HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189759 (8 Dec 2024)

GM/T 0012-2012 (GM/T 0012-2020 Newer Version) PDF English


GM/T 0012-2012 (GM/T0012-2012, GMT 0012-2012, GMT0012-2012)
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GM/T 0012-2020English1820 Add to Cart 0-9 seconds. Auto-delivery. Trusted computing -- Trusted computing interface specification of trusted cryptography module Valid
GM/T 0012-2012English700 Add to Cart 0-9 seconds. Auto-delivery. Trusted computing--Interface specification of trusted cryptography module Obsolete
Newer version: GM/T 0012-2020     Standards related to (historical): GM/T 0012-2020
PDF Preview

GM/T 0012-2012: PDF in English (GMT 0012-2012)

GM/T 0012-2012 GM CRYPTOGRAPHY INDUSTRY STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 File No.. 38310-2013 Trusted computing - Interface specification of trusted cryptography module ISSUED ON. NOVEMBER 22, 2012 IMPLEMENTED ON. NOVEMBER 22, 2012 Issued by. State Cryptography Administration Table of Contents Foreword . 4  Introduction .. 5  1 Scope .. 6  2 Normative references .. 6  3 Terms and definitions, abbreviations . 6  4 Overview . 7  5 Management functions of trusted cryptography module . 8  5.1 Start-up .. 9  5.2 State save TCM_SaveState .. 11  5.3 Self-test .. 12  5.4 Setting of operation mode. 14  5.5 Owner management . 22  5.6 Attribute management . 28  5.7 Upgrade and maintenance .. 31  5.8 Authorization value management . 33  5.9 Non-volatile storage management .. 37  5.10 Operational environment management . 49  5.11 Audit . 52  5.12 Clock .. 56  5.13 Counter .. 59  6 Platform identity identifier and authentication . 66  6.1 Cryptographic module key management . 66  6.2 Platform identity key management .. 71  7 Platform data protection . 80  7.1 Data protection operation . 80  7.2 Key management.. 85  7.3 Key protocol .. 96  7.4 Key migration . 102  7.5 Cryptographic service .. 110  7.6 Transport session .. 120  7.7 Authorization protocol .. 125  8 Integrity measurement and reporting function . 128  8.1 Overview .. 128  8.2 Management of platform configuration register . 128  Annex A (Normative) Data structure .. 133  Bibliography .. 178  Foreword This Standard was drafted in accordance with the rules given in GB/T 1.1-2009. Attention is drawn to the possibility that some of the elements of this Standard may be the subject of patent rights. The issuing authority shall not be held responsible for identifying any or all such patent rights. This Standard was proposed by and shall be under the jurisdiction of Code Industry Standardization Technical Committee. Main drafting organizations of this Standard. Legend Holdings Limited, Nationz Technologies Inc., Tongfang Co., Ltd., Institute of Software, Chinese Academy of Sciences, Sinosun Technology Co., Ltd., Jetway Information Security Industry Co., Ltd., Changchun Ji Tai Yuan Information Technology Co., Ltd., Founder Technology Group Co., Ltd., Beijing University of Science and Technology Information, China Great Wall Computer Shenzhen Co., Ltd., Chengdu Westone Information Industry Co., Ltd., Wuxi Jiangnan Information Security Engineering Technology Center, National Defense Science and Technology University of Chinese People's Liberation Army. Main drafters of this Standard. Wu Qiuxin, Yang Xianwei, Fan Qin, Zou Hao, Yu Fajiang, Ning Xiaokui, Wang Zi, Zheng Bike, Lin Yang, Li Weiping, Yin Hongbing, Xu Xia, Yan Fei, Liu Ren, Li Feng, Xu Yong, Jia Bing, Wang Lei, Gu Jian, He Changlong, Qin Zi, Liu Xin, Wang Zhengpeng. Trusted computing - Interface specification of trusted cryptography module 1 Scope This Standard describes trusted computing - interface specification of trusted cryptography module; It specifies functions of trusted cryptography module and command function interface. This Standard is applicable to the development, production, evaluation and application development of trusted cryptography module. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. GB/T 5271.8, Information technology - Vocabulary - Part 8. Security (GB/T 5271.8-2001, idt ISO/IEC 2382-8.1998) GM/T 0002, SM4 Block Cipher Algorithm GM/T 0003 (all parts), Public Key Cryptographic Algorithm SM2 Based on Elliptic Curves GM/T 0004, SM3 Password Hashing Algorithm GM/T 0005, Randomness Test Specification GM/T 0011, Trusted computing - Functionality and interface specification of cryptographic support platform 3 Terms and definitions, abbreviations 3.1 Terms and definitions For the purposes of this document, the terms and definitions defined in GB/T 5271.8 as well as the followings apply. 1) running management program, i.e., TCM operation system; 2) function command program, which is core and main body of firmware; 3) function interface to interact with the host program. TCM core functional system is to build three dimensions of trusted computing based on independent cryptographic algorithm, including platform integrity measurement and verification, platform credible identification and identification, platform data protection. The relevant content has been described in detail in GM/T 0011,which shall not be repeated in this Standard. I/O interface of TCM is related to platform, which shall be specifically defined to platform but not involved in this Standard. This Standard mainly defines function commands in TCM firmware and corresponding function interfaces. It mainly includes the following four aspects. 1) TCM management function that establishes 43 function commands and interface specification in 13 aspects, including startup, status saving, self- test, working mode setting, owner management, attribute management, authorization value management, non-volatility memory management, operation environment management, auditing, clock, counter, upgrade and maintenance. 2) Platform identity identifier function that establishes 9 function commands and interface specification in 2 aspects including cryptography module key management and platform identity key management. 3) Platform data protective function that establishes 27 function commands and interface specification in 7 aspects including data operational protection, key management, key protocol, key migration, cryptographic service, transport session, authorization protocol. 4) Integrity metrics and reporting function that establish 4 function commands and interface specification in 4 aspects including PCR Write, PCR Read, PCR Reference, PCR Reset. The reporting function needs to be realized in conjunction with the signing operation. The descriptions of each function command and interface mainly provide function description and definition of interface. The internal logic of function command shall not be strictly defined. The following clauses shall describe in detail the function commands and interface specifications of TCM. 5 Management functions of trusted cryptography - data length is the number of total bytes of output data; - return code is the result of this operation (see return code definition table). 5.2 State save TCM_SaveState Function description. Before it is used to enter low power state or no power state, inform TCM to save the current temporary variable to non-volatility memory so that in next start-up, recover to the current saved state. The value needs saving must be volatile. If the saved value is already in non- volatility storage media, it shall not be saved. TCM must be able to check the validity of the saved value. Temporary variables that need to be saved shall at least include. 1) PCR value (PCR attribute perReset is TRUE, or PCR value identified as DEBUG is excluded); 2) all values in TCM_STCLEAR_DATA; 3) all values in TCM_STCLEAR_FLAGS; 4) if the key's parentPCRStatus attribute is FALSE, the value that has been loaded into the key needs to be saved. The auditDigest value needs processing first according to auditing requirements when it is saved. The output parameter of this command shall not be audited (optional). Interface. Input data format. Identifier Data length Return code 2B 4B 4B - identifier is TCM_TAG_RQU_COMMAND; - data length is the total number of bytes of input data; - command code is the fixed value defined by TCM_ORD_SaveState. Output data format. Identifier Data length Return code 2B 4B 4B - identifier is TCM_TAG_RSP_COMMAND; Identifier Data length Return code 2B 4B 4B - identifier is TCM_TAG_RQU_COMMAND; - data length is the total number of bytes of input data; - command code is the fixed value defined by TCM_ORD_ContinueSelfTest. Output data format. Identifier Data length Return code 2B 4B 4B - identifier is TCM_TAG_RSP_COMMAND; - data length is the total number of bytes of output data; - return code is the result of this operation (see return code definition table). 5.3.2 Get self-test result TCM_GetTestResult Function description. This command provides the information of self-test result. This command can be run in failure mode, in order for TCM manufacturer to get diagnostic information. TCM shall return the information block of the latest self-test result. And this information cannot contain any data that uniquely identifies a TCM. Interface. Input data format. Identifier Data length Return code 2B 4B 4B - identifier is TCM_TAG_RQU_COMMAND; - data length is the total number of bytes of input data; - command code is the fixed value defined by TCM_ORD_GetTestResult. Output data format. Identifier Data length Return code Output data length Output data 2B 4B 4B 4B Variable - identifier is TCM_TAG_RSP_COMMAND; - data length is the total number of bytes of output data; Command code Status bit Serial number 4B 1B 4B 1S 2S 2H1 Output verification code calculation. Return code Command code Serial number 4B 4B 4B 1S 2S 2H1 5.4.3 Physical site setting enabled mode TCM_PhysicalEnable Function description. Use physical site as authentication enabled TCM. 1) this command needs performing on physical site; 2) it needs to set the value of TCM_PERMANENT_FLAGS.disable as FALSE. Interface. Input data format. Identifier Data length Command code 2B 4B 4B - identifier is TCM_TAG_RQU_COMMA... ......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.