HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189759 (1 Dec 2024)

GM/T 0058-2018 Related PDF English

GM/T 0058-2018 (GM/T0058-2018, GMT 0058-2018, GMT0058-2018) & related versions
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)See DetailStatusSimilar PDF
GM/T 0058-2018English610 Add to Cart 0-9 seconds. Auto delivery. Trusted computing-TCM service module interface specification GM/T 0058-2018 Valid GMT 0058-2018
Buy with any currencies (Euro, JPY, KRW...): GM/T 0058-2018    Preview this PDF: GM/T 0058-2018



GM/T 0058-2018 CRYPTOGRAPHIC INDUSTRY STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Registration number: 62993-2018 GB/T 0058-2018 Trusted computing - TCM service module interface specification ISSUED ON: MAY 02, 2018 IMPLEMENTED ON: MAY 02, 2018 Issued by: State Cryptography Administration Table of Contents Foreword ... 3  Introduction ... 4  1 Scope ... 5  2 Normative references ... 5  3 Terms and definitions ... 5  4 Abbreviations ... 9  5 Software architecture ... 10  6 TCM application service ... 11  6.1 Definition of class ... 11  6.2 Relationship between class and object ... 13  6.3 Interface ... 15  7 TCM core services ... 146  7.1 Management of TCM core service ... 146  7.2 Trusted cryptographic module management ... 159  7.3 Platform identity and authentication ... 191  7.4 Protection of platform data ... 200  7.5 Integrity measurements and reports ... 227  8 TDDL device driver library ... 230  8.1 TDDL architecture ... 230  8.2 TDDL memory management ... 231  8.3 TDDL error codes and definitions ... 231  8.4 TDDL interface ... 231  Appendix A (Normative) Interface data structure ... 239  A.1 Basic definition ... 239  A.2 Data structure ... 259  A.3 Processing of authorization data ... 265  Trusted computing - TCM service module interface specification 1 Scope This standard specifies the composition and interface standards of the TCM service module, including TSP, TCS, TDDL, which are TCM application layer- faced interface standards. This standard applies to the development of TCM-based application. 2 Normative references The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this standard. GB/T 32905-2016 Information security technology SM3 cryptographic hash algorithm GB/T 32907-2016 Information security technology - SM4 b1ock cipher algorithm GB/T 32918.2-2016 Elliptic curve public - Key cryptography - Part 2: Digital signature algorithm GB/T 32918.4-2016 Elliptic curve public - Key cryptography algorithm Part 4: Public key encryption algorithm GM/T 0005-2012 Randomness test specification GM/T 0009-2012 SM2 cryptography algorithm application specification GM/T 0015-2012 Digital certificate format based on SM2 cryptographic algorithm 3 Terms and definitions The following terms and definitions apply to this document. Root of trust for measurement A trusted integrity metric unit that is the basis for trusted metrics within a trusted computing platform. 3.8 Root of trust for storage A universal security mechanism that is the basis for trusted storage within a trusted computing platform. 3.9 Root of trust for reporting The cryptographic module key, which is the basis for trusted reporting within the trusted computing platform. 3.10 Trusted cryptography module The hardware module of the trusted computing platform, which provides cryptographic computing functions for the trusted computing platform and has a protected storage space. 3.11 TCM service module The software module inside the cryptographic support platform for trusted computing, which is a software interface for accessing the trusted cryptographic module outside the platform. 3.12 Trusted party An organization that provides credible certification, including trusted third parties and authorities. 3.13 tcm endorsement key Endorsement key of the trusted cryptographic module. 3.14 The hash value obtained after the component is measured. 3.22 Predefined integrity value The hash value as obtained by measuring the component in a trusted state. This value serves as a basis for the integrity verification. 3.23 Trusted chain During system startup and operation, the trust transfer method as established between components by the use of the integrity measurement method. 4 Abbreviations The following abbreviations apply to this document. EK: TCM Endorsement Key HMAC: The keyed-hash message authentication code NV: Non-Volatility PCR: Platform Configuration Register PEK: Platform Encryption Key PIK: Platform Identity Key SMK: Storage Master Key TCM: Trusted Cryptography Module TSM: TCM service module TSP: TCM Service Provider TCS: TCM Core Services TDD: TCM Device Driver TDDL: TCM Device Driver Library TDDLI: TCM Device Driver Library Interface The execution of a TSM requires a TSP: 1) They are responsible for protecting the transmission of information and data between applications; 2) Provide a C language interface or a generic interface that can be called by various platforms, as well as a dynamic link or static connection to the application; 3) TSM running on Windows operating system can also provide COM interface. b) TCM Core Services (TCS) The TCS is located between the TSM Service Provider (TSP) layer and the TCM Device Driver Library (TDDL) layer, in a form of system services. It provides functional interfaces such as TCM usage and key management for upper-layer applications such as TSP. TCS can be divided into the following based on different functions: Basic information management, key management, key cache management, event management, authorization operation, integrity operation, migration operation, cryptographic operation, identity certificate operation, device operation, key exchange, totally 11 modules, of which basic information management, key management, event management belong to the TCS manager; the key cache management, authorization operations, integrity operations, migration operations, cryptographic operations, identity certificate operations, device operations are all TCM operations. c) TCM Device Driver Library (TDDL) TDDL is located between the TCM Core Service (TCS) layer and the TCM Device Driver (TDD) layer. The main purpose is to provide a standard interface on top of TDD, shield the difference of I/O control information of each device, complete the transfer of information in user software and kernel software. This standard makes explanation using the C language as an example to compile relevant functions and interfaces. 6 TCM application service 6.1 Definition of class The TCM application service defines the following classes: Table 4 -- Description of attributes Attributes Sub-attributes Attribute value TSM_TCSCAP_ALG TSM_ALG_XX: represents the name of supported algorithm If BOOL returns TRUE, it means the system service supports the algorithm; if it returns FALSE, it means not support TSM_TCSCAP_VERSION Get TSM_VERSION structure description data from system service TSM_TCSCAP_CACHING TSM_TCSCAP_PROP_KEY-CACHE If BOOL returns TRUE, it means the system service supports the key cache; if it returns FALSE, it means not support TSM_TCSCAP_CACHING TSM_TCSCAP_PROP_AUTH-CACHE If BOOL returns TRUE, it means the system service supports authorized protocol cache; if it returns FALSE, it means not support TSM_TCSCAP_PERSSTORAGE If BOOL returns TRUE, it means the system service supports permanent storage; if it returns FALSE, it means not support TSM_TSPCAP_ALG TSM_ALG_DEFAULT Return the default algorithm TSM_TSPCAP_ALG TSM_ALG_DEFAULT_SIZE Return the default key length TSM_TSPCAP_ALG TSM_ALG_XX: represents the name of supported algorithm If BOOL returns TRUE, it means it supports this algorithm; if it returns FALSE, it means not support TSM_TSPCAP_VERSION Get TSM version TSM_TSPCAP_PERSSTORAGE If BOOL returns TRUE, it means it supports permanent storage; if it returns FALSE, it means not support TSM_TCSCAP_MANUFACTUR-ER TSM_TCSCAP_PROP_MANU-FACTURER_ID UINT32 returns the description of system service provider TSM_TCSCAP_PROP_MANU-FACTURER_STR It returns the name of system service provider TSM_TSPCAP_MANUFACTUR- ER TSM_TSPCAP_PROP_MANU- FACTURER_ID UINT32 returns the description of TSM vendor TSM_TSPCAP_PROP_MANU-FACTURER_STR It returns the TSM vendor name TSM_TSPCAP_RETURNVALUE_INFO TSM_TSPCAP_PROP_RETURN-VALUE_INFO 0: It means using the ASN.1 code 1: It means using the byte stream Description of output parameter: - pulRespDataLength: Return the length of the attribute parameter of the query. - prgbRespData: Return the memory address of attribute data of the query. Return value: - ulPekLabelLength: The number of bytes of the rgbPekLabelData parameter. - rgbPekLabelData: Point to the memory pointer of identity, which points to the string which has a content of TSM_UNICODE type. - algID: Type of symmetric key algorithm, which is used to identify the encrypted PEK as well as the symmetric key algorithm of the request information of its certificate. - ulPekParamsLength: rgbPekParams data length (in bytes). - rgbPekParams: PEK key parameter, pointing to the TCM_KEY_PARMS structure data. Description of output parameter: - pulTCMPekReqLength: Receive the buffer byte size of prgbTCMPekReq. - prgbTCMPekReq: Point to the TCM_PEK_REQ structure data used to request the PEK and its certificate. Return value: TSM_SUCCESS TSM_E_INVALID_HANDLE TSM_E_BAD_PARAMETER TSM_E_INTERNAL_ERROR 6.3.4.4 Tspi_TCM_ActivatePEKCert Function description: This function verifies the authenticity of the PEK certificate and returns the decrypted certificate. Interface definition: Table 9 -- Description of attributes Attributes Status value of FTcmState Description TSM_TCMSTATUS_ DISABLE-OWNERCLEAR Ignored Permanently prohibit the TCM owners from performing ClearOwner operations At this point, the fForcedClear parameter in the method ClearOwner() will no longer allow to take FALSE value This setting requires owner’s authorization TSM_TCMSTATUS_ DISABLE-FORCECLEAR Ignored Temporarily prohibit TCM owner's forced cleanup operation (this prohibition is only valid when the system is running, it will be canceled the next time the system is restarted). At this point, the fForcedClear parameter in the method ClearOwner() will not be allowed to take TRUE value temporarily (until the next system restart) TSM_TCMSTATUS_ OWNERSET-DISABLE TSM_BOOL fTCMState = TRUE: Indicates that the state of the TCM is set to Disabled. This command requires authorization from the TCM owner TSM_TCMSTATUS_ PHYSICALDISABLE TSM_BOOL fTCMState = TRUE: Indicates that the state of the TCM is set to Disabled. The command must be physically local TSM_TCMSTATUS_PHY- SICALSETDEACTIVATED TSM_BOOL fTCMState = TRUE: Indicates that the state of the TCM is set to Deactived. The command must be physically local TSM_TCMSTATUS_ SETTEMPDEACTIVATED Ignored Temporarily set the status of TCM to Deactived (until the next system restart) TSM_TCMSTATUS_ SETOWNERINSTALL TSM_BOOL fTCMState = TRUE: Indicates that the TakeOwnership() method is allowed to obtain the owner relationship of TCM This operation requires physical locality TSM_TCMSTATUS_ DISABLEPUBEKREAD TSM_BOOL Permanently prohibit the operation of reading the EK public key information without the authorization of the TCM owner. After setting this attribute, the TCM owner must authorize to read the EK public key information. After setting this attribute, the fOwnerAuthorized parameter in the GetPubEndorsementKey() method takes the FALSE value and is no longer valid Setting this attribute value requires the owner to authorize TSM_TCMSTATUS_ DISABLED TSM_BOOL Set TCM to available or unavailable TSM_TCMSTATUS_ DEACTIWTED TSM_BOOL Set TCM to active or inactive Description of output parameter: None. Return value: Table 11 -- Descriptions of attribute Attributes Sub-attributes Description TSM_TCMCAP_ORD Command code Return a Boolean value TRUE indicates that the TCM supports the command, FALSE indicates that the TCM does not support this command TSM_TCMCAP_FLAG Ignored Permanent and volatile bit flags TSM_TCMCAP_ALG TSM_ALG_XX Return a Boolean value (the ID value of the TSM algorithm) TRUE indicates that TCM supports the algorithm, FALSE indicates that TCM does not support this algorithm TSM_TCMCAP_ PROPERTY TSM_TCMCAP_PROP_PCR UINT32 value Return the number of PCR registers supported by TCM TSM_TCMCAP_PROP_PCRMAP Return the bit flag of TCM_PCR_ATTRIBUTES TSM_TCMCAP_PROP_ MANUFACTURER UINT32 value Return the TCM manufacturer's identifier TSM_TCMCAP_PROP_SLOTS or TSM_TCMCAP_PROP_KEYS UINT32 value Return the maximum number of 256-bit ECC keys that the TCM can load. Can change with time and circumstances TSM_TCMCAP_PROP_ OWNER The Boolean value Returning TRUE means that TCM successfully creates an owner TSM_TCMCAP_PROP_ MAXKEYS UINT32 value Return the maximum number of 256-bit ECC keys supported by TCM, excluding EK TSM_TCMCAP_PROP_ AUTHSESSIONS UINT32 value Number of available authorization sessions, which can change over time and circumstances TSM_TCMCAP_PROP_ MAXAUTHSESSIONS UINT32 value Return the maximum number of loadable authorization sessions supported by TCM, which can change over time and circumstances TSM_TCMCAP_PROP_ TRANSESSIONS UINT32 value Return the number of available transport sessions, which can change over time and circumstances TSM_TCMCAP_PROP_ MAXTRANSESSIONS UINT32 value Return the maximum number of loadable transport sessions supported by TCM TSM_TCMCAP_PROP_ SESSIONS UINT32 value Return the number of available sessions in the session pool. Sessions in the session pool include authorization sessions and transport sessions, which can change over time and circumstances - hObject: Object handle whose attribute needs to be set. - attribFlag: Attribute that needs to be set. - subFlag: The sub-attributes that need to be set. - ulAttrib: The value set for the attribute. The attributes of input parameter are as shown in Table 12. Table 12 -- Description of attributes Attribute flag Sub-attribute flag Attribute value Description TSM_TSPATTRIB_ KEYREGISTER 0 TSM_TSPATTRIB_ KEYREGISTER_USER Key is registered in the TSP 0 TSM_TSPATTRIB_ KEYREGISTER_SYTEM Key is registered in the TCS 0 TSM_TSPATTRIB_ KEYREGISTER_NO Key is not registered in TSM TSM_TSPATTRIB_ KEY_INFO TSM_TSPATTRIB_ KEYINFO_USAGE TSM_KEYUSAGE_XX TSM key usage value, indicating the type of key used See the definition of attribute sub- flag for the key object TSM_TSPATTRIB_ KEYINFO_MIGRATABLE Boolean value If TRUE, the key is migratable TSM_TSPATTRIB_ KEYINFO_VOLATILE Boolean value If TRUE, the key is volatile TSM_TSPATTRIB_ KEYINFO_AUTHDATAUSAGE Boolean value If TRUE, the usage of key needs authorization TSM_TSPATTRIB_ KEYINFO_ALGORITHM TSM_ALG_XX TSM algorithm ID, representing the key algorithm See the definition of algorithm ID TSM_TSPATTRIB_ KEYINFO_ENCSCHEME TSM_KEY_ENCSCH EME_XX TSM encryption scheme, see the definition of key encryption scheme TSM_TSPATTRIB_ KEYINFO_SIGSCHEME TSM_KEY_SIGSCH EME_XX TSM signature scheme, see the definition of key signature scheme TSM_TSPATTRIB_ KEYINFO_SIZE Bit length of key TSM_TSPATTRIB_ KEYINFO_KEYFLAGS Flag information of key TSM_TSPATTRIB_ KEYINFO_AUTHUSAGE Directly set the authDataUsage in KeyParams Description of the output parameters: None. Table 13 -- Description of attributes Attribute flag Sub-attribute flag Attribute value Description TSM_TSPATTRIB_ KEYREGISTER 0 TSM_TSPATTRIB_ KEYREGISTER_USER Key is registered in the TSP 0 TSM_TSPATTRIB_ KEYREGISTER_SYTEM Key is registered in the TCS 0 TSM_TSPATTRIB_ KEYREGISTER_NO Key is not registered in TSM TSM_TSPATTRIB_ KEY_INFO TSM_TSPATTRIB_ KEYINFO_USAGE TSM_KEYUSAGE_XX TSM key usage value, indicating the type of key used See the definition of attribute sub- flag for the key object TSM_TSPATTRIB_ KEYINFO_MIGRATABLE Boolean value If TRUE, the key is migratable TSM_TSPATTRIB_ KEYINFO_VOLATILE Boolean value If TRUE, the key is volatile TSM_TSPATTRIB_ KEYINFO_AUTHDATAUSAGE Boolean value If TRUE, the usage of key needs authorization TSM_TSPATTRIB_ KEYINFO_ALGORITHM TSM_ALG_XX TSM algorithm ID, representing the key algorithm See the definition of algorithm ID TSM_TSPATTRIB_ KEYINFO_ENCSCHEME TSM_KEY_ENCSCH EME_XX TSM encryption scheme, see the definition of key encryption scheme TSM_TSPATTRIB_ KEYINFO_SIGSCHEME TSM_KEY_SIGSCH EME_XX TSM signature scheme, see the definition of key signature scheme TSM_TSPATTRIB_ KEYINFO_KEYFLAGS Flag information of key TSM_TSPATTRIB_ KEYINFO_AUTHUSAGE Return the content of authDataUsage TSM_TSPATTRIB_ KEYINFO_KEYSTRUCT TSM_KEY_STRUCT_XX Structure type of key. See the definition of structure type of key TSM_TSPATTRIB_ KEYINFO_SIZE Bit length of key TSM_TSPATTRIB_ KEY_PCR TSM_TSPATTRIB_KEYPCR_ LOCALITY_ATCREATION Locality modifier when creating blob TSM_TSPATTRIB_KEYPCR_ LOCALITY_ATRELEASE Locality modifier as required for the use of key Description of output parameter: - pulAttrib: Point to the attribute value of the query. Return value: - pulAttribDataSize: The size of the prgbAttribData parameter returned (in bytes). - prgbAttribData: The command returns successfully. This parameter points to a buffer that holds the value of the specified attribute. Return value: TSM_SUCCESS TSM_E_INVALID_HANDLE TSM_E_INVALID_ATTRIB_FLAG TSM_E_INVALID_ATTRIB_SUBFLAG TSM_E_INVALID_ATTRIB_DATA TSM_E_BAD_PARAMETER TSM_E_INTERNAL_ERROR 6.3.5.7 Tspi_Key_LoadKey Function description: Load the host's key into the TCM. The TCM is responsible for decrypting the key and caching it in the TCM. Only after the LoadKey is loaded can the key be used for encryption, decryption, signature. Call logic: a) For the key object, the key information set through Tspi_SetAttribData (); b) Before using this method, the policy objects of hKey and hUnwrappingKey must be set correctly. c) The protection key for this key as specified by hUnwrappingKey needs to be loaded into the TCM beforehand. d) When the key is loaded, the TCM will return the session handle of the key in the TCM. When using this key. When using this handle, use this handle to use this key (due to limited TCM resources, it may provide cache mechanism to the core service module locally). This handle is saved and used as an internal variable of the key object. Interface definition: - cPointSize: The length of the public key information of other party's static key. - rgbPoint: The public key information of other party's static key. - cRaSize: The length of local personal information. - rgbRa: Local personal information. - cRbSize: The length of the other party's personal information. - rgbRb: Personal information of the other party. - cRxSize: The length of the temporary key’s public key information of the other party. - rgbRx: The temporary key’s public key information of the other party. Description of output parameter: - phKey: Exchanged shared key. - pcSxSize: The length of the data used for the local authentication of exchange process. - prgbSxData: The data used for the local authentication of exchange process. - pcSySize: The length of the data provided to the other party for the verification process. - prgbSyData: The data provided to the other party for the verification process. Return value: 6.3.10.3 Tspi_Exchange_ReleaseExchangeSession Function description: Release the handle which establishes key exchange session with the TCM. If it does not use Tspi_Exchange_CreateKeyExchange to create a key exchange handle, this function must return TSM_E_EXCHANGE_HANDLE_NOT_EXIST error code. - ulPendingFunction: The serial number of the TCM command. - ContinueUse: Continue to use the flag for the authorization session. Continue to calculate or verify rgbHmacData. - ulSizeNonces: The size of nonces rgbNonceEven, rgbNonceOdd, rgbNonceEvenOSAP, rgbNonceOddOSAP. - rgbNonceEven: The even-numbered random number generated by TCM. Used to calculate or verify rgbHmacData. - rgbNonceOdd: The odd-numbered random number generated by the TSP. Used to calculate or verify rgbHmacData. - rgbNonceEvenOSAP: The random number associated with the shared secret generated by TCM. Used to calculate the shared secret of an OSAP session. - rgbNonceOddOSAP: The random number associated with the shared secret generated by the caller. Used to calculate the shared secret of OSAP session. - ulSizeDigestHmac: The size of rgbParamDigest and rgbHmacData. - rgbParamDigest: SCH digest of TCM function parameters: If ReturnOrVerify = TRUE, it is the digest of the incoming parameter; If ReturnOrVerify = FALSE, it is the digest of the ingoing parameter. - rgbHmacData: Enter or return an authorization digest for the parameter: If ReturnOrVerify = TRUE, it is the authorization digest of the TCM command which requires processing; If ReturnOrVerify = FALSE, it is the authorization digest returned from the TCM. Description of output parameter: - rgbHmacData: Enter or return an authorization digest for the parameter: If ReturnOrVerify = TRUE, it is the authorization digest of the TCM command which requires processing; If ReturnOrVerify = FALSE, it is the authorization digest returned from the TCM. Return value: - identityAuth: Encrypted PIK authorization data. - IDLabel_PrivCAHash: A digest of the platform identity and trusted party public key (TCM_PUBKEY structure data). - IdldentityKeylnfoSize: The length of parameter which generates PIK. - idldentityKeylnfo: The parameter which generates PIK, which is the TCM_KEY structure data. - pSmkAuth: Authentication information of SMK authorization session. - pOwnerAuth: Authentication information of Owner authorization session. Description of output parameter: - pSmkAuth: Authentication information of SMK authorization session. - pOwnerAuth: Authentication information of Owner authorization session. - idldentityKeySize: The length of the PIK generated. - idldentityKey: The PIK generated, which is the TCM_KEY structure data. - pcIdentityBindingSize: The length of prgbldentityBinding. - prgbldentityBinding: The result of the signature of TCM_IDENTITY_CONTENTS structure data by the PIK private key. - pcEndorsementCredentialSize: EK certificate data length. If it is equal to 0, the EK certificate data is empty. - prgbEndorsementCredential: EK certificate data. It can be empty. It may use other methods to get the EK certificate. Return value: 7.3.2.2 Tcsip_ActivateIdentity Function description: Get the symmetric key of the encrypted PIK certificate. - keyHandle: The key handle that encapsulates the operation key. - encAuth: The encrypted authorization data is the authorization data of the encapsulated object which is encrypted, wherein the encryption key is the shared session key as pointed to by the authorization session key. - pcrlnfoSize: The length of the PCR information parameter. If it is 0, there is no PCR register available. - Pcrlnfo: PCR information. - inDataSize: The length of the data to be encapsulated. - inData: The data to be encapsulated. - pAuth: The authentication code of authorization data to encapsulate the operation key. Description of output parameter: - pAuth: The authentication code of output authorization data. - SealedDataSize: The length of the encapsulated data block. - SealedData: The encapsulated data block. Return value: 7.4.1.2 Tcsip_Unseal Function description: When the platform configuration information (PCR value) and platform verification information (TCM_Proof) in the package data and the current PCR value and TCM_Proof value are consistent, the encapsulated data generated by the TCM_Seal command is decrypted. Interface definition: - rgbPoint: The public key information of the static key of the other party. - cRaSize: The length of the local personal information digest. - rgbRa: The local personal information digest. - cRbSize: The length of the personal information digest of the other party. - rgbRb: The personal information digest of the other party. - cRxSize: The length of the public key information of the temporary key of the other party. - rgbRx: The public key information of the temporary key of the other party. - keyAuth: The authorized authentication code of the local static key. Description of output parameters: - phKey: The shared key exchanged. - keyAuth: The pointer which points to the owner authorization data. - pcSxSize: The length of the data which is used to locally verify the exchange process. - prgbSxData: The data which is used to locally verify the exchange process. - pcSySize: The length of the data which is provided to the other party to perform the verification process. - prgbSyDat: The data which is provided to the other party to perform the verification process. Return value: 7.4.3.3 Tcsip_ReleaseExchangeSession Function description: This command is used to release the TCM exchange process session. Interface definition: - parentHandle: The parent key handle to be migrated. - migrationType: Migration mode. - MigrationKeyAuthSize: The size of the migration authentication data. - MigrationKeyAuth: Migration authentication data. - encDataSize: The size of the key data to be migrated. - encData: Key data to be migrated. - parentAuth: The check code of the authorization session of the parent key of the key to be migrated. - entityAuth: The authentication code of the authorization session of the parent key of the key to be migrated. Description of output parameter: - parentAuth: The check code of the authorization session of the parent key of the key to be migrated. - entityAuth: The authentication code of the authorization session of the parent key of the key to be migrated. - SymEncDataSize: The size of the key to be migrated which is encrypted by a symmetric key. - SymEncData: The key to be migrated which is encrypted by a symmetric key. - outDataSize: The size of the key to be migrated which is encrypted by a migration key. - outData: The key to be migrated which is encrypted by a migration key. Return value: 7.4.4.3 Tcsip_ConvertMigrationBlob Function description: This function converts the migration block into an encrypted block that can be used by the LoadKey command. Interface definition: - rghHandles: TSS handle list. - pWrappedCmdAuth1: The first authorization session data. If NULL, no authorization is required. - pWrappedCmdAuth2: The second authorization session data. If NULL, no authorization is required. - pTransAuth: Authentication code of authorization data of transport protection key. Description of output parameter: - pulHandleListSize: The size of the handle list. - rghHandles: TSS handle list. - pWrappedCmdAuth1: The first authorization session data. If NULL, no authorization is required. - pWrappedCmdAuth2: The second authorization session data. If NULL, no authorization is required. - pT...... ......

BASIC DATA
Standard ID GM/T 0058-2018 (GM/T0058-2018)
Description (Translated English) Trusted computing-TCM service module interface specification
Sector / Industry Chinese Industry Standard (Recommended)
Classification of Chinese Standard L80
Word Count Estimation 193,114
Date of Issue 2018-05-02
Date of Implementation 2018-05-02
Administrative Organization National Password Authority