1tpm2_geteccparameters(1)    General Commands Manual   tpm2_geteccparameters(1)
2
3
4

NAME

6       tpm2_geteccparameters(1)  -  Retrieves  the  parameters of an ECC curve
7       identified by its TCG-assigned curveID.
8

SYNOPSIS

10       tpm2_geteccparameters [OPTIONS]
11

DESCRIPTION

13       tpm2_geteccparameters(1) - Retrieves the parameters  of  an  ECC  curve
14       identified by its TCG-assigned curveID.
15

OPTIONS

17       • ARGUMENT=ALGORITHM:
18
19         Specify the ECC curve.  Example ecc521.
20
21       • -o, --output=FILE
22
23         Specify the file path to save the ECC parameters.
24
25   References

Algorithm Specifiers

27       Options that take algorithms support "nice-names".
28
29       There  are two major algorithm specification string classes, simple and
30       complex.  Only certain algorithms will be accepted by the TPM, based on
31       usage and conditions.
32
33   Simple specifiers
34       These are strings with no additional specification data.  When creating
35       objects, non-specified portions of an object are assumed  to  defaults.
36       You can find the list of known "Simple Specifiers Below".
37
38   Asymmetric
39       • rsa
40
41       • ecc
42
43   Symmetric
44       • aes
45
46       • camellia
47
48   Hashing Algorithms
49       • sha1
50
51       • sha256
52
53       • sha384
54
55       • sha512
56
57       • sm3_256
58
59       • sha3_256
60
61       • sha3_384
62
63       • sha3_512
64
65   Keyed Hash
66       • hmac
67
68       • xor
69
70   Signing Schemes
71       • rsassa
72
73       • rsapss
74
75       • ecdsa
76
77       • ecdaa
78
79       • ecschnorr
80
81   Asymmetric Encryption Schemes
82       • oaep
83
84       • rsaes
85
86       • ecdh
87
88   Modes
89       • ctr
90
91       • ofb
92
93       • cbc
94
95       • cfb
96
97       • ecb
98
99   Misc
100       • null
101
102   Complex Specifiers
103       Objects,  when  specified  for creation by the TPM, have numerous algo‐
104       rithms to populate in the public data.  Things like  type,  scheme  and
105       asymmetric  details,  key  size,  etc.  Below is the general format for
106       specifying this data: <type>:<scheme>:<symmetric-details>
107
108   Type Specifiers
109       This portion of the complex algorithm specifier is required.   The  re‐
110       maining  scheme  and  symmetric  details will default based on the type
111       specified and the type of the object being created.
112
113       • aes - Default AES: aes128
114
115       • aes128<mode> - 128 bit AES with optional mode  (ctr|ofb|cbc|cfb|ecb).
116         If mode is not specified, defaults to null.
117
118       • aes192<mode> - Same as aes128<mode>, except for a 192 bit key size.
119
120       • aes256<mode> - Same as aes128<mode>, except for a 256 bit key size.
121
122       • ecc - Elliptical Curve, defaults to ecc256.
123
124       • ecc192 - 192 bit ECC
125
126       • ecc224 - 224 bit ECC
127
128       • ecc256 - 256 bit ECC
129
130       • ecc384 - 384 bit ECC
131
132       • ecc521 - 521 bit ECC
133
134       • rsa - Default RSA: rsa2048
135
136       • rsa1024 - RSA with 1024 bit keysize.
137
138       • rsa2048 - RSA with 2048 bit keysize.
139
140       • rsa4096 - RSA with 4096 bit keysize.
141
142   Scheme Specifiers
143       Next, is an optional field, it can be skipped.
144
145       Schemes  are  usually Signing Schemes or Asymmetric Encryption Schemes.
146       Most signing schemes take a hash algorithm directly following the sign‐
147       ing  scheme.   If the hash algorithm is missing, it defaults to sha256.
148       Some take no arguments, and some take multiple arguments.
149
150   Hash Optional Scheme Specifiers
151       These scheme specifiers are followed by a dash and a valid  hash  algo‐
152       rithm, For example: oaep-sha256.
153
154       • oaep
155
156       • ecdh
157
158       • rsassa
159
160       • rsapss
161
162       • ecdsa
163
164       • ecschnorr
165
166   Multiple Option Scheme Specifiers
167       This  scheme  specifier  is  followed by a count (max size UINT16) then
168       followed by a dash(-) and a valid hash algorithm.  * ecdaa For example,
169       ecdaa4-sha256.  If no count is specified, it defaults to 4.
170
171   No Option Scheme Specifiers
172       This scheme specifier takes NO arguments.  * rsaes
173
174   Symmetric Details Specifiers
175       This  field is optional, and defaults based on the type of object being
176       created and it's attributes.  Generally, any valid Symmetric  specifier
177       from  the Type Specifiers list should work.  If not specified, an asym‐
178       metric objects symmetric details defaults to aes128cfb.
179
180   Examples
181   Create an rsa2048 key with an rsaes asymmetric encryption scheme
182       tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv
183
184   Create an ecc256 key with an ecdaa signing scheme with a count of 4
185       and sha384 hash
186
187       /tpm2_create -C parent.ctx -G ecc256:ec‐
188       daa4-sha384 -u key.pub -r key.priv cryptographic algorithms ALGORITHM.
189

COMMON OPTIONS

191       This  collection of options are common to many programs and provide in‐
192       formation that many users may expect.
193
194       • -h, --help=[man|no-man]: Display the tools manpage.  By  default,  it
195         attempts  to  invoke  the  manpager for the tool, however, on failure
196         will output a short tool summary.  This is the same behavior  if  the
197         "man"  option argument is specified, however if explicit "man" is re‐
198         quested, the tool will provide errors from man  on  stderr.   If  the
199         "no-man"  option  if  specified, or the manpager fails, the short op‐
200         tions will be output to stdout.
201
202         To successfully use the manpages feature requires the manpages to  be
203         installed or on MANPATH, See man(1) for more details.
204
205       • -v,  --version:  Display version information for this tool, supported
206         tctis and exit.
207
208       • -V, --verbose: Increase the information that the tool prints  to  the
209         console  during  its  execution.  When using this option the file and
210         line number are printed.
211
212       • -Q, --quiet: Silence normal tool output to stdout.
213
214       • -Z, --enable-errata: Enable the application of errata fixups.  Useful
215         if  an  errata fixup needs to be applied to commands sent to the TPM.
216         Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent.   in‐
217         formation many users may expect.
218

TCTI Configuration

220       The  TCTI  or  "Transmission  Interface" is the communication mechanism
221       with the TPM.  TCTIs can be changed for communication with TPMs  across
222       different mediums.
223
224       To control the TCTI, the tools respect:
225
226       1. The command line option -T or --tcti
227
228       2. The environment variable: TPM2TOOLS_TCTI.
229
230       Note:  The  command  line option always overrides the environment vari‐
231       able.
232
233       The current known TCTIs are:
234
235       • tabrmd     -     The     resource     manager,     called      tabrmd
236         (https://github.com/tpm2-software/tpm2-abrmd).   Note that tabrmd and
237         abrmd as a tcti name are synonymous.
238
239       • mssim - Typically used for communicating to the TPM software  simula‐
240         tor.
241
242       • device - Used when talking directly to a TPM device file.
243
244       • none  - Do not initalize a connection with the TPM.  Some tools allow
245         for off-tpm options and thus support not using a TCTI.  Tools that do
246         not  support  it  will error when attempted to be used without a TCTI
247         connection.  Does not support ANY options and MUST  BE  presented  as
248         the exact text of "none".
249
250       The  arguments  to  either  the  command line option or the environment
251       variable are in the form:
252
253       <tcti-name>:<tcti-option-config>
254
255       Specifying an empty string for  either  the  <tcti-name>  or  <tcti-op‐
256       tion-config> results in the default being used for that portion respec‐
257       tively.
258
259   TCTI Defaults
260       When a TCTI is not specified, the default TCTI is  searched  for  using
261       dlopen(3)  semantics.   The  tools  will  search for tabrmd, device and
262       mssim TCTIs IN THAT ORDER and USE THE FIRST ONE FOUND.  You  can  query
263       what TCTI will be chosen as the default by using the -v option to print
264       the version information.  The "default-tcti" key-value pair will  indi‐
265       cate which of the aforementioned TCTIs is the default.
266
267   Custom TCTIs
268       Any TCTI that implements the dynamic TCTI interface can be loaded.  The
269       tools internally use dlopen(3), and the raw tcti-name value is used for
270       the lookup.  Thus, this could be a path to the shared library, or a li‐
271       brary name as understood by dlopen(3) semantics.
272

TCTI OPTIONS

274       This collection of options are used to configure the various known TCTI
275       modules available:
276
277       • device: For the device TCTI, the TPM character device file for use by
278         the device TCTI can be specified.  The default is /dev/tpm0.
279
280         Example:   -T   device:/dev/tpm0   or   export    TPM2TOOLS_TCTI="de‐
281         vice:/dev/tpm0"
282
283       • mssim:  For  the  mssim  TCTI, the domain name or IP address and port
284         number used by the simulator  can  be  specified.   The  default  are
285         127.0.0.1 and 2321.
286
287         Example:  -T  mssim:host=localhost,port=2321  or export TPM2TOOLS_TC‐
288         TI="mssim:host=localhost,port=2321"
289
290       • abrmd: For the abrmd TCTI, the configuration string format is  a  se‐
291         ries  of  simple  key value pairs separated by a ',' character.  Each
292         key and value string are separated by a '=' character.
293
294         • TCTI abrmd supports two keys:
295
296           1. 'bus_name' : The name of  the  tabrmd  service  on  the  bus  (a
297              string).
298
299           2. 'bus_type' : The type of the dbus instance (a string) limited to
300              'session' and 'system'.
301
302         Specify the tabrmd tcti name and a config string of  bus_name=com.ex‐
303         ample.FooBar:
304
305         \--tcti=tabrmd:bus_name=com.example.FooBar
306
307         Specify the default (abrmd) tcti and a config string of bus_type=ses‐
308         sion:
309
310         \--tcti:bus_type=session
311
312         NOTE: abrmd and tabrmd are synonymous.  the various known  TCTI  mod‐
313         ules.
314

EXAMPLES

316              tpm2_geteccparameters ecc256 -o ecc.params
317

Returns

319       Tools can return any of the following codes:
320
321       • 0 - Success.
322
323       • 1 - General non-specific error.
324
325       • 2 - Options handling error.
326
327       • 3 - Authentication error.
328
329       • 4 - TCTI related error.
330
331       • 5 - Non supported scheme.  Applicable to tpm2_testparams.
332

BUGS

334       Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
335

HELP

337       See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
338
339
340
341tpm2-tools                                            tpm2_geteccparameters(1)