GM/T 0041-2015 English PDF (GMT0041-2015)
GM/T 0041-2015 English PDF (GMT0041-2015)
Regular price
$150.00 USD
Regular price
Sale price
$150.00 USD
Unit price
/
per
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0041-2015
Historical versions: GM/T 0041-2015
Preview True-PDF (Reload/Scroll if blank)
GM/T 0041-2015: Cryptographic test specification for smart card
GM/T 0041-2015
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 49740-2015
Cryptographic test specification for smart card
ISSUED ON. APRIL 1, 2015
IMPLEMENTED ON. APRIL 1, 2015
Issued by. State Cryptography Administration
Table of Contents
Foreword . 3
1 Scope .. 4
2 Normative references .. 4
3 Terms and definitions .. 4
4 Symbols and abbreviations . 5
5 Test items .. 6
5.1 COS security management function test .. 6
5.2 COS security mechanism test . 6
5.3 Cryptographic key primality test . 7
5.4 Random number quality test .. 7
5.5 Correctness test of cryptographic algorithm implementation .. 7
5.6 Performance test of cryptographic algorithm implementation .. 7
5.7 Device security testing . 8
6 Test methods .. 8
6.1 General requirements .. 8
6.2 COS security management function test .. 8
6.3 COS security mechanism test .. 17
6.4 RSA key primality test .. 21
6.5 Random number quality test . 21
6.6 Correctness test of cryptographic algorithm implementation . 21
6.7 Performance test of cryptographic algorithm implementation .. 23
6.8 Device security testing .. 26
7 Qualification criteria .. 26
References . 28
Cryptographic test specification for smart card
1 Scope
This Standard specifies the test items and methods of smart IC card products.
This Standard is applicable to the cryptographic test of smart IC card products;
and can also be used to guide the research and development of smart IC card
products. Smart IC card products include, but are not limited to, financial IC
card, bus IC card, etc.
2 Normative references
The following documents are essential to the application of this document. For
the dated references, only the versions with the dates indicated are applicable
to this document. For the undated references, the latest version (including all
the amendments) are applicable to this document.
GM/T 0005 Randomness Test Specification
GM/T 0039 Security Test Requirements for Cryptographic Modules
GM/Z 4001 Cryptography terminologies
3 Terms and definitions
What defined in GM/Z 4001, and the following terms and definitions are
applicable to this document.
3.1 Symmetric cryptographic algorithm
The cryptographic algorithm which uses the same cryptographic key for
encryption and decryption.
3.2 Asymmetric cryptographic algorithm/public key cryptographic
algorithm
The cryptographic algorithm which uses different cryptographic keys for
encryption and decryption. One key (public key) can be made public; the other
key (private key) must be kept secret. It is not computationally feasible to solve
the private key from the public key.
b) Key security transport testing;
c) Security state and access permission testing;
d) Application firewall testing.
5.3 Cryptographic key primality test
The primality of RSA key generated by smart IC card shall meet the requirement
of large prime number.
5.4 Random number quality test
The randomness of the random number generated by smart IC card shall meet
the requirement in GM/T 0005.
5.5 Correctness test of cryptographic algorithm implementation
The correctness test of cryptographic algorithm implementation includes the
testing on the following 6 aspects.
a) Correctness testing of block algorithm implementation;
b) Correctness testing of key generation of asymmetric key cryptographic
algorithm;
c) Correctness testing of encryption and decryption implementation of
asymmetric key cryptographic algorithm;
d) Correctness testing of digital signature and signature authentication of
asymmetric key cryptographic algorithm;
e) Correctness testing of hash algorithm implementation;
f) Correctness testing of sequence algorithm.
5.6 Performance test of cryptographic algorithm implementation
The performance test of cryptographic algorithm implementation includes the
performance testing on the following 11 aspects.
a) Encryption performance testing of block key cryptographic algorithm;
b) Decryption performance testing of block key cryptographic algorithm;
c) Performance testing of hash algorithm;
d) Encryption performance testing of asymmetric key cryptographic
security state. The target of testing shall return that the security state is
not met;
c) After the authentication, OPERATE the document which requires security
state. The target of testing shall return a successful operation.
6.2.1.2 Abnormal condition testing
The testing steps are as follows.
a) USE a wrong external authentication key to authenticate. The target of
testing shall return unsuccessful operation and prompt the remaining
number of authentication. When the remaining number of authentication
is zero, the external authentication key locks;
b) USE a wrong external authentication key to authenticate. After the
authentication, OPERATE the document which requires security state.
The target of testing shall return that the security state is not met;
c) USE a wrong key identifier to do external authentication. The target of
testing shall return that the cryptographic key is not found;
d) When there are multiple external authentication keys in a target of testing,
successfully AUTHENTICATE external authentication key 1 and
OPERATE the document protected by external authentication key 2; the
target of testing shall return that the security state is not met.
6.2.2 Internal authentication testing
USE the standard testing data to do internal authentication; the results, which
shall be returned by target of testing, shall be consistent with the expected
results.
6.2.3 PIN authentication testing
6.2.3.1 Normal condition testing
The testing steps are as follows.
a) USE a correct PIN to authenticate. The target of testing shall return a
response of successful authentication;
b) Before the authentication, OPERATE the document which needs to be
protected by PIN. The target of testing shall return that the security state
is not met;
c) After the authentication, OPERATE the document which needs to be
number;
e) The length of PIN exceeds the specified range; the target of testing shall
return unsuccess;
f) For 3 consecutive times, USE wrong cryptographic key to calculate MAC
for unlocking operation, the application locks.
6.2.7 Application locking testing
6.2.7.1 Normal condition testing
The testing steps are as follows.
a) USE a correct method to calculate MAC for application locking. The target
of testing shall return successful application locking;
b) After the application is temporarily locked, only the commands used to
select application, take response data, take random number, apply
unlocking can be performed. Otherwise, the target of testing returns that
the use condition is not met;
c) After the application is permanently locked, only the commands used to
select application, take response data, take random number can be
performed. Otherwise, the target of testing returns permanent application
locking.
6.2.7.2 Abnormal condition testing
The testing steps are as follows.
a) USE a wrong Lc to calculate MAC for application locking operation. The
target of testing shall return security message error;
b) USE a wrong filling method to calculate MAC for application locking
operation. The target of testing shall return security message error;
c) USE a wrong cryptographic key to calculate MAC for appl...
Get QUOTATION in 1-minute: Click GM/T 0041-2015
Historical versions: GM/T 0041-2015
Preview True-PDF (Reload/Scroll if blank)
GM/T 0041-2015: Cryptographic test specification for smart card
GM/T 0041-2015
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 49740-2015
Cryptographic test specification for smart card
ISSUED ON. APRIL 1, 2015
IMPLEMENTED ON. APRIL 1, 2015
Issued by. State Cryptography Administration
Table of Contents
Foreword . 3
1 Scope .. 4
2 Normative references .. 4
3 Terms and definitions .. 4
4 Symbols and abbreviations . 5
5 Test items .. 6
5.1 COS security management function test .. 6
5.2 COS security mechanism test . 6
5.3 Cryptographic key primality test . 7
5.4 Random number quality test .. 7
5.5 Correctness test of cryptographic algorithm implementation .. 7
5.6 Performance test of cryptographic algorithm implementation .. 7
5.7 Device security testing . 8
6 Test methods .. 8
6.1 General requirements .. 8
6.2 COS security management function test .. 8
6.3 COS security mechanism test .. 17
6.4 RSA key primality test .. 21
6.5 Random number quality test . 21
6.6 Correctness test of cryptographic algorithm implementation . 21
6.7 Performance test of cryptographic algorithm implementation .. 23
6.8 Device security testing .. 26
7 Qualification criteria .. 26
References . 28
Cryptographic test specification for smart card
1 Scope
This Standard specifies the test items and methods of smart IC card products.
This Standard is applicable to the cryptographic test of smart IC card products;
and can also be used to guide the research and development of smart IC card
products. Smart IC card products include, but are not limited to, financial IC
card, bus IC card, etc.
2 Normative references
The following documents are essential to the application of this document. For
the dated references, only the versions with the dates indicated are applicable
to this document. For the undated references, the latest version (including all
the amendments) are applicable to this document.
GM/T 0005 Randomness Test Specification
GM/T 0039 Security Test Requirements for Cryptographic Modules
GM/Z 4001 Cryptography terminologies
3 Terms and definitions
What defined in GM/Z 4001, and the following terms and definitions are
applicable to this document.
3.1 Symmetric cryptographic algorithm
The cryptographic algorithm which uses the same cryptographic key for
encryption and decryption.
3.2 Asymmetric cryptographic algorithm/public key cryptographic
algorithm
The cryptographic algorithm which uses different cryptographic keys for
encryption and decryption. One key (public key) can be made public; the other
key (private key) must be kept secret. It is not computationally feasible to solve
the private key from the public key.
b) Key security transport testing;
c) Security state and access permission testing;
d) Application firewall testing.
5.3 Cryptographic key primality test
The primality of RSA key generated by smart IC card shall meet the requirement
of large prime number.
5.4 Random number quality test
The randomness of the random number generated by smart IC card shall meet
the requirement in GM/T 0005.
5.5 Correctness test of cryptographic algorithm implementation
The correctness test of cryptographic algorithm implementation includes the
testing on the following 6 aspects.
a) Correctness testing of block algorithm implementation;
b) Correctness testing of key generation of asymmetric key cryptographic
algorithm;
c) Correctness testing of encryption and decryption implementation of
asymmetric key cryptographic algorithm;
d) Correctness testing of digital signature and signature authentication of
asymmetric key cryptographic algorithm;
e) Correctness testing of hash algorithm implementation;
f) Correctness testing of sequence algorithm.
5.6 Performance test of cryptographic algorithm implementation
The performance test of cryptographic algorithm implementation includes the
performance testing on the following 11 aspects.
a) Encryption performance testing of block key cryptographic algorithm;
b) Decryption performance testing of block key cryptographic algorithm;
c) Performance testing of hash algorithm;
d) Encryption performance testing of asymmetric key cryptographic
security state. The target of testing shall return that the security state is
not met;
c) After the authentication, OPERATE the document which requires security
state. The target of testing shall return a successful operation.
6.2.1.2 Abnormal condition testing
The testing steps are as follows.
a) USE a wrong external authentication key to authenticate. The target of
testing shall return unsuccessful operation and prompt the remaining
number of authentication. When the remaining number of authentication
is zero, the external authentication key locks;
b) USE a wrong external authentication key to authenticate. After the
authentication, OPERATE the document which requires security state.
The target of testing shall return that the security state is not met;
c) USE a wrong key identifier to do external authentication. The target of
testing shall return that the cryptographic key is not found;
d) When there are multiple external authentication keys in a target of testing,
successfully AUTHENTICATE external authentication key 1 and
OPERATE the document protected by external authentication key 2; the
target of testing shall return that the security state is not met.
6.2.2 Internal authentication testing
USE the standard testing data to do internal authentication; the results, which
shall be returned by target of testing, shall be consistent with the expected
results.
6.2.3 PIN authentication testing
6.2.3.1 Normal condition testing
The testing steps are as follows.
a) USE a correct PIN to authenticate. The target of testing shall return a
response of successful authentication;
b) Before the authentication, OPERATE the document which needs to be
protected by PIN. The target of testing shall return that the security state
is not met;
c) After the authentication, OPERATE the document which needs to be
number;
e) The length of PIN exceeds the specified range; the target of testing shall
return unsuccess;
f) For 3 consecutive times, USE wrong cryptographic key to calculate MAC
for unlocking operation, the application locks.
6.2.7 Application locking testing
6.2.7.1 Normal condition testing
The testing steps are as follows.
a) USE a correct method to calculate MAC for application locking. The target
of testing shall return successful application locking;
b) After the application is temporarily locked, only the commands used to
select application, take response data, take random number, apply
unlocking can be performed. Otherwise, the target of testing returns that
the use condition is not met;
c) After the application is permanently locked, only the commands used to
select application, take response data, take random number can be
performed. Otherwise, the target of testing returns permanent application
locking.
6.2.7.2 Abnormal condition testing
The testing steps are as follows.
a) USE a wrong Lc to calculate MAC for application locking operation. The
target of testing shall return security message error;
b) USE a wrong filling method to calculate MAC for application locking
operation. The target of testing shall return security message error;
c) USE a wrong cryptographic key to calculate MAC for appl...