GB/T 29829-2022 English PDFUS$4949.00 · In stock
Delivery: <= 22 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 29829-2022: Information security technology - Functionality and interface specification of cryptographic support platform for trusted computing Status: Valid GB/T 29829: Historical versions
Basic dataStandard ID: GB/T 29829-2022 (GB/T29829-2022)Description (Translated English): Information security technology - Functionality and interface specification of cryptographic support platform for trusted computing Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Word Count Estimation: 259,272 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 29829-2022: Information security technology - Functionality and interface specification of cryptographic support platform for trusted computing---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology -- Functionality and interface specification of cryptographic support platform for trusted computing ICS 35.030 CCSL80 National Standards of People's Republic of China Replacing GB/T 29829-2013 information security technology trusted computing Cryptographic Support Platform Function and Interface Specification Published on 2022-04-15 2022-11-01 Implementation State Administration for Market Regulation Released by the National Standardization Administration directory Foreword XV Introduction XVI 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Abbreviations 3 5 Overview of Trusted Computing Cryptographic Support Platform 4 5.1 Overview of Trusted Computing 4 5.2 Trusted Components 4 5.3 Trusted Computing Base 4 5.4 Trusted Boundaries 5 5.5 Trusted Delivery 5 5.6 Trusted Authorization 5 6 Trusted Computing Cryptography Support Platform Function 5 6.1 Platform Architecture 5 6.2 Platform Interface Function 7 7 Trusted Cryptographic Module Interface 11 7.1 General requirements 11 7.2 Start command 11 7.3 Detection command 13 7.4 Session Commands 15 7.5 Object Commands 16 7.6 Copy command 24 7.7 Asymmetric Algorithm Commands 28 7.8 Symmetric Algorithm Commands 32 7.9 Random Number Generator Commands 33 7.10 Hash/HMAC commands 34 7.11 Prove Command 40 7.12 Temporary EC key command 44 7.13 Signature and Signature Verification Commands 46 7.14 Metric Commands 48 7.15 Enhanced Authorization Commands 50 7.16 Hierarchical Commands 60 7.17 Dictionary Attack Commands 66 7.18 Administrative Function Commands 67 7.19 Context Management Commands 68 7.20 Attribute Commands 71 7.21 NV Operation Commands 72 8 Validation methods 82 8.1 Overview 82 8.2 Conformance Implementation Principle Description 82 Appendix A (Normative) Data Structures 86 A.1 Command code 86 A.2 Return code 90 A.3 Basic Constants 94 A.4 Structure Definition 117 A.5 Cipher Parameters and Structure 133 A.6 Key/Object Structure 138 A.7 NV Storage Structure 143 A.8 Context Data 147 Appendix B (Informative) Trusted Cryptographic Module Verification Example 151 B.1 Overview 151 B.2 Example of start command input and output 151 B.3 Test command input and output example 151 B.4 Session command input and output example 152 B.5 Object Command Input and Output Example 152 B.6 Copy command input and output example 155 B.7 Asymmetric Algorithm Command Input and Output Example 157 B.8 Symmetric algorithm command input and output example 158 B.9 HASH/HMAC/Event command input and output example 158 B.10 Certificate command input and output example 160 B.11 Temporary EC command input and output example 162 B.12 Signature and Signature Verification Command Input and Output Example 162 B.13 Example of complete command input and output 163 B.14 Enhanced Authorization Command Input and Output Example 164 B.15 Hierarchical Command Input and Output Examples 166 B.16 Dictionary attack command input and output example 167 B.17 Management function command input and output example 168 B.18 Context management command input and output examples 168 B.19 Example of performance command input and output 170 B.20 NV operation command input and output example 170 Appendix C (Informative) Trusted Cryptographic Module Architecture and Functional Principles 174 C.1 Architecture of the TCM 174 C.2 TCM's own security 177 C.3 TCM Execution Status 177 C.4 TCM Control Domain 179 C.5 Main Seed 180 C.6 TCM handle 181 C.7 TCM Object Names 182 C.8 PCR Operations 183 C.9 TCM Command/Response Structure 184 C.10 Authorization 189 C.11 Session Encryption 204 C.12 Protected Storage 205 C.13 Protected Storage Hierarchy 207 C.14 Credential Protection 213 C.15 Object Properties 215 C.16 Object Structural Elements 215 C.17 Object Creation 217 C.18 Object Loading 220 C.19 Object Creation Reference Implementation 220 C.20 Context Management 221 C.21 Proof 226 C.22 Cipher Support Functions 226 C.23 Core Time Series of Hardware Roots of Trust 227 C.24 Time component 227 C.25 Nonvolatile Memory 228 C.26 Error and return code 235 C.27 General purpose input and output 235 Appendix D (Informative) Chapter Number Comparison List 236 Appendix E (Informative) Trusted Cryptographic Module Application Case 239 E.1 TCM-based trust chain delivery 239 E.2 Trusted Boot for Enhanced TCM 239 E.3 Establishing trusted connections between devices and services based on TCM 239 Reference 242 forewordThis document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for Standardization Work Part 1.Structure and Drafting Rules of Standardization Documents" drafted. This document replaces GB/T 29829-2013 "Information Security Technology Trusted Computing Cryptography Support Platform Function and Interface Specification", and Compared with GB/T 29829-2013, in addition to structural adjustment and editorial changes, the main technical content changes are as follows. a) Changed "Terms, Definitions and Abbreviations", and added and changed the content of terms and definitions (see Chapter 3,.2013 edition of 3.1); b) Chapter 4 "Abbreviations" was added and some contents were added and changed (see Chapter 4, 3.2 of the.2013 edition); c) Changed the contents of "Platform Architecture" and "Functional Principles" and adjusted them to 6.1 and 6.2, and made some changes to the contents Changes (see 6.1 and 6.2, 4.1 and 4.3 of the.2013 edition); d) Deleted the content of "Cryptographic Algorithm Requirements" (see 4.2 of the.2013 edition); e) Added the content of "Overview of Trusted Computing Cryptography Support Platform" (see Chapter 5); f) Deleted the content of "Trusted Computing Cryptography Support Platform Functional Service Interface" (Chapter 5 of the.2013 edition); g) Added the content of "Trusted Cryptographic Module Interface" (see Chapter 7); h) Added the implementation requirements for SM2 asymmetric encryption and decryption instructions (see 7.7); i) Added the content of "verification method" (see Chapter 8); j) Changed Appendix A (normative) "Data Structure" (see Appendix A). Please note that some content of this document may be patented. The issuing agency of this document assumes no responsibility for identifying patents. This document is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260). This document is drafted by. Lenovo (Beijing) Co., Ltd., National Technology Co., Ltd., Institute of Software, Chinese Academy of Sciences, Beijing Information Technology Co., Ltd. University of Science and Technology, China Electronics Standardization Institute, Wuhan University, Peking University, Beijing Qihoo Technology Co., Ltd., Datang Gaohong Xin'an (Zhejiang University) Jiang) Information Technology Co., Ltd., Zhongdian Technology (Beijing) Co., Ltd., Shenzhou Netcom Technology Co., Ltd., Inspur Electronic Information Industry Co., Ltd. Co., Ltd., Xingtang Communication Technology Co., Ltd., Alibaba Cloud Computing Co., Ltd., Shenzhen Digital TV National Engineering Laboratory Co., Ltd., National Computer Network and Information Security Management Center, the Third Research Institute of the Ministry of Public Security, National Certification Technology (Beijing) Co., Ltd., Beijing Ant Cloud Financial Information Services Co., Ltd., Huawei Technologies Co., Ltd., Beijing Zhuoshi Internet Security Technology Co., Ltd., Tongfang Co., Ltd., Valley Network Security Technology Co., Ltd., Lenovo (Beijing) Information Technology Co., Ltd., Global Energy Internet Research Institute Co., Ltd., Shenzhen Tencent Computer Systems Co., Ltd., New H3C Technology Co., Ltd. The main drafters of this document. Wei Wei, Li Ruxin, Qin Yu, Liu Xin, Ning Xiaokui, Fu Yuepeng, Chai Haixin, Wu Qiuxin, Zhang Yi, Wang Huili, Zhang Yan, Sun Yan, Wang Juan, Yan Fei, Shen Qingni, Zhang Xiaolei, Zheng Chi, Zhang Jiajian, Chen Xiaochun, Sun Liang, Wang Qiang, Yang Shangxin, Wu Baoxi, Bai Xinlu, Wang Yue, Fu Yingfang, Xiao Peng, Li Xinguo, Wang Hui, Tao Yuan, Li Jun, Chu Xiaobo, Zhang Xiaohu, Zhang Mengliang, Xu Dongyang, Liu Ren, Liu Feng, Yao Jinlong, Wu Huijun, Du Kehong, Lu Weijiang, Zhao Baohua, Liu Daqiu, Huang Chao, Jiang Zengzeng, Wan Xiaolan, Feng Wei, Li Wei, Zhang Liqiang, Yu Fajiang, Zhao Bo, Li Yewang, Qin Wenjie and Luo Wu. The previous versions of this document and its superseded documents are as follows. ---First published in.2013 as GB/T 29829-2013; ---This is the first revision. IntroductionIn order to meet the new needs of the growing trusted computing industry. This document focuses on the application of commercial cryptographic algorithms, and uses trusted computing technology as the core. Based on the requirements, the function of the trusted computing cryptographic support platform is described; referring to the commercial cryptographic algorithms and trusted computing technology in my country in ISO The results adopted and applied in international standards define the interface form of trusted computing cryptography support platform. This document conforms to different application scenarios Trusted computing cryptographic support platform design requirements, compatible with various hardware platforms, host software systems, and application systems, to ensure the unification of industrial products. The consistency and compatibility are used to guide the development and application of trusted computing related products in my country. information security technology trusted computing Cryptographic Support Platform Function and Interface Specification1 ScopeThis document gives the system framework and functional principle of the trusted computing cryptography support platform, specifies the interface specification of the trusted cryptography module, describes the corresponding verification methods. This document is applicable to the development, production, evaluation and application development of products related to the trusted computing cryptography support platform.2 Normative referencesThe contents of the following documents constitute essential provisions of this document through normative references in the text. Among them, dated citations documents, only the version corresponding to that date applies to this document; for undated references, the latest edition (including all amendments) applies to this document. GB/T 20518 Information Security Technology Public Key Infrastructure Digital Certificate Format GB/T 25069 Information Security Technical Terminology GB/T 32905 Information Security Technology SM3 Cryptographic Hash Algorithm GB/T 32907 Information Security Technology SM4 Block Cipher Algorithm GB/T 32915 Information Security Technology Binary Sequence Randomness Detection Method GB/T 32918.2 Information Security Technology SM2 Elliptic Curve Public Key Cryptographic Algorithms Part 2.Digital Signature Algorithms GB/T 32918.3 Information Security Technology SM2 Elliptic Curve Public Key Cryptographic Algorithm Part 3.Key Exchange Protocol GB/T 32918.4 Information Security Technology SM2 Elliptic Curve Public Key Cryptographic Algorithms Part 4.Public Key Cryptography Algorithms GB/T 35276 Information Security Technology SM2 Cryptographic Algorithm Usage Specification3 Terms and DefinitionsThe terms and definitions defined in GB/T 25069 and the following apply to this document. 3.1 storage master key storagemasterkey The master key used to protect operating system keys and user keys. 3.2 It is built in the computing system and used to realize the support system of the trusted computing function. 3.3 An important part of the trusted computing platform, including cryptographic algorithms, key management, certificate management, cryptographic protocols, cryptographic services, etc. The integrity, identity authenticity and data confidentiality of the trusted computing platform itself provide cryptographic support. ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 29829-2022_English be delivered?Answer: Upon your order, we will start to translate GB/T 29829-2022_English as soon as possible, and keep you informed of the progress. The lead time is typically 17 ~ 22 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 29829-2022_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 29829-2022_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.Question 5: Should I purchase the latest version GB/T 29829-2022?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 29829-2022 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically. |
