GM/T 0039-2015 English PDF (GMT0039-2015)
GM/T 0039-2015 English PDF (GMT0039-2015)
Regular price
$365.00 USD
Regular price
Sale price
$365.00 USD
Unit price
/
per
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0039-2015
Historical versions: GM/T 0039-2015
Preview True-PDF (Reload/Scroll if blank)
GM/T 0039-2015: Security test requirements for cryptographic modules
GM/T 0039-2015
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 49738-2015
Security test requirements for cryptographic modules
ISSUED ON. APRIL 1, 2015
IMPLEMENTED ON. APRIL 1, 2015
Issued by. State Cryptography Administration
Table of Contents
Foreword . 3
1 Scope .. 4
2 Normative references .. 4
3 Terms and definitions .. 4
4 Abbreviations .. 4
5 Document organization . 5
5.1 General .. 5
5.2 Clauses and security requirements .. 5
5.3 Description of reference clauses . 6
6 Security test requirements .. 6
6.1 General requirements . 6
6.2 Cryptographic module specification .. 7
6.3 Cryptographic module interfaces .. 23
6.4 Roles, services, and authentication . 40
6.5 Software / Firmware security .. 65
6.6 Operational environment .. 72
6.7 Physical security . 88
6.8 Non-invasive security . 119
6.9 Sensitive security parameter management . 121
6.10 Self-tests .. 137
6.11 Life-cycle assurance .. 162
6.12 Mitigation of other attacks .. 180
6.13 A - Documentation requirements . 181
6.14 B - Cryptographic module security policy .. 182
6.15 C - Approved security functions .. 183
6.16 D - Approved sensitive security parameter generation and establishment
methods .. 183
6.17 E - Approved authentication mechanisms . 183
6.18 F - Non-invasive attacks and common mitigation test metrics .. 183
Annex A (Informative) Security level correspondence tables . 184
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
This Standard was prepared by redrafting with reference to ISO / IEC
24759.2014 Information technology - Security techniques - Test requirements
for cryptographic modules. The degree of consistency with ISO / IEC
24759.2014 is not equivalent.
Attention is drawn to the possibility that some of the elements of this document
may be the subject of patent rights. The issuing authority shall not be held
responsible for identifying any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of Technical
Committee for Standardization of Cryptography Industry.
Main drafting organizations of this Standard. Bejing Watchdata Intelligent
Technology Co., Ltd, Feitian Technologies Co., Ltd, Beijing HuaDa ZhiBao
Electronic System Co., Ltd, Beijing Haitai Fangyuan Technologies Co., Ltd,
Commercial Cryptography Testing Center of State Cryptography Administration,
Data Assurance and Communications Security (DCS) Center, Beijing Creative
Century Technology Co., Ltd, Shanghai Koal Software Co., Ltd.
Main drafters of this Standard. Wang Xuelin, Li Dawei, Deng Kaiyong, Chen
Guo, Chen Baoru, Zhang Yifei, Hu Boliang, Zhu Pengfei, Luo Peng, Zhang
Zhong, Lei Yinhua, Mo Fan, Lin Chun, Jiang Hongyu, Tan Wuzheng, Zhang
Wantao, Gao Neng.
Security test requirements for cryptographic modules
1 Scope
This Standard specifies a series of test procedures, test methods and
corresponding document submission requirements for cryptographic modules,
in accordance with the requirements of GM/T 0028-2014.
This Standard is applicable to the tests of cryptographic modules.
2 Normative references
The following documents are essential to the application of this document. For
dated references, only the editions with the dates indicated are applicable to
this document. For undated references, only the latest editions (including all the
amendments) are applicable to this document.
GM/T 0028-2014 Security requirements for cryptographic modules
GM/Z 4001 Cryptology terminology
3 Terms and definitions
The terms and definitions defined in GM/T 0028-2014 and GM/Z 4001 are
applicable to this document.
4 Abbreviations
The following abbreviations are applicable to this document.
API Application Program Interface
CBC Cipher Block Chaining
CSP Critical Security Parameter
EDC Error Detection Code
EFP Environmental Failure Protection
EFT Environmental Failure Testing
Following each clause is the requirements for the required vendor
documentation. These requirements describe the types of documentation or
explicit information that the vendor shall provide in order for the tester to verify
conformity (of the documentation or information) to the given clause.
These requirements are denoted by the form.
CY< requirement number>.< clause sequence number>.< sequence number>
where “CY” represents the requirements for the documents that are submitted
by the vendor, “requirement number” and “clause sequence number” are
identical to those in the corresponding security requirement, and “sequence
number” is a sequential identifier for vendor requirements within the clause.
Following the required vendor documentation is the requirements for the
required test procedures. These requirements instruct the tester as to what he
or she shall do in order to test the cryptographic module with respect to the
given clause.
These requirements are denoted by the form.
JY< requirement number>.< clause sequence number>.< sequence number>
where “JY” represents the requirements for the test procedures and methods,
“requirement number” and “clause sequence number” are identical to those in
the corresponding security requirement, and “sequence number” is a sequential
identifier for tester requirements within the clause.
5.3 Description of reference clauses
For coherence in the statements, this Standard adds supplementary statements
to some of the clauses that are direct quotations from GM/T 0028-2014. These
statements have been put between curly brackets “{” and “}” and are italicized
in bold font of Song typeface.
In addition, the “shall” used in the requirements for the vendor documentation
and the requirements for the test procedures required by this Standard have
the same meaning as the “should” in the clauses that are directly quoted from
GM/T 0028-2014.
6 Security test requirements
6.1 General requirements
NOTE. This subclause states general requirements to meet the articles of the other subclauses in Clause
6.
description of the approved mode of operation.
JY02.19.02. The tester shall verify that it is able to activate the approved mode
of operation according to the method described in the vendor documentation.
JY02.19.03. The tester shall verify that the operator is able to operate the
cryptographic module in an approved mode of operation.
AY02.20. (Security levels 1, 2, 3 and 4)
An approved mode of operation shall be defined as the set of services
which include at least one service that utilizes an approved cryptographic
algorithm, security function or process.
Required vendor documentation
CY02.20.01. The vendor documentation shall describe the approved
cryptographic algorithm, security function or process that is used in the
approved mode of operation for the cryptographic module and those services
specified in 7.4.3 of GM/T 0028-2014.
CY02.20.02. The vendor documentation shall provide a verification certificate
that includes all approved cryptographic algorithms, security functions or
processes.
Required test procedures
JY02.20.01. The tester shall verify the approved mode of operation described
in the documentation, and that at least one service uses the approved
cryptographic algorithm, security function or process and those services or
processes specified in 7.4.3 of GM/T 0028-2014.
JY02.20.02. The...
Get QUOTATION in 1-minute: Click GM/T 0039-2015
Historical versions: GM/T 0039-2015
Preview True-PDF (Reload/Scroll if blank)
GM/T 0039-2015: Security test requirements for cryptographic modules
GM/T 0039-2015
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 49738-2015
Security test requirements for cryptographic modules
ISSUED ON. APRIL 1, 2015
IMPLEMENTED ON. APRIL 1, 2015
Issued by. State Cryptography Administration
Table of Contents
Foreword . 3
1 Scope .. 4
2 Normative references .. 4
3 Terms and definitions .. 4
4 Abbreviations .. 4
5 Document organization . 5
5.1 General .. 5
5.2 Clauses and security requirements .. 5
5.3 Description of reference clauses . 6
6 Security test requirements .. 6
6.1 General requirements . 6
6.2 Cryptographic module specification .. 7
6.3 Cryptographic module interfaces .. 23
6.4 Roles, services, and authentication . 40
6.5 Software / Firmware security .. 65
6.6 Operational environment .. 72
6.7 Physical security . 88
6.8 Non-invasive security . 119
6.9 Sensitive security parameter management . 121
6.10 Self-tests .. 137
6.11 Life-cycle assurance .. 162
6.12 Mitigation of other attacks .. 180
6.13 A - Documentation requirements . 181
6.14 B - Cryptographic module security policy .. 182
6.15 C - Approved security functions .. 183
6.16 D - Approved sensitive security parameter generation and establishment
methods .. 183
6.17 E - Approved authentication mechanisms . 183
6.18 F - Non-invasive attacks and common mitigation test metrics .. 183
Annex A (Informative) Security level correspondence tables . 184
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
This Standard was prepared by redrafting with reference to ISO / IEC
24759.2014 Information technology - Security techniques - Test requirements
for cryptographic modules. The degree of consistency with ISO / IEC
24759.2014 is not equivalent.
Attention is drawn to the possibility that some of the elements of this document
may be the subject of patent rights. The issuing authority shall not be held
responsible for identifying any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of Technical
Committee for Standardization of Cryptography Industry.
Main drafting organizations of this Standard. Bejing Watchdata Intelligent
Technology Co., Ltd, Feitian Technologies Co., Ltd, Beijing HuaDa ZhiBao
Electronic System Co., Ltd, Beijing Haitai Fangyuan Technologies Co., Ltd,
Commercial Cryptography Testing Center of State Cryptography Administration,
Data Assurance and Communications Security (DCS) Center, Beijing Creative
Century Technology Co., Ltd, Shanghai Koal Software Co., Ltd.
Main drafters of this Standard. Wang Xuelin, Li Dawei, Deng Kaiyong, Chen
Guo, Chen Baoru, Zhang Yifei, Hu Boliang, Zhu Pengfei, Luo Peng, Zhang
Zhong, Lei Yinhua, Mo Fan, Lin Chun, Jiang Hongyu, Tan Wuzheng, Zhang
Wantao, Gao Neng.
Security test requirements for cryptographic modules
1 Scope
This Standard specifies a series of test procedures, test methods and
corresponding document submission requirements for cryptographic modules,
in accordance with the requirements of GM/T 0028-2014.
This Standard is applicable to the tests of cryptographic modules.
2 Normative references
The following documents are essential to the application of this document. For
dated references, only the editions with the dates indicated are applicable to
this document. For undated references, only the latest editions (including all the
amendments) are applicable to this document.
GM/T 0028-2014 Security requirements for cryptographic modules
GM/Z 4001 Cryptology terminology
3 Terms and definitions
The terms and definitions defined in GM/T 0028-2014 and GM/Z 4001 are
applicable to this document.
4 Abbreviations
The following abbreviations are applicable to this document.
API Application Program Interface
CBC Cipher Block Chaining
CSP Critical Security Parameter
EDC Error Detection Code
EFP Environmental Failure Protection
EFT Environmental Failure Testing
Following each clause is the requirements for the required vendor
documentation. These requirements describe the types of documentation or
explicit information that the vendor shall provide in order for the tester to verify
conformity (of the documentation or information) to the given clause.
These requirements are denoted by the form.
CY< requirement number>.< clause sequence number>.< sequence number>
where “CY” represents the requirements for the documents that are submitted
by the vendor, “requirement number” and “clause sequence number” are
identical to those in the corresponding security requirement, and “sequence
number” is a sequential identifier for vendor requirements within the clause.
Following the required vendor documentation is the requirements for the
required test procedures. These requirements instruct the tester as to what he
or she shall do in order to test the cryptographic module with respect to the
given clause.
These requirements are denoted by the form.
JY< requirement number>.< clause sequence number>.< sequence number>
where “JY” represents the requirements for the test procedures and methods,
“requirement number” and “clause sequence number” are identical to those in
the corresponding security requirement, and “sequence number” is a sequential
identifier for tester requirements within the clause.
5.3 Description of reference clauses
For coherence in the statements, this Standard adds supplementary statements
to some of the clauses that are direct quotations from GM/T 0028-2014. These
statements have been put between curly brackets “{” and “}” and are italicized
in bold font of Song typeface.
In addition, the “shall” used in the requirements for the vendor documentation
and the requirements for the test procedures required by this Standard have
the same meaning as the “should” in the clauses that are directly quoted from
GM/T 0028-2014.
6 Security test requirements
6.1 General requirements
NOTE. This subclause states general requirements to meet the articles of the other subclauses in Clause
6.
description of the approved mode of operation.
JY02.19.02. The tester shall verify that it is able to activate the approved mode
of operation according to the method described in the vendor documentation.
JY02.19.03. The tester shall verify that the operator is able to operate the
cryptographic module in an approved mode of operation.
AY02.20. (Security levels 1, 2, 3 and 4)
An approved mode of operation shall be defined as the set of services
which include at least one service that utilizes an approved cryptographic
algorithm, security function or process.
Required vendor documentation
CY02.20.01. The vendor documentation shall describe the approved
cryptographic algorithm, security function or process that is used in the
approved mode of operation for the cryptographic module and those services
specified in 7.4.3 of GM/T 0028-2014.
CY02.20.02. The vendor documentation shall provide a verification certificate
that includes all approved cryptographic algorithms, security functions or
processes.
Required test procedures
JY02.20.01. The tester shall verify the approved mode of operation described
in the documentation, and that at least one service uses the approved
cryptographic algorithm, security function or process and those services or
processes specified in 7.4.3 of GM/T 0028-2014.
JY02.20.02. The...