GM/T 0013-2012 English PDF (GMT0013-2012)
GM/T 0013-2012 English PDF (GMT0013-2012)
Regular price
$570.00 USD
Regular price
Sale price
$570.00 USD
Unit price
/
per
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0013-2012
Historical versions: GM/T 0013-2012
Preview True-PDF (Reload/Scroll if blank)
GM/T 0013-2012: Trusted computing--Trusted cryptography module interface compliance
GM/T 0013-2012
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
RECORD NO.. 38311-2013
Trusted computing - Trusted cryptography
module interface compliance
可信计算 可信密码模块接口
ISSUED ON. NOVEMBER 22, 2012
IMPLEMENTED ON. NOVEMBER 22, 2012
Issued by. State Cryptography Management
Table of Contents
Foreword ... 5
Introduction .. 6
1 Scope .. 7
2 Normative references ... 7
3 Terms and definitions ... 8
4 Trusted cryptography module interface compliance test .. 9
4.1 General ... 9
4.2 Constant values ... 10
4.3 Test strategy ... 12
4.4 Test method ... 14
5 Command dependency relationships ... 15
5.1 Startup command set ... 15
5.2 State save command set... 16
5.3 Self-test command set .. 16
5.4 TCM operating mode setting command set ... 16
5.5 Owner management command set ... 16
5.6 Attribute management command set ... 17
5.7 Upgrading and maintenance command set ... 17
5.8 Authorization value management command set ... 17
5.9 Nonvolatile storage management command set ... 17
5.10 Operating environment management command set ... 18
5.11 Audit command set ... 18
5.12 Clock command set.. 18
5.13 Counter command set ... 18
5.14 TCM endorsement key management command set ... 19
5.15 Platform identity key management command set ... 19
5.16 Data protection operating command set ... 20
5.17 Key management command set .. 20
5.18 Key agreement command set ... 21
5.19 Key migration command set... 21
5.20 Cryptographic service command set ... 21
5.21 Transport session command set .. 22
5.22 Authorization protocol command set ... 22
5.23 Platform configuration register management command set ... 23
6 Vector commands .. 23
6.1 TCM_Startup .. 23
6.2 TCM-SelfTestFull.. 24
6.3 TCM_ContinueSelfTest ... 25
6.4 TCM_GetTestResult ... 25
6.5 TCM_SetOwnerInstall ... 26
6.6 TCM_OwnerSetDisable ... 27
6.7 TCM_PhysicalEnable ... 28
6.8 TCM_PhysicalDisable ... 29
6.9 TCM_SetTempDeactivated ... 30
6.10 TCM_PhysicalSetDeactivated ... 30
6.11 TCM_TakeOwnership .. 31
6.12 TCM_OwnerClear ... 34
6.13 TCM_ForceClear... 36
6.14 TCM_DisableOwnerClear ... 37
6.15 TCM_DisableForceClear .. 38
6.16 TCM_GetCapability .. 39
6.17 TCM_SetCapacity ... 40
6.18 TCM_ResetLockValue ... 41
6.19 TCM_ChangeAuth ... 43
6.20 TCM_ChangeAuthOwner ... 45
6.21 TCM_NV_DefineSpace ... 47
6.22 TCM_NV_WriteValue .. 50
6.23 TCM_NV_ReadValue .. 51
6.24 TCM_FlushSpecifc ... 51
6.25 TCM_GetAuditDigest .. 52
6.26 TCM_GetAuditDigestSigned .. 53
6.27 TCM_SetOrdinalAuditStatus .. 56
6.28 TCM_GetTicks ... 58
6.29 TCM_TickStampBlob .. 59
6.30 TCM_ReadPubEK... 60
6.31 TCM_OwnerReadInternalPub ... 61
6.32 TCM_Make Identity .. 63
6.33 TCM_ActivatePEKCert... 67
6.34 TCM_ActivatePEK ... 69
6.35 TCM_Seal ... 72
6.36 TCM_Unseal ... 75
6.37 TCM_CreateWrapKey ... 79
6.38 TCM_LoadKey ... 82
6.39 TCM_GetPubKey .. 86
6.40 TCM_WrapKey ... 87
6.41 TCM_CertifyKey ... 91
6.42 TCM_AuthorizeMigrationKey ... 92
6.43 TCM_CreateMigratedBlob .. 94
6.44 TCM_ConvertMigratedBlob ... 97
6.45 TCM_SM3Start ... 100
6.46 TCM_Sm3Update .. 101
6.47 TCM_SM3Complete.. 102
6.48 TCM_SM3CompleteExtend ... 103
6.49 TCM_Sign .. 104
6.50 TCM_SM4Encrypt .. 106
6.51 TCM_SM4Decrypt.. 108
6.52 TCM_SM2Decrypt... 110
6.53 TCM_GetRandom ... 113
6.54 TCM_APCreate ... 113
6.55 TCM_APTerminate .. 115
6.56 TCM_Extend .. 117
6.57 TCM_PCRRead ... 118
6.58 TCM_Quote... 118
6.59 TCM_PCR_Reset .. 121
7 Script vectors ... 122
7.1 TCM_SaveState ... 122
7.2 TCM_SaveContext ... 123
7.3 TCM_LoadContext ... 126
7.4 TCM_FiledUpgrade .. 128
Bibliography .. 130
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Attention is drawn to the possibility that some of the elements of this document
may be the subject of patent rights. The issuer of this document shall not be
held responsible for identifying any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of the State
Cryptography Management.
The drafting organizations of this Standard. Institute of Software Chinese
Academy of Sciences, Nationz Technologies Co., Ltd., Legend Holdings Co.,
Ltd., Tongfang Co., Ltd., Beijing Information Science and Technology University.
The main drafters of this Standard. Qin Yu, Wu Qiuxin, Chang Dexian, Chu
Xiaobo, Xu Zhen, Liu Xin, Ning Xiaokui, Zheng Bike, Liu Ren, Li Hao, Zhang
Qianying, Wang Dan, Liu Ziwen, Yu AImin.
Trusted computing - Trusted cryptography
module interface compliance
1 Scope
This Standard is based on GM/T 0011-2012, Trusted computing - Functionality
and interface specification of cryptographic support platform; defines the
command test vectors of trusted cryptography modules; and provides effective
test methods and flexible test scripts.
This Standard applies to the compliance test of trusted cryptography modules,
but it can not replace their security check. The security test of trusted
cryptography modules shall be conducted in accordance with other
specifications.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the edition dated applies to this
document. For undated references, the latest edition of the referenced
documents (including all amendments) applies to This Standard.
GB/T 5271.8-2001, Information technology - Vocabulary - Part 8. Security
GB/T 16264.8-2005, Information technology - Open systems interconnection
- The directory - Part 8. Public-key and attribute certificate frameworks
GB 17859-1999, Classified criteria for security protection of computer
information system
GB/T 18336 (all parts), Information technology - Security techniques -
Evaluation criteria for IT security
GM/T 0002-2012, SM4 Block cipher algorithm
GM/T 0003-2012, Public key cryptographic algorithm SM2 based on elliptic
curves
GM/T 0004-2012, SM3 password hashing algorithm
GM/T 0011-2012, Trusted computing - Functionality and interface
specification of cryptographic support platform
GM/T 0012-2012, Trusted computing - Interface specification of trusted
cryptography module
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
trusted computing platform
The support system which is established in the computing system and used to
implement the trusted computing function.
3.2
trusted cryptography module; TCM
The hardware module of the trusted computing platform, which provides the
cryptographic operation function for the trusted computing platform and has a
protected storage space.
3.3
platform configuration register; PCR
The storage unit inside the trusted cryptography module, which is used to store
platform integrity measurement values.
3.4
TCM endorsement key; EK
The initial key of the trusted cryptography module.
3.5
storage master key; SMK
The master key which is used to protect platform identity keys and user keys.
3.6
hash-based message authentication mode; HMAC
This Standard adopts SM3 hash algorithm provided in GM/T 0004-2012 to
generate message authentication codes.
3.7
This Standard only provides the test strategies and test methods for TCM
co...
Get QUOTATION in 1-minute: Click GM/T 0013-2012
Historical versions: GM/T 0013-2012
Preview True-PDF (Reload/Scroll if blank)
GM/T 0013-2012: Trusted computing--Trusted cryptography module interface compliance
GM/T 0013-2012
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
RECORD NO.. 38311-2013
Trusted computing - Trusted cryptography
module interface compliance
可信计算 可信密码模块接口
ISSUED ON. NOVEMBER 22, 2012
IMPLEMENTED ON. NOVEMBER 22, 2012
Issued by. State Cryptography Management
Table of Contents
Foreword ... 5
Introduction .. 6
1 Scope .. 7
2 Normative references ... 7
3 Terms and definitions ... 8
4 Trusted cryptography module interface compliance test .. 9
4.1 General ... 9
4.2 Constant values ... 10
4.3 Test strategy ... 12
4.4 Test method ... 14
5 Command dependency relationships ... 15
5.1 Startup command set ... 15
5.2 State save command set... 16
5.3 Self-test command set .. 16
5.4 TCM operating mode setting command set ... 16
5.5 Owner management command set ... 16
5.6 Attribute management command set ... 17
5.7 Upgrading and maintenance command set ... 17
5.8 Authorization value management command set ... 17
5.9 Nonvolatile storage management command set ... 17
5.10 Operating environment management command set ... 18
5.11 Audit command set ... 18
5.12 Clock command set.. 18
5.13 Counter command set ... 18
5.14 TCM endorsement key management command set ... 19
5.15 Platform identity key management command set ... 19
5.16 Data protection operating command set ... 20
5.17 Key management command set .. 20
5.18 Key agreement command set ... 21
5.19 Key migration command set... 21
5.20 Cryptographic service command set ... 21
5.21 Transport session command set .. 22
5.22 Authorization protocol command set ... 22
5.23 Platform configuration register management command set ... 23
6 Vector commands .. 23
6.1 TCM_Startup .. 23
6.2 TCM-SelfTestFull.. 24
6.3 TCM_ContinueSelfTest ... 25
6.4 TCM_GetTestResult ... 25
6.5 TCM_SetOwnerInstall ... 26
6.6 TCM_OwnerSetDisable ... 27
6.7 TCM_PhysicalEnable ... 28
6.8 TCM_PhysicalDisable ... 29
6.9 TCM_SetTempDeactivated ... 30
6.10 TCM_PhysicalSetDeactivated ... 30
6.11 TCM_TakeOwnership .. 31
6.12 TCM_OwnerClear ... 34
6.13 TCM_ForceClear... 36
6.14 TCM_DisableOwnerClear ... 37
6.15 TCM_DisableForceClear .. 38
6.16 TCM_GetCapability .. 39
6.17 TCM_SetCapacity ... 40
6.18 TCM_ResetLockValue ... 41
6.19 TCM_ChangeAuth ... 43
6.20 TCM_ChangeAuthOwner ... 45
6.21 TCM_NV_DefineSpace ... 47
6.22 TCM_NV_WriteValue .. 50
6.23 TCM_NV_ReadValue .. 51
6.24 TCM_FlushSpecifc ... 51
6.25 TCM_GetAuditDigest .. 52
6.26 TCM_GetAuditDigestSigned .. 53
6.27 TCM_SetOrdinalAuditStatus .. 56
6.28 TCM_GetTicks ... 58
6.29 TCM_TickStampBlob .. 59
6.30 TCM_ReadPubEK... 60
6.31 TCM_OwnerReadInternalPub ... 61
6.32 TCM_Make Identity .. 63
6.33 TCM_ActivatePEKCert... 67
6.34 TCM_ActivatePEK ... 69
6.35 TCM_Seal ... 72
6.36 TCM_Unseal ... 75
6.37 TCM_CreateWrapKey ... 79
6.38 TCM_LoadKey ... 82
6.39 TCM_GetPubKey .. 86
6.40 TCM_WrapKey ... 87
6.41 TCM_CertifyKey ... 91
6.42 TCM_AuthorizeMigrationKey ... 92
6.43 TCM_CreateMigratedBlob .. 94
6.44 TCM_ConvertMigratedBlob ... 97
6.45 TCM_SM3Start ... 100
6.46 TCM_Sm3Update .. 101
6.47 TCM_SM3Complete.. 102
6.48 TCM_SM3CompleteExtend ... 103
6.49 TCM_Sign .. 104
6.50 TCM_SM4Encrypt .. 106
6.51 TCM_SM4Decrypt.. 108
6.52 TCM_SM2Decrypt... 110
6.53 TCM_GetRandom ... 113
6.54 TCM_APCreate ... 113
6.55 TCM_APTerminate .. 115
6.56 TCM_Extend .. 117
6.57 TCM_PCRRead ... 118
6.58 TCM_Quote... 118
6.59 TCM_PCR_Reset .. 121
7 Script vectors ... 122
7.1 TCM_SaveState ... 122
7.2 TCM_SaveContext ... 123
7.3 TCM_LoadContext ... 126
7.4 TCM_FiledUpgrade .. 128
Bibliography .. 130
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Attention is drawn to the possibility that some of the elements of this document
may be the subject of patent rights. The issuer of this document shall not be
held responsible for identifying any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of the State
Cryptography Management.
The drafting organizations of this Standard. Institute of Software Chinese
Academy of Sciences, Nationz Technologies Co., Ltd., Legend Holdings Co.,
Ltd., Tongfang Co., Ltd., Beijing Information Science and Technology University.
The main drafters of this Standard. Qin Yu, Wu Qiuxin, Chang Dexian, Chu
Xiaobo, Xu Zhen, Liu Xin, Ning Xiaokui, Zheng Bike, Liu Ren, Li Hao, Zhang
Qianying, Wang Dan, Liu Ziwen, Yu AImin.
Trusted computing - Trusted cryptography
module interface compliance
1 Scope
This Standard is based on GM/T 0011-2012, Trusted computing - Functionality
and interface specification of cryptographic support platform; defines the
command test vectors of trusted cryptography modules; and provides effective
test methods and flexible test scripts.
This Standard applies to the compliance test of trusted cryptography modules,
but it can not replace their security check. The security test of trusted
cryptography modules shall be conducted in accordance with other
specifications.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the edition dated applies to this
document. For undated references, the latest edition of the referenced
documents (including all amendments) applies to This Standard.
GB/T 5271.8-2001, Information technology - Vocabulary - Part 8. Security
GB/T 16264.8-2005, Information technology - Open systems interconnection
- The directory - Part 8. Public-key and attribute certificate frameworks
GB 17859-1999, Classified criteria for security protection of computer
information system
GB/T 18336 (all parts), Information technology - Security techniques -
Evaluation criteria for IT security
GM/T 0002-2012, SM4 Block cipher algorithm
GM/T 0003-2012, Public key cryptographic algorithm SM2 based on elliptic
curves
GM/T 0004-2012, SM3 password hashing algorithm
GM/T 0011-2012, Trusted computing - Functionality and interface
specification of cryptographic support platform
GM/T 0012-2012, Trusted computing - Interface specification of trusted
cryptography module
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
trusted computing platform
The support system which is established in the computing system and used to
implement the trusted computing function.
3.2
trusted cryptography module; TCM
The hardware module of the trusted computing platform, which provides the
cryptographic operation function for the trusted computing platform and has a
protected storage space.
3.3
platform configuration register; PCR
The storage unit inside the trusted cryptography module, which is used to store
platform integrity measurement values.
3.4
TCM endorsement key; EK
The initial key of the trusted cryptography module.
3.5
storage master key; SMK
The master key which is used to protect platform identity keys and user keys.
3.6
hash-based message authentication mode; HMAC
This Standard adopts SM3 hash algorithm provided in GM/T 0004-2012 to
generate message authentication codes.
3.7
This Standard only provides the test strategies and test methods for TCM
co...