Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GM/T 0058-2018 English PDF (GMT0058-2018)

GM/T 0058-2018 English PDF (GMT0058-2018)

Regular price $610.00 USD
Regular price Sale price $610.00 USD
Sale Sold out
Shipping calculated at checkout.
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0058-2018
Historical versions: GM/T 0058-2018
Preview True-PDF (Reload/Scroll if blank)

GM/T 0058-2018: Trusted computing-TCM service module interface specification
GM/T 0058-2018
CRYPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Registration number: 62993-2018
GB/T 0058-2018
Trusted computing -
TCM service module interface specification
ISSUED ON: MAY 02, 2018
IMPLEMENTED ON: MAY 02, 2018
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3 
Introduction ... 4 
1 Scope ... 5 
2 Normative references ... 5 
3 Terms and definitions ... 5 
4 Abbreviations ... 9 
5 Software architecture ... 10 
6 TCM application service ... 11 
6.1 Definition of class ... 11 
6.2 Relationship between class and object ... 13 
6.3 Interface ... 15 
7 TCM core services ... 146 
7.1 Management of TCM core service ... 146 
7.2 Trusted cryptographic module management ... 159 
7.3 Platform identity and authentication ... 191 
7.4 Protection of platform data ... 200 
7.5 Integrity measurements and reports ... 227 
8 TDDL device driver library ... 230 
8.1 TDDL architecture ... 230 
8.2 TDDL memory management ... 231 
8.3 TDDL error codes and definitions ... 231 
8.4 TDDL interface ... 231 
Appendix A (Normative) Interface data structure ... 239 
A.1 Basic definition ... 239 
A.2 Data structure ... 259 
A.3 Processing of authorization data ... 265 
Trusted computing -
TCM service module interface specification
1 Scope
This standard specifies the composition and interface standards of the TCM
service module, including TSP, TCS, TDDL, which are TCM application layer-
faced interface standards.
This standard applies to the development of TCM-based application.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 32905-2016 Information security technology SM3 cryptographic hash
algorithm
GB/T 32907-2016 Information security technology - SM4 b1ock cipher
algorithm
GB/T 32918.2-2016 Elliptic curve public - Key cryptography - Part 2: Digital
signature algorithm
GB/T 32918.4-2016 Elliptic curve public - Key cryptography algorithm Part
4: Public key encryption algorithm
GM/T 0005-2012 Randomness test specification
GM/T 0009-2012 SM2 cryptography algorithm application specification
GM/T 0015-2012 Digital certificate format based on SM2 cryptographic
algorithm
3 Terms and definitions
The following terms and definitions apply to this document.
Root of trust for measurement
A trusted integrity metric unit that is the basis for trusted metrics within a
trusted computing platform.
3.8
Root of trust for storage
A universal security mechanism that is the basis for trusted storage within a
trusted computing platform.
3.9
Root of trust for reporting
The cryptographic module key, which is the basis for trusted reporting within
the trusted computing platform.
3.10
Trusted cryptography module
The hardware module of the trusted computing platform, which provides
cryptographic computing functions for the trusted computing platform and
has a protected storage space.
3.11
TCM service module
The software module inside the cryptographic support platform for trusted
computing, which is a software interface for accessing the trusted
cryptographic module outside the platform.
3.12
Trusted party
An organization that provides credible certification, including trusted third
parties and authorities.
3.13
tcm endorsement key
Endorsement key of the trusted cryptographic module.
3.14
The hash value obtained after the component is measured.
3.22
Predefined integrity value
The hash value as obtained by measuring the component in a trusted state.
This value serves as a basis for the integrity verification.
3.23
Trusted chain
During system startup and operation, the trust transfer method as
established between components by the use of the integrity measurement
method.
4 Abbreviations
The following abbreviations apply to this document.
EK: TCM Endorsement Key
HMAC: The keyed-hash message authentication code
NV: Non-Volatility
PCR: Platform Configuration Register
PEK: Platform Encryption Key
PIK: Platform Identity Key
SMK: Storage Master Key
TCM: Trusted Cryptography Module
TSM: TCM service module
TSP: TCM Service Provider
TCS: TCM Core Services
TDD: TCM Device Driver
TDDL: TCM Device Driver Library
TDDLI: TCM Device Driver Library Interface
The execution of a TSM requires a TSP:
1) They are responsible for protecting the transmission of information and
data between applications;
2) Provide a C language interface or a generic interface that can be called
by various platforms, as well as a dynamic link or static connection to the
application;
3) TSM running on Windows operating system can also provide COM
interface.
b) TCM Core Services (TCS)
The TCS is located between the TSM Service Provider (TSP) layer and the
TCM Device Driver Library (TDDL) layer, in a form of system services. It
provides functional interfaces such as TCM usage and key management for
upper-layer applications such as TSP.
TCS can be divided into the following based on different functions:
Basic information management, key management, key cache management,
event management, authorization operation, integrity operation, migration
operation, cryptographic operation, identity certificate operation, device
operation, key exchange, totally 11 modules, of which basic information
management, key management, event management belong to the TCS
manager; the key cache management, authorization operations, integrity
operations, migration operations, cryptographic operations, identity
certificate operations, device operations are all TCM operations.
c) TCM Device Driver Library (TDDL)
TDDL is located between the TCM Core Service (TCS) layer and the TCM
Device Driver (TDD) layer. The main purpose is to provide a standard
interface on top of TDD, shield the difference of I/O control information of
each device, complete the transfer of information in user software and kernel
software.
This standard makes explanation using the C language as an example to
compile relevant functions and interfaces.
6 TCM application service
6.1 Definition of class
The TCM application service defines the following classes:
Table 4 -- Description of attributes
Attributes Sub-attributes Attribute value
TSM_TCSCAP_ALG TSM_ALG_XX: represents the name of supported algorithm
If BOOL returns TRUE, it means the
system service supports the algorithm; if
it returns FALSE, it means not support
TSM_TCSCAP_VERSION Get TSM_VERSION structure description data from system service
TSM_TCSCAP_CACHING TSM_TCSCAP_PROP_KEY-CACHE
If BOOL returns TRUE, it means the
system service supports the key cache; if
it returns FALSE, it means not support
TSM_TCSCAP_CACHING TSM_TCSCAP_PROP_AUTH-CACHE
If BOOL returns TRUE, it means the
system service supports authorized
protocol cache; if it returns FALSE, it
means not support
TSM_TCSCAP_PERSSTORAGE
If BOOL returns TRUE, it means the
system service supports permanent
storage; if it returns FALSE, it means not
support
TSM_TSPCAP_ALG TSM_ALG_DEFAULT Return the default...
View full details