tpm2_geteccparameters(1)

1tpm2_geteccparameters(1)    General Commands Manual   tpm2_geteccparameters(1)
2
3
4

6       tpm2_geteccparameters(1)  -  Retrieves  the  parameters of an ECC curve
7       identified by its TCG-assigned curveID.
8

10       tpm2_geteccparameters [OPTIONS]
11

13       tpm2_geteccparameters(1) - Retrieves the parameters  of  an  ECC  curve
14       identified by its TCG-assigned curveID.
15

17       • ARGUMENT=ALGORITHM:
18
19         Specify the ECC curve.  Example ecc521.
20
21       • -o, --output=FILE
22
23         Specify the file path to save the ECC parameters.
24
25   References

27       Options that take algorithms support “nice-names”.
28
29       There  are two major algorithm specification string classes, simple and
30       complex.  Only certain algorithms will be accepted by the TPM, based on
31       usage and conditions.
32
33   Simple specifiers
34       These are strings with no additional specification data.  When creating
35       objects, non-specified portions of an object are assumed  to  defaults.
36       You can find the list of known “Simple Specifiers Below”.
37
38   Asymmetric
39       • rsa
40
41       • ecc
42
43   Symmetric
44       • aes
45
46       • camellia
47
48   Hashing Algorithms
49       • sha1
50
51       • sha256
52
53       • sha384
54
55       • sha512
56
57       • sm3_256
58
59       • sha3_256
60
61       • sha3_384
62
63       • sha3_512
64
65   Keyed Hash
66       • hmac
67
68       • xor
69
70   Signing Schemes
71       • rsassa
72
73       • rsapss
74
75       • ecdsa
76
77       • ecdaa
78
79       • ecschnorr
80
81   Asymmetric Encryption Schemes
82       • oaep
83
84       • rsaes
85
86       • ecdh
87
88   Modes
89       • ctr
90
91       • ofb
92
93       • cbc
94
95       • cfb
96
97       • ecb
98
99   Misc
100       • null
101
102   Complex Specifiers
103       Objects,  when  specified  for creation by the TPM, have numerous algo‐
104       rithms to populate in the public data.  Things like  type,  scheme  and
105       asymmetric  details,  key  size,  etc.  Below is the general format for
106       specifying this data: <type>:<scheme>:<symmetric-details>
107
108   Type Specifiers
109       This portion of the complex algorithm specifier is required.   The  re‐
110       maining  scheme  and  symmetric  details will default based on the type
111       specified and the type of the object being created.
112
113       • aes - Default AES: aes128
114
115       • aes128<mode> - 128 bit AES with optional mode  (ctr|ofb|cbc|cfb|ecb).
116         If mode is not specified, defaults to null.
117
118       • aes192<mode> - Same as aes128<mode>, except for a 192 bit key size.
119
120       • aes256<mode> - Same as aes128<mode>, except for a 256 bit key size.
121
122       • ecc - Elliptical Curve, defaults to ecc256.
123
124       • ecc192 - 192 bit ECC
125
126       • ecc224 - 224 bit ECC
127
128       • ecc256 - 256 bit ECC
129
130       • ecc384 - 384 bit ECC
131
132       • ecc521 - 521 bit ECC
133
134       • rsa - Default RSA: rsa2048
135
136       • rsa1024 - RSA with 1024 bit keysize.
137
138       • rsa2048 - RSA with 2048 bit keysize.
139
140       • rsa4096 - RSA with 4096 bit keysize.
141
142   Scheme Specifiers
143       Next, is an optional field, it can be skipped.
144
145       Schemes  are  usually Signing Schemes or Asymmetric Encryption Schemes.
146       Most signing schemes take a hash algorithm directly following the sign‐
147       ing  scheme.   If the hash algorithm is missing, it defaults to sha256.
148       Some take no arguments, and some take multiple arguments.
149
150   Hash Optional Scheme Specifiers
151       These scheme specifiers are followed by a dash and a valid  hash  algo‐
152       rithm, For example: oaep-sha256.
153
154       • oaep
155
156       • ecdh
157
158       • rsassa
159
160       • rsapss
161
162       • ecdsa
163
164       • ecschnorr
165
166   Multiple Option Scheme Specifiers
167       This  scheme  specifier  is  followed by a count (max size UINT16) then
168       followed by a dash(-) and a valid hash algorithm.  * ecdaa For example,
169       ecdaa4-sha256.  If no count is specified, it defaults to 4.
170
171   No Option Scheme Specifiers
172       This scheme specifier takes NO arguments.  * rsaes
173
174   Symmetric Details Specifiers
175       This  field is optional, and defaults based on the type of object being
176       created and it’s attributes.  Generally, any valid Symmetric  specifier
177       from  the Type Specifiers list should work.  If not specified, an asym‐
178       metric objects symmetric details defaults to aes128cfb.
179
180   Examples
181   Create an rsa2048 key with an rsaes asymmetric encryption scheme
182       tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv
183
184   Create an ecc256 key with an ecdaa signing scheme with a  count  of  4  and
185       sha384 hash
186       /tpm2_create  -C  parent.ctx  -G  ecc256:ecdaa4-sha384  -u  key.pub  -r
187       key.priv cryptographic algorithms ALGORITHM.
188

190       This collection of options are common to many programs and provide  in‐
191       formation that many users may expect.
192
193       • -h,  --help=[man|no-man]:  Display the tools manpage.  By default, it
194         attempts to invoke the manpager for the  tool,  however,  on  failure
195         will  output  a short tool summary.  This is the same behavior if the
196         “man” option argument is specified, however if explicit “man” is  re‐
197         quested,  the  tool  will  provide errors from man on stderr.  If the
198         “no-man” option if specified, or the manpager fails,  the  short  op‐
199         tions will be output to stdout.
200
201         To  successfully use the manpages feature requires the manpages to be
202         installed or on MANPATH, See man(1) for more details.
203
204       • -v, --version: Display version information for this  tool,  supported
205         tctis and exit.
206
207       • -V,  --verbose:  Increase the information that the tool prints to the
208         console during its execution.  When using this option  the  file  and
209         line number are printed.
210
211       • -Q, --quiet: Silence normal tool output to stdout.
212
213       • -Z, --enable-errata: Enable the application of errata fixups.  Useful
214         if an errata fixup needs to be applied to commands sent to  the  TPM.
215         Defining  the environment TPM2TOOLS_ENABLE_ERRATA is equivalent.  in‐
216         formation many users may expect.
217

219       The TCTI or “Transmission Interface”  is  the  communication  mechanism
220       with  the TPM.  TCTIs can be changed for communication with TPMs across
221       different mediums.
222
223       To control the TCTI, the tools respect:
224
225       1. The command line option -T or --tcti
226
227       2. The environment variable: TPM2TOOLS_TCTI.
228
229       Note: The command line option always overrides  the  environment  vari‐
230       able.
231
232       The current known TCTIs are:
233
234       • tabrmd      -     The     resource     manager,     called     tabrmd
235         (https://github.com/tpm2-software/tpm2-abrmd).  Note that tabrmd  and
236         abrmd as a tcti name are synonymous.
237
238       • mssim  - Typically used for communicating to the TPM software simula‐
239         tor.
240
241       • device - Used when talking directly to a TPM device file.
242
243       • none - Do not initalize a connection with the TPM.  Some tools  allow
244         for off-tpm options and thus support not using a TCTI.  Tools that do
245         not support it will error when attempted to be used  without  a  TCTI
246         connection.   Does  not  support ANY options and MUST BE presented as
247         the exact text of “none”.
248
249       The arguments to either the command  line  option  or  the  environment
250       variable are in the form:
251
252       <tcti-name>:<tcti-option-config>
253
254       Specifying  an  empty  string  for  either the <tcti-name> or <tcti-op‐
255       tion-config> results in the default being used for that portion respec‐
256       tively.
257
258   TCTI Defaults
259       When  a  TCTI  is not specified, the default TCTI is searched for using
260       dlopen(3) semantics.  The tools will  search  for  tabrmd,  device  and
261       mssim  TCTIs  IN THAT ORDER and USE THE FIRST ONE FOUND.  You can query
262       what TCTI will be chosen as the default by using the -v option to print
263       the  version information.  The “default-tcti” key-value pair will indi‐
264       cate which of the aforementioned TCTIs is the default.
265
266   Custom TCTIs
267       Any TCTI that implements the dynamic TCTI interface can be loaded.  The
268       tools internally use dlopen(3), and the raw tcti-name value is used for
269       the lookup.  Thus, this could be a path to the shared library, or a li‐
270       brary name as understood by dlopen(3) semantics.
271

273       This collection of options are used to configure the various known TCTI
274       modules available:
275
276       • device: For the device TCTI, the TPM character device file for use by
277         the device TCTI can be specified.  The default is /dev/tpm0.
278
279         Example:    -T   device:/dev/tpm0   or   export   TPM2TOOLS_TCTI=“de‐
280         vice:/dev/tpm0”
281
282       • mssim: For the mssim TCTI, the domain name or  IP  address  and  port
283         number  used  by  the  simulator  can  be specified.  The default are
284         127.0.0.1 and 2321.
285
286         Example: -T mssim:host=localhost,port=2321  or  export  TPM2TOOLS_TC‐
287         TI=“mssim:host=localhost,port=2321”
288
289       • abrmd:  For  the abrmd TCTI, the configuration string format is a se‐
290         ries of simple key value pairs separated by a  `,'  character.   Each
291         key and value string are separated by a `=' character.
292
293         • TCTI abrmd supports two keys:
294
295           1. `bus_name'  :  The  name  of  the  tabrmd  service on the bus (a
296              string).
297
298           2. `bus_type' : The type of the dbus instance (a string) limited to
299              `session' and `system'.
300
301         Specify  the tabrmd tcti name and a config string of bus_name=com.ex‐
302         ample.FooBar:
303
304                \--tcti=tabrmd:bus_name=com.example.FooBar
305
306         Specify the default (abrmd) tcti and a config string of bus_type=ses‐
307         sion:
308
309                \--tcti:bus_type=session
310
311         NOTE:  abrmd  and tabrmd are synonymous.  the various known TCTI mod‐
312         ules.
313

315              tpm2_geteccparameters ecc256 -o ecc.params
316

318       Tools can return any of the following codes:
319
320       • 0 - Success.
321
322       • 1 - General non-specific error.
323
324       • 2 - Options handling error.
325
326       • 3 - Authentication error.
327
328       • 4 - TCTI related error.
329
330       • 5 - Non supported scheme.  Applicable to tpm2_testparams.
331

333       Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
334

336       See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
337
338
339
340tpm2-tools                                            tpm2_geteccparameters(1)

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

Algorithm Specifiers

COMMON OPTIONS

TCTI Configuration

TCTI OPTIONS

EXAMPLES

Returns

BUGS

HELP