1tpm2_geteccparameters(1) General Commands Manual tpm2_geteccparameters(1)
2
3
4
6 tpm2_geteccparameters(1) - Retrieves the parameters of an ECC curve
7 identified by its TCG-assigned curveID.
8
10 tpm2_geteccparameters [OPTIONS]
11
13 tpm2_geteccparameters(1) - Retrieves the parameters of an ECC curve
14 identified by its TCG-assigned curveID.
15
17 • ARGUMENT=ALGORITHM:
18
19 Specify the ECC curve. Example ecc521.
20
21 • -o, --output=FILE
22
23 Specify the file path to save the ECC parameters.
24
25 References
27 Options that take algorithms support "nice-names".
28
29 There are two major algorithm specification string classes, simple and
30 complex. Only certain algorithms will be accepted by the TPM, based on
31 usage and conditions.
32
33 Simple specifiers
34 These are strings with no additional specification data. When creating
35 objects, non-specified portions of an object are assumed to defaults.
36 You can find the list of known "Simple Specifiers Below".
37
38 Asymmetric
39 • rsa
40
41 • ecc
42
43 Symmetric
44 • aes
45
46 • camellia
47
48 Hashing Algorithms
49 • sha1
50
51 • sha256
52
53 • sha384
54
55 • sha512
56
57 • sm3_256
58
59 • sha3_256
60
61 • sha3_384
62
63 • sha3_512
64
65 Keyed Hash
66 • hmac
67
68 • xor
69
70 Signing Schemes
71 • rsassa
72
73 • rsapss
74
75 • ecdsa
76
77 • ecdaa
78
79 • ecschnorr
80
81 Asymmetric Encryption Schemes
82 • oaep
83
84 • rsaes
85
86 • ecdh
87
88 Modes
89 • ctr
90
91 • ofb
92
93 • cbc
94
95 • cfb
96
97 • ecb
98
99 Misc
100 • null
101
102 Complex Specifiers
103 Objects, when specified for creation by the TPM, have numerous algo‐
104 rithms to populate in the public data. Things like type, scheme and
105 asymmetric details, key size, etc. Below is the general format for
106 specifying this data: <type>:<scheme>:<symmetric-details>
107
108 Type Specifiers
109 This portion of the complex algorithm specifier is required. The re‐
110 maining scheme and symmetric details will default based on the type
111 specified and the type of the object being created.
112
113 • aes - Default AES: aes128
114
115 • aes128<mode> - 128 bit AES with optional mode (ctr|ofb|cbc|cfb|ecb).
116 If mode is not specified, defaults to null.
117
118 • aes192<mode> - Same as aes128<mode>, except for a 192 bit key size.
119
120 • aes256<mode> - Same as aes128<mode>, except for a 256 bit key size.
121
122 • ecc - Elliptical Curve, defaults to ecc256.
123
124 • ecc192 - 192 bit ECC
125
126 • ecc224 - 224 bit ECC
127
128 • ecc256 - 256 bit ECC
129
130 • ecc384 - 384 bit ECC
131
132 • ecc521 - 521 bit ECC
133
134 • rsa - Default RSA: rsa2048
135
136 • rsa1024 - RSA with 1024 bit keysize.
137
138 • rsa2048 - RSA with 2048 bit keysize.
139
140 • rsa4096 - RSA with 4096 bit keysize.
141
142 Scheme Specifiers
143 Next, is an optional field, it can be skipped.
144
145 Schemes are usually Signing Schemes or Asymmetric Encryption Schemes.
146 Most signing schemes take a hash algorithm directly following the sign‐
147 ing scheme. If the hash algorithm is missing, it defaults to sha256.
148 Some take no arguments, and some take multiple arguments.
149
150 Hash Optional Scheme Specifiers
151 These scheme specifiers are followed by a dash and a valid hash algo‐
152 rithm, For example: oaep-sha256.
153
154 • oaep
155
156 • ecdh
157
158 • rsassa
159
160 • rsapss
161
162 • ecdsa
163
164 • ecschnorr
165
166 Multiple Option Scheme Specifiers
167 This scheme specifier is followed by a count (max size UINT16) then
168 followed by a dash(-) and a valid hash algorithm. * ecdaa For example,
169 ecdaa4-sha256. If no count is specified, it defaults to 4.
170
171 No Option Scheme Specifiers
172 This scheme specifier takes NO arguments. * rsaes
173
174 Symmetric Details Specifiers
175 This field is optional, and defaults based on the type of object being
176 created and it's attributes. Generally, any valid Symmetric specifier
177 from the Type Specifiers list should work. If not specified, an asym‐
178 metric objects symmetric details defaults to aes128cfb.
179
180 Examples
181 Create an rsa2048 key with an rsaes asymmetric encryption scheme
182 tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv
183
184 Create an ecc256 key with an ecdaa signing scheme with a count of 4
185 and sha384 hash
186
187 /tpm2_create -C parent.ctx -G ecc256:ec‐
188 daa4-sha384 -u key.pub -r key.priv cryptographic algorithms ALGORITHM.
189
191 This collection of options are common to many programs and provide in‐
192 formation that many users may expect.
193
194 • -h, --help=[man|no-man]: Display the tools manpage. By default, it
195 attempts to invoke the manpager for the tool, however, on failure
196 will output a short tool summary. This is the same behavior if the
197 "man" option argument is specified, however if explicit "man" is re‐
198 quested, the tool will provide errors from man on stderr. If the
199 "no-man" option if specified, or the manpager fails, the short op‐
200 tions will be output to stdout.
201
202 To successfully use the manpages feature requires the manpages to be
203 installed or on MANPATH, See man(1) for more details.
204
205 • -v, --version: Display version information for this tool, supported
206 tctis and exit.
207
208 • -V, --verbose: Increase the information that the tool prints to the
209 console during its execution. When using this option the file and
210 line number are printed.
211
212 • -Q, --quiet: Silence normal tool output to stdout.
213
214 • -Z, --enable-errata: Enable the application of errata fixups. Useful
215 if an errata fixup needs to be applied to commands sent to the TPM.
216 Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. in‐
217 formation many users may expect.
218
220 The TCTI or "Transmission Interface" is the communication mechanism
221 with the TPM. TCTIs can be changed for communication with TPMs across
222 different mediums.
223
224 To control the TCTI, the tools respect:
225
226 1. The command line option -T or --tcti
227
228 2. The environment variable: TPM2TOOLS_TCTI.
229
230 Note: The command line option always overrides the environment vari‐
231 able.
232
233 The current known TCTIs are:
234
235 • tabrmd - The resource manager, called tabrmd
236 (https://github.com/tpm2-software/tpm2-abrmd). Note that tabrmd and
237 abrmd as a tcti name are synonymous.
238
239 • mssim - Typically used for communicating to the TPM software simula‐
240 tor.
241
242 • device - Used when talking directly to a TPM device file.
243
244 • none - Do not initalize a connection with the TPM. Some tools allow
245 for off-tpm options and thus support not using a TCTI. Tools that do
246 not support it will error when attempted to be used without a TCTI
247 connection. Does not support ANY options and MUST BE presented as
248 the exact text of "none".
249
250 The arguments to either the command line option or the environment
251 variable are in the form:
252
253 <tcti-name>:<tcti-option-config>
254
255 Specifying an empty string for either the <tcti-name> or <tcti-op‐
256 tion-config> results in the default being used for that portion respec‐
257 tively.
258
259 TCTI Defaults
260 When a TCTI is not specified, the default TCTI is searched for using
261 dlopen(3) semantics. The tools will search for tabrmd, device and
262 mssim TCTIs IN THAT ORDER and USE THE FIRST ONE FOUND. You can query
263 what TCTI will be chosen as the default by using the -v option to print
264 the version information. The "default-tcti" key-value pair will indi‐
265 cate which of the aforementioned TCTIs is the default.
266
267 Custom TCTIs
268 Any TCTI that implements the dynamic TCTI interface can be loaded. The
269 tools internally use dlopen(3), and the raw tcti-name value is used for
270 the lookup. Thus, this could be a path to the shared library, or a li‐
271 brary name as understood by dlopen(3) semantics.
272
274 This collection of options are used to configure the various known TCTI
275 modules available:
276
277 • device: For the device TCTI, the TPM character device file for use by
278 the device TCTI can be specified. The default is /dev/tpm0.
279
280 Example: -T device:/dev/tpm0 or export TPM2TOOLS_TCTI="de‐
281 vice:/dev/tpm0"
282
283 • mssim: For the mssim TCTI, the domain name or IP address and port
284 number used by the simulator can be specified. The default are
285 127.0.0.1 and 2321.
286
287 Example: -T mssim:host=localhost,port=2321 or export TPM2TOOLS_TC‐
288 TI="mssim:host=localhost,port=2321"
289
290 • abrmd: For the abrmd TCTI, the configuration string format is a se‐
291 ries of simple key value pairs separated by a ',' character. Each
292 key and value string are separated by a '=' character.
293
294 • TCTI abrmd supports two keys:
295
296 1. 'bus_name' : The name of the tabrmd service on the bus (a
297 string).
298
299 2. 'bus_type' : The type of the dbus instance (a string) limited to
300 'session' and 'system'.
301
302 Specify the tabrmd tcti name and a config string of bus_name=com.ex‐
303 ample.FooBar:
304
305 \--tcti=tabrmd:bus_name=com.example.FooBar
306
307 Specify the default (abrmd) tcti and a config string of bus_type=ses‐
308 sion:
309
310 \--tcti:bus_type=session
311
312 NOTE: abrmd and tabrmd are synonymous. the various known TCTI mod‐
313 ules.
314
316 tpm2_geteccparameters ecc256 -o ecc.params
317
319 Tools can return any of the following codes:
320
321 • 0 - Success.
322
323 • 1 - General non-specific error.
324
325 • 2 - Options handling error.
326
327 • 3 - Authentication error.
328
329 • 4 - TCTI related error.
330
331 • 5 - Non supported scheme. Applicable to tpm2_testparams.
332
334 Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
335
337 See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
338
339
340
341tpm2-tools tpm2_geteccparameters(1)