GM/T 0058-2018 (GM/T0058-2018, GMT 0058-2018, GMT0058-2018) & related versions
Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | See Detail | Status | Similar PDF |
GM/T 0058-2018 | English | 610 |
Add to Cart
|
0-9 seconds. Auto delivery.
|
Trusted computing-TCM service module interface specification
|
GM/T 0058-2018
| Valid |
GMT 0058-2018
|
Buy with any currencies (Euro, JPY, KRW...): GM/T 0058-2018 Preview this PDF: GM/T 0058-2018
GM/T 0058-2018
CRYPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Registration number: 62993-2018
GB/T 0058-2018
Trusted computing -
TCM service module interface specification
ISSUED ON: MAY 02, 2018
IMPLEMENTED ON: MAY 02, 2018
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Abbreviations ... 9
5 Software architecture ... 10
6 TCM application service ... 11
6.1 Definition of class ... 11
6.2 Relationship between class and object ... 13
6.3 Interface ... 15
7 TCM core services ... 146
7.1 Management of TCM core service ... 146
7.2 Trusted cryptographic module management ... 159
7.3 Platform identity and authentication ... 191
7.4 Protection of platform data ... 200
7.5 Integrity measurements and reports ... 227
8 TDDL device driver library ... 230
8.1 TDDL architecture ... 230
8.2 TDDL memory management ... 231
8.3 TDDL error codes and definitions ... 231
8.4 TDDL interface ... 231
Appendix A (Normative) Interface data structure ... 239
A.1 Basic definition ... 239
A.2 Data structure ... 259
A.3 Processing of authorization data ... 265
Trusted computing -
TCM service module interface specification
1 Scope
This standard specifies the composition and interface standards of the TCM
service module, including TSP, TCS, TDDL, which are TCM application layer-
faced interface standards.
This standard applies to the development of TCM-based application.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 32905-2016 Information security technology SM3 cryptographic hash
algorithm
GB/T 32907-2016 Information security technology - SM4 b1ock cipher
algorithm
GB/T 32918.2-2016 Elliptic curve public - Key cryptography - Part 2: Digital
signature algorithm
GB/T 32918.4-2016 Elliptic curve public - Key cryptography algorithm Part
4: Public key encryption algorithm
GM/T 0005-2012 Randomness test specification
GM/T 0009-2012 SM2 cryptography algorithm application specification
GM/T 0015-2012 Digital certificate format based on SM2 cryptographic
algorithm
3 Terms and definitions
The following terms and definitions apply to this document.
Root of trust for measurement
A trusted integrity metric unit that is the basis for trusted metrics within a
trusted computing platform.
3.8
Root of trust for storage
A universal security mechanism that is the basis for trusted storage within a
trusted computing platform.
3.9
Root of trust for reporting
The cryptographic module key, which is the basis for trusted reporting within
the trusted computing platform.
3.10
Trusted cryptography module
The hardware module of the trusted computing platform, which provides
cryptographic computing functions for the trusted computing platform and
has a protected storage space.
3.11
TCM service module
The software module inside the cryptographic support platform for trusted
computing, which is a software interface for accessing the trusted
cryptographic module outside the platform.
3.12
Trusted party
An organization that provides credible certification, including trusted third
parties and authorities.
3.13
tcm endorsement key
Endorsement key of the trusted cryptographic module.
3.14
The hash value obtained after the component is measured.
3.22
Predefined integrity value
The hash value as obtained by measuring the component in a trusted state.
This value serves as a basis for the integrity verification.
3.23
Trusted chain
During system startup and operation, the trust transfer method as
established between components by the use of the integrity measurement
method.
4 Abbreviations
The following abbreviations apply to this document.
EK: TCM Endorsement Key
HMAC: The keyed-hash message authentication code
NV: Non-Volatility
PCR: Platform Configuration Register
PEK: Platform Encryption Key
PIK: Platform Identity Key
SMK: Storage Master Key
TCM: Trusted Cryptography Module
TSM: TCM service module
TSP: TCM Service Provider
TCS: TCM Core Services
TDD: TCM Device Driver
TDDL: TCM Device Driver Library
TDDLI: TCM Device Driver Library Interface
The execution of a TSM requires a TSP:
1) They are responsible for protecting the transmission of information and
data between applications;
2) Provide a C language interface or a generic interface that can be called
by various platforms, as well as a dynamic link or static connection to the
application;
3) TSM running on Windows operating system can also provide COM
interface.
b) TCM Core Services (TCS)
The TCS is located between the TSM Service Provider (TSP) layer and the
TCM Device Driver Library (TDDL) layer, in a form of system services. It
provides functional interfaces such as TCM usage and key management for
upper-layer applications such as TSP.
TCS can be divided into the following based on different functions:
Basic information management, key management, key cache management,
event management, authorization operation, integrity operation, migration
operation, cryptographic operation, identity certificate operation, device
operation, key exchange, totally 11 modules, of which basic information
management, key management, event management belong to the TCS
manager; the key cache management, authorization operations, integrity
operations, migration operations, cryptographic operations, identity
certificate operations, device operations are all TCM operations.
c) TCM Device Driver Library (TDDL)
TDDL is located between the TCM Core Service (TCS) layer and the TCM
Device Driver (TDD) layer. The main purpose is to provide a standard
interface on top of TDD, shield the difference of I/O control information of
each device, complete the transfer of information in user software and kernel
software.
This standard makes explanation using the C language as an example to
compile relevant functions and interfaces.
6 TCM application service
6.1 Definition of class
The TCM application service defines the following classes:
Table 4 -- Description of attributes
Attributes Sub-attributes Attribute value
TSM_TCSCAP_ALG TSM_ALG_XX: represents the name of supported algorithm
If BOOL returns TRUE, it means the
system service supports the algorithm; if
it returns FALSE, it means not support
TSM_TCSCAP_VERSION Get TSM_VERSION structure description data from system service
TSM_TCSCAP_CACHING TSM_TCSCAP_PROP_KEY-CACHE
If BOOL returns TRUE, it means the
system service supports the key cache; if
it returns FALSE, it means not support
TSM_TCSCAP_CACHING TSM_TCSCAP_PROP_AUTH-CACHE
If BOOL returns TRUE, it means the
system service supports authorized
protocol cache; if it returns FALSE, it
means not support
TSM_TCSCAP_PERSSTORAGE
If BOOL returns TRUE, it means the
system service supports permanent
storage; if it returns FALSE, it means not
support
TSM_TSPCAP_ALG TSM_ALG_DEFAULT Return the default algorithm
TSM_TSPCAP_ALG TSM_ALG_DEFAULT_SIZE Return the default key length
TSM_TSPCAP_ALG TSM_ALG_XX: represents the name of supported algorithm
If BOOL returns TRUE, it means it
supports this algorithm; if it returns
FALSE, it means not support
TSM_TSPCAP_VERSION Get TSM version
TSM_TSPCAP_PERSSTORAGE
If BOOL returns TRUE, it means it
supports permanent storage; if it returns
FALSE, it means not support
TSM_TCSCAP_MANUFACTUR-ER TSM_TCSCAP_PROP_MANU-FACTURER_ID
UINT32 returns the description of system
service provider
TSM_TCSCAP_PROP_MANU-FACTURER_STR
It returns the name of system service
provider
TSM_TSPCAP_MANUFACTUR-
ER
TSM_TSPCAP_PROP_MANU-
FACTURER_ID
UINT32 returns the description of TSM
vendor
TSM_TSPCAP_PROP_MANU-FACTURER_STR It returns the TSM vendor name
TSM_TSPCAP_RETURNVALUE_INFO TSM_TSPCAP_PROP_RETURN-VALUE_INFO
0: It means using the ASN.1 code
1: It means using the byte stream
Description of output parameter:
- pulRespDataLength: Return the length of the attribute parameter of the query.
- prgbRespData: Return the memory address of attribute data of the query.
Return value:
- ulPekLabelLength: The number of bytes of the rgbPekLabelData parameter.
- rgbPekLabelData: Point to the memory pointer of identity, which points to the
string which has a content of TSM_UNICODE type.
- algID: Type of symmetric key algorithm, which is used to identify the encrypted
PEK as well as the symmetric key algorithm of the request information of its
certificate.
- ulPekParamsLength: rgbPekParams data length (in bytes).
- rgbPekParams: PEK key parameter, pointing to the TCM_KEY_PARMS
structure data.
Description of output parameter:
- pulTCMPekReqLength: Receive the buffer byte size of prgbTCMPekReq.
- prgbTCMPekReq: Point to the TCM_PEK_REQ structure data used to request
the PEK and its certificate.
Return value:
TSM_SUCCESS
TSM_E_INVALID_HANDLE
TSM_E_BAD_PARAMETER
TSM_E_INTERNAL_ERROR
6.3.4.4 Tspi_TCM_ActivatePEKCert
Function description:
This function verifies the authenticity of the PEK certificate and returns the
decrypted certificate.
Interface definition:
Table 9 -- Description of attributes
Attributes Status value of FTcmState Description
TSM_TCMSTATUS_
DISABLE-OWNERCLEAR Ignored
Permanently prohibit the TCM owners from performing ClearOwner
operations
At this point, the fForcedClear parameter in the method ClearOwner()
will no longer allow to take FALSE value
This setting requires owner’s authorization
TSM_TCMSTATUS_
DISABLE-FORCECLEAR Ignored
Temporarily prohibit TCM owner's forced cleanup operation (this
prohibition is only valid when the system is running, it will be canceled
the next time the system is restarted).
At this point, the fForcedClear parameter in the method ClearOwner()
will not be allowed to take TRUE value temporarily (until the next system
restart)
TSM_TCMSTATUS_
OWNERSET-DISABLE TSM_BOOL
fTCMState = TRUE: Indicates that the state of the TCM is set to
Disabled. This command requires authorization from the TCM owner
TSM_TCMSTATUS_
PHYSICALDISABLE TSM_BOOL
fTCMState = TRUE: Indicates that the state of the TCM is set to
Disabled. The command must be physically local
TSM_TCMSTATUS_PHY-
SICALSETDEACTIVATED TSM_BOOL
fTCMState = TRUE: Indicates that the state of the TCM is set to
Deactived. The command must be physically local
TSM_TCMSTATUS_
SETTEMPDEACTIVATED Ignored
Temporarily set the status of TCM to Deactived (until the next system
restart)
TSM_TCMSTATUS_
SETOWNERINSTALL TSM_BOOL
fTCMState = TRUE: Indicates that the TakeOwnership() method is
allowed to obtain the owner relationship of TCM
This operation requires physical locality
TSM_TCMSTATUS_
DISABLEPUBEKREAD TSM_BOOL
Permanently prohibit the operation of reading the EK public key
information without the authorization of the TCM owner. After setting
this attribute, the TCM owner must authorize to read the EK public key
information. After setting this attribute, the fOwnerAuthorized parameter
in the GetPubEndorsementKey() method takes the FALSE value and is
no longer valid
Setting this attribute value requires the owner to authorize
TSM_TCMSTATUS_
DISABLED TSM_BOOL Set TCM to available or unavailable
TSM_TCMSTATUS_
DEACTIWTED TSM_BOOL Set TCM to active or inactive
Description of output parameter:
None.
Return value:
Table 11 -- Descriptions of attribute
Attributes Sub-attributes Description
TSM_TCMCAP_ORD Command code
Return a Boolean value
TRUE indicates that the TCM supports the command,
FALSE indicates that the TCM does not support this
command
TSM_TCMCAP_FLAG Ignored Permanent and volatile bit flags
TSM_TCMCAP_ALG TSM_ALG_XX
Return a Boolean value (the ID value of the TSM
algorithm)
TRUE indicates that TCM supports the algorithm, FALSE
indicates that TCM does not support this algorithm
TSM_TCMCAP_
PROPERTY
TSM_TCMCAP_PROP_PCR UINT32 value Return the number of PCR registers supported by TCM
TSM_TCMCAP_PROP_PCRMAP Return the bit flag of TCM_PCR_ATTRIBUTES
TSM_TCMCAP_PROP_
MANUFACTURER
UINT32 value
Return the TCM manufacturer's identifier
TSM_TCMCAP_PROP_SLOTS
or TSM_TCMCAP_PROP_KEYS
UINT32 value
Return the maximum number of 256-bit ECC keys that the
TCM can load.
Can change with time and circumstances
TSM_TCMCAP_PROP_
OWNER
The Boolean value
Returning TRUE means that TCM successfully creates an
owner
TSM_TCMCAP_PROP_
MAXKEYS
UINT32 value
Return the maximum number of 256-bit ECC keys
supported by TCM, excluding EK
TSM_TCMCAP_PROP_
AUTHSESSIONS
UINT32 value
Number of available authorization sessions, which can
change over time and circumstances
TSM_TCMCAP_PROP_
MAXAUTHSESSIONS
UINT32 value
Return the maximum number of loadable authorization
sessions supported by TCM, which can change over time
and circumstances
TSM_TCMCAP_PROP_
TRANSESSIONS
UINT32 value
Return the number of available transport sessions, which
can change over time and circumstances
TSM_TCMCAP_PROP_
MAXTRANSESSIONS
UINT32 value
Return the maximum number of loadable transport
sessions supported by TCM
TSM_TCMCAP_PROP_
SESSIONS
UINT32 value
Return the number of available sessions in the session
pool. Sessions in the session pool include authorization
sessions and transport sessions, which can change over
time and circumstances
- hObject: Object handle whose attribute needs to be set.
- attribFlag: Attribute that needs to be set.
- subFlag: The sub-attributes that need to be set.
- ulAttrib: The value set for the attribute.
The attributes of input parameter are as shown in Table 12.
Table 12 -- Description of attributes
Attribute flag Sub-attribute flag Attribute value Description
TSM_TSPATTRIB_
KEYREGISTER
0 TSM_TSPATTRIB_ KEYREGISTER_USER Key is registered in the TSP
0 TSM_TSPATTRIB_ KEYREGISTER_SYTEM Key is registered in the TCS
0 TSM_TSPATTRIB_ KEYREGISTER_NO Key is not registered in TSM
TSM_TSPATTRIB_
KEY_INFO
TSM_TSPATTRIB_
KEYINFO_USAGE TSM_KEYUSAGE_XX
TSM key usage value, indicating
the type of key used
See the definition of attribute sub-
flag for the key object
TSM_TSPATTRIB_
KEYINFO_MIGRATABLE Boolean value If TRUE, the key is migratable
TSM_TSPATTRIB_
KEYINFO_VOLATILE Boolean value If TRUE, the key is volatile
TSM_TSPATTRIB_
KEYINFO_AUTHDATAUSAGE Boolean value
If TRUE, the usage of key needs
authorization
TSM_TSPATTRIB_
KEYINFO_ALGORITHM TSM_ALG_XX
TSM algorithm ID, representing the
key algorithm
See the definition of algorithm ID
TSM_TSPATTRIB_
KEYINFO_ENCSCHEME
TSM_KEY_ENCSCH
EME_XX
TSM encryption scheme, see the
definition of key encryption
scheme
TSM_TSPATTRIB_
KEYINFO_SIGSCHEME
TSM_KEY_SIGSCH
EME_XX
TSM signature scheme, see the
definition of key signature scheme
TSM_TSPATTRIB_
KEYINFO_SIZE Bit length of key
TSM_TSPATTRIB_
KEYINFO_KEYFLAGS Flag information of key
TSM_TSPATTRIB_
KEYINFO_AUTHUSAGE
Directly set the authDataUsage in
KeyParams
Description of the output parameters:
None.
Table 13 -- Description of attributes
Attribute flag Sub-attribute flag Attribute value Description
TSM_TSPATTRIB_
KEYREGISTER
0 TSM_TSPATTRIB_ KEYREGISTER_USER Key is registered in the TSP
0 TSM_TSPATTRIB_ KEYREGISTER_SYTEM Key is registered in the TCS
0 TSM_TSPATTRIB_ KEYREGISTER_NO Key is not registered in TSM
TSM_TSPATTRIB_
KEY_INFO
TSM_TSPATTRIB_
KEYINFO_USAGE TSM_KEYUSAGE_XX
TSM key usage value, indicating
the type of key used
See the definition of attribute sub-
flag for the key object
TSM_TSPATTRIB_
KEYINFO_MIGRATABLE Boolean value If TRUE, the key is migratable
TSM_TSPATTRIB_
KEYINFO_VOLATILE Boolean value If TRUE, the key is volatile
TSM_TSPATTRIB_
KEYINFO_AUTHDATAUSAGE Boolean value
If TRUE, the usage of key needs
authorization
TSM_TSPATTRIB_
KEYINFO_ALGORITHM TSM_ALG_XX
TSM algorithm ID, representing the
key algorithm
See the definition of algorithm ID
TSM_TSPATTRIB_
KEYINFO_ENCSCHEME
TSM_KEY_ENCSCH
EME_XX
TSM encryption scheme, see the
definition of key encryption
scheme
TSM_TSPATTRIB_
KEYINFO_SIGSCHEME
TSM_KEY_SIGSCH
EME_XX
TSM signature scheme, see the
definition of key signature scheme
TSM_TSPATTRIB_
KEYINFO_KEYFLAGS Flag information of key
TSM_TSPATTRIB_
KEYINFO_AUTHUSAGE
Return the content of
authDataUsage
TSM_TSPATTRIB_
KEYINFO_KEYSTRUCT TSM_KEY_STRUCT_XX
Structure type of key. See the
definition of structure type of key
TSM_TSPATTRIB_
KEYINFO_SIZE Bit length of key
TSM_TSPATTRIB_
KEY_PCR
TSM_TSPATTRIB_KEYPCR_
LOCALITY_ATCREATION
Locality modifier when
creating blob
TSM_TSPATTRIB_KEYPCR_
LOCALITY_ATRELEASE
Locality modifier as
required for the use of key
Description of output parameter:
- pulAttrib: Point to the attribute value of the query.
Return value:
- pulAttribDataSize: The size of the prgbAttribData parameter returned (in
bytes).
- prgbAttribData: The command returns successfully. This parameter points to
a buffer that holds the value of the specified attribute.
Return value:
TSM_SUCCESS
TSM_E_INVALID_HANDLE
TSM_E_INVALID_ATTRIB_FLAG
TSM_E_INVALID_ATTRIB_SUBFLAG
TSM_E_INVALID_ATTRIB_DATA
TSM_E_BAD_PARAMETER
TSM_E_INTERNAL_ERROR
6.3.5.7 Tspi_Key_LoadKey
Function description:
Load the host's key into the TCM. The TCM is responsible for decrypting the
key and caching it in the TCM. Only after the LoadKey is loaded can the key be
used for encryption, decryption, signature.
Call logic:
a) For the key object, the key information set through Tspi_SetAttribData ();
b) Before using this method, the policy objects of hKey and hUnwrappingKey
must be set correctly.
c) The protection key for this key as specified by hUnwrappingKey needs to
be loaded into the TCM beforehand.
d) When the key is loaded, the TCM will return the session handle of the key
in the TCM. When using this key. When using this handle, use this handle
to use this key (due to limited TCM resources, it may provide cache
mechanism to the core service module locally). This handle is saved and
used as an internal variable of the key object.
Interface definition:
- cPointSize: The length of the public key information of other party's static key.
- rgbPoint: The public key information of other party's static key.
- cRaSize: The length of local personal information.
- rgbRa: Local personal information.
- cRbSize: The length of the other party's personal information.
- rgbRb: Personal information of the other party.
- cRxSize: The length of the temporary key’s public key information of the other
party.
- rgbRx: The temporary key’s public key information of the other party.
Description of output parameter:
- phKey: Exchanged shared key.
- pcSxSize: The length of the data used for the local authentication of exchange
process.
- prgbSxData: The data used for the local authentication of exchange process.
- pcSySize: The length of the data provided to the other party for the verification
process.
- prgbSyData: The data provided to the other party for the verification process.
Return value:
6.3.10.3 Tspi_Exchange_ReleaseExchangeSession
Function description:
Release the handle which establishes key exchange session with the TCM.
If it does not use Tspi_Exchange_CreateKeyExchange to create a key
exchange handle, this function must return
TSM_E_EXCHANGE_HANDLE_NOT_EXIST error code.
- ulPendingFunction: The serial number of the TCM command.
- ContinueUse: Continue to use the flag for the authorization session. Continue
to calculate or verify rgbHmacData.
- ulSizeNonces: The size of nonces rgbNonceEven, rgbNonceOdd,
rgbNonceEvenOSAP, rgbNonceOddOSAP.
- rgbNonceEven: The even-numbered random number generated by TCM.
Used to calculate or verify rgbHmacData.
- rgbNonceOdd: The odd-numbered random number generated by the TSP.
Used to calculate or verify rgbHmacData.
- rgbNonceEvenOSAP: The random number associated with the shared secret
generated by TCM. Used to calculate the shared secret of an OSAP session.
- rgbNonceOddOSAP: The random number associated with the shared secret
generated by the caller. Used to calculate the shared secret of OSAP session.
- ulSizeDigestHmac: The size of rgbParamDigest and rgbHmacData.
- rgbParamDigest: SCH digest of TCM function parameters:
If ReturnOrVerify = TRUE, it is the digest of the incoming parameter;
If ReturnOrVerify = FALSE, it is the digest of the ingoing parameter.
- rgbHmacData: Enter or return an authorization digest for the parameter:
If ReturnOrVerify = TRUE, it is the authorization digest of the TCM command
which requires processing;
If ReturnOrVerify = FALSE, it is the authorization digest returned from the TCM.
Description of output parameter:
- rgbHmacData: Enter or return an authorization digest for the parameter:
If ReturnOrVerify = TRUE, it is the authorization digest of the TCM command
which requires processing;
If ReturnOrVerify = FALSE, it is the authorization digest returned from the TCM.
Return value:
- identityAuth: Encrypted PIK authorization data.
- IDLabel_PrivCAHash: A digest of the platform identity and trusted party public
key (TCM_PUBKEY structure data).
- IdldentityKeylnfoSize: The length of parameter which generates PIK.
- idldentityKeylnfo: The parameter which generates PIK, which is the TCM_KEY
structure data.
- pSmkAuth: Authentication information of SMK authorization session.
- pOwnerAuth: Authentication information of Owner authorization session.
Description of output parameter:
- pSmkAuth: Authentication information of SMK authorization session.
- pOwnerAuth: Authentication information of Owner authorization session.
- idldentityKeySize: The length of the PIK generated.
- idldentityKey: The PIK generated, which is the TCM_KEY structure data.
- pcIdentityBindingSize: The length of prgbldentityBinding.
- prgbldentityBinding: The result of the signature of
TCM_IDENTITY_CONTENTS structure data by the PIK private key.
- pcEndorsementCredentialSize: EK certificate data length. If it is equal to 0,
the EK certificate data is empty.
- prgbEndorsementCredential: EK certificate data. It can be empty. It may use
other methods to get the EK certificate.
Return value:
7.3.2.2 Tcsip_ActivateIdentity
Function description:
Get the symmetric key of the encrypted PIK certificate.
- keyHandle: The key handle that encapsulates the operation key.
- encAuth: The encrypted authorization data is the authorization data of the
encapsulated object which is encrypted, wherein the encryption key is the
shared session key as pointed to by the authorization session key.
- pcrlnfoSize: The length of the PCR information parameter. If it is 0, there is no
PCR register available.
- Pcrlnfo: PCR information.
- inDataSize: The length of the data to be encapsulated.
- inData: The data to be encapsulated.
- pAuth: The authentication code of authorization data to encapsulate the
operation key.
Description of output parameter:
- pAuth: The authentication code of output authorization data.
- SealedDataSize: The length of the encapsulated data block.
- SealedData: The encapsulated data block.
Return value:
7.4.1.2 Tcsip_Unseal
Function description:
When the platform configuration information (PCR value) and platform
verification information (TCM_Proof) in the package data and the current PCR
value and TCM_Proof value are consistent, the encapsulated data generated
by the TCM_Seal command is decrypted.
Interface definition:
- rgbPoint: The public key information of the static key of the other party.
- cRaSize: The length of the local personal information digest.
- rgbRa: The local personal information digest.
- cRbSize: The length of the personal information digest of the other party.
- rgbRb: The personal information digest of the other party.
- cRxSize: The length of the public key information of the temporary key of the
other party.
- rgbRx: The public key information of the temporary key of the other party.
- keyAuth: The authorized authentication code of the local static key.
Description of output parameters:
- phKey: The shared key exchanged.
- keyAuth: The pointer which points to the owner authorization data.
- pcSxSize: The length of the data which is used to locally verify the exchange
process.
- prgbSxData: The data which is used to locally verify the exchange process.
- pcSySize: The length of the data which is provided to the other party to perform
the verification process.
- prgbSyDat: The data which is provided to the other party to perform the
verification process.
Return value:
7.4.3.3 Tcsip_ReleaseExchangeSession
Function description:
This command is used to release the TCM exchange process session.
Interface definition:
- parentHandle: The parent key handle to be migrated.
- migrationType: Migration mode.
- MigrationKeyAuthSize: The size of the migration authentication data.
- MigrationKeyAuth: Migration authentication data.
- encDataSize: The size of the key data to be migrated.
- encData: Key data to be migrated.
- parentAuth: The check code of the authorization session of the parent key of
the key to be migrated.
- entityAuth: The authentication code of the authorization session of the parent
key of the key to be migrated.
Description of output parameter:
- parentAuth: The check code of the authorization session of the parent key of
the key to be migrated.
- entityAuth: The authentication code of the authorization session of the parent
key of the key to be migrated.
- SymEncDataSize: The size of the key to be migrated which is encrypted by a
symmetric key.
- SymEncData: The key to be migrated which is encrypted by a symmetric key.
- outDataSize: The size of the key to be migrated which is encrypted by a
migration key.
- outData: The key to be migrated which is encrypted by a migration key.
Return value:
7.4.4.3 Tcsip_ConvertMigrationBlob
Function description:
This function converts the migration block into an encrypted block that can be
used by the LoadKey command.
Interface definition:
- rghHandles: TSS handle list.
- pWrappedCmdAuth1: The first authorization session data. If NULL, no
authorization is required.
- pWrappedCmdAuth2: The second authorization session data. If NULL, no
authorization is required.
- pTransAuth: Authentication code of authorization data of transport protection
key.
Description of output parameter:
- pulHandleListSize: The size of the handle list.
- rghHandles: TSS handle list.
- pWrappedCmdAuth1: The first authorization session data. If NULL, no
authorization is required.
- pWrappedCmdAuth2: The second authorization session data. If NULL, no
authorization is required.
- pT......
......
Standard ID | GM/T 0058-2018 (GM/T0058-2018) | Description (Translated English) | Trusted computing-TCM service module interface specification | Sector / Industry | Chinese Industry Standard (Recommended) | Classification of Chinese Standard | L80 | Word Count Estimation | 193,114 | Date of Issue | 2018-05-02 | Date of Implementation | 2018-05-02 | Administrative Organization | National Password Authority |
|