GM/T 0016-2012 (GM/T 0016-2023 Newer Version) PDF English
GM/T 0016-2012 (GM/T0016-2012, GMT 0016-2012, GMT0016-2012)
Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Name of Chinese Standard | Status |
GM/T 0016-2023 | English | 1789 |
Add to Cart
|
10 days
|
(Smart Password Key Password Application Interface Specification)
| Valid |
GM/T 0016-2012 | English | 385 |
Add to Cart
|
0-9 seconds. Auto-delivery.
|
Smart token cryptography application interface specification
| Valid |
Newer version: GM/T 0016-2023 Standards related to (historical): GM/T 0016-2023
PDF Preview
GM/T 0016-2012: PDF in English (GMT 0016-2012) GM/T 0016-2012
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 38314-2013
Smart token cryptography
application interface specification
ISSUED ON. NOVEMBER 22, 2012
IMPLEMENTED ON. NOVEMBER 22, 2012
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope .. 4
2 Normative references ... 4
3 Terms and definitions ... 4
4 Abbreviations .. 5
5 Structural model ... 6
5.1 Hierarchy .. 6
5.2 Device application structure .. 6
6 Data type definition .. 8
6.1 Algorithm identification.. 8
6.2 Basic data types .. 8
6.3 Constant definition .. 9
6.4 Composite data types ... 9
7 Interface function ... 17
7.1 Device management ... 17
7.2 Access control ... 20
7.3 Application management ... 22
7.4 File management .. 24
7.5 Container management ... 26
7.6 Cryptographic service ... 29
8 Device security requirements ... 42
8.1 Device use phase ... 42
8.2 Permission management ... 43
8.3 Key security requirements .. 44
8.4 Device anti-attack requirements .. 45
Appendix A (Normative) Error code definition and description ... 46
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Attention is drawn to the possibility that some of the elements of this Standard
may be the subject of patent rights. The issuing authority shall not be held
responsible for identifying any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of Code
Industry Standardization Technical Committee.
Appendix A of this standard is normative appendix.
Main drafting organizations of this Standard. Beijing Haitai Fangyuan Science
and Technology Co., Ltd., Beijing Woqi Smart Technology Co., Ltd., Beijing
Daming Wuzhou Technology Co., Ltd., Hublot Co., Ltd., Shenzhen Minghua
Aohan Technology Co., Ltd., Wuhan Tianyu Information Industry Co., Ltd.,
Beijing Feitian Chengxin Technology Co., Ltd., Huaxiangteng Digital
Technology Co., Ltd.
Main drafters of this Standard. Liu Ping, Guo Baoan, Shi Yuping, Liu Zengshou,
Hu Junyi, Guan Yanjun, Xiang Li, Lei Jiye, Hu Peng, Zhao Zaixing, Duan Xiaoyi,
Liu Yufeng, Liu Weifeng, Chen Ji, He Yongfu, Li Gaofeng, Huang Dongjie, Wang
Jiancheng, Wang Xuelin, Zhao Liming.
This standard involves cryptographic algorithms related content, which is
implemented in accordance with the relevant state laws and regulations.
Smart token cryptography
application interface specification
1 Scope
This standard specifies the PKI cryptosystem-based smart token cryptographic
application interface, describes the function, the data type, the definition of
parameters and equipment security requirements of the cryptographic
application interface.
This standard applies to the development, use and testing of smart token
products.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GM/T 0006 Cryptographic application identifier criterion specification
GM/T 0009 SM2 cryptography algorithm application specification
3 Terms and definitions
The following terms and definitions apply to this document.
3.1
Application
A structure including containers, device certification key and file, which has
independent permission management.
3.2
Container
The unique storage space used to store the key in the cryptographic device.
3.3
Device
In this standard the smart token is collectively referred to as device.
3.4
Device authentication
Authentication of the application by the smart token.
3.5
Device authentication key
Key used for device authentication.
3.6
Label
Another name of device, which can be set by the user and stored inside the
device.
3.7
Message authentication code; MAC
Message authentication algorithm output.
3.8
Administrator PIN
Administrator password, which is an ASCII string.
3.9
User PIN
The user's password, which is an ASCII string.
4 Abbreviations
The following abbreviations apply to this specification
API. Application Programming Interface
PKI. Public Key Infrastructure
Function prototype ULONG DEVAPI SKF_Encrypt (HANDLE hKey, BYTE * pbData, ULONG
ulDataLen, BYTE * pbEncryptedData, ULONG * pulEncryptedLen)
Functional description Single-group data encryption operation. It uses the specified encryption key
to encrypt the specified data, the encrypted data only contains one group,
the encrypted ciphertext is stored in the specified buffer area. SKF_Encrypt
only encrypt a single-group data, the SKF_Encrypt must be called to initialize
the encryption operation before calling the SKF_Encrypt. SKF_Encrypt is
equivalent to calling SKF_EncryptUpdate first and then SKF_EncryptFinal.
Parameter hKey [IN] Encryption key handle.
pbData [IN] Data to be encrypted.
ulDataLen [IN] Length of data to be encrypted.
pbEncryptedData [OUT] The encrypted data buffer pointer, which can be
NULL, is used to obtain the encrypted data length.
pulEncryptedLen [IN, OUT] Input indicates the buffer length of the result
data, output indicates the result data actual length.
Return value SAR_OK Success.
Others Error code.
7.6.21 Multi-group data encryption
Function prototype ULONG DEVAPI SKF_EncryptUpdate (HANDLE hKey, BYTE * pbData,
ULONG ulDataLen, BYTE * pbEncryptedData, ULONG * pulEncryptedLen)
Functional description Multi-group data encryption operation. It uses the specified encryption key to
encrypt the specified data, the encrypted data contains multiple group, the
encrypted ciphertext is stored in the specified buffer area.
SKF_EncryptUpdate encrypts multi-group data, the SKF_EncryptInit must be
called to initialize the encryption operation before calling the
SKF_EncryptUpdate. SKF_EncryptFinal must be called to end the
encryption operation after calling the SKF_EncryptUpdate.
Parameter hKey [IN] Encryption key handle.
pbData [IN] Data to be encrypted.
ulDataLen [IN] Length of data to be encrypted.
pbEncryptedData [OUT] The encrypted data buffer pointer.
pulEncryptedLen [OUT] Return the encrypted data length.
Return value SAR_OK Success.
Others Error code.
7.6.22 End encryption
Function prototype ULONG DEVAPI SKF_EncryptFinal (HANDLE hKey, BYTE *
pbEncryptedData, ULONG * pEncryptedDataLen)
Functional description End the encryption of multi-group data, return the remaining encryption result.
First call SKF_Encryptlnit to initialize the encryption operation, then call
SKF_EncryptUpdate to encrypt multi-group data, and finally call
SKF_EncryptFinal to end the encryption of multi-group data.
Parameter hKey [IN] Encryption key handle.
pbEncryptedData [OUT] Encrypted result buffer.
SKF_DecryptUpdate decrypts multi-group data. Before calling
SKF_DecryptUpdate, it must call SKF_Decryptlnit to initialize the decryption
operation. After calling SKF_DecryptUpdate, it must call SKF_DecryptFinal
to end the decryption operation.
Parameter hKey [IN] Decryption key handle.
pbEncryptedData [IN] Data to be decrypted.
ulEncryptedLen [IN] Length of data to be decrypted.
pbData [OUT] Pointer to the decrypted data buffer.
pulDataLen [IN, OUT] Input indicates the result data buffer length,
output indicates the result data actual length.
Return value SAR_OK Success.
Others Error code.
7.6.26 End decryption
Function prototype ULONG DEVAPI SKF_DecryptFinal (HANDLE hKey, BYTE *
pbDecryptedData, ULONG * pulDecryptedDataLen)
Functional description End the decryption of multi-group data. First call SKF_Decryptlnit to initialize
decryption operation, and then call SKF_DecryptUpdate to decrypt multi-
group data, the finally call SKF_DecryptFinal to end multi-group data
decryption.
Parameter hKey [IN] Decryption key handle.
pbDecryptedData [OUT] Point to the decrypted result buffer. If this
parameter is NULL, the length of the decrypted result
is returned by pulDecryptedDataLen.
pulDecryptedDataLen [IN, OUT] Input indicates the length of the
pbDecryptedData buffer, output indicates the length
of the decrypted result.
Return value SAR_OK Success.
Others Error code.
7.6.27 Cryptographic hash initialization
Function prototype ULONG DEVAPI SKF_Digestlnit (DEVHANDLE hDev, ULONG ulAlgID,
ECCPUBLICKEYBLOB * pPubKey, unsigned char * pucID, ULONG ulIDLen,
HANDLE * phHash)
Functional description Initialize the cryptographic hash calculation operation, specify the algorithm
to calculate the cryptographic hash.
Parameter hDev [IN] Device handle returned when the device is connected.
ulAlgID [IN] Cryptographic hash algorithm identi...
...... Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.
|