GM/T 0041-2024 (GM/T 0041-2015) PDF English
US$150.00 · In stock · Download in 9 secondsGM/T 0041-2015: Cryptographic test specification for smart card Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedureStatus: Valid GM/T 0041: Evolution and historical versions
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivery | Name of Chinese Standard | Status |
| GM/T 0041-2024 | English | 469 |
Add to Cart
|
4 days
|
(Smart IC Card Password Testing Specification)
| Valid |
| GM/T 0041-2015 | English | 150 |
Add to Cart
|
0-9 seconds. Auto-delivery
|
Cryptographic test specification for smart card
| Valid |
Excerpted PDFs (Download full copy in 9 seconds upon purchase)PDF Preview: GM/T 0041-2015
GM/T 0041-2015: Cryptographic test specification for smart card---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GMT0041-2015
GM
CRYPTOGRAPHY INDUSTRY STANDARD
ICS 35.040
L 80
File No.. 49740-2015
Cryptographic test specification for smart card
Issued on: APRIL 1, 2015
Implemented on: APRIL 1, 2015
Issued by. State Cryptography Administration
Table of Contents
Foreword. 3
1 Scope.. 4
2 Normative references.. 4
3 Terms and definitions.. 4
4 Symbols and abbreviations. 5
5 Test items.. 6
5.1 COS security management function test.. 6
5.2 COS security mechanism test. 6
5.3 Cryptographic key primality test. 7
5.4 Random number quality test.. 7
5.5 Correctness test of cryptographic algorithm implementation.. 7
5.6 Performance test of cryptographic algorithm implementation.. 7
5.7 Device security testing. 8
6 Test methods.. 8
6.1 General requirements.. 8
6.2 COS security management function test.. 8
6.3 COS security mechanism test.. 17
6.4 RSA key primality test.. 21
6.5 Random number quality test. 21
6.6 Correctness test of cryptographic algorithm implementation. 21
6.7 Performance test of cryptographic algorithm implementation.. 23
6.8 Device security testing.. 26
7 Qualification criteria.. 26
References. 28
Cryptographic test specification for smart card
1 Scope
This Standard specifies the test items and methods of smart IC card products.
This Standard is applicable to the cryptographic test of smart IC card products;
and can also be used to guide the research and development of smart IC card
products. Smart IC card products include, but are not limited to, financial IC
card, bus IC card, etc.
2 Normative references
The following documents are essential to the application of this document. For
the dated references, only the versions with the dates indicated are applicable
to this document. For the undated references, the latest version (including all
the amendments) are applicable to this document.
GM/T 0005 Randomness Test Specification
GM/T 0039 Security Test Requirements for Cryptographic Modules
GM/Z 4001 Cryptography terminologies
3 Terms and definitions
What defined in GM/Z 4001, and the following terms and definitions are
applicable to this document.
3.1 Symmetric cryptographic algorithm
The cryptographic algorithm which uses the same cryptographic key for
encryption and decryption.
3.2 Asymmetric cryptographic algorithm/public key cryptographic
algorithm
The cryptographic algorithm which uses different cryptographic keys for
encryption and decryption. One key (public key) can be made public; the other
key (private key) must be kept secret. It is not computationally feasible to solve
the private key from the public key.
b) Key security transport testing;
c) Security state and access permission testing;
d) Application firewall testing.
5.3 Cryptographic key primality test
The primality of RSA key generated by smart IC card shall meet the requirement
of large prime number.
5.4 Random number quality test
The randomness of the random number generated by smart IC card shall meet
the requirement in GM/T 0005.
5.5 Correctness test of cryptographic algorithm implementation
The correctness test of cryptographic algorithm implementation includes the
testing on the following 6 aspects.
a) Correctness testing of block algorithm implementation;
b) Correctness testing of key generation of asymmetric key cryptographic
algorithm;
c) Correctness testing of encryption and decryption implementation of
asymmetric key cryptographic algorithm;
d) Correctness testing of digital signature and signature authentication of
asymmetric key cryptographic algorithm;
e) Correctness testing of hash algorithm implementation;
f) Correctness testing of sequence algorithm.
5.6 Performance test of cryptographic algorithm implementation
The performance test of cryptographic algorithm implementation includes the
performance testing on the following 11 aspects.
a) Encryption performance testing of block key cryptographic algorithm;
b) Decryption performance testing of block key cryptographic algorithm;
c) Performance testing of hash algorithm;
d) Encryption performance testing of asymmetric key cryptographic
security state. The target of testing shall return that the security state is
not met;
c) After the authentication, OPERATE the document which requires security
state. The target of testing shall return a successful operation.
6.2.1.2 Abnormal condition testing
The testing steps are as follows.
a) USE a wrong external authentication key to authenticate. The target of
testing shall return unsuccessful operation and prompt the remaining
number of authentication. When the remaining number of authentication
is zero, the external authentication key locks;
b) USE a wrong external authentication key to authenticate. After the
authentication, OPERATE the document which requires security state.
The target of testing shall return that the security state is not met;
c) USE a wrong key identifier to do external authentication. The target of
testing shall return that the cryptographic key is not found;
d) When there are multiple external authentication keys in a target of testing,
successfully AUTHENTICATE external authentication key 1 and
OPERATE the document protected by external authentication key 2; the
target of testing shall return that the security state is not met.
6.2.2 Internal authentication testing
USE the standard testing data to do internal authentication; the results, which
shall be returned by target of testing, shall be consistent with the expected
results.
6.2.3 PIN authentication testing
6.2.3.1 Normal condition testing
The testing steps are as follows.
a) USE a correct PIN to authenticate. The target of testing shall return a
response of successful authentication;
b) Before the authentication, OPERATE the document which needs to be
protected by PIN. The target of testing shall return that the security state
is not met;
c) After the authentication, OPERATE the document which needs to be
number;
e) The length of PIN exceeds the specified range; the target of testing shall
return unsuccess;
f) For 3 consecutive times, USE wrong cryptographic key to calculate MAC
for unlocking operation, the application locks.
6.2.7 Application locking testing
6.2.7.1 Normal condition testing
The testing steps are as follows.
a) USE a correct method to calculate MAC for application locking. The target
of testing shall return successful application locking;
b) After the application is temporarily locked, only the commands used to
select application, take response data, take random number, apply
unlocking can be performed. Otherwise, the target of testing returns that
the use condition is not met;
c) After the application is permanently locked, only the commands used to
select application, take response data, take random number can be
performed. Otherwise, the target of testing returns permanent application
locking.
6.2.7.2 Abnormal condition testing
The testing steps are as follows.
a) USE a wrong Lc to calculate MAC for application locking operation. The
target of testing shall return security message error;
b) USE a wrong filling method to calculate MAC for application locking
operation. The target of testing shall return security message error;
c) USE a wrong cryptographic key to calculate MAC for application locking
operation. The target of testing shall return security message error;
d) The non-fetched random number directly calculates MAC for application
locking operation. The target of testing shall return the non-fetched
random number;
e) Under DDF, USE application locking command, the target of testing shall
return that the use condition is not met;
USE non-private key document to open the digital envelope; the target of
testing shall return unsuccess.
6.3 COS security mechanism test
6.3.1 Message security transport testing
6.3.1.1 Normal condition testing
Testing of ciphertext mode with MAC.
a) In ciphertext mode with MAC, UPDATE basic documents;
b) By sending MAC, READ the content of ciphertext basic documents;
c) The test authority decrypts the ciphertext which has been read;
d) The decrypted data shall be consistent with the write-in content;
e) USE different data lengths to test.
6.3.1.2 Abnormal condition testing
The testing steps are as follows.
a) USE a wrong Lc to calculate MAC for read-write operation. The target of
testing shall return security message error;
b) USE a wrong filling method to calculate MAC for read-write operation. The
target of testing shall return security message error;
c) USE a wrong cryptographic key to calculate MAC for read-write operation.
The target of testing shall return security message error;
d) The non-fetched random number directly calculates MAC for read-write
operation. The target of testing shall return the non-fetched random
number;
e) USE the plaintext mode to perform read-write operation. The target of
testing shall return document type error;
f) USE the ciphertext mode to perform read-write operation. The target of
testing shall return document type error;
g) For 3 consecutive times, USE a wrong cryptographic key to calculate MAC
for read-write operation, the application locks.
6.3.2 Key security transport testing
e) USE wrong Lc encrypted data to perform read-write operation. The target
of testing shall return that the security message data item is not correct;
f) USE ciphertext mode to write the cryptographic key which requires to be
written in ciphertext with MAC; the target of testing shall return document
type error.
6.3.3 Security state and access permission testing
6.3.3.1 Write document permission testing
The testing steps are as follows.
a) With...
......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.
|