Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GM/T 0011-2012 English PDF (GMT0011-2012)

GM/T 0011-2012 English PDF (GMT0011-2012)

Regular price $685.00 USD
Regular price Sale price $685.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GM/T 0011-2012 to get it for Purchase Approval, Bank TT...

GM/T 0011-2012: Trusted computing--Functionality and interface specification of cryptographic support platform

This standard describes the functional principles and requirements of trusted computing cryptographic support platform and defines the application interface specifications such as the cryptographic algorithm, key management, certificate management, password protocol, and password service of the trusted computing cryptographic support platform in detail.
GM/T 0011-2012
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
Registration number. 38309-2013
Trusted computing - Functionality and interface
specification of cryptographic support platform
ISSUED ON. NOVEMBER 22, 2012
IMPLEMENTED ON. NOVEMBER 22, 2012
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 6
Introduction .. 7
1 Scope .. 8
2 Normative references ... 8
3 Terms, definitions and abbreviations ... 9
3.1 Terms and definitions ... 9
3.2 Abbreviations ... 12
4 Functional principles of trusted computing cryptographic support platform ... 12
4.1 Platform system structure ... 13
4.1.1 Relationship between platform function and password .. 13
4.1.2 Platform structure ... 14
4.1.3 Trusted cryptography module... 15
4.1.4 TCM service module ... 16
4.2 Cryptographic algorithm requirements .. 17
4.2.1 SM2 .. 17
4.2.2 SM3 .. 17
4.2.3 HMAC ... 17
4.2.4 SM4 .. 19
4.2.5 Random numbers ... 20
4.3 Functional principle .. 20
4.3.1 Platform integrity ... 20
4.3.2 Platform identity trustability .. 23
4.3.3 Platform data security .. 27
5 Trusted computing cryptographic support platform functional interface ... 32 5.1 Overview ... 33
5.2 Context management ... 34
5.2.1 Overview ... 34
5.2.2 Create context ... 35
5.2.3 Close context ... 35
5.2.4 Setting context attributes (integer parameters) ... 36
5.2.5 Get context attributes (integer parameters) ... 37
5.2.6 Set context attributes (variable length parameters) ... 39
5.2.7 Get context attributes (variable length parameters)... 40
5.2.8 Connection context ... 41
5.2.9 Release context ... 42
5.2.10 Get context default policy ... 42
5.2.11 Create object .. 43
5.2.12 Close object ... 44
5.2.13 Get platform function characteristics ... 45
5.2.14 Get TCM object handle ... 47
5.2.15 Key loading by key attributes .. 47
5.2.16 Key loading by key ID ... 48
5.2.17 Registration key .. 50
5.2.18 Destruct key ... 51
5.2.19 Get key by key ID ... 51
5.2.20 Get key by public key ... 52
5.2.21 Get registration key by ID ... 53
5.2.22 Set transfer session encryption key ... 54
5.2.23 Close transfer session ... 55
5.3 Policy management ... 56
5.3.1 Set policy category attributes (integer parameters) ... 56
5.3.2 Get context attributes (integer parameters) ... 57
5.3.3 Set context attributes (variable length parameters) ... 58
5.3.4 Get context attributes (variable length parameters)... 60
5.3.5 Set policy authorization... 61
5.3.6 Clear policy authorization .. 62
5.3.7 Bind policy object ... 63
5.4 Trusted cryptography module (TCM) management .. 63
5.4.1 Overview ... 63
5.4.2 Create platform identity and certificate request ... 64
5.4.3 Activate platform identity and get PIK certificate ... 65
5.4.4 Create PEK request .. 66
5.4.5 Get PEK certificate ... 67
5.4.6 Import PEK Key ... 68
5.4.7 Create an irrevocable TCM endorsement key .. 70
5.4.8 Get public key of TCM endorsement key ... 70
5.4.9 Create a revocable TCM endorsement key ... 71
5.4.10 Revoke TCM endorsement key ... 73
5.4.11 Create cryptography module owner ... 73
5.4.12 Clear trusted cryptography module owner ... 74
5.4.13 Set operator authorization .. 75
5.4.14 Set trusted cryptography module status ... 76
5.4.15 Query trusted cryptography module status setting ... 77
5.4.16 Get trusted cryptography module features ... 79
5.4.17 Full self-test of trusted cryptography module .. 83
5.4.18 Get trusted cryptography module self-test result ... 84
5.4.19 Get random number generated by trusted cryptography module ... 84 5.4.20 Get single event of trusted cryptography module ... 85
5.4.21 Get a set of events from trusted cryptography module ... 86
5.4.22 Get trusted cryptography module event log .. 87
5.4.23 Trusted cryptography module PCR extension ... 88
5.4.24 Read trusted cryptography module PCR value ... 89
5.4.25 Reset trusted cryptography module PCR ... 90
5.4.26 Quote PCR ... 90
5.4.27 Read trusted cryptography module counter ... 91
5.4.28 Read trusted cryptography module current clock ... 92
5.4.29 Get audit digest value of trusted cryptography module .. 93
5.4.30 Set trusted cryptography module command audit status .. 94
5.5 Key management .. 95
5.5.1 Overview ... 95
5.5.2 Change entity authorization data ... 95
5.5.3 Get policy object ... 96
5.5.4 Set key attributes (integer parameters) .. 97
5.5.5 Obtain key attributes (integer parameters) ... 98
5.5.6 Set key attributes (variable length parameters) ... 100
5.5.7 Get set key attributes (variable length parameters) .. 101
5.5.8 Load key .. 103
5.5.9 Unload key ... 104
5.5.10 Get public key of key ... 104
5.5.11 Sign key ... 105
5.5.12 Create key ... 106
5.5.13 Seal key ... 107
5.5.14 Create migration authorization ... 108
5.5.15 Create migration key data block .. 109
5.5.16 Import migration key data block ... 110
5.6 Data encryption and decryption ... 111
5.6.1 Change entity authorization .. 111
5.6.2 Get policy objects .. 112
5.6.3 Get data attributes (integer parameters) ... 113
5.6.4 Setting data attributes (variable length parameters) ... 114
5.6.5 Get data attributes ... 115
5.6.6 Data encryption ... 116
5.6.7 Data decryption ... 117
5.6.8 Data sealing ... 119
5.6.9 Data unsealing ... 120
5.6.10 Digital envelope sealing ... 121
5.6.11 Digital envelope decryption ... 122
5.7 PCR management ... 123
5.7.1 Overview .. 123
5.7.2 Set PCR Locality attribute .. 123
5.7.3 Get PCR Locality attributes ... 124
5.7.4 Get PCR digest ... 124
5.7.5 Set PCR value .. 125
5.7.6 Get PCR values .. 126
5.7.7 Select PCR Index .. 127
5.8 Non-Volatile storage management .. 128
5.8.1 Set nonvolatile store area attributes (integer parameters) ... 128 5.8.2 Get nonvolatile store area attributes (integer parameters) .. 129 5.8.3 Get nonvolatile store area attributes (variable length parameters) ... 131 5.8.4 Create nonvolatile store spaces ... 132
5.8.5 Release non-volatile store space .. 133
5.8.6 Write data into non-volatile store area .. 134
5.8.7 Read data from non-volatile store area ... 135
5.9 Hash operation ... 137
5.9.1 Set hash object attributes (integer parameters) ... 137
5.9.2 Get has object attributes (integer parameters) .. 138
5.9.3 Set hash object attributes (variable length parameters) ... 139
5.9.4 Hash operation for user data ... 140
5.9.5 Set hash value .. 141
5.9.6 Get hash value ... 142
5.9.7 Update hash value ... 143
5.9.8 Sign hash value .. 144
5.9.9 Verify hash value signature ... 145
5.9.10 Add time stamp to hash category ... 146
5.10 Key negotiation ... 147
5.10.1 Create a session ... 147
5.10.2 Get session key ... 148
5.10.3 Release session .. 150
Appendix A (Normative) Interface specification data structure ... 152
Appendix B (Normative) Digital certificate format ... 177
Appendix C (Normative) Motherboard application interface .. 180
References ... 191
Foreword
This standard was drafted in accordance with the rules given GB/T 1.1-2009. Please note that some of this document may be patentable. The issuing
agencies of this document do not bear the responsibility of identifying these patents.
This standard was proposed by and shall be under the jurisdiction of the State Cryptography Administration.
The drafting organizations of this standard. Legend Holdings Ltd., National Technology Co., Ltd., Tongfang Co., Ltd., Chinese Academy of Sciences
Software Office, Beijing Zhaori Technology Co., Ltd., Ruida Information Security Industry Co., Ltd., Changchun Ji Taida Zhengyuan Information Technology Co., Ltd., Founder Technology Group Co., Ltd., Beijing University of Information Science and Technology, China Great Wall Computer Shenzhen Co., Ltd.,
Chengdu Guardian Information Industry Co., Ltd., Wuxi Jiangnan Information Security Engineering Technology Center, PLA National Defense Science and Technology University.
The main drafters of this standard. Wu Qiuxin, Yang Xianwei, Zou Hao, Yu Fajiang, Ning Xiaokui, Wang Zi, Zheng Bike, Lin Yang, Li Weiping, Yin Hongbing, Xu Zhen, Yan Fei, Liu Ren, Li Feng, Xu Yong, Jia Bing, Wang Lei, Gu Jian, He Changlong, Qin Yu, Liu Xin, Wang Zhengpeng, Fan Qin.
Trusted computing - Functionality and interface
specification of cryptographic support platform
1 Scope
This standard describes the functional principles and requirements of trusted computing cryptographic support platform and defines the application interface specifications such as the cryptographic algorithm, key management, certificate management, password protocol, and password service of the trusted
computing cryptographic support platform in detail.
This standard applies to the re...

View full details