信息网络安全 ›› 2017, Vol. 17 ›› Issue (4): 26-33.doi: 10.3969/j.issn.1671-1122.2017.04.004

• • 上一篇    下一篇

支持商密算法TLS浏览器的设计与实现

项川1,2,3(), 潘无穷1,2,3, 黎火荣1,2,3, 林璟锵1,2,3   

  1. 1.中国科学院数据与通信保护研究教育中心,北京 100093
    2.中国科学院信息工程研究所,北京 100093
    3.中国科学院大学,北京 100049
  • 收稿日期:2017-02-28 出版日期:2017-04-20 发布日期:2020-05-12
  • 作者简介:

    作者简介: 项川(1991—),男,四川,硕士研究生,主要研究方向为信息安全;潘无穷(1986—),男,黑龙江,助理研究员,博士,主要研究方向为网络与信息安全;黎火荣(1990—),男,福建,博士研究生,主要研究方向为信息安全;林璟锵(1978—),男,福建,研究员,博士,主要研究方向为网络与信息安全。

  • 基金资助:
    国家重点基础研究发展计划(973计划)[2013CB338001]

Research and Implementation of TLS Browser Supporting Commercial Cryptographic Algorithm

Chuan XIANG1,2,3(), Wuqiong PAN1,2,3, Huorong LI1,2,3, Jingqiang LIN1,2,3   

  1. 1.Data Assurance and Communication Security Center, Chinese Academy of Sciences, Beijing 100093, China
    2. Institute of Information Engineering, Chinese Academy of Sciences,Beijing 100093, China
    3. University of Chinese Academy of Sciences, Beijing 100049, China
  • Received:2017-02-28 Online:2017-04-20 Published:2020-05-12

摘要:

文章在Windows平台上设计并实现了支持商密算法TLS的浏览器。利用微软通用的系统接口( CryptoAPI: Next Generation)研制商密算法库,成功使得Windows 10系统支持商密算法和基于商密算法的PKI证书;其次在TLS 1.2协议中添加商用密码算法支持,并在商密算法库的基础上实现了支持上述协议的Chromium浏览器。实验表明,改造的Chromium浏览器支持使用商密算法进行HTTPS网页安全访问,支持基于商密算法的证书,网页访问性能与使用国际密码算法性能接近,并且全面保留了原有浏览器的所有功能。

关键词: 商用密码算法, TLS协议, BoringSSL, Chromium

Abstract:

We implement a TLS browser which support commercial cryptographic algorithms on Windows platform. A CCA (commercial cryptographic algorithms) library is developed using Windows system interface CryptoAPI: Next Generation. Due to the CCA library, Windows 10 can support the commercial cryptographic algorithms and certificate. Secondly. Using the CCA library and the TLS 1.2 protocol which is modified to add the support of the commercial cryptographic algorithms, the open source browser Chromium is modified to support the commercial cryptographic algorithms. The experiment results show that the implemented TLS browser not only support the HTTPS access based on the commercial cryptographic algorithms, support digital certificates based on commercial cryptographic algorithm, keep similar performance with international cryptographic algorithms, but also keep all the original browser owned features.

Key words: commercial cryptographic algorithm, TLS protocol, BoringSSL, Chromium

中图分类号: