Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GM/T 0011-2012 English PDF (GMT0011-2012)

GM/T 0011-2012 English PDF (GMT0011-2012)

Regular price $685.00 USD
Regular price Sale price $685.00 USD
Sale Sold out
Shipping calculated at checkout.
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0011-2012
Historical versions: GM/T 0011-2012
Preview True-PDF (Reload/Scroll if blank)

GM/T 0011-2012: Trusted computing--Functionality and interface specification of cryptographic support platform
GM/T 0011-2012
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Registration number. 38309-2013
Trusted computing - Functionality and interface
specification of cryptographic support platform
ISSUED ON. NOVEMBER 22, 2012
IMPLEMENTED ON. NOVEMBER 22, 2012
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 6 
Introduction .. 7 
1 Scope .. 8 
2 Normative references ... 8 
3 Terms, definitions and abbreviations ... 9 
3.1 Terms and definitions ... 9 
3.2 Abbreviations ... 12 
4 Functional principles of trusted computing cryptographic support platform
... 12 
4.1 Platform system structure ... 13 
4.1.1 Relationship between platform function and password .. 13 
4.1.2 Platform structure ... 14 
4.1.3 Trusted cryptography module... 15 
4.1.4 TCM service module ... 16 
4.2 Cryptographic algorithm requirements .. 17 
4.2.1 SM2 .. 17 
4.2.2 SM3 .. 17 
4.2.3 HMAC ... 17 
4.2.4 SM4 .. 19 
4.2.5 Random numbers ... 20 
4.3 Functional principle .. 20 
4.3.1 Platform integrity ... 20 
4.3.2 Platform identity trustability .. 23 
4.3.3 Platform data security .. 27 
5 Trusted computing cryptographic support platform functional interface ... 32 
5.1 Overview ... 33 
5.2 Context management ... 34 
5.2.1 Overview ... 34 
5.2.2 Create context ... 35 
5.2.3 Close context ... 35 
5.2.4 Setting context attributes (integer parameters) ... 36 
5.2.5 Get context attributes (integer parameters) ... 37 
5.2.6 Set context attributes (variable length parameters) ... 39 
5.2.7 Get context attributes (variable length parameters)... 40 
5.2.8 Connection context ... 41 
5.2.9 Release context ... 42 
5.2.10 Get context default policy ... 42 
5.2.11 Create object .. 43 
5.2.12 Close object ... 44 
5.2.13 Get platform function characteristics ... 45 
5.2.14 Get TCM object handle ... 47 
5.2.15 Key loading by key attributes .. 47 
5.2.16 Key loading by key ID ... 48 
5.2.17 Registration key .. 50 
5.2.18 Destruct key ... 51 
5.2.19 Get key by key ID ... 51 
5.2.20 Get key by public key ... 52 
5.2.21 Get registration key by ID ... 53 
5.2.22 Set transfer session encryption key ... 54 
5.2.23 Close transfer session ... 55 
5.3 Policy management ... 56 
5.3.1 Set policy category attributes (integer parameters) ... 56 
5.3.2 Get context attributes (integer parameters) ... 57 
5.3.3 Set context attributes (variable length parameters) ... 58 
5.3.4 Get context attributes (variable length parameters)... 60 
5.3.5 Set policy authorization... 61 
5.3.6 Clear policy authorization .. 62 
5.3.7 Bind policy object ... 63 
5.4 Trusted cryptography module (TCM) management .. 63 
5.4.1 Overview ... 63 
5.4.2 Create platform identity and certificate request ... 64 
5.4.3 Activate platform identity and get PIK certificate ... 65 
5.4.4 Create PEK request .. 66 
5.4.5 Get PEK certificate ... 67 
5.4.6 Import PEK Key ... 68 
5.4.7 Create an irrevocable TCM endorsement key .. 70 
5.4.8 Get public key of TCM endorsement key ... 70 
5.4.9 Create a revocable TCM endorsement key ... 71 
5.4.10 Revoke TCM endorsement key ... 73 
5.4.11 Create cryptography module owner ... 73 
5.4.12 Clear trusted cryptography module owner ... 74 
5.4.13 Set operator authorization .. 75 
5.4.14 Set trusted cryptography module status ... 76 
5.4.15 Query trusted cryptography module status setting ... 77 
5.4.16 Get trusted cryptography module features ... 79 
5.4.17 Full self-test of trusted cryptography module .. 83 
5.4.18 Get trusted cryptography module self-test result ... 84 
5.4.19 Get random number generated by trusted cryptography module ... 84 
5.4.20 Get single event of trusted cryptography module ... 85 
5.4.21 Get a set of events from trusted cryptography module ... 86 
5.4.22 Get trusted cryptography module event log .. 87 
5.4.23 Trusted cryptography module PCR extension ... 88 
5.4.24 Read trusted cryptography module PCR value ... 89 
5.4.25 Reset trusted cryptography module PCR ... 90 
5.4.26 Quote PCR ... 90 
5.4.27 Read trusted cryptography module counter ... 91 
5.4.28 Read trusted cryptography module current clock ... 92 
5.4.29 Get audit digest value of trusted cryptography module .. 93 
5.4.30 Set trusted cryptography module command audit status .. 94 
5.5 Key management .. 95 
5.5.1 Overview ... 95 
5.5.2 Change entity authorization data ... 95 
5.5.3 Get policy object ... 96 
5.5.4 Set key attributes (integer parameters) .. 97 
5.5.5 Obtain key attributes (integer parameters) ... 98 
5.5.6 Set key attributes (variable length parameters) ... 100 
5.5.7 Get set key attributes (variable length parameters) .. 101 
5.5.8 Load key .. 103 
5.5.9 Unload key ... 104 
5.5.10 Get public key of key ... 104 
5.5.11 Sign key ... 105 
5.5.12 Create key ... 106 
5.5.13 Seal key ... 107 
5.5.14 Create migration authorization ... 108 
5.5.15 Create migration key data block .. 109 
5.5.16 Import migration key data block ... 110 
5.6 Data encryption and decryption ... 111 
5.6.1 Change entity authorization .. 111 
5.6.2 Get policy objects .. 112 
5.6.3 Get data attributes (integer parameters) ... 113 
5.6.4 Setting data attributes (variable length parameters) ... 114 
5.6.5 Get data attributes ... 115 
5.6.6 Data encryption ... 116 
5.6.7 Data decryption ... 117 
5.6.8 Data sealing ... 119 
5.6.9 Data unsealing ... 120 
5.6.10 Digital envelope sealing ... 121 
5.6.11 Digital envelope decryption ... 122 
5.7 PCR management ... 123 
5.7.1 Overview .. 123 
5.7.2 Set PCR Locality attribute .. 123 
5.7.3 Get PCR Locality attributes ... 124 
5.7.4 Get PCR digest ... 124 
5.7.5 Set PCR value .. 125 
5.7.6 Get PCR values .. 126 
5.7.7 Select PCR Index .. 127 
5.8 Non-Volatile storage management .. 128 
5.8.1 Set nonvolatile store area attributes (integer parameters) ... 128 
5.8.2 Get nonvolatile store area attributes (integer parameters) .. 129 
5.8.3 Get nonvolatile store area attributes (variable length parameters) ... 131 
5.8.4 Create nonvolatile store spaces ... 132 
5.8.5 Release non-volatile store space .. 133 
5.8.6 Write data into non-volatile store area .. 134 
5.8.7 Read data from non-volatile store area ... 135 
5.9 Hash operation ... 137 
5.9.1 Set hash object attributes (integer parameters) ... 137 
5.9.2 Get has object attributes (integer parameters) .. 138 
5.9.3 Set hash object attributes (variable length parameters) ... 139 
5.9.4 Hash operation for user data ... 140 
5.9.5 Set hash value .. 141 
5.9.6 Get hash value ... 142 
5.9.7 Update hash value ... 143 
5.9.8 Sign hash value .. 144 
5.9.9 Verify hash value signature ... 145 
5.9.10 Add time stamp to hash category ... 146 
5.10 Key negotiation ... 147 
5.10.1 Create a session ... 147 
5.10.2 Get session key ... 148 
5.10.3 Release session .. 150 
Appendix A (Normative) Interface specification data structure ... 152 
Appendix B (Normative) Digital certificate format ... 177 
Appendix C (Normative) Motherboard application interface .. 180 
References ... 191 
Foreword
This standard was drafted in accordance with the rules given GB/T 1.1-2009.
Please note that some of this document may be patentable. The issuing
agencies of this document do not bear the responsibility of identify...
View full details