1
/
of
11
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GM/T 0059-2018 English PDF (GMT0059-2018)
GM/T 0059-2018 English PDF (GMT0059-2018)
Regular price
$250.00 USD
Regular price
Sale price
$250.00 USD
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0059-2018
Historical versions: GM/T 0059-2018
Preview True-PDF (Reload/Scroll if blank)
GM/T 0059-2018: Cryptographic server test specifications
GM/T 0059-2018
CRYPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Registration number: 62994-2018
GB/T 0059-2018
Cryptographic server test specifications
ISSUED ON: MAY 02, 2018
IMPLEMENTED ON: MAY 02, 2018
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 4
4 Abbreviations ... 6
5 Requirements of testing environment ... 7
5.1 Routine testing environment ... 7
5.2 Cross-network testing environment ... 7
6 Testing content ... 8
6.1 Overview ... 8
6.2 Inspection of device appearance and structure ... 9
6.3 Inspection of device’s management function ... 10
6.4 Testing of device state ... 10
6.5 Testing of device self-test ... 11
6.6 Testing of device’s configuration management ... 11
6.7 Testing of device’s key management ... 12
6.8 Testing of correctness and consistency of device’s cryptographic algorithm ... 13
6.9 Testing of device’s random number quality ... 15
6.10 Testing of device’s application interface ... 17
6.11 Testing of device’s remote management interface ... 17
6.12 Testing of device access control ... 18
6.13 Testing of device logging ... 19
6.14 Testing of device performance ... 19
6.15 Testing of device’s network adaptability ... 21
6.16 Testing of device security ... 21
6.17 Testing of device’s environmental adaptability ... 22
6.18 Testing of device reliability ... 22
7 Technical requirements for document-for-inspection ... 22
Appendix A (Informative) List of test items ... 23
Cryptographic server test specifications
1 Scope
This standard specifies the test requirements and test methods for
cryptographic server devices.
This standard applies to the testing of cryptographic server devices, as well as
the research and development of such cryptographic devices. It may also be used
to guide application development based on such cryptographic devices.
2 Normative references
The following documents are indispensable for the application of this document.
For dated references, only the dated version applies to this document. For
undated references, the latest edition (including all amendments) applies to this
document.
GB/T 32905 Information security technology SM3 cryptographic hash
algorithm
GB/T 32907 Information security technology - SM4 block cipher algorithm
GB/T 32915 Information security technology - Binary sequence randomness
testing method
GB/T 32918 Information security techniques - Elliptic curve public - key
cryptography
GM/T 0005 Randomness test specification
GM/T 0018 Interface specifications of cryptography device application
GM/T 0030-2014 Cryptographic server technical specification
GM/T 0039 Security test requirements for cryptographic modules
3 Terms and definitions
The following terms and definitions apply to this document.
3.1
A universally applicable infrastructure built using public key cryptography,
which provides users with security services such as certificate management
and key management.
3.9
Private key access password
A password which is used to verify the private key’s usage rights.
3.10
SM1 algorithm
A block cipher algorithm.
3.11
SM2 algorithm
An algorithm as defined by GB/T 32918.
3.12
SM3 algorithm
An algorithm defined by GB/T 32905.
3.13
SM4 algorithm
An algorithm as defined by GB/T 32907.
4 Abbreviations
The following abbreviations apply to this document.
API: Application Program Interface
CBC: Cipher Block Chaining
CFB: Cipher Feedback
CS: Cryptographic Server
ECB: Electronic Codebook
OFB: Output Feedback
j) Testing of device’s SM4 cryptographic operation;
k) Testing of device random number’s quality;
l) Testing of device’s application interface;
m) Testing of device’s management interface;
n) Testing of device’s access control;
o) Testing of device log;
p) Testing of device performance;
q) Testing of device’s network adaptability;
r) Testing of device security;
s) Testing of device’s environmental adaptability;
t) Testing of device’s reliability.
6.2 Inspection of device appearance and structure
The cryptographic server shall have the following main components or
interfaces:
a) It shall support the state indicator. It may use visual observation to
distinguish the normal working state and fault state of the state indicator;
b) It shall support the power indicator. It may use visual observation to
distinguish whether the device is powered on;
c) It shall support at least two RJ45 network interfaces.
The cryptographic server should have the following main components or
interfaces:
a) It should support one serial port (RJ45 or DB9 form) as the control port;
b) It should support the redundant power supply.
The cryptographic server may have the following main components or
interfaces:
a) It may support the manual key destruction switch;
b) It may support DB9 serial port;
automatically enter the initial state. At this time, the cryptographic server cannot
provide password service. The user performs the initial configuration of the
cryptographic server. The initial configuration shall include user management,
key management, system configuration. After the configuration is completed, it
shall restart the cryptographic server.
After the initial configuration, the cryptophone is powered on, it can
automatically enter the ready state, then the cryptographic server can provide
the cryptographic service.
The cryptographic server in the ready state can only enter the initial state again
by triggering the key-destruction mechanism and restarting after power-off. The
cryptographic server cannot be changed from the ready state to the initial state
through management interface, control port, human-machine interaction
component or other means.
6.5 Testing of device self-test
The cryptographic server shall support the self-test function. The self-test shall
include power-on/reset self-test, periodic self-test, self-test after accepting the
command. The self-test content includes the validity self-test of physical noise
source, validity self-test of cryptographic operation unit, self-test of random
number, self-test of cryptographic algorithm’s correctness, integrity check of
static storage data, etc.
The test results shall be reported after the end of the self-test. If the self-test is
successful, the cryptographic server shall enter the ready state. If the self-test
fails, the cryptographic server shall record the log and alarm, meanwhile
immediately stop providing the cryptographic service externally.
6.6 Testing of device’s configuration management
The cryptographic server shall include, but is not limited to, configuration of
cryptographic authority, configuration of cryptographic server’s network,
configuration of cryptographic server’s access control, other management
functions.
The configuration of cryptographic authority should have:
a) Management of three roles: administrator, security officer, operator;
b) The administrator is responsible for the addition, modification, cancellation
of security officers and operators;
c) The security officer is responsible for the authority management of the
stored can be exported to the outside of the cryptographic server.
6.7.2 Security function of key managem...
Get QUOTATION in 1-minute: Click GM/T 0059-2018
Historical versions: GM/T 0059-2018
Preview True-PDF (Reload/Scroll if blank)
GM/T 0059-2018: Cryptographic server test specifications
GM/T 0059-2018
CRYPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Registration number: 62994-2018
GB/T 0059-2018
Cryptographic server test specifications
ISSUED ON: MAY 02, 2018
IMPLEMENTED ON: MAY 02, 2018
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 4
4 Abbreviations ... 6
5 Requirements of testing environment ... 7
5.1 Routine testing environment ... 7
5.2 Cross-network testing environment ... 7
6 Testing content ... 8
6.1 Overview ... 8
6.2 Inspection of device appearance and structure ... 9
6.3 Inspection of device’s management function ... 10
6.4 Testing of device state ... 10
6.5 Testing of device self-test ... 11
6.6 Testing of device’s configuration management ... 11
6.7 Testing of device’s key management ... 12
6.8 Testing of correctness and consistency of device’s cryptographic algorithm ... 13
6.9 Testing of device’s random number quality ... 15
6.10 Testing of device’s application interface ... 17
6.11 Testing of device’s remote management interface ... 17
6.12 Testing of device access control ... 18
6.13 Testing of device logging ... 19
6.14 Testing of device performance ... 19
6.15 Testing of device’s network adaptability ... 21
6.16 Testing of device security ... 21
6.17 Testing of device’s environmental adaptability ... 22
6.18 Testing of device reliability ... 22
7 Technical requirements for document-for-inspection ... 22
Appendix A (Informative) List of test items ... 23
Cryptographic server test specifications
1 Scope
This standard specifies the test requirements and test methods for
cryptographic server devices.
This standard applies to the testing of cryptographic server devices, as well as
the research and development of such cryptographic devices. It may also be used
to guide application development based on such cryptographic devices.
2 Normative references
The following documents are indispensable for the application of this document.
For dated references, only the dated version applies to this document. For
undated references, the latest edition (including all amendments) applies to this
document.
GB/T 32905 Information security technology SM3 cryptographic hash
algorithm
GB/T 32907 Information security technology - SM4 block cipher algorithm
GB/T 32915 Information security technology - Binary sequence randomness
testing method
GB/T 32918 Information security techniques - Elliptic curve public - key
cryptography
GM/T 0005 Randomness test specification
GM/T 0018 Interface specifications of cryptography device application
GM/T 0030-2014 Cryptographic server technical specification
GM/T 0039 Security test requirements for cryptographic modules
3 Terms and definitions
The following terms and definitions apply to this document.
3.1
A universally applicable infrastructure built using public key cryptography,
which provides users with security services such as certificate management
and key management.
3.9
Private key access password
A password which is used to verify the private key’s usage rights.
3.10
SM1 algorithm
A block cipher algorithm.
3.11
SM2 algorithm
An algorithm as defined by GB/T 32918.
3.12
SM3 algorithm
An algorithm defined by GB/T 32905.
3.13
SM4 algorithm
An algorithm as defined by GB/T 32907.
4 Abbreviations
The following abbreviations apply to this document.
API: Application Program Interface
CBC: Cipher Block Chaining
CFB: Cipher Feedback
CS: Cryptographic Server
ECB: Electronic Codebook
OFB: Output Feedback
j) Testing of device’s SM4 cryptographic operation;
k) Testing of device random number’s quality;
l) Testing of device’s application interface;
m) Testing of device’s management interface;
n) Testing of device’s access control;
o) Testing of device log;
p) Testing of device performance;
q) Testing of device’s network adaptability;
r) Testing of device security;
s) Testing of device’s environmental adaptability;
t) Testing of device’s reliability.
6.2 Inspection of device appearance and structure
The cryptographic server shall have the following main components or
interfaces:
a) It shall support the state indicator. It may use visual observation to
distinguish the normal working state and fault state of the state indicator;
b) It shall support the power indicator. It may use visual observation to
distinguish whether the device is powered on;
c) It shall support at least two RJ45 network interfaces.
The cryptographic server should have the following main components or
interfaces:
a) It should support one serial port (RJ45 or DB9 form) as the control port;
b) It should support the redundant power supply.
The cryptographic server may have the following main components or
interfaces:
a) It may support the manual key destruction switch;
b) It may support DB9 serial port;
automatically enter the initial state. At this time, the cryptographic server cannot
provide password service. The user performs the initial configuration of the
cryptographic server. The initial configuration shall include user management,
key management, system configuration. After the configuration is completed, it
shall restart the cryptographic server.
After the initial configuration, the cryptophone is powered on, it can
automatically enter the ready state, then the cryptographic server can provide
the cryptographic service.
The cryptographic server in the ready state can only enter the initial state again
by triggering the key-destruction mechanism and restarting after power-off. The
cryptographic server cannot be changed from the ready state to the initial state
through management interface, control port, human-machine interaction
component or other means.
6.5 Testing of device self-test
The cryptographic server shall support the self-test function. The self-test shall
include power-on/reset self-test, periodic self-test, self-test after accepting the
command. The self-test content includes the validity self-test of physical noise
source, validity self-test of cryptographic operation unit, self-test of random
number, self-test of cryptographic algorithm’s correctness, integrity check of
static storage data, etc.
The test results shall be reported after the end of the self-test. If the self-test is
successful, the cryptographic server shall enter the ready state. If the self-test
fails, the cryptographic server shall record the log and alarm, meanwhile
immediately stop providing the cryptographic service externally.
6.6 Testing of device’s configuration management
The cryptographic server shall include, but is not limited to, configuration of
cryptographic authority, configuration of cryptographic server’s network,
configuration of cryptographic server’s access control, other management
functions.
The configuration of cryptographic authority should have:
a) Management of three roles: administrator, security officer, operator;
b) The administrator is responsible for the addition, modification, cancellation
of security officers and operators;
c) The security officer is responsible for the authority management of the
stored can be exported to the outside of the cryptographic server.
6.7.2 Security function of key managem...
Share
