷èâàÿñîîáùåíèåì,êîòîðîåïðåäøåñòâóåò
CertificateVerify
.Äîëæíûó÷èòû-
âàòüñÿâñåïîëÿýòèõñîîáùåíèé,âòîì÷èñëåïîëÿòèïàèäëèíû.Äðóãèìèñëîâàìè,
ïîëå
handshake_messages
ïðåäñòàâëÿåòñîáîéêîíêàòåíàöèþâñåõñòðóêòóðïðîòîêîëà
Handshake,êîòîðûìèñòîðîíûîáìåíÿëèñüäîîòïðàâêèñîîáùåíèÿ
CertificateVerify
.
ÀëãîðèòìûõýøèðîâàíèÿèÝÖÏ,èñïîëüçóåìûåäëÿôîðìèðîâàíèÿïîäïè-
ñè,ÄÎËÆÍÛáûòüóêàçàíûâïîëå
supported_signature_algorithms
ñîîáùåíèÿ
CertificateRequest
.Êðîìåòîãî,àëãîðèòìûõýøèðîâàíèÿèÝÖÏÄÎËÆÍÛáûòüñî-
ãëàñîâàíûñîòêðûòûìêëþ÷îìñåðòèôèêàòàêëèåíòà.
Äëÿòîãî,÷òîáûñôîðìèðîâàòüïîëå
handshake_messages
ñòîðîíûäîëæíûëèáîñî-
õðàíÿòüîáðàáîòàííûåñîîáùåíèÿâïëîòüäî
CertificateVerify
,ëèáîîáðàáàòûâàòüèõ
ïîñëåäîâàòåëüíîñïîìîùüþïîòåíöèàëüíîâîçìîæíûõàëãîðèòìîâõýøèðîâàíèÿ.Ñåðâå-
ðûìîãóòìèíèìèçèðîâàòüâû÷èñëèòåëüíûåçàòðàòû,ïðåäëîæèâîãðàíè÷åííûéíàáîðïàð
¾àëãîðèòìõýøèðîâàíèÿ,àëãîðèòìûÝÖÏ¿âñîîáùåíèè
CertificateRequest
.
8.15Ñîîáùåíèå
Finished
Ñîîáùåíèå
Finished
âñåãäàâûñûëàåòñÿñðàçóïîñëåñîîáùåíèÿ
ChangeCipherSpec
äëÿ
ïîäòâåðæäåíèÿòîãî,÷òîàóòåíòèôèêàöèÿèôîðìèðîâàíèåîáùåãîêëþ÷àïðîøëèóñïåø-
íî.Ñóùåñòâåííî,÷òîñîîáùåíèå
ChangeCipherSpec
áóäåòïîëó÷åíîìåæäóäðóãèìèñîîá-
ùåíèÿìèïðîòîêîëàHandshakeèñîîáùåíèåì
Finished
.Ïîýòîìó
Finished
ÿâëÿåòñÿïåð-
âûìñîîáùåíèåì,êîòîðîåçàùèùåíîñèñïîëüçîâàíèåìòîëüêî÷òîñîãëàñîâàííûõàëãîðèò-
ìîâèêëþ÷åé.Åñëèñîîáùåíèþ
Finished
íåïðåäøåñòâóåòñîîáùåíèå
ChangeCipherSpec
,
òîýòîÿâëÿåòñÿîøèáêîé.
Ïîëó÷àòåëüñîîáùåíèÿ
Finished
ÄÎËÆÅÍïðîâåðèòü,÷òîåãîñîäåðæèìîåêîððåêò-
íî.Êàêòîëüêîîäíàèçñòîðîíîòïðàâèëàñâîåñîîáùåíèå
Finished
èïîäòâåðäèëàïðàâèëü-
íîñòüïîëó÷åííîãîîòäðóãîéñòîðîíûñîîáùåíèÿ
Finished
,îíàìîæåòíà÷àòüîòïðàâëÿòü
èïîëó÷àòüäàííûåïðèêëàäíûõïðîòîêîëîââóñòàíîâëåííîìñîåäèíåíèè.
Ñîîáùåíèå
Finished
îïðåäåëÿåòñÿñëåäóþùèìîáðàçîì:
struct
{
34
ÑÒÁ34.101.65-2014
opaque
verify_data[verify_data_length];
}Finished;
Ïîëå
verify_data
äëèíû
verify_data_length
ôîðìèðóåòñÿñïîìîùüþàëãîðèòìà
ãåíåðàöèèïñåâäîñëó÷àéíûõ÷èñåëïîïðàâèëó:
verify_data=PRF(master_secret,finished_label,
Hash(handshake_messages))[0..verify_data_length-1],
ãäåïàðàìåòðûèìåþòñëåäóþùååçíà÷åíèå:

finished_label
ñòðîêà
"clientfinished"
äëÿñîîáùåíèÿ
Finished
,îòïðàâëåííî-
ãîêëèåíòîì,èñòðîêà
"serverfinished"
äëÿñîîáùåíèÿ
Finished
,îòïðàâëåííîãîñåðâå-
ðîì;

handshake_messages
âñåäàííûåñîîáùåíèéïðîòîêîëàHandshake(áåçñîîáùå-
íèÿ
HelloRequest
),îòïðàâëåííûõèïîëó÷åííûõñòîðîíîé,íåâêëþ÷àÿñàìîñîîáùåíèå
Finished

handshake_messages
ñîäåðæàòñÿòîëüêîäàííûå,âèäèìûåíàóðîâíåïðîòîêî-
ëàHandshake(áåççàãîëîâêîâïðîòîêîëà
Record
).Äðóãèìèñëîâàìè,
handshake_messages
ïðåäñòàâëÿåòñîáîéêîíêàòåíàöèþâñåõñòðóêòóðïðîòîêîëàHandshake,êîòîðûìèñòîðîíû
îáìåíÿëèñüêäàííîìóìîìåíòó;

Hash(handshake_messages)
õýø-çíà÷åíèå,âû÷èñëåííîåîò
handshake_messages
ñ
ïîìîùüþàëãîðèòìàõýøèðîâàíèÿ,èñïîëüçóåìîãîâàëãîðèòìåãåíåðàöèèïñåâäîñëó÷àé-
íûõ÷èñåë.Åñëèêðèïòîíàáîðîïðåäåëÿåòñâîéñîáñòâåííûéàëãîðèòìãåíåðàöèèïñåâäî-
ñëó÷àéíûõ÷èñåë,îòëè÷íûéîòàëãîðèòìàèç6.2.3,òîâêðèïòîíàáîðåÄÎËÆÅÍáûòü
îïðåäåëåíàëãîðèòìõýøèðîâàíèÿ,êîòîðûéèñïîëüçóåòñÿïðèôîðìèðîâàíèèñîîáùåíèÿ
Finished
.
Äëèíàïîëÿ
verify_data
îïðåäåëÿåòñÿâçàâèñèìîñòèîòêðèïòîíàáîðà.Âêðèïòîíà-
áîðå,êîòîðûéÿâíîíåîïðåäåëÿåòçíà÷åíèå
verify_data_length
,ýòîçíà÷åíèåïðèíèìà-
åòñÿðàâíûì12.ÏðèðàçðàáîòêåêðèïòîíàáîðîâÌÎÃÓÒîïðåäåëÿòüñÿäðóãèåäëèíûïîëÿ
verify_data
,ïðèýòîìäëèíàÄÎËÆÍÀáûòüíåìåíüøå12áàéòîâ.
Çíà÷åíèå
handshake_messages
ñîäåðæèòâñåáåâñåñîîáùåíèÿïðîòîêîëàHandshake,
íà÷èíàÿññîîáùåíèÿ
ClientHello
äîñîîáùåíèÿ
Finished
,íåâêëþ÷àÿïîñëåäíåå.
Äàííîåçíà÷åíèåìîæåòîòëè÷àòüñÿîòçíà÷åíèÿ
handshake_messages
âñîîáùåíèè
CertificateVerify
,òàêêàê
handshake_messages
âñîîáùåíèè
Finished
ìîæåòäîïîë-
íèòåëüíîñîäåðæàòüñîîáùåíèå
CertificateVerify
.Êðîìåýòîãî,
handshake_messages
âñîîáùåíèè
Finished
êëèåíòàáóäåòîòëè÷àòüñÿîò
handshake_messages
âñîîáùåíèè
Finished
ñåðâåðà,òàêêàêâñîîáùåíèèñåðâåðàáóäåòó÷òåíîñîîáùåíèå
Finished
êëèåí-
òà.
Ñîîáùåíèÿ
ChangeCipherSpec
,ñèãíàëüíûåñîîáùåíèÿîáîøèáêàõèëþáûåäðóãèå
ñîîáùåíèÿ,êîòîðûåíåÿâëÿþòñÿñîîáùåíèÿìèïðîòîêîëàHandshake,íåó÷èòûâàþòñÿ
ïðèâû÷èñëåíèèõýø-çíà÷åíèéïðèôîðìèðîâàíèè
verify_data
.Ïðèâû÷èñëåíèèõýø-
çíà÷åíèéîïóñêàþòñÿòàêæåñîîáùåíèÿ
HelloRequest
.
8.16Âû÷èñëåíèåìàñòåð-êëþ÷à
Ìàñòåð-êëþ÷
master_secret=PRF(pre_master_secret,"mastersecret",
35
ÑÒÁ34.101.65-2014
ClientHello.random+ServerHello.random)[0..47];
Äëèíà
struct
{
enum
{change_cipher_spec(1),(255)}type;
}ChangeCipherSpec;
Ñîîáùåíèå
ChangeCipherSpec
ìîæåòîòïðàâëÿòüêàêêëèåíò,òàêèñåðâåð.Äàííîåñî-
îáùåíèåóâåäîìëÿåòïðèíèìàþùóþñòîðîíóîòîì,÷òîïîñëåäóþùèåôðàãìåíòûäàííûõ
áóäóòçàùèùåíûñèñïîëüçîâàíèåìâíîâüñîãëàñîâàííûõêðèïòîîïðåäåëåíèÿèêëþ÷åé.
Ñîîáùåíèå
ChangeCipherSpec
îòïðàâëÿåòñÿâîâðåìÿóñòàíîâêèñâÿçèïîñëåòîãî,êàêñî-
ãëàñîâàíûïàðàìåòðûçàùèòû,íîïåðåäîòïðàâêîéñîîáùåíèÿ
Finished
.
Ïðèïîëó÷åíèèäàííîãîñîîáùåíèÿîæèäàåìîåñîñòîÿíèå÷òåíèÿÄÎËÆÍÎáûòüïå-
ðåâåäåíîâàêòèâíîåñîñòîÿíèå÷òåíèÿ.Ñðàçóïîñëåîòïðàâêèýòîãîñîîáùåíèÿîæèäàåìîå
ñîñòîÿíèåçàïèñèÄÎËÆÍÎáûòüïåðåâåäåíîâàêòèâíîåñîñòîÿíèåçàïèñè(cì.7.2).
Åñëèâîâðåìÿïåðåäà÷èäàííûõïîñîåäèíåíèþèíèöèèðóåòñÿïåðåóñòàíîâêàñâÿçè,òî
âçàèìîäåéñòâóþùèåñòîðîíûìîãóòïðîäîëæèòüîáìåíäàííûìè,èñïîëüçóÿñòàðîåêðèï-
òîîïðåäåëåíèå.Îäíàêîñðàçóïîñëåîòïðàâêèñîîáùåíèÿ
ChangeCipherSpec
îòïðàâèòåëü
ÄÎËÆÅÍèñïîëüçîâàòüíîâîåêðèïòîîïðåäåëåíèå.Òàêêàêïðèïîëó÷åíèèñîîáùåíèÿ
ChangeCipherSpec
ïðèíèìàþùåéñòîðîíåòðåáóåòñÿâðåìÿäëÿâû÷èñëåíèÿíîâûõêëþ-
÷åé,òîÌÎÆÅÒñóùåñòâîâàòüîïðåäåëåííûéâðåìåííîéèíòåðâàë,âòå÷åíèåêîòîðîãî
ïîëó÷àòåëüäîëæåíáóôåðèçèðîâàòüäàííûå.Íàïðàêòèêå,êàêïðàâèëî,ýòîòèíòåðâàë
äîâîëüíîêîðîòêèé.
10ÏðîòîêîëAlert
10.1Ñèãíàëüíûåñîîáùåíèÿ
ÏðîòîêîëRecordïîääåðæèâàåòïåðåäà÷óñèãíàëüíûõñîîáùåíèé.Ýòèñîîáùåíèÿôîð-
ìèðóþòñÿïðîòîêîëîìAlertèïåðåäàþòóðîâåíüñèãíàëà(ïðåäóïðåæäåíèåèëèêðèòè-
÷åñêàÿîøèáêà)èåãîîïèñàíèå.Ñèãíàëüíûåñîîáùåíèÿ,ñîîòâåòñòâóþùèåêðèòè÷åñêèì
îøèáêàì,ïðèâîäÿòêíåìåäëåííîìóïðåðûâàíèþñîåäèíåíèÿ.Âýòîìñëó÷àåäðóãèåñî-
åäèíåíèÿäàííîãîñåàíñàìîãóòïðîäîëæàòüñÿ,íîèäåíòèôèêàòîðñåàíñàÄÎËÆÅÍáûòü
ïðèçíàííåäåéñòâèòåëüíûì,÷òîáûïðåäîòâðàòèòüèñïîëüçîâàíèåñåàíñà,âêîòîðîìâîç-
íèêëàîøèáêà,äëÿâîçîáíîâëåíèÿèëèïåðåóñòàíîâêèñâÿçè.Êàêèäðóãèåñîîáùåíèÿ,
ñèãíàëüíûåñîîáùåíèÿçàùèùàþòñÿèñæèìàþòñÿâñîîòâåòñòâèèñòåêóùèìñîñòîÿíèåì
ñîåäèíåíèÿ.
ÑîîáùåíèÿïðîòîêîëàAlertîïèñûâàþòñÿñëåäóþùèìîáðàçîì:
36
ÑÒÁ34.101.65-2014
struct
{
AlertLevellevel;
AlertDescriptiondescription;
}Alert;
Ïîëÿñòðóêòóðû
Alert
èìåþòñëåäóþùååçíà÷åíèå:

level
óðîâåíüñèãíàëüíîãîñîîáùåíèÿ(ïðåäóïðåæäåíèåèëèêðèòè÷åñêàÿîøèáêà);

description
îïèñàíèåñèãíàëüíîãîñîîáùåíèÿ.
Òèïûâëîæåííûõâ
Alert
ïîëåéîïðåäåëÿþòñÿñëåäóþùèìîáðàçîì:
enum
{warning(1),fatal(2),(255)}AlertLevel;
enum
{
close_notify(0),
unexpected_message(10),
bad_record_mac(20),
record_overflow(22),
decompression_failure(30),
handshake_failure(40),
bad_certificate(42),
unsupported_certificate(43),
certificate_revoked(44),
certificate_expired(45),
certificate_unknown(46),
illegal_parameter(47),
unknown_ca(48),
access_denied(49),
decode_error(50),
decrypt_error(51),
protocol_version(70),
insufficient_security(71),
internal_error(80),
user_canceled(90),
no_renegotiation(100),
unsupported_extension(110),
unknown_psk_identity(115)
(255)
}AlertDescription;
Ýëåìåíò
warning
ïåðå÷èñëåíèÿ
AlertLevel
ñîîòâåòñòâóåòïðåäóïðåäèòåëüíîìó
ñèãíàëüíîìóñîîáùåíèþ,ýëåìåíò
fatal
êðèòè÷åñêîìó.Ýëåìåíòûïåðå÷èñëåíèÿ
AlertDescription
îïèñûâàþòñÿâ10.2è10.3.
10.2Ñîîáùåíèÿîçàêðûòèèñîåäèíåíèÿ
Îáåñòîðîíû,êëèåíòèñåðâåð,äîëæíûçíàòü,÷òîñîåäèíåíèåçàêðûâàåòñÿ,÷òîáû
èçáåæàòüñèòóàöèè,âêîòîðîéîäíàñòîðîíàñ÷èòàåò,÷òîñîåäèíåíèåçàêðûòî,àâòîðàÿ
ñòîðîíàñ÷èòàåòíàîáîðîò.
37
ÑÒÁ34.101.65-2014
Êàæäàÿèçñòîðîíìîæåòèíèöèèðîâàòüçàêðûòèåñîåäèíåíèÿ,îòïðàâèâïðåäóïðåäè-
òåëüíîåñèãíàëüíîåñîîáùåíèå
close_notify
.Ýòîñîîáùåíèåèçâåùàåòïîëó÷àòåëÿîòîì,
÷òîîòïðàâèòåëüáîëüøåíåáóäåòïîñûëàòüñîîáùåíèÿâäàííîìñîåäèíåíèè.Ëþáûåäàí-
íûå,ïîëó÷åííûåïîñëåýòîãîñèãíàëüíîãîñîîáùåíèÿ,èãíîðèðóþòñÿ.
Ïðèïîëó÷åíèèñîîáùåíèÿîçàêðûòèèñîåäèíåíèÿïîëó÷àòåëüÄÎËÆÅÍîòâåòèòü
ñâîèìñèãíàëüíûìñîîáùåíèåì
close_notify
èíåìåäëåííîçàêðûòüñîåäèíåíèå,îòáðî-
ñèâëþáûåçàäåðæàííûåñîîáùåíèÿ.Îòèíèöèàòîðàçàêðûòèÿñîåäèíåíèÿíåòðåáóåòñÿ
îæèäàòüîòâåòíîåñîîáùåíèå
close_notify
,îíìîæåòñðàçóïðåêðàòèòüïðèåìäàííûõ.
Ïðèçàêðûòèèñîåäèíåíèÿïåðåäà÷àñîîáùåíèÿ
close_notify
ÿâëÿåòñÿîáÿçàòåëüíîéäëÿ
êàæäîéèçñòîðîí,åñëèîíèäîýòîãîíåïîëó÷àëèêðèòè÷åñêèõñèãíàëüíûõñîîáùåíèé.
Åñëèïðèêëàäíîéïðîòîêîëïðåäóñìàòðèâàåòïåðåäà÷óäàííûõïîñëåçàêðûòèÿñîåäè-
íåíèÿTLS,òîðåàëèçàöèÿTLSäîëæíàäîæäàòüñÿîòâåòíîãîñîîáùåíèÿ
close_notify
è
ïðîèíôîðìèðîâàòüïðèêëàäíîéïðîòîêîëîòîì,÷òîñîåäèíåíèåçàêðûòî.Åñëèæåïåðåäà-
÷àäàííûõïîñëåçàâåðøåíèÿñîåäèíåíèÿíåïðåäóñìîòðåíà,òîðåàëèçàöèÿTLSÌÎÆÅÒ
çàêðûòüñîåäèíåíèå,íåäîæèäàÿñü
close_notify
.Âíàñòîÿùåìñòàíäàðòåíåîïðåäåëÿ-
þòñÿïðàâèëàèñïîëüçîâàíèÿñîåäèíåíèéTLSïðèêëàäíûìèïðîòîêîëàìè,âòîì÷èñëå
ïðàâèëàîòêðûòèÿèçàêðûòèÿñîåäèíåíèé.
10.3Ñîîáùåíèÿîáîøèáêàõ
Ñòîðîíà,îáíàðóæèâøàÿîøèáêóâîâðåìÿâûïîëíåíèÿTLS,äîëæíàîòïðàâèòüäðóãîé
ñòîðîíåñîîòâåòñòâóþùååñèãíàëüíîåñîîáùåíèå.Ïðèïåðåäà÷åèëèïîëó÷åíèèêðèòè÷åñêî-
ãîñèãíàëüíîãîñîîáùåíèÿ,îáåñòîðîíûäîëæíûíåìåäëåííîçàêðûòüñîåäèíåíèå.Ñòîðîíû
ÍÅÄÎËÆÍÛèñïîëüçîâàòüèäåíòèôèêàòîðûñåàíñàèêëþ÷è,ñâÿçàííûåññîåäèíåíèåì,
çàêðûòûìèç-çàîøèáêè.Òàêèìîáðàçîì,âîçîáíîâëÿòüñâÿçüïîñëåêðèòè÷åñêèõîøèáîê
ÍÅËÜÇß.
Âñÿêèéðàç,êîãäàïðèâûïîëíåíèèTLSâîçíèêàåòêðèòè÷åñêàÿîøèáêà,ïðîòèâîïî-
ëîæíîéñòîðîíåäîçàêðûòèÿñîåäèíåíèÿÄÎËÆÍÎáûòüîòïðàâëåíîñîîòâåòñòâóþùåå
ñèãíàëüíîåñîîáùåíèå.Äëÿîøèáêè,óðîâåíüñîîòâåòñòâóþùåãîñèãíàëüíîãîñîîáùåíèÿ
êîòîðîéÿâíîíåîïðåäåëåí,îòïðàâèòåëüÌÎÆÅÒ,ïîñâîåìóóñìîòðåíèþ,ñ÷èòàòüñèã-
íàëüíîåñîîáùåíèåêðèòè÷åñêèìèëèïðåäóïðåäèòåëüíûì.Îäíàêî,åñëèîòïðàâèòåëüíà-
ìåðåâàåòñÿçàêðûòüñîåäèíåíèåñðàçóïîñëåïåðåäà÷èñèãíàëüíîãîñîîáùåíèÿ,òîîíÄÎË-
ÆÅÍâûáðàòüêðèòè÷åñêèéóðîâåíü.
Åñëèñòîðîíûîòïðàâëÿþòèëèïðèíèìàþòïðåäóïðåäèòåëüíîåñèãíàëüíîåñîîáùåíèå,
òîñîåäèíåíèåìîæåòïðîäîëæàòüñÿ.Åñëèïðèíèìàþùàÿñòîðîíàðåøàåòíåïðîäîëæàòü
ñîåäèíåíèå(íàïðèìåð,ïîñëåïîëó÷åíèÿñèãíàëüíîãîñîîáùåíèÿ
no_renegotiation
),òî
åéÑËÅÄÓÅÒîòïðàâèòüäðóãîéñòîðîíåêðèòè÷åñêîåñèãíàëüíîåñîîáùåíèå,÷òîáûïðå-
ðâàòüñîåäèíåíèå.Îòïðàâëÿþùàÿñòîðîíàìîæåòíåçíàòü,êàêïðèíèìàþùàÿñòîðîíà
áóäåòðåàãèðîâàòüíàïðåäóïðåäèòåëüíîåñèãíàëüíîåñîîáùåíèå.Ïîýòîìó,åñëèóîäíîéèç
ñòîðîíâîçíèêàåòîøèáêà,êîòîðàÿòðàêòóåòñÿêàêïðåäóïðåæäåíèå,èýòàñòîðîíàæåëàåò
ïðîäîëæèòüñîåäèíåíèå,òîñîîòâåòñòâóþùååñèãíàëüíîåñîîáùåíèåìîæåòíåâûñûëàòüñÿ.
Íàïðèìåð,åñëèîäíàèçñòîðîíðåøàåòïðèíÿòüíåäåéñòâèòåëüíûéñåðòèôèêàòäðóãîéñòî-
ðîíû(âîçìîæíî,ïîñëåïîäòâåðæäåíèÿïðèíÿòèÿêîíå÷íûìïîëüçîâàòåëåì)èïðîäîëæèòü
ñîåäèíåíèå,òîåéíåñëåäóåòïîñûëàòüñèãíàëüíîåñîîáùåíèå
certificate_expired
.
Îïðåäåëåíûñëåäóþùèåñèãíàëüíûåñîîáùåíèÿ:
38
ÑÒÁ34.101.65-2014

unexpected_message
ïîëó÷åíîíåêîððåêòíîåñîîáùåíèå.Cîîáùåíèåâñåãäàÿâëÿåòñÿ
êðèòè÷åñêèì.Îíîíèêîãäàíåáóäåòâûñëàíîïðèâçàèìîäåéñòâèèêîððåêòíûõðåàëèçàöèé
TLS;

bad_record_mac
ïîëó÷åíôðàãìåíòñíåêîððåêòíûìçíà÷åíèåìèìèòîâñòàâêè.Äàí-
íîåñîîáùåíèåîçíà÷àåòòàêæå,÷òîôðàãìåíòðàñøèôðîâàííåâåðíî(äëèíàçàøèôðîâàí-
íûõäàííûõíåêðàòíàäëèíåáëîêààëãîðèòìàøèôðîâàíèÿèëèäîïîëíåíèåïðèïðîâåðêå
îêàçàëîñüíåêîððåêòíûì).Cîîáùåíèåâñåãäàÿâëÿåòñÿêðèòè÷åñêèì.Îíîíèêîãäàíåáó-
äåòâûñëàíîïðèâçàèìîäåéñòâèèêîð-ðåêòíûõðåàëèçàöèéTLS(ïðèóñëîâèè,÷òîâêàíàëå
ñâÿçèíåòïîìåõ);

record_overflow
ïîëó÷åíôðàãìåíò
TLSCiphertext.fragment
,äëèíàêîòîðîãîïðå-
âûøàåò
2
14
+2048
áàéòîâ,èëèïîñëåðàñøèôðîâàíèÿêîòîðîãîäëèíà
TLSCompressed.
fragment
ïðåâûøàåò
2
14
+1024
áàéòîâ.Cîîáùåíèåâñåãäàÿâëÿåòñÿêðèòè÷åñêèì.Îíî
íèêîãäàíåáóäåòâûñëàíîïðèâçàèìîäåéñòâèèêîððåêòíûõðåàëèçàöèéTLS(ïðèóñëîâèè,
÷òîâêàíàëåñâÿçèíåòïîìåõ);

decompression_failure
àëãîðèòìâîññòàíîâëåíèÿñæàòûõäàííûõïîëó÷èëíåêîð-
ðåêòíûåâõîäíûåäàííûå(íàïðèìåð,ïðèâîññòàíîâëåíèèïîëó÷åíûäàííûå,îáúåìêî-
òîðûõïðåâûøàåòäîïóñòèìîåçíà÷åíèå).Cîîáùåíèåâñåãäàÿâëÿåòñÿêðèòè÷åñêèì.Îíî
íèêîãäàíåáóäåòâûñëàíîïðèâçàèìîäåéñòâèèêîððåêòíûõðåàëèçàöèéTLS(ïðèóñëîâèè,
÷òîâêàíàëåñâÿçèíåòïîìåõ);

handshake_failure
îòïðàâèòåëüíåñìîãñîãëàñîâàòüïðèåìëåìûéíàáîðïàðàìåòðîâ
ñâÿçè.Cîîáùåíèåâñåãäàÿâëÿåòñÿêðèòè÷åñêèì;

bad_certificate
ñåðòèôèêàòïîâðåæäåí,ñîäåðæèòíåêîððåêòíóþÝÖÏèò.ä.;

unsupported_certificate
òèïñåðòèôèêàòàíåïîääåðæèâàåòñÿ;

certificate_revoked
ñåðòèôèêàòîòîçâàíâûïóñòèâøåéåãîñòîðîíîé;

certificate_expired
ñðîêäåéñòâèÿñåðòèôèêàòàèñòåêèëèåùåíåíàñòóïèë;

certificate_unknown
ïðèîáðàáîòêåñåðòèôèêàòàâîçíèêëàîøèáêà,íåîïðåäåëåí-
íàÿâûøå,êîòîðàÿíåïîçâîëÿåòèñïîëüçîâàòüñåðòèôèêàò;

ÑÒÁ34.101.65-2014

protocol_version
íîìåðâåðñèèïðîòîêîëà,ïðåäëîæåííûéêëèåíòîìäëÿñîãëàñî-
âàíèÿ,íåïîääåðæèâàåòñÿ.Cîîáùåíèåâñåãäàÿâëÿåòñÿêðèòè÷åñêèì;

insufficient_security
ýòîñîîáùåíèåèñïîëüçóåòñÿâìåñòî
handshake_failure
â
òåõñëó÷àÿõ,êîãäàïðîöåñññîãëàñîâàíèÿïàðàìåòðîâñâÿçèçàâåðøèëñÿíåóäà÷íîïîïðè-
÷èíåòîãî,÷òîñåðâåðïîòðåáîâàëèñïîëüçîâàíèÿáîëååíàäåæíûõïàðàìåòðîâ,÷åìòå,
êîòîðûåïîääåðæèâàåòêëèåíò.Cîîáùåíèåâñåãäàÿâëÿåòñÿêðèòè÷åñêèì;

internal_error
âíóòðåííÿÿîøèáêà,êîòîðàÿíåñâÿçàíàñïðîòèâîïîëîæíîéñòîðî-
íîéèëèëîãèêîéïðîòîêîëà(íàïðèìåð,îøèáêàâûäåëåíèÿïàìÿòè),êîòîðàÿäåëàåòíåâîç-
ìîæíûìäàëüíåéøååâûïîëíåíèåïðîòîêîëà.Cîîáùåíèåâñåãäàÿâëÿåòñÿêðèòè÷åñêèì;

user_canceled
âûïîëíåíèåïðîòîêîëàHandshakeîñòàíîâëåíîïîïðè÷èíå,íåñâÿ-
çàííîéñëîãèêîéïðîòîêîëà.Åñëèïîëüçîâàòåëüîñòàíàâëèâàåòâûïîëíåíèåïîñëåòîãî,
êàêïðîòîêîëçàâåðøåí,òîðåêîìåíäóåòñÿçàêðûòüñîåäèíåíèåîòïðàâêîéñèãíàëüíîãîñî-
îáùåíèÿ
close_notify
.Ýòîñîîáùåíèåäîëæíîñëåäîâàòüçàñîîáùåíèåì
user_canceled
.
Cîîáùåíèå
user_canceled
îáû÷íîÿâëÿåòñÿïðåäóïðåäèòåëüíûì;

no_renegotiation
ñîîáùåíèåîòñûëàåòñÿêëèåíòîìâîòâåòíàçàïðîññåðâåðà
HelloRequest
èëèñåðâåðîìâîòâåòíàçàïðîñêëèåíòà
ClientHello
ïîñëåóñòàíîâêèñâÿçè
âòåõñëó÷àÿõ,êîãäàïîëó÷àòåëüçàïðîñàíåæåëàåòïåðåóñòàíàâëèâàòüñâÿçü.Ïîñëåïî-
ëó÷åíèÿñîîáùåíèÿçàïðàøèâàþùàÿñòîðîíàìîæåòîòêàçàòüñÿîòïåðåóñòàíîâêèñâÿçè.
Íàïðèìåð,ýòîéñòîðîíîéìîæåòáûòüñåðâåð,íàêîòîðîìóæåçàïóùåíàïðîãðàììà,îæè-
äàþùàÿïåðåóñòàíîâêó,ýòàïðîãðàììàïîëó÷èëàïàðàìåòðûçàùèòû,èõîäååâûïîëíåíèÿ
íåìîæåòáûòüèçìåíåí.Ñîîáùåíèå
no_renegotiation
âñåãäàÿâëÿåòñÿïðåäóïðåäèòåëü-
íûì;

unsupported_extension
ýòîñîîáùåíèåâûñûëàåòêëèåíò,êîòîðûéïîëó÷àåòñîîá-
ùåíèåñåðâåðà
ServerHello
ñðàñøèðåíèåì,íåâêëþ÷åííûìêëèåíòîìâñîîòâåòñòâóþùåå
ñîîáùåíèå
ClientHello
.Cîîáùåíèåâñåãäàÿâëÿåòñÿêðèòè÷åñêèì;

unknown_psk_identity
ýòîñîîáùåíèåâûñûëàåòñåðâåð,åñëèîííåìîæåòîïðåäå-
ëèòüïðåäâàðèòåëüíîðàñïðåäåëåííûéñåêðåòïîïîëó÷åííîìóèäåíòèôèêàòîðó(ñì.6.2.4).
Cîîáùåíèåâñåãäàÿâëÿåòñÿêðèòè÷åñêèì.
40
ÑÒÁ34.101.65-2014
ÏðèëîæåíèåÀ
(îáÿçàòåëüíîå)
Òðàêòîâàíèåêëþ÷åâûõñëîâ
Âíàñòîÿùåìïðèëîæåíèèïðèâîäèòñÿðàçúÿñíåíèåçíà÷åíèéêëþ÷åâûõñëîâ¾ÄÎË-
ÆÅÍ¿,¾ÍÅËÜÇß¿,¾ÑËÅÄÓÅÒ¿,¾ÍÅÑËÅÄÓÅÒ¿,¾ÐÅÊÎÌÅÍÄÓÅÒÑß¿è¾ÌÎ-
ÆÅÒ¿èñïîëüçóåìûõâíàñòîÿùåìñòàíäàðòå.
Êëþ÷åâîåñëîâî¾ÄÎËÆÅÍ¿îçíà÷àåò,÷òîäåéñòâèÿ,êêîòîðûìïðèìåíåíîäàííîå
êëþ÷åâîåñëîâî,íåîáõîäèìîâòî÷íîñòèâûïîëíÿòü.
Êëþ÷åâîåñëîâî¾ÍÅËÜÇß¿âûðàæàåòàáñîëþòíûéçàïðåòíàâûïîëíåíèåñîîòâåò-
ñòâóþùèõäåéñòâèé.
Êëþ÷åâûåñëîâà¾ÑËÅÄÓÅÒ¿è¾ÐÅÊÎÌÅÍÄÓÅÒÑß¿íåîáõîäèìîïîíèìàòüòàê,
÷òîâíåêîòîðûõñëó÷àÿõñóùåñòâóåòðåàëüíàÿïðè÷èíàèõèãíîðèðîâàòü,íîïîñëåäñòâèÿ
òàêèõäåéñòâèéäîëæíûáûòüî÷åâèäíûìèèõîðîøîâçâåøåííûìè.
Êëþ÷åâîåñëîâî¾ÍÅÑËÅÄÓÅÒ¿óïîòðåáëÿåòñÿâòåõñëó÷àÿõ,êîãäàäåéñòâèå,ê
êîòîðîìóïðèìåíåíîäàííîåêëþ÷åâîåñëîâî,áóäåòâíåêîòîðûõñëó÷àÿõïðàâèëüíûìè
äàæåïîëåçíûì,îäíàêîïðèýòîìåãîïîñëåäñòâèÿäîëæíûáûòüî÷åâèäíûìèèõîðîøî
âçâåøåííûìè.
Êëþ÷åâîåñëîâî¾ÌÎÆÅÒ¿ïðèìåíÿåòñÿêäåéñòâèÿì(ïðåäìåòàì),âûïîëíåíèåèëè
íåâûïîëíåíèå(íàëè÷èåèëèîòñóòñòâèå)êîòîðûõíåâëèÿåòíàñèòóàöèþâöåëîì.Ýòîîçíà-
÷àåò,÷òîïðîãðàììû,ðàáîòàþùèåñ÷åì-òî,ïîìå÷åííûìäàííûìèêëþ÷åâûìèñëîâàìè,
äîëæíûó÷èòûâàòüîáåñèòóàöèèèêîððåêòíîèõîáðàáàòûâàòü.
Äàííûåêëþ÷åâûåñëîâàââåäåíû,âïåðâóþî÷åðåäü,äëÿâûðàæåíèÿòðåáîâàíèéê
äåéñòâèÿì,êîòîðûåâëèÿþòíàáåçîïàñíîñòüèíàäåæíîñòüðàññìàòðèâàåìûõîáúåêòîâ,à
òàêæåâèíòåðåñàõóíèôèêàöèèïîñëåäíèõ.
41
ÑÒÁ34.101.65-2014
ÏðèëîæåíèåÁ
(îáÿçàòåëüíîå)
Ïðàâèëàîïèñàíèÿäàííûõ
Á.1Îáùèåñîãëàøåíèÿ
Êîììåíòàðèèíà÷èíàþòñÿññèìâîëîâ¾
/*
¿èçàêàí÷èâàþòñÿñèìâîëàìè¾
*/
¿.
Íåîáÿçàòåëüíûåêîìïîíåíòûçàêëþ÷àþòñÿâäâîéíûåêâàäðàòíûåñêîáêè:¾
[[]]
¿.
Òèï
opaque
îïèñûâàåòîäèíáàéòíåñòðóêòóðèðîâàííûõäàííûõ.
×èñëî
a
âñòåïåíè
b
îáîçíà÷àåòñÿ÷åðåç
a^b
.
Á.2Äàííûå
Äàííûå,êîòîðûìèîáìåíèâàþòñÿñòîðîíûïðîòîêîëàTLS,ïðåäñòàâëÿþòñîáîéñòðóê-
òóðèðîâàííûåîáúåäèíåíèÿýëåìåíòîâ.Ýëåìåíòûäàííûõèñòðóêòóðûäàííûõâöåëîì
ïðåäñòàâëÿþòñîáîéñòðîêè(ïîñëåäîâàòåëüíîñòè)áàéòîâ.Áàéòûçàïèñûâàþòñÿñëåâàíà-
ïðàâîèñâåðõóâíèç.Íàïðèìåð,âñòðîêå
{1,2,3,4}
ïåðâûìáàéòîìÿâëÿåòñÿ1,ïî-
ñëåäíèì4.Äëèíàñòðîêè
data
îáîçíà÷àåòñÿ
len
(data)
.
Áàéòûñòðîêèíóìåðóþòñÿ,íà÷èíàÿñ0.Äëÿâûäåëåíèÿäèàïàçîíàáàéòîâñíîìåðà-
ìèîò
lo
äî
hi
ìîæíîèñïîëüçîâàòüâûðàæåíèå
[lo..hi]
.Íàïðèìåð,ñòðîêà
{1,2,3,
4}[1..3]
ñîñòîèòèçáàéòîâ2,3,4.
Ñèìâîëîì¾
+
¿îáîçíà÷àåòñÿêîíêàòåíàöèÿ(îáúåäèíåíèå)ñòðîê.Íàïðèìåð,
{1,2}+
{3,4}
åñòü
{1,2,3,4}
.
Ñòðîêà,ñîñòàâëåííàÿèçáàéòîâñîçíà÷åíèÿìèîò32äî126,ìîæåòïðåäñòàâëÿòüñÿ
ñòðîêîéñèìâîëîâ.ÑîîòâåòñòâèåìåæäóñèìâîëàìèèáàéòàìèçàäàåòÃÎÑÒ27463.Íàïðè-
ìåð,ñòðîêàñèìâîëîâ
"slithytoves"
ïðåäñòàâëÿåòñòðîêóáàéòîâ
{115,108,105,116,
104,121,32,116,111,118,101,115}
.
Á.3Âåêòîðû
Âåêòîðýòîîäíîìåðíûéìàññèâîäíîòèïíûõýëåìåíòîâ.Äëèíàâåêòîðàìîæåòáûòü
îïðåäåëåíàçàðàíåå,ëèáîìîæåòîïðåäåëÿòüñÿâìîìåíòâûïîëíåíèÿïðîòîêîëà.Âëþ-
áîìñëó÷àå,äëèíàîïðåäåëÿåòêîëè÷åñòâîáàéòîâ,àíåêîëè÷åñòâîýëåìåíòîâââåêòîðå.
Äëÿîïðåäåëåíèÿíîâîãîòèïà
T'
,ïðåäñòàâëÿþùåãîñîáîéâåêòîðôèêñèðîâàííîéäëèíûñ
ýëåìåíòàìèòèïà
T
,èñïîëüçóåòñÿñèíòàêñèñ:
TT'[n];
Çäåñü
T'
çàíèìàåò
n
áàéòîâ,ãäå
n
êðàòíîäëèíåýëåìåíòàòèïà
T
.Äëèíàâåêòîðàíå
çàïèñûâàåòñÿâïîòîêäàííûõ.
Âñëåäóþùåìïðèìåðåòèï
Datum
îïðåäåëÿåòòðîéêóíåñòðóêòóðèðîâàííûõáàéòîâ,à
òèï
Data
òðîéêóïîñëåäîâàòåëüíûõýëåìåíòîâòèïà
Datum
,êîòîðûåâñóììåçàíèìàþò
äåâÿòüáàéòîâ:
opaque
Datum[3];
DatumData[9];
Âåêòîðûïåðåìåííîéäëèíûîïðåäåëÿþòñÿïóòåìçàäàíèÿäèàïàçîíàäîïóñòèìûõäëèí
(âêëþ÷àÿãðàíèöû)ñïîìîùüþîáîçíà÷åíèÿ
loo;&#xr..c;ili;&#xng00;floor..ceiling
:
42
ÑÒÁ34.101.65-2014
TT'floor..ceiling&#x-120;-86;&#xl-86;&#xo-85;&#xo-86;&#xr-15;.-6; .-1;Ҝ-;ࠎ-;€i-;€l-;€i-;€n-;€g-;⊀;
×èñëî
floor
çàäàåòìèíèìàëüíóþäëèíó,à
ceiling
ìàêñèìàëüíóþ.
Ïðèïåðåäà÷åâåêòîðàïåðåìåííîéäëèíûâïîòîêäàííûõçàïèñûâàåòñÿñíà÷àëàôàê-
òè÷åñêàÿäëèíàâåêòîðà,àçàòåìåãîñîäåðæèìîå.Äëèíàïðåäñòàâëÿåòñÿ÷èñëîì,çàíè-
ìàþùèìñòîëüêîáàéòîâ,ñêîëüêîòðåáóåòñÿäëÿîïðåäåëåíèÿìàêñèìàëüíîéäëèíû(ò.å.
çíà÷åíèÿ
ceiling
).Âåêòîðïåðåìåííîéäëèíû,âêîòîðîìïîëåôàêòè÷åñêîéäëèíûðàâ-
íÿåòñÿíóëþ,ñîîòâåòñòâóåòïóñòîìóâåêòîðó.
Âñëåäóþùåìïðèìåðåâåêòîðòèïà
mandatory
ñîäåðæèòîò300äî400áàéòîâ,àâåêòîð
òèïà
longer
ñîäåðæèòäî800áàéòîâèëèäî400ýëåìåíòîâòèïà
uint16
:
opaque
mandatory300..400&#x-883;&#x-870;&#x-870;&#x-87.;&#x-87.;&#x-874;&#x-870;&#x-870;&#x-174;;
uint16
longer0..800&#x-840;&#x-84.;&#x-84.;&#x-858;&#x-840;&#x-840;&#x-168;;
Âåêòîð
mandatory
íåìîæåòáûòüïóñòûì.Ïîëååãîôàêòè÷åñêîéäëèíûçàíèìàåòäâà
áàéòà(
uint16
),êîòîðûõäîñòàòî÷íîäëÿïðåäñòàâëåíèÿçíà÷åíèÿ400(ñì.Á.5).Ïðåäñòàâ-
ëåíèåâåêòîðà
longer
áóäåòâêëþ÷àòüäâóõáàéòîâîåïîëåôàêòè÷åñêîéäëèíû,ïðåäøå-
ñòâóþùååâåêòîðó.Äëèíàâåêòîðàäîëæíàáûòüêðàòíàäëèíååãîýëåìåíòîâ(íàïðèìåð,
17-áàéòîâûéâåêòîðèçýëåìåíòîâòèïà
uint16
íåäîïóñòèì).
Á.4×èñëà
Ýëåìåíòàìèäàííûõìîãóòáûòüíåîòðèöàòåëüíûåöåëûå÷èñëà.Òèï
uint8
ïðåäñòàâ-
ëÿåòáåççíàêîâûéáàéòèÿâëÿåòñÿáàçîâûì÷èñëîâûìòèïîìäàííûõ.Âñå÷èñëà,êîòîðûå
íåóêëàäûâàþòñÿâáàéò,ïðåäñòàâëÿþòñÿâåêòîðîìáåççíàêîâûõáàéòîâôèêñèðîâàííîé
äëèíû.Ïðèýòîìïåðâûéáàéòñ÷èòàåòñÿñòàðøèì,ïîñëåäíèéìëàäøèì.Òàêîéïîðÿäîê
áàéòîâíàçûâàåòñÿñåòåâûìèëèîò¾ñòàðøèõêìëàäøèì¿(big-endian).Íàïðèìåð,ñòðîêå
áàéòîâ
{1,2,3,4}
ñîîòâåòñòâóåò÷èñëî
16909060=1

2
24
+2

2
16
+3

2
8
+4
.
Ñëåäóþùèå÷èñëîâûåòèïûïðåäîïðåäåëåíû:
uint8
uint16
[2];
uint8
uint24
[3];
uint8
uint32
[4];
uint8
uint64
[8];
Åñëèíåîòðèöàòåëüíîåöåëîå÷èñëîíåîáõîäèìîïðåäñòàâèòüâåêòîðîìñýëåìåíòàìè
òèïàopaque,òî÷èñëîïðåäñòàâëÿþòñÿêàêáåççíàêîâîå(áåçäîïîëíèòåëüíûõíóëåâûõñòàð-
øèõáàéòîâäàæåâòåõñëó÷àÿõ,êîãäàóñòàíîâëåíñòàðøèéáèò÷èñëà).
Á.5Ïåðå÷èñëåíèÿ
Òèïenumïîääåðæèâàåòïåðå÷èñëåíèÿ.Ïåðåìåííàÿòèïàenumìîæåòïðèíèìàòü
òîëüêîòåçíà÷åíèÿ,êîòîðûåîáúÿâëåíûâîïðåäåëåíèèïåðå÷èñëåíèÿ.Êàæäîåòàêîåîïðå-
äåëåíèåçàäàåòíîâûéòèï.Òîëüêîïåðåìåííûåîäíîãîèòîãîæåïåðå÷èñëèòåëüíîãîòèïà
ìîãóòïðèñâàèâàòüñÿäðóãäðóãóèëèñðàâíèâàòüñÿìåæäóñîáîé.Ýëåìåíòàìïåðå÷èñëåíèÿ
äîëæíûíàçíà÷àòüñÿ÷èñëîâûåçíà÷åíèÿ:
enum
{e1(v1),e2(v2)[[,...]][[,(n)]]}Te;
Çäåñü
e1
,
e2
,...èìåíàýëåìåíòîâ,
v1
,
v2
,...íàçíà÷åííûåçíà÷åíèÿ.Òàêêàêýëå-
ìåíòûïåðå÷èñëåíèÿíåóïîðÿäî÷åíû,èììîãóòíàçíà÷àòüñÿëþáûåóíèêàëüíûåçíà÷åíèÿ
èâëþáîìïîðÿäêå.
43
ÑÒÁ34.101.65-2014
Åñëèâîïðåäåëåíèèïåðå÷èñëåíèÿåñòüìíîãîòî÷èå,òîïåðå÷èñëåíèåìîæåòäîïîë-
íÿòüñÿíîâûìèýëåìåíòàìè.Äîáàâëåíèåýëåìåíòîâîáîçíà÷àåòñÿñëåäóþùèìîáðàçîì:
Te+={e3(v3),e4(v4)};
Ïðèìå÷àíèåÂîçìîæíîñòüäîîïðåäåëåíèÿïåðå÷èñëèòåëüíîãîòèïàÿâëÿåòñÿåäèíñòâåííûì
ðàñøèðåíèåìïðàâèëîïèñàíèÿäàííûõ,çàäàííûõâ[3].
Äëÿïåðå÷èñëåíèé,êîòîðûåíèêîãäàíåïðåîáðàçîâûâàþòñÿâîâíåøíèåïðåäñòàâëå-
íèÿ,÷èñëîâûåçíà÷åíèÿìîãóòîïóñêàòüñÿ.Íàïðèìåð,
enum
{low,medium,high}Amount;
Ïåðå÷èñëåíèåçàíèìàåòñòîëüêîáàéòîââïîòîêåäàííûõ,ñêîëüêîíåîáõîäèìîäëÿ
çàïèñèìàêñèìàëüíîãîèççíà÷åíèéåãîýëåìåíòîâ.Ýëåìåíòûñëåäóþùåãîïåðå÷èñëåíèÿ
çàíèìàþòîäèíáàéò:
enum
{red(3),blue(5),white(7)}Color;
Äëÿçàäàíèÿêîëè÷åñòâàáàéòîâ,êîòîðîåáóäåòçàíèìàòüïåðåìåííàÿïåðå÷èñëèòåëü-
íîãîòèïà,ìîæíîóêàçûâàòüâïåðå÷èñëåíèèýëåìåíòûáåçèìåíè.Âñëåäóþùåìïðèìåðå
ïåðåìåííûåòèïàTasteáóäóòçàíèìàòüäâàáàéòàâïîòîêåäàííûõ,õîòÿìîãóòïðèíèìàòü
òîëüêîçíà÷åíèÿ1,2èëè4:
enum
{sweet(1),sour(2),bitter(4),(32000)}Taste;
Îáëàñòüþâèäèìîñòèèìåíýëåìåíòîâïåðå÷èñëåíèÿÿâëÿåòñÿñàìïåðå÷èñëèòåëüíûé
òèï.Ïðèññûëêåíàèìÿìîæíîóêàçûâàòüýòîòòèïÿâíîèëèîïóñêàòüåãî,åñëèîíÿñåí
èçêîíòåêñòà:
Colorcolor=Color.blue;/*çàäàíîÿâíî*/
Colorcolor=blue;/*îïðåäåëÿåòñÿíåÿâíî*/
Á.6Ñòðóêòóðèðîâàííûåòèïûèâàðèàíòû
Ïðèìèòèâíûåòèïûìîãóòîáúåäèíÿòüñÿâñòðóêòóðèðîâàííûéòèï(ñòðóêòóðó).
Ñòðóêòóðûìîãóòñîäåðæàòüâëîæåííûåñòðóêòóðû.Êàæäîåîïðåäåëåíèåñòðóêòóðûçàäà-
åòíîâûéóíèêàëüíûéòèï.Ñèíòàêñèñîïðåäåëåíèÿñòðóêòóðàíàëîãè÷åíñèíòàêñèñóÿçûêà
Ñè:
struct
{
T1f1;
T2f2;
...
Tnfn;
}[[T]];
Ïðèññûëêåíàýëåìåíòñòðóêòóðûóêàçûâàåòñÿòèïèèìÿïîëÿ(âëîæåííîãîýëåìåíòà).
Íàïðèìåð,
T.f2
ññûëêàíàâòîðîåïîëåñòðóêòóðû,îïðåäåëåííîéâûøå.
Ñòðóêòóðûìîãóòñîäåðæàòüâàðèàíòû,âûáîðâêîòîðûõïðîèçâîäèòñÿíàîñíîâàíèè
íåêîòîðîéïåðåìåííîé,äîñòóïíîéâíóòðèñòðóêòóðû.Íàâûáîðâàðèàíòàóêàçûâàåòêëþ-
÷åâîåñëîâî
select
.ÌåõàíèçìðàçáîðàâàðèàíòîââîâðåìÿâûïîëíåíèÿTLSíåçàäàåòñÿ
íàñòîÿùèìèïðàâèëàìèèîïðåäåëÿåòñÿâêîíêðåòíîéðåàëèçàöèèTLS.
44
ÑÒÁ34.101.65-2014
Ïåðåìåííàÿ,íàîñíîâàíèèêîòîðîéïðîèçâîäèòñÿâûáîðâàðèàíòà,äîëæíàèìåòüïå-
ðå÷èñëèòåëüíûéòèï.Ýëåìåíòûýòîãîòèïàîïðåäåëÿþòâîçìîæíûåâàðèàíòûîïðåäåëåíèÿ
ñòðóêòóðû.Äëÿêàæäîãîýëåìåíòàäîëæåíáûòüóêàçàíâàðèàíòâûáîðà.Âàðèàíòûìîãóò
îáúåäèíÿòüñÿ:íàïðèìåð,åñëèäâàýëåìåíòàñëåäóþòñðàçóäðóãçàäðóãîì,òîèìñîîòâåò-
ñòâóåòîäèíèòîòæåâàðèàíò.
Äëÿîïðåäåëåíèÿâàðèàíòîâèñïîëüçóåòñÿñëåäóþùèéñèíòàêñèñ:
struct
{
T1f1;
T2f2;
...
Tnfn;
select(E){
case
e1:Te1;
case
e2:Te2;
case
e3:
case
e4:Te3;
...
case
en:Ten;
}[[fv]];
}[[Tv]];
Çäåñü
E
ïåðå÷èñëèòåëüíûéòèï.Äëÿññûëêèíàâàðèàíòåìóìîæåòáûòüïðèñâîåíà
ìåòêà
fv
.
Âñëåäóþùåìïðèìåðåçàâûáîðâàðèàíòàîòâå÷àþòïåðåìåííûåòèïà
VariantTag
:
enum
{apple,orange,banana}VariantTag;
struct
{
uint16
number;
opaque
string0..10&#x-820;&#x-83.;&#x-82.;&#x-821;&#x-830;&#x-164;;/*ïåðåìåííàÿäëèíà*/
}V1;
struct
{
uint32
number;
opaque
string[10];/*ôèêñèðîâàííàÿäëèíà*/
}V2;
struct
{
select(VariantTag){/*çíà÷åíèåçàäàíîíåÿâíî*/
case
apple:
V1;/*apple*/
case
orange:
case
banana:
V2;/*orangeèëèbanana*/
}variant_body;/*íåîáÿçàòåëüíàÿìåòêà*/
}VariantRecord;
Á.7Êðèïòîãðàôè÷åñêèåàòðèáóòû
Äëÿóêàçàíèÿíàêðèïòîãðàôè÷åñêóþîáðàáîòêóäàííûõèñïîëüçóþòñÿñïåöèàëüíûå
àòðèáóòû,êîòîðûåïðåäøåñòâóþòîïèñàíèþòèïàäàííûõ.Êëþ÷è,êîòîðûåèñïîëüçóþòñÿ
45
ÑÒÁ34.101.65-2014
ïðèêðèïòîãðàôè÷åñêîéîáðàáîòêå,îïðåäåëÿþòñÿòåêóùèìñîñòîÿíèåìñîåäèíåíèÿTLS
(ñì.7.2).
Àòðèáóò
digitally-
signed
èñïîëüçóåòñÿäëÿîáîçíà÷åíèÿâûõîäíûõäàííûõàëãîðèò-
ìîââûðàáîòêèÝÖÏ.Ýëåìåíòñàòðèáóòîì
digitally-
signed
ïðåîáðàçóåòñÿâñòðóêòóðó
DigitallySigned
:
struct
{
SignatureAndHashAlgorithmalgorithm;
opaque
signature0..2^16-1&#x-820;&#x-82.;&#x-83.;&#x-822;&#x-82^;&#x-831;&#x-826;&#x-165;&#x--82;-16;⎝;
}DigitallySigned;
Çäåñüïîëå
algorithm
îïðåäåëÿåòèñïîëüçóåìóþïðèâûðàáîòêåÝÖÏïàðó¾àëãîðèòì
õýøèðîâàíèÿ,àëãîðèòìûÝÖÏ¿(ñì.8.7).Ïîëå
signature
îïðåäåëÿåòçíà÷åíèåÝÖÏ,âû-
ðàáîòàííîåîòñîäåðæèìîãîýëåìåíòà.Ñàìîñîäåðæèìîåýëåìåíòàíåâêëþ÷àåòñÿâñòðóê-
òóðó.ÄëèíàïîäïèñèîïðåäåëÿåòñÿèñïîëüçóåìûìàëãîðèòìîìâûðàáîòêèÝÖÏèåãîêëþ-
÷àìè.
Àòðèáóò
stream-ciphered
(
block-ciphered
)óêàçûâàåò,÷òîäàííûåçàùèùåíûñïî-
ìîùüþàëãîðèòìîâïîòî÷íîãî(áëî÷íîãî)øèôðîâàíèÿ.Äëèíàäàííûõ,êîòîðûåçàøèô-
ðîâûâàþòñÿáëî÷íî,äîëæíàáûòüêðàòíàäëèíåáëîêà.
Àòðèáóò
aead-ciphered
óêàçûâàåò,÷òîäàííûåçàøèôðîâàíûèäîïîëíåíûèìèòîâ-
ñòàâêîé.Îáðàáîòêàäàííûõâûïîëíÿåòñÿñïîìîùüþàëãîðèòìîâîäíîâðåìåííîãîøèôðî-
âàíèÿèèìèòîçàùèòû.Âõîäíûåäàííûåàëãîðèòìàìîãóòèìåòüïðîèçâîëüíóþäëèíó.
Àòðèáóò
public
-key-encrypted
èñïîëüçóåòñÿäëÿîáîçíà÷åíèÿâûõîäíûõäàííûõàë-
ãîðèòìîâøèôðîâàíèÿñîòêðûòûìêëþ÷îì.Äàííûåçàøèôðîâûâàþòñÿòàêèìîáðàçîì,
÷òîðàñøèôðîâàòüèõìîæíîòîëüêîíàñîîòâåòñòâóþùåìëè÷íîìêëþ÷å.Ýëåìåíòñàòðè-
áóòîì
public
-key-encrypted
ïðåîáðàçóåòñÿâñëåäóþùèéâåêòîðïåðåìåííîéäëèíû:
opaque
vector0..2^16-1&#x-780;&#x-77.;&#x-77.;&#x-772;&#x-77^;&#x-771;&#x-786;&#x-154;&#x--77;-15;⎝;
Ôàêòè÷åñêàÿäëèíàâåêòîðàîïðåäåëÿåòñÿèñïîëüçóåìûìàëãîðèòìîìøèôðîâàíèÿè
åãîêëþ÷àìè.
Ðàññìîòðèìïðèìåðèñïîëüçîâàíèÿêðèïîãðàôè÷åñêèõàòðèáóòîâ:
stream-ciphered
struct
{
uint8
field1;
uint8
field2;
digitally-
signed
struct
{
uint8
field30..255&#x-840;&#x-84.;&#x-84.;&#x-842;&#x-845;&#x-855;&#x-168;;
uint8
field4;
};
}UserType;
Âýòîìïðèìåðåñîäåðæèìîåâíóòðåííåéñòðóêòóðû(ïîëÿ
field3
è
field4
)èñïîëü-
çóåòñÿâêà÷åñòâåâõîäíûõäàííûõäëÿïàðû¾àëãîðèòìõýøèðîâàíèÿ,àëãîðèòìûÝÖÏ¿,
ò.å.îòïîëåé
field3
è
field4
âûðàáàòûâàåòñÿÝÖÏ.Ïîñëåýòîãîâñÿñòðóêòóðà
UserType
çàøèôðîâûâàåòñÿïîòî÷íî.Äëèíàçàøèôðîâàííîéñòðóêòóðûáóäåòðàâíàñóììåäëèí
ïîëåé
field1
è
field2
(äâàáàéòà),ïîëÿ
algorithm
,îïðåäåëÿþùåãîèñïîëüçóåìûåàëãî-
ðèòìûõýøèðîâàíèÿèÝÖÏ(äâàáàéòà),ïîëÿñäëèíîéÝÖÏ(äâàáàéòà),àòàêæåïîëÿ,
46
ÑÒÁ34.101.65-2014
ñîäåðæàùåãîÝÖÏ.ÄëèíàÝÖÏèçâåñòíà,òàêêàêèçâåñòíûèñïîëüçóåìûéàëãîðèòìâû-
ðàáîòêèÝÖÏèåãîêëþ÷è.
Á.8Êîíñòàíòû
Ýëåìåíòàìäàííûõìîãóòíàçíà÷àòüñÿçíà÷åíèÿ.Äëÿýòîãîäîëæíûèñïîëüçîâàòüñÿ
òèïèçèðîâàííûåêîíñòàíòû.Íàïðèìåð,
struct
{
uint8
f1;
uint8
f2;
}Example1;
Example1ex1={1,4};/*f1=1,f2=4*/
Ïåðåìåííûìíåêîòîðûõòèïîâçíà÷åíèÿíàçíà÷åíûáûòüíåìîãóò.Êòàêèìòèïàì
îòíîñÿòñÿopaque,ñòðóêòóðû,ñîäåðæàùèåïîëÿòèïàopaque,âåêòîðûïåðåìåííîéäëèíû.
47
ÑÒÁ34.101.65-2014
ÏðèëîæåíèåÂ
(îáÿçàòåëüíîå)
ÊðèïòîíàáîðûñåìåéñòâàBIGN_WITH_BELT
Âíàñòîÿùåìïðèëîæåíèèîïðåäåëÿþòñÿêðèïòîíàáîðûèìåòîäûàóòåíòèôèêàöèè
ñòîðîíïðîòîêîëàTLS,îñíîâàííûåíàêðèïòîãðàôè÷åñêèõàëãîðèòìàõÑÒÁ34.101.31è
ÑÒÁ34.101.45.
Â.1Êðèïòîíàáîðû
Îïðåäåëÿåìûåêðèïòîíàáîðûïåðå÷èñëåíûâòàáëèöåÂ.1.
ÒàáëèöàÂ.1ÊðèïòîíàáîðûñåìåéñòâàBIGN_WITH_BELT
Êðèïòîíàáîð
Èäåíòè-
Àëãîðèòì
ôèêàòîð
ôîðìèðîâàíèÿ
îáùåãîêëþ÷à
TLS_DHE_BIGN_WITH_BELT_CTR_MAC_HBELT
{192,21}
DHE_BIGN
TLS_DHE_BIGN_WITH_BELT_DWP_HBELT
{192,22}
DHE_BIGN
TLS_DHT_BIGN_WITH_BELT_CTR_MAC_HBELT
{192,23}
DHT_BIGN
TLS_DHT_BIGN_WITH_BELT_DWP_HBELT
{192,24}
DHT_BIGN
TLS_DHE_PSK_BIGN_WITH_BELT_CTR_MAC_HBELT
{192,25}
DHE_PSK_BIGN
TLS_DHE_PSK_BIGN_WITH_BELT_DWP_HBELT
{192,26}
DHE_PSK_BIGN
TLS_DHT_PSK_BIGN_WITH_BELT_CTR_MAC_HBELT
{192,27}
DHT_PSK_BIGN
TLS_DHT_PSK_BIGN_WITH_BELT_DWP_HBELT
{192,28}
DHT_PSK_BIGN
ÊðèïòîíàáîðTLS_DHE_BIGN_WITH_BELT_CTR_MAC_HBELTÿâëÿåòñÿîáÿçà-
òåëüíûìâñåìåéñòâåBIGN_WITH_BELT.
Âîâñåõêðèïòîíàáîðàõèñïîëüçóåòñÿîäèíèòîòæåàëãîðèòìãåíåðàöèèïñåâäîñëó-
÷àéíûõ÷èñåë(ñì.Â.2.4).Îòëè÷àþòñÿàëãîðèòìûøèôðîâàíèÿ(ñì.Â.2.1),àëãîðèòìû
èìèòîçàùèòû(ñì.Â.2.2)èàëãîðèòìûôîðìèðîâàíèÿîáùåãîêëþ÷à(ñì.Â.2.5).Àëãîðèò-
ìûøèôðîâàíèÿèèìèòîçàùèòûìîãóòáûòüñîâìåùåíû(ñì.Â.2.3).
Â.2Àëãîðèòìûêðèïòîíàáîðîâ
Â.2.1Àëãîðèòìûøèôðîâàíèÿèèìèòîçàùèòû
Â.2.1.1Øèôðîâàíèåâðåæèìåñ÷åò÷èêà
Åñëèâíàçâàíèåêðèïòîíàáîðàâõîäèòñòðîêà_CTR,òîäîëæåíèñïîëüçîâàòüñÿàëãî-
ðèòìøèôðîâàíèÿâðåæèìåñ÷åò÷èêà,îïðåäåëåííûéâÑÒÁ34.101.31(ïóíêò6.5).Ýòîò
àëãîðèòìâêëþ÷àåòñÿâïåðå÷èñëåíèå
BulkCipherAlgorithm
ïîäèìåíåì
belt_ctr
:
BulkCipherAlgorithm+={belt_ctr};
Àëãîðèòìêëàññèôèöèðóåòñÿêàêàëãîðèòìïîòî÷íîãîøèôðîâàíèÿ(
stream
)èäåé-
ñòâóþòïðàâèëà,çàäàííûåâ7.3.3.1.
Êëþ÷øèôðîâàíèÿ(
client_write_key
èëè
server_write_key
)âûðà-
áàòûâàåòñÿâïðîöåññåâûïîëíåíèÿïðîòîêîëàHandshake.Äëèíàêëþ÷à
(
ÑÒÁ34.101.65-2014
Âêà÷åñòâåñèíõðîïîñûëêèÄÎËÆÅÍèñïîëüçîâàòüñÿïîðÿäêîâûéíîìåð
seq_num
,
îïðåäåëåííûéâ7.2,7.3.3.1.Ïîðÿäêîâûéíîìåðñîñòîèòèç8áàéòîâ.Äëÿïîëó÷åíèÿñèí-
õðîïîñûëêèäàííûéíîìåðÄÎËÆÅÍáûòüäîïîëíåí8íóëåâûìèáàéòàìè.
Â.2.1.2Èìèòîçàùèòà
Åñëèâíàçâàíèåêðèïòîíàáîðàâõîäèòñòðîêà_MAC,òîäîëæåíèñïîëüçîâàòüñÿàëãî-
ðèòìâûðàáîòêèèìèòîâñòàâêè,îïðåäåëåííûéâÑÒÁ34.101.31(ïóíêò6.6).Ýòîòàëãîðèòì
âêëþ÷àåòñÿâïåðå÷èñëåíèå
MACAlgorithm
ïîäèìåíåì
belt_mac
:
MACAlgorithm+={belt_mac};
Êëþ÷èìèòîçàùèòûâûðàáàòûâàåòñÿâïðîöåññåâûïîëíåíèÿïðîòîêîëàHandshake.
Äëèíàêëþ÷à(
BulkCipherAlgorithm+={belt_dwp};
Àëãîðèòìûêëàññèôèöèðóþòñÿêàê
aead
èäåéñòâóþòïðàâèëà,çàäàííûåâ7.3.3.3.
Êëþ÷çàùèòû(
client_write_key
èëè
server_write_key
)âûðàáàòûâàåòñÿâïðîöåññå
âûïîëíåíèÿïðîòîêîëàHandshake.Äëèíàêëþ÷à(
enc_key_length
)ÄÎËÆÍÀðàâíÿòüñÿ
32.
Íåÿâíàÿ÷àñòüñèíõðîïîñûëêè(
client_write_IV
èëè
server_write_IV
)âû-
ðàáàòûâàåòñÿâïðîöåññåâûïîëíåíèÿïðîòîêîëàHandshake.Äëèíàíåÿâíîé÷à-
ñòè(
ÑÒÁ34.101.65-2014
Â.2.4Àëãîðèòìûôîðìèðîâàíèÿîáùåãîêëþ÷à
Äëÿôîðìèðîâàíèÿîáùåãîêëþ÷àèñïîëüçóþòñÿàëãîðèòìû,ïåðå÷èñëåííûåâòàáëè-
öåÂ.2.
ÒàáëèöàÂ.2
Àëãîðèòìûôîðìèðîâàíèÿîáùåãîêëþ÷àêðèïòîíàáîðîâ
BIGN_WITH_BELT
Àëãîðèòìôîðìèðîâàíèÿ
Îïèñàíèå
îáùåãîêëþ÷à
DHE_BIGN
ÏðîòîêîëÄèôôèÕåëëìàíàñýôåìåðíûìèêëþ÷àìèèáà-
çîâûìèîïåðàöèÿìèÑÒÁ34.101.45
DHT_BIGN
Òðàíñïîðòêëþ÷àñîãëàñíîÑÒÁ34.101.45
DHE_PSK_BIGN
Íàîñíîâåïðåäâàðèòåëüíîðàñïðåäåëåííûõîáùèõñåêðåòîâ
èïðîòîêîëàÄèôôèÕåëëìàíàñýôåìåðíûìèêëþ÷àìè
DHT_PSK_BIGN
Íàîñíîâåïðåäâàðèòåëüíîðàñïðåäåëåííûõîáùèõñåêðåòîâ
êëþ÷åéèòðàíñïîðòàêëþ÷àñîãëàñíîÑÒÁ34.101.45
ÂàëãîðèòìàõDHT_BIGN,DHE_BIGN,DHT_PSK_BIGNñåðâåðïåðåñûëàåòêëè-
åíòóñâîéñåðòèôèêàò.ÔîðìàòñåðòèôèêàòàÄÎËÆÅÍñîîòâåòñòâîâàòüÑÒÁ34.101.19ñ
óòî÷íåíèÿìè,çàäàííûìèâÑÒÁ34.101.45(ïðèëîæåíèåÄ).ÑåðòèôèêàòÄÎËÆÅÍèìåòü
ðàñøèðåíèåKeyUsage.
Â.2.4.1ÀëãîðèòìDHE_BIGN
ÀëãîðèòìDHE_BIGNñîñòîèòââûïîëíåíèèïðîòîêîëàÄèôôèÕåëëìàíàñýôå-
ìåðíûìèêëþ÷àìè.Âïðîòîêîëåèñïîëüçóþòñÿýëëèïòè÷åñêèåêðèâûå,îïðåäåëåííûåâ
ÑÒÁ34.101.45(ïóíêò5.3).Äëÿãåíåðàöèèïàðýôåìåðíûõêëþ÷åéèñïîëüçóþòñÿàëãî-
ðèòìû,îïðåäåëåííûåâÑÒÁ34.101.45(ïóíêò6.2).ÏðèâûïîëíåíèèDHE_BIGNñåðâåð
ïîäïèñûâàåòñâîéýôåìåðíûéêëþ÷èäîïîëíèòåëüíûåäàííûå.Äëÿâûðàáîòêèèïðîâåðêè
ÝÖÏèñïîëüçóþòñÿàëãîðèòìû,îïðåäåëåííûåâÑÒÁ34.101.45(ïóíêò7.1).
ÄëÿïðèìåíåíèÿDHE_BIGNñåðâåðÄÎËÆÅÍïåðåñëàòüêëèåíòóñâîéñåðòè-
ôèêàòâñîîáùåíèè
Certificate
.ÑåðòèôèêàòÄÎËÆÅÍñîäåðæàòüîòêðûòûéêëþ÷
àëãîðèòìîâÝÖÏ.Âðàñøèðåíèè
KeyUsage
ñåðòèôèêàòàÄÎËÆÅÍáûòüóñòàíîâëåí
áèò
digitalSignature
.
Ñåðâåðèñïîëüçóåòïàðàìåòðûýëëèïòè÷åñêîéêðèâîéèçñâîåãîñåðòèôèêàòà,ãåíåðè-
ðóåòýôåìåðíûåëè÷íûéêëþ÷
dS
èîòêðûòûéêëþ÷
QS
ñïîìîùüþàëãîðèòìà,îïðåäåëåí-
íîãîâÑÒÁ34.101.45(ïóíêò6.2.2).Çàòåìñåðâåðïîäïèñûâàåòñòðóêòóðó,ñîñòàâëåííóþèç
QS
èñëó÷àéíûõäàííûõ
client_random
,
server_random
.ÏðèâûðàáîòêåÝÖÏèñïîëüçóåò-
ñÿëè÷íûéêëþ÷,êîòîðîìóñîîòâåòñòâóåòîòêðûòûéêëþ÷ñåðòèôèêàòàñåðâåðà.Ñåðâåð
ïåðåäàåò
QS
èâûðàáîòàííóþïîäïèñüêëèåíòóâñîîáùåíèè
ServerKeyExchange
.
Êëèåíòïðîâåðÿåòïîëó÷åííûåñåðòèôèêàòèÝÖÏ.Åñëèïðèïðîâåðêåïðîèçîøëà
îøèáêà,òîêëèåíòÄÎËÆÅÍïðåêðàòèòüïðîòîêîëHandshake.Âïðîòèâíîìñëó÷àåêëè-
åíòèñïîëüçóåòïàðàìåòðûýëëèïòè÷åñêîéêðèâîéèçñåðòèôèêàòàñåðâåðà,ãåíåðèðóåò
ýôåìåðíûåëè÷íûéêëþ÷
dC
èîòêðûòûéêëþ÷
QC
ñïîìîùüþàëãîðèòìà,îïðåäåëåííî-
ãîâÑÒÁ34.101.45(ïóíêò6.2.2).Êëèåíòïåðåäàåòîòêðûòûéêëþ÷ñåðâåðóâñîîáùåíèè
ClientKeyExchange
.
50
ÑÒÁ34.101.65-2014
Ñåðâåðïðîâåðÿåò
QC
ñïîìîùüþàëãîðèòìà,îïðåäåëåííîãîâÑÒÁ34.101.45
(ïóíêò6.2.3).Åñëèïðèïðîâåðêåïðîèçîøëàîøèáêà,òîñåðâåðÄÎËÆÅÍïðåêðàòèòü
ïðîòîêîëHandshake.
Îòêðûòûåêëþ÷è
QS
,
QC
ÿâëÿþòñÿòî÷êàìèýëëèïòè÷åñêîéêðèâîé,çàäàííîéâñåðòè-
ôèêàòåñåðâåðà.Ñåðâåðíàõîäèò
dS
-êðàòíîåòî÷êè
QC
,àêëèåíòíàõîäèò
dC
-êðàòíîåòî÷êè
QS
.Âû÷èñëåíèåêðàòíîéòî÷êèîïèñàíîâÑÒÁ34.101.45(ïóíêò4.2.4).Åñëèâñåøàãèïðî-
òîêîëàâûïîëíåíûêîððåêòíîèçëîóìûøëåííèêíåâìåøèâàëñÿâîáìåíñîîáùåíèÿìè,òî
âðåçóëüòàòåâû÷èñëåíèéñòîðîíûïîëó÷àòîäíóèòóæåñåêðåòíóþòî÷êó
Q
.
Òî÷êà
Q
ïðåäñòàâëÿåòñÿñòðîêîéáàéòîâ(îêòåòîâ)ïîïðàâèëàì,îïèñàííûìâ
ÑÒÁ34.101.45(ïóíêò5.4).Ïîëó÷åííàÿñòðîêàâûñòóïàåòâðîëè
ÑÒÁ34.101.65-2014
Ïîñëåâûáîðàïàðàìåòðîâñåðâåðãåíåðèðóåòýôåìåðíûåëè÷íûéêëþ÷
dS
èîòêðûòûé
êëþ÷
QS
ñïîìîùüþàëãîðèòìà,îïðåäåëåííîãîâÑÒÁ34.101.45(ïóíêò6.2.2).Ñåðâåðïåðå-
äàåòîïèñàíèåïàðàìåòðîâèîòêðûòûéêëþ÷
QS
êëèåíòóâñîîáùåíèè
ServerKeyExchange
.
Äîïîëíèòåëüíîâ
ServerKeyExchange
ñåðâåðÌÎÆÅÒïåðåñëàòüêëèåíòóïîäñêàçêóïî
âûáîðóîáùåãîñåêðåòà(ñì.6.2.4).
Êëèåíòîïðåäåëÿåòïàðàìåòðûýëëèïòè÷åñêîéêðèâîéïîïîëó÷åííîìóèäåíòèôèêàòî-
ðóèïðîâåðÿåòîòêðûòûéêëþ÷
QS
ñïîìîùüþàëãîðèòìà,îïðåäåëåííîãîâÑÒÁ34.101.45
(ïóíêò6.2.3).Åñëèïðèîïðåäåëåíèèïàðàìåòðîâèëèïðèïðîâåðêåîòêðûòîãîêëþ÷àïðî-
èçîøëàîøèáêà,òîêëèåíòÄÎËÆÅÍïðåêðàòèòüHandshake.Âïðîòèâíîìñëó÷àåêëèåíò
âûáèðàåòîáùèéñåêðåò,èñïîëüçóÿïîäñêàçêóñåðâåðà.Åñëèïîäñêàçêèíåò,òîêëèåíòâûáè-
ðàåòîáùèéñåêðåòñàìîñòîÿòåëüíî.Êëèåíòâûñûëàåòñåðâåðóèäåíòèôèêàòîðâûáðàííîãî
ñåêðåòàâ
ClientKeyExchange
.Êðîìåýòîãî,êëèåíòãåíåðèðóåòýôåìåðíûåëè÷íûéêëþ÷
dC
èîòêðûòûéêëþ÷
QC
ñïîìîùüþàëãîðèòìà,îïðåäåëåííîãîâÑÒÁ34.101.45(ïóíêò6.2.2).
Îòêðûòûéêëþ÷
QC
òàêæåïåðåñûëàåòñÿâ
ClientKeyExchange
.
Ïîèäåíòèôèêàòîðóñåêðåòàñåðâåðîïðåäåëÿåòñàìñåêðåò,êîòîðûéîáîçíà÷àåò-
ñÿpskèïðåäñòàâëÿåòñîáîéñòðîêóáàéòîâ.Åñëèñåðâåðíåìîæåòîïðåäåëèòüñåê-
ðåòïîïîëó÷åííîìóèäåíòèôèêàòîðó,òîîíÌÎÆÅÒîòâåòèòüñîîáùåíèåìîáîøèáêå
unknown_psk_identity
(ñì.10.3).Âêà÷åñòâåàëüòåðíàòèâû,åñëèñåðâåðõî÷åòñêðûòü
ôàêòíåçíàíèÿñåêðåòà,òîîíÌÎÆÅÒïðîäîëæèòüïðîòîêîë,êàêåñëèáûîíçíàëñåê-
ðåò,íîñåêðåòîêàçàëñÿíåâåðíûì.Ïðèýòîìñåðâåðâêîíöåêîíöîâîòâå÷àåòñîîáùåíèåì
îáîøèáêå
decrypt_error
.
Ñåðâåðïðîâåðÿåòîòêðûòûéêëþ÷
QC
ñïîìîùüþàëãîðèòìà,îïðåäåëåííîãîâ
ÑÒÁ34.101.45(ïóíêò6.2.3).Åñëèïðèïðîâåðêåîòêðûòîãîêëþ÷àïðîèçîøëàîøèáêà,
òîñåðâåðÄÎËÆÅÍïðåêðàòèòüHandshake.
Ñåðâåðíàõîäèò
dS
-êðàòíîåòî÷êè
QC
,àêëèåíòíàõîäèò
dC
-êðàòíîåòî÷êè
QS
.Âû÷èñ-
ëåíèåêðàòíîéòî÷êèîïèñàíîâÑÒÁ34.101.45(ïóíêò4.2.4).Åñëèâñåøàãèïðîòîêîëà
âûïîëíåíûêîððåêòíîèçëîóìûøëåííèêíåâìåøèâàëñÿâîáìåíñîîáùåíèÿìè,òîâðå-
çóëüòàòåâû÷èñëåíèéñòîðîíûïîëó÷àòîäíóèòóæåñåêðåòíóþòî÷êó
Q
.
Òî÷êà
Q
ïðåäñòàâëÿåòñÿñòðîêîéáàéòîâ(îêòåòîâ)ïîïðàâèëàì,îïèñàííûìâ
ÑÒÁ34.101.45(ïóíêò5.4).Ïîëó÷åííàÿñòðîêàñîñòîèòèç64,96èëè128áàéòîâèîáî-
çíà÷àåòñÿ
len
(other_secret)+other_secret+
len
(psk)+psk,
ãäå
len
ÑÒÁ34.101.65-2014
ôîðìèðîâàíèè
len
(other_secret)+other_secret+
len
(psk)+psk,
ãäå
len
ÑÒÁ34.101.65-2014
ëè
psk
áûëðàñïðåäåëåíïîçàùèùåííûìêàíàëàìèáûëðàñïðåäåëåíòîëüêîýòèìñòîðî-
íàì,òîóñïåøíîåçàâåðøåíèåHandshakeîçíà÷àåò,÷òîñåðâåðçíàåò
psk
,ò.å.ÿâëÿåòñÿ
ïîäëèííûì.
Â.3.2Àóòåíòèôèêàöèÿêëèåíòà
Äëÿàóòåíòèôèêàöèèêëèåíòàìîãóòèñïîëüçîâàòüñÿìåòîäû
bign128_auth
,
bign192_auth
è
bign256_auth
,êîòîðûåâêëþ÷àþòñÿâïåðå÷èñëå-
íèå
ClientCertificateType+={bign128_auth(121),
bign192_auth(122),bign256_auth(123)};
Äëÿïðèìåíåíèÿäàííûõìåòîäîâñåðâåðâñîîáùåíèè
CertificateRequest
ÄÎËÆÅÍ
çàïðîñèòüóêëèåíòàåãîñåðòèôèêàò.Ïîñëåïîëó÷åíèÿñîîáùåíèÿ
CertificateRequest
êëèåíòÄÎËÆÅÍîòïðàâèòüçàïðàøèâàåìûéñåðòèôèêàòâñîîáùåíèè
Certificate
.
ÂÑÒÁ34.101.45(ïóíêò5.2)äëÿàëãîðèòìîâÝÖÏîïðåäåëåíûòðèóðîâíÿñòîéêî-
ñòè:
l
=128
,
l
=192
è
l
=256
.Ïðèèñïîëüçîâàíèèìåòîäîâ
bign128_auth
,
bign192_auth
è
bign256_auth
ñåðòèôèêàòÄÎËÆÅÍñîäåðæàòüîòêðûòûéêëþ÷,êîòîðûéìîæíîèñ-
ïîëüçîâàòüíàóðîâíÿõñòîéêîñòè
l

128
,
l

192
è
l
=256
ñîîòâåòñòâåííî.
ÔîðìàòñåðòèôèêàòàÄÎËÆÅÍñîîòâåòñòâîâàòüÑÒÁ34.101.19ñóòî÷íåíèÿìè,çà-
äàííûìèâÑÒÁ34.101.45(ïðèëîæåíèåÄ).ÑåðòèôèêàòÄÎËÆÅÍèìåòüðàñøèðåíèå
KeyUsage
èâýòîìðàñøèðåíèèÄÎËÆÅÍáûòüóñòàíîâëåíáèò
digitalSignature
.
ÓñïåøíîåçàâåðøåíèåïðîòîêîëàHandshakeîçíà÷àåò,÷òîïðîâåäåíààóòåíòèôèêàöèÿ
êëèåíòà:ñåðòèôèêàòêëèåíòàäåéñòâèòåëåíèêëèåíòçíàåòëè÷íûéêëþ÷,ñîîòâåòñòâóþ-
ùèéîòêðûòîìóêëþ÷óñåðòèôèêàòà.
Ìåòîäûàóòåíòèôèêàöèèíåïðèìåíÿþòñÿèïðåäûäóùèåîãðàíè÷åíèÿíåäåéñòâóþò,
åñëèêëèåíòïåðåäàåòâñîîáùåíèè
Certificate
ïóñòóþöåïî÷êóñåðòèôèêàòîâ.Âýòîì
ñëó÷àåñåðâåðìîæåòëèáîïðåðâàòüHandshake,ëèáîïðîäîëæèòüåãî,íîóæåáåçàóòåíòè-
ôèêàöèèêëèåíòà(ñì.8.12).
ÏðèèñïîëüçîâàíèèàëãîðèòìîâDHE_PSK_BIGN,DHT_PSK_BIGNïðîâîäèòñÿ
íåÿâíàÿàóòåíòèôèêàöèÿêëèåíòà.Ïðèñîáëþäåíèèìåðçàùèòûîáùåãîñåêðåòà
psk
óñïåø-
íîåçàâåðøåíèåHandshakeîçíà÷àåò,÷òîêëèåíòçíàåòpsk,ò.å.ÿâëÿåòñÿïîäëèííûì.
Â.3.3ÀëãîðèòìûõýøèðîâàíèÿèÝÖÏ
Âìåòîäàõàóòåíòèôèêàöèèèñïîëüçóåòñÿàëãîðèòìõýøèðîâàíèÿ,îïðåäåëåííûéâ
ÑÒÁ34.101.31(ïóíêò6.9).Ýòîòàëãîðèòìäîáàâëÿåòñÿâïåðå÷èñëåíèå
HashAlgorithm
ïîäèìåíåì
belt_hash
:
HashAlgorithm+={belt_hash(121)};
ÂìåòîäàõàóòåíòèôèêàöèèèñïîëüçóþòñÿòàêæåàëãîðèòìûÝÖÏ,îïðåäåëåí-
íûåâÑÒÁ34.101.45(ïóíêò7.1).Ýòèàëãîðèòìûäîáàâëÿþòñÿâïåðå÷èñëåíèå
SignatureAlgorithm
ïîäèìåíåì
bign_sign
:
SignatureAlgorithm+={bign_sign(121)};
Äîïóñòèìàÿïàðà¾àëãîðèòìõýøèðîâàíèÿ,àëãîðèòìûÝÖÏ¿îïèñûâàåòñÿçíà÷åíèåì
{belt_hash,bign_sign}
òèïà
SignatureAndHashAlgorithm
.
54
ÑÒÁ34.101.65-2014
Âàëãîðèòìàõ
bign_sign
íàóðîâíåñòîéêîñòè
l
äîëæíàèñïîëüçîâàòüñÿôóíêöèÿõýøè-
ðîâàíèÿñ
2
l
-áèòîâûìèçíà÷åíèÿìè.Ïîñêîëüêóäëèíàõýø-çíà÷åíèÿ
belt_hash
ñîñòàâëÿåò
256áèòîâ,àëãîðèòìû
bign_sign
ìîãóòâûïîëíÿòüñÿòîëüêîíàóðîâíå
l
=128
.Òåìíåìå-
íåå,âáóäóùåìñïèñîêðàçðåøåííûõôóíêöèéõýøèðîâàíèÿìîæåòïîïîëíÿòüñÿ,èïðèýòîì
ìîãóòáûòüïîääåðæàíûîñòàëüíûåóðîâíèñòîéêîñòè
bign_sign
.Ñêàçàííîåîçíà÷àåò,÷òî
çíà÷åíèå
{belt_hash,bign_sign}
ñîîòâåòñòâóåòìåòîäóàóòåíòèôèêàöèè
bign128_auth
,
èíåñîîòâåòñòâóåòìåòîäàì
bign192_auth
,
bign256_auth
.
Â.4Ñîîáùåíèÿèøàãè
Â.4.1Óòî÷íåíèÿ
Âíàñòîÿùåìïîäðàçäåëåóòî÷íÿþòñÿñîîáùåíèÿèøàãèïðîòîêîëàHandshake.Óòî÷íå-
íèÿêàñàþòñÿäåòàëåéèñïîëüçîâàíèÿîïðåäåëåííûõâûøåêðèïòîíàáîðîâèìåòîäîâàóòåí-
òèôèêàöèèïðèâûïîëíåíèèïðîòîêîëà.
ÑîîáùåíèÿèøàãèïðîòîêîëîâRecord,ChangeCipherSpecèAlertíåóòî÷íÿþòñÿ,â
ýòîìíåòíåîáõîäèìîñòè.
Â.4.2Ïðèâåòñòâåííûåñîîáùåíèÿ
Äëÿèñïîëüçîâàíèÿêðèïòîíàáîðîâíàñòîÿùåãîïðèëîæåíèÿñòîðîíûóêàçûâàþòèõ
èäåíòèôèêàòîðû(ñì.Â.1)âïîëå
cipher_suites
ñîîáùåíèÿ
ClientHello
èâïîëå
cipher_suite
ñîîáùåíèÿ
ServerHello
.
Äëÿêðèïòîíàáîðîâ,îïðåäåëåííûõâíàñòîÿùåìïðèëîæåíèè,ñîîáùåíèå
ClientHello
ÄÎËÆÍÎñîäåðæàòüðàñøèðåíèå
signature_algorithms
(ñì.8.7)çàèñêëþ÷åíèåìñëó-
÷àÿ,êîãäàêëèåíòïîääåðæèâàåòòîëüêîîäíóïàðó
{belt_hash,bign_sign}
.ÊëèåíòÌÎ-
ÆÅÒîïóñòèòüïåðåäà÷óýòîéïàðûâðàñøèðåíèè.Ïðèïîëó÷åíèèClientHelloñîòñóò-
ñòâóþùèìðàñøèðåíèåì
signature_algorithms
ñåðâåðÄÎËÆÅÍñ÷èòàòü,÷òîêëèåíò
ïîääåðæèâàåòòîëüêîïàðó
{belt_hash,bign_sign}
.
Ñîîáùåíèå
HelloRequest
íåóòî÷íÿåòñÿ.
Â.4.3Ñîîáùåíèåñåðâåðà
Certificate
Ñîîáùåíèåñåðâåðà
Certificate
âûñûëàåòñÿïðèèñïîëüçîâàíèèëþáîãîèçàëãîðèò-
ìîâDHT_BIGN,DHE_BIGN,DHT_PSK_BIGN.Ñîäåðæàíèåñîîáùåíèÿáûëîîïðåäåëå-
íîïðèîïèñàíèèàëãîðèòìîâ.
Â.4.4Ñîîáùåíèå
ServerKeyExchange
Ñîîáùåíèå
ServerKeyExchange
îáÿçàòåëüíîâûñûëàåòñÿïðèèñïîëüçîâàíèèàëãîðèò-
ìîâDHE_BIGN,DHE_PSK_BIGNìîæåòâûñûëàòüñÿïðèèñïîëüçîâàíèèàëãîðèòìà
DHT_PSK_BIGNèíåâûñûëàåòñÿïðèèñïîëüçîâàíèèàëãîðèòìàDHT_BIGN.Ñîäåð-
æàíèåñîîáùåíèÿáûëîîïðåäåëåíîïðèîïèñàíèèàëãîðèòìîâ.
Ôîðìàòñîîáùåíèÿ
ServerKeyExchange
îïðåäåëÿåòñÿñëåäóþùèìîáðàçîì:
struct
{
select(KeyExchangeAlgorithm){
case
dhe_bign:
opaque
public
64..128&#x-856;&#x-864;&#x-86.;&#x-85.;&#x-861;&#x-862;&#x-868;&#x-171;;
digitally-
signed
struct
{
opaque
client_random[32];
55
ÑÒÁ34.101.65-2014
opaque
server_random[32];
opaque
public
64..128&#x-866;&#x-864;&#x-86.;&#x-85.;&#x-861;&#x-862;&#x-868;&#x-171;;
}signed_params;
case
dhe_psk_bign:
opaque
psk_identity_hint0..2^16-1&#x-820;&#x-82.;&#x-83.;&#x-822;&#x-82^;&#x-831;&#x-826;&#x-165;&#x--82;-16;⎝;
opaque
oid3..255&#x-843;&#x-85.;&#x-84.;&#x-842;&#x-845;&#x-845;&#x-169;;
opaque
public
64..128&#x-866;&#x-864;&#x-86.;&#x-85.;&#x-861;&#x-862;&#x-868;&#x-171;;
case
dht_psk_bign:
opaque
psk_identity_hint0..2^16-1&#x-820;&#x-82.;&#x-83.;&#x-822;&#x-82^;&#x-831;&#x-826;&#x-165;&#x--82;-16;⎝;
};
}ServerKeyExchange;
Ïîëÿñòðóêòóðû
ServerKeyExchange
èìåþòñëåäóþùååçíà÷åíèå:

client_random
ñëó÷àéíûåäàííûåêëèåíòà(ñì.7.2);

server_random
ñëó÷àéíûåäàííûåñåðâåðà(ñì.7.2);

public
ýôåìåðíûéîòêðûòûéêëþ÷ñåðâåðà.Îòêðûòûéêëþ÷ïðåäñòàâëÿåòñÿñòðî-
êîéáàéòîâ(îêòåòîâ)ïîïðàâèëàì,îïèñàííûìâÑÒÁ34.101.45(ïóíêò5.4).Âçàâèñèìîñòè
îòóðîâíÿñòîéêîñòèñòðîêàñîñòîèòèç64,96èëè128áàéòîâ;

signed_params
ÝÖÏïîëåé
client_random
,
server_random
,
public
;

psk_identity_hint
ïîäñêàçêàïîâûáîðóîáùåãîïðåäâàðèòåëüíîðàñïðåäåëåííîãî
ñåêðåòà;

oid
êîäèðîâàííîåïðåäñòàâëåíèåèäåíòèôèêàòîðàïàðàìåòðîâýëëèïòè÷åñêîéêðè-
âîé.
Èñïîëüçóåìîåâñòðóêòóðå
ServerKeyExchange
ïåðå÷èñëåíèå
KeyExchangeAlgorithm
îïðåäåëÿåòñÿñëåäóþùèìîáðàçîì:
enum
{dhe_bign,dhe_psk_bign,dht_psk_bign}
KeyExchangeAlgorithm;
Äëÿäàííîãîïåðå÷èñëåíèÿýëåìåíòûîçíà÷àþòñëåäóþùåå:

dhe_bign
èñïîëüçóåòñÿàëãîðèòìDHE_BIGN;

dhe_psk_bign
èñïîëüçóåòñÿàëãîðèòìDHE_PSK_BIGN;

dht_psk_bign
èñïîëüçóåòñÿàëãîðèòìDHT_PSK_BIGN.
Â.4.5Ñîîáùåíèå
CertificateRequest
Ñåðâåðìîæåòîòïðàâèòüñîîáùåíèå
CertificateRequest
äëÿàóòåíòèôèêàöèèêëèåí-
òà.Âýòîìñëó÷àåïîëÿñòðóêòóðû
CertificateRequest
äîëæíûáûòüçàäàíûñëåäóþùèì
îáðàçîì:

certificate_types
èäåíòèôèêàòîðûìåòîäîâàóòåíòèôèêàöèè
bign128_auth
,
bign192_auth
èëè
bign256_auth
;

supported_signature_algorithms
îïðåäåëåííûåâÂ.3.3ïàðûèäåíòèôèêàòîðîâ
¾àëãîðèòìõýøèðîâàíèÿ,àëãîðèòìûÝÖÏ¿.
Ïîëå
certificate_authorities
îïðåäåëÿåòñÿâñîîòâåòñòâèèñ8.10.
Â.4.6Ñîîáùåíèå
ServerHelloDone
Ñîîáùåíèå
ServerHelloDone
íåóòî÷íÿåòñÿ.
56
ÑÒÁ34.101.65-2014
Â.4.7Ñîîáùåíèåêëèåíòà
Certificate
Ñîîáùåíèåïîñûëàåòñÿêëèåíòîì,åñëèñåðâåðïðèñëàëçàïðîñ
CertificateRequest

ýòîìñîîáùåíèèêëèåíòâûñûëàåòñåðâåðóñâîéñåðòèôèêàò,ñîîòâåòñòâóþùèéîäíîìóèç
çàïðîøåííûõìåòîäîâàóòåíòèôèêàöèè:
bign128_auth
,
bign192_auth
èëè
bign256_auth
.
Åñëèêëèåíòíåèìååòïîäõîäÿùåãîñåðòèôèêàòà,òîîíìîæåòïîñëàòüâñîîáùåíèè
Certificate
ïóñòóþöåïî÷êóñåðòèôèêàòîâ.Âýòîìñëó÷àåñåðâåðïðèíèìàåòðåøåíèå
îâîçìîæíîñòèïðîäîëæåíèÿïðîòîêîëàHandshakeáåçàóòåíòèôèêàöèèêëèåíòà.
Â.4.8Ñîîáùåíèå
ClientKeyExchange
Ñîîáùåíèå
ClientKeyExchange
îáÿçàòåëüíîâûñûëàåòñÿïðèèñïîëüçîâàíèèëþáîãîèç
àëãîðèòìîâDHE_BIGN,DHT_BIGN,DHE_PSK_BIGNèDHT_PSK_BIGN.Ñîäåðæà-
íèåñîîáùåíèÿáûëîîïðåäåëåíîïðèîïèñàíèèàëãîðèòìîâ.
Ôîðìàòñîîáùåíèÿ
ClientKeyExchange
îïðåäåëÿåòñÿñëåäóþùèìîáðàçîì:
struct
{
select(KeyExchangeAlgorithm){
case
dht_bign:
opaque
token96..160&#x-859;&#x-866;&#x-86.;&#x-86.;&#x-851;&#x-866;&#x-860;&#x-171;;
case
dhe_bign:
opaque
public
64..128&#x-856;&#x-864;&#x-86.;&#x-85.;&#x-861;&#x-862;&#x-868;&#x-171;;
case
dhe_psk_bign:
opaque
psk_identity0..2^16-1&#x-830;&#x-82.;&#x-82.;&#x-832;&#x-82^;&#x-821;&#x-836;&#x-164;&#x--82;-16;�;
opaque
public
64..128&#x-856;&#x-864;&#x-86.;&#x-85.;&#x-861;&#x-862;&#x-868;&#x-171;;
case
dht_psk_bign:
opaque
psk_identity0..2^16-1&#x-830;&#x-82.;&#x-82.;&#x-832;&#x-82^;&#x-821;&#x-836;&#x-164;&#x--82;-16;�;
opaque
token96..160&#x-859;&#x-866;&#x-86.;&#x-86.;&#x-851;&#x-866;&#x-860;&#x-171;;
};
}ClientKeyExchange;
Ïîëÿñòðóêòóðû
ClientKeyExchange
èìåþòñëåäóþùååçíà÷åíèå:

token
òîêåíêëþ÷à
KeyExchangeAlgorithm+={dht_bign};
Äîïîëíèòåëüíûéýëåìåíòïåðå÷èñëåíèÿîçíà÷àåòñëåäóþùåå:

dht_bign
èñïîëüçóåòñÿàëãîðèòìDHT_BIGN.
Â.4.9Ñîîáùåíèÿ
CertificateVerify,Finished
ÄëÿâûðàáîòêèÝÖÏïðèôîðìèðîâàíèèñîîáùåíèÿ
CertificateVerify
èñïîëüçóþòñÿ
àëãîðèòìûÝÖÏ,îïðåäåëåííûåâÂ.3.3.
57
ÑÒÁ34.101.65-2014
Ïðèôîðìèðîâàíèèñîîáùåíèÿ
Finished
ÄÎËÆÅÍèñïîëüçîâàòüñÿàëãîðèòìãåíå-
ðàöèèïñåâäîñëó÷àéíûõ÷èñåë,îïðåäåëåííûéâÂ.2.3.Äëÿõýøèðîâàíèÿñîîáùåíèéïðî-
òîêîëàHandshakeÄÎËÆÅÍèñïîëüçîâàòüñÿàëãîðèòì,îïðåäåëåííûéâÑÒÁ34.101.31
(ïóíêò6.9).Ïàðàìåòð
verify_data_length
ÄÎËÆÅÍáûòüðàâåí12.
58
ÑÒÁ34.101.65-2014
Áèáëèîãðàôèÿ
[1]
ISO/IEC9899:2011InformationtechnologyProgramminglanguages+C
Èíôîðìàöèîííûåòåõíîëîãèè.ßçûêèïðîãðàììèðîâàíèÿ.Ñè
[2]
RFC4506:2006XDR:ExternalDataRepresentationStandard
(Ñòàíäàðòïðåäñòàâëåíèÿâíåøíèõäàííûõ)
[3]
RFC5246:2008TheTransportLayerSecurity(TLS)Protocol.Version1.2
(Ïðîòîêîëçàùèòûòðàíñïîðòíîãîóðîâíÿ.Âåðñèÿ1.2)
[4]
RFC4279:2005PreSharedKeyCiphersuitesforTransportLayerSecurity(TLS)
(ÊðèïòîíàáîðûTLSíàîñíîâåïðåäâàðèòåëüíîðàñïðåäåëåííîãîêëþ÷à)
[5]
RFC5746:2010TransportLayerSecurity(TLS)RenegotiationIndicationExtension
(ÐàñøèðåíèåTLSäëÿèíäèêàöèèïåðåóñòàíîâêèñâÿçè)
[6]
Ïîïðàâêàêîôèöèàëüíîéðåäàêöèè
Âêàêîììåñòå
Íàïå÷àòàíî
Äîëæíîáûòü
ÏðèëîæåíèåÂ,
òàáëèöàÂ.1,
âòîðàÿêîëîíêà
{192,21}
{192,22}
{192,23}
{192,24}
{192,25}
{192,26}
{192,27}
{192,28}
{255,21}
{255,22}
{255,23}
{255,24}
{255,25}
{255,26}
{255,27}
{255,28}
ÏðèëîæåíèåÂ,
ïóíêòÂ.3.2
ÏðèëîæåíèåÂ,
ïóíêòÂ.3.3
HashAlgorithm+=
{belt_hash(121)};
SignatureAlgorithm+=
{bign_sign(121)};
HashAlgorithm+=
{belt_hash(231)};
SignatureAlgorithm+=
{bign_sign(231)};
60

Приложенные файлы

  • pdf 7037583
    Размер файла: 850 kB Загрузок: 0

Добавить комментарий