Powered by Google www.ChineseStandard.net Database: 189759 (19 May 2024)

GM/T 0013-2012 PDF in English


GM/T 0013-2012 (GM/T0013-2012, GMT 0013-2012, GMT0013-2012)
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GM/T 0013-2012English570 Add to Cart 0-9 seconds. Auto-delivery. Trusted computing--Trusted cryptography module interface compliance Obsolete


Standards related to: GM/T 0013-2012

GM/T 0013-2012: PDF in English (GMT 0013-2012)

GM/T 0013-2012
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
RECORD NO.. 38311-2013
Trusted computing - Trusted cryptography
module interface compliance
可信计算 可信密码模块接口
ISSUED ON. NOVEMBER 22, 2012
IMPLEMENTED ON. NOVEMBER 22, 2012
Issued by. State Cryptography Management
Table of Contents
Foreword ... 5
Introduction .. 6
1 Scope .. 7
2 Normative references ... 7
3 Terms and definitions ... 8
4 Trusted cryptography module interface compliance test .. 9
4.1 General ... 9
4.2 Constant values ... 10
4.3 Test strategy ... 12
4.4 Test method ... 14
5 Command dependency relationships ... 15
5.1 Startup command set ... 15
5.2 State save command set... 16
5.3 Self-test command set .. 16
5.4 TCM operating mode setting command set ... 16
5.5 Owner management command set ... 16
5.6 Attribute management command set ... 17
5.7 Upgrading and maintenance command set ... 17
5.8 Authorization value management command set ... 17
5.9 Nonvolatile storage management command set ... 17
5.10 Operating environment management command set ... 18
5.11 Audit command set ... 18
5.12 Clock command set.. 18
5.13 Counter command set ... 18
5.14 TCM endorsement key management command set ... 19
5.15 Platform identity key management command set ... 19
5.16 Data protection operating command set ... 20
5.17 Key management command set .. 20
5.18 Key agreement command set ... 21
5.19 Key migration command set... 21
5.20 Cryptographic service command set ... 21
5.21 Transport session command set .. 22
5.22 Authorization protocol command set ... 22
5.23 Platform configuration register management command set ... 23
6 Vector commands .. 23
6.1 TCM_Startup .. 23
6.2 TCM-SelfTestFull.. 24
6.3 TCM_ContinueSelfTest ... 25
6.4 TCM_GetTestResult ... 25
6.5 TCM_SetOwnerInstall ... 26
6.6 TCM_OwnerSetDisable ... 27
6.7 TCM_PhysicalEnable ... 28
6.8 TCM_PhysicalDisable ... 29
6.9 TCM_SetTempDeactivated ... 30
6.10 TCM_PhysicalSetDeactivated ... 30
6.11 TCM_TakeOwnership .. 31
6.12 TCM_OwnerClear ... 34
6.13 TCM_ForceClear... 36
6.14 TCM_DisableOwnerClear ... 37
6.15 TCM_DisableForceClear .. 38
6.16 TCM_GetCapability .. 39
6.17 TCM_SetCapacity ... 40
6.18 TCM_ResetLockValue ... 41
6.19 TCM_ChangeAuth ... 43
6.20 TCM_ChangeAuthOwner ... 45
6.21 TCM_NV_DefineSpace ... 47
6.22 TCM_NV_WriteValue .. 50
6.23 TCM_NV_ReadValue .. 51
6.24 TCM_FlushSpecifc ... 51
6.25 TCM_GetAuditDigest .. 52
6.26 TCM_GetAuditDigestSigned .. 53
6.27 TCM_SetOrdinalAuditStatus .. 56
6.28 TCM_GetTicks ... 58
6.29 TCM_TickStampBlob .. 59
6.30 TCM_ReadPubEK... 60
6.31 TCM_OwnerReadInternalPub ... 61
6.32 TCM_Make Identity .. 63
6.33 TCM_ActivatePEKCert... 67
6.34 TCM_ActivatePEK ... 69
6.35 TCM_Seal ... 72
6.36 TCM_Unseal ... 75
6.37 TCM_CreateWrapKey ... 79
6.38 TCM_LoadKey ... 82
6.39 TCM_GetPubKey .. 86
6.40 TCM_WrapKey ... 87
6.41 TCM_CertifyKey ... 91
6.42 TCM_AuthorizeMigrationKey ... 92
6.43 TCM_CreateMigratedBlob .. 94
6.44 TCM_ConvertMigratedBlob ... 97
6.45 TCM_SM3Start ... 100
6.46 TCM_Sm3Update .. 101
6.47 TCM_SM3Complete.. 102
6.48 TCM_SM3CompleteExtend ... 103
6.49 TCM_Sign .. 104
6.50 TCM_SM4Encrypt .. 106
6.51 TCM_SM4Decrypt.. 108
6.52 TCM_SM2Decrypt... 110
6.53 TCM_GetRandom ... 113
6.54 TCM_APCreate ... 113
6.55 TCM_APTerminate .. 115
6.56 TCM_Extend .. 117
6.57 TCM_PCRRead ... 118
6.58 TCM_Quote... 118
6.59 TCM_PCR_Reset .. 121
7 Script vectors ... 122
7.1 TCM_SaveState ... 122
7.2 TCM_SaveContext ... 123
7.3 TCM_LoadContext ... 126
7.4 TCM_FiledUpgrade .. 128
Bibliography .. 130
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Attention is drawn to the possibility that some of the elements of this document
may be the subject of patent rights. The issuer of this document shall not be
held responsible for identifying any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of the State
Cryptography Management.
The drafting organizations of this Standard. Institute of Software Chinese
Academy of Sciences, Nationz Technologies Co., Ltd., Legend Holdings Co.,
Ltd., Tongfang Co., Ltd., Beijing Information Science and Technology University.
The main drafters of this Standard. Qin Yu, Wu Qiuxin, Chang Dexian, Chu
Xiaobo, Xu Zhen, Liu Xin, Ning Xiaokui, Zheng Bike, Liu Ren, Li Hao, Zhang
Qianying, Wang Dan, Liu Ziwen, Yu AImin.
Trusted computing - Trusted cryptography
module interface compliance
1 Scope
This Standard is based on GM/T 0011-2012, Trusted computing - Functionality
and interface specification of cryptographic support platform; defines the
command test vectors of trusted cryptography modules; and provides effective
test methods and flexible test scripts.
This Standard applies to the compliance test of trusted cryptography modules,
but it can not replace their security check. The security test of trusted
cryptography modules shall be conducted in accordance with other
specifications.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the edition dated applies to this
document. For undated references, the latest edition of the referenced
documents (including all amendments) applies to This Standard.
GB/T 5271.8-2001, Information technology - Vocabulary - Part 8. Security
GB/T 16264.8-2005, Information technology - Open systems interconnection
- The directory - Part 8. Public-key and attribute certificate frameworks
GB 17859-1999, Classified criteria for security protection of computer
information system
GB/T 18336 (all parts), Information technology - Security techniques -
Evaluation criteria for IT security
GM/T 0002-2012, SM4 Block cipher algorithm
GM/T 0003-2012, Public key cryptographic algorithm SM2 based on elliptic
curves
GM/T 0004-2012, SM3 password hashing algorithm
GM/T 0011-2012, Trusted computing - Functionality and interface
specification of cryptographic support platform
GM/T 0012-2012, Trusted computing - Interface specification of trusted
cryptography module
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
trusted computing platform
The support system which is established in the computing system and used to
implement the trusted computing function.
3.2
trusted cryptography module; TCM
The hardware module of the trusted computing platform, which provides the
cryptographic operation function for the trusted computing platform and has a
protected storage space.
3.3
platform configuration register; PCR
The storage unit inside the trusted cryptography module, which is used to store
platform integrity measurement values.
3.4
TCM endorsement key; EK
The initial key of the trusted cryptography module.
3.5
storage master key; SMK
The master key which is used to protect platform identity keys and user keys.
3.6
hash-based message authentication mode; HMAC
This Standard adopts SM3 hash algorithm provided in GM/T 0004-2012 to
generate message authentication codes.
3.7
This Standard only provides the test strategies and test methods for TCM
compliance test, in which all the commands involved come from the standard
GM/T 0011; and the optionality of the command input parameters and the
randomization factors inside TCM enable manufacturers to implement
command test by themselves. Therefore, the test vectors provided in this
Standard are only for the reference of users only.
If manufacturers add a test process into TCM products regarding it as a mode,
then when TMC is in such mode, it is deemed that TCM is in the test mode. The
test mode requirements.
a) the TCM products in the test mode shall neither contradict with other
information of TCM in work, nor disclose such information.
b) TCM manufacturers and system providers shall ensure that TCM only
providing the compliance mode is not implanted into product systems.
c) when TCM is in the compliance test status, proof shall be provided to prove
that TCM is in the compliance test status.
1) TCM can provide proof through a certain mechanism of manufacturers.
2) the already-known mechanisms include.
-- non-standard version information;
-- fixed EK.
4.2 Constant values
The examples in this Standard regarding test vectors and test scripts will
involve some values; these values have the same functions and can be unified
and reused, which is to be benefit of the unification of the whole standard. The
following standard values will be applied in the examples of the digital
computing TCM commands in the whole standards.
4.2.1 Ke...
......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.