GM/T 0127-2023 Mobile terminal cryptographic module application interface specification
1 Scope
This document specifies the structure model, data type definition, application interface, and security requirements of mobile terminal cryptographic modules.
This document is applicable to the development and use of mobile terminal cryptographic module products, as well as the application development and detection based on such cryptographic products.
2 Normative references
The following documents contain provisions which, through reference in this text, constitute provisions of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 15852.1 Information technology - Security techniques - Message authentication codes - Part 1: Mechanisms using a block cipher
GB/T 32905 Information security techniques - SM3 cryptographic hash algorithm
GB/T 32907 Information security technology - SM4 block cipher algorithm
GB/T 32918 (all parts) Information security technology - Public key cryptographic algorithm SM2 based on elliptic curves
GB/T 33560 Information security technology - Cryptographic application identifier criterion specification
GB/T 35276 Information security technology - SM2 cryptographic algorithm usage specification
GB/T 37092 Information security technology - Security requirements for cryptographic modules
GM/T 0017-2023 Smart token cryptography application interface data format specification
GM/Z 4001 Cryptology terminology
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GM/Z 4001 and the following apply.
3.1
cryptographic module
set of hardware, software, and/or firmware that implements security functions and is contained within the cryptographic boundary
3.2
module authentication
authentication of application programs by the mobile terminal cryptographic module
3.3
module authentication key
key used for module authentication
3.4
container
unique storage space divided for saving keys in the cryptographic module
3.5
application
structure including the PIN, files, and containers, with independent rights management
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
MAC: Message Authentication Code
PIN: Personal Identification Number
5 Structural model
5.1 Hierarchy
In the mobile terminal, the mobile terminal cryptographic module application interface is located between the mobile terminal application program and the mobile terminal cryptographic module, as shown in Figure 1.
Foreword i
Introduction ii
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Structural model
5.1 Hierarchy
5.2 Application structure of the module
6 Definitions of data types
6.1 Definition description of the algorithm identifier and data type
6.2 Definitions of basic data types
6.3 Definitions of composite data types
7 Mobile terminal cryptographic module application interface
7.1 General
7.2 Cryptographic algorithm implementation requirements
7.3 Definition of the cryptographic application package
7.4 Definition of the cryptographic application interface
7.5 Cryptographic module class
7.6 Module connection interface
7.7 Module interface
7.8 Application interface
7.9 Container interface
7.10 Session key interface
7.11 Cryptographic hash interface
7.12 Message authentication code interface
7.13 Keyed-hash message authentication code interface
8 Safety requirements
8.1 Module usage phase
8.2 Right management
8.3 Other security requirements
Annex A (Normative) Predefined values and description of exception code
GM/T 0127-2023 Mobile terminal cryptographic module application interface specification
1 Scope
This document specifies the structure model, data type definition, application interface, and security requirements of mobile terminal cryptographic modules.
This document is applicable to the development and use of mobile terminal cryptographic module products, as well as the application development and detection based on such cryptographic products.
2 Normative references
The following documents contain provisions which, through reference in this text, constitute provisions of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 15852.1 Information technology - Security techniques - Message authentication codes - Part 1: Mechanisms using a block cipher
GB/T 32905 Information security techniques - SM3 cryptographic hash algorithm
GB/T 32907 Information security technology - SM4 block cipher algorithm
GB/T 32918 (all parts) Information security technology - Public key cryptographic algorithm SM2 based on elliptic curves
GB/T 33560 Information security technology - Cryptographic application identifier criterion specification
GB/T 35276 Information security technology - SM2 cryptographic algorithm usage specification
GB/T 37092 Information security technology - Security requirements for cryptographic modules
GM/T 0017-2023 Smart token cryptography application interface data format specification
GM/Z 4001 Cryptology terminology
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GM/Z 4001 and the following apply.
3.1
cryptographic module
set of hardware, software, and/or firmware that implements security functions and is contained within the cryptographic boundary
3.2
module authentication
authentication of application programs by the mobile terminal cryptographic module
3.3
module authentication key
key used for module authentication
3.4
container
unique storage space divided for saving keys in the cryptographic module
3.5
application
structure including the PIN, files, and containers, with independent rights management
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
MAC: Message Authentication Code
PIN: Personal Identification Number
5 Structural model
5.1 Hierarchy
In the mobile terminal, the mobile terminal cryptographic module application interface is located between the mobile terminal application program and the mobile terminal cryptographic module, as shown in Figure 1.
Contents of GM/T 0127-2023
Foreword i
Introduction ii
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Structural model
5.1 Hierarchy
5.2 Application structure of the module
6 Definitions of data types
6.1 Definition description of the algorithm identifier and data type
6.2 Definitions of basic data types
6.3 Definitions of composite data types
7 Mobile terminal cryptographic module application interface
7.1 General
7.2 Cryptographic algorithm implementation requirements
7.3 Definition of the cryptographic application package
7.4 Definition of the cryptographic application interface
7.5 Cryptographic module class
7.6 Module connection interface
7.7 Module interface
7.8 Application interface
7.9 Container interface
7.10 Session key interface
7.11 Cryptographic hash interface
7.12 Message authentication code interface
7.13 Keyed-hash message authentication code interface
8 Safety requirements
8.1 Module usage phase
8.2 Right management
8.3 Other security requirements
Annex A (Normative) Predefined values and description of exception code