1tpm2_verifysignature(1)     General Commands Manual    tpm2_verifysignature(1)
2
3
4

NAME

6       tpm2_verifysignature(1) - Validates a signature using the TPM.
7

SYNOPSIS

9       tpm2_verifysignature [OPTIONS]
10

DESCRIPTION

12       tpm2_verifysignature(1) - Uses loaded keys to validate a signature on a
13       message with the message digest passed to the TPM.   If  the  signature
14       check  succeeds,  then the TPM will produce a TPMT_TK_VERIFIED.  Other‐
15       wise, the TPM shall return TPM_RC_SIGNATURE.  If object  references  an
16       asymmetric  key, only the public portion of the key needs to be loaded.
17       If object references a symmetric key, both the public and private  por‐
18       tions need to be loaded.
19

OPTIONS

21-c, --key-context=OBJECT:
22
23         Context  object for the key context used for the operation.  Either a
24         file or a handle number.  See section “Context Object Format”.
25
26-g, --hash-algorithm=ALGORITHM:
27
28         The hash algorithm used to digest  the  message.   Algorithms  should
29         follow  the  “formatting  standards”,  see  section “Algorithm Speci‐
30         fiers”.  Also, see section “Supported Hash Algorithms” for a list  of
31         supported hash algorithms.
32
33-m, --message=FILE:
34
35         The message file, containing the content to be digested.
36
37-d, --digest=FILE:
38
39         The input hash file, containing the hash of the message.  If this op‐
40         tion is selected, then the message (-m) and algorithm (-g) options do
41         not need to be specified.
42
43-s, --signature=FILE:
44
45         The input signature file of the signature to be validated.
46
47-f, --scheme=SCHEME:
48
49         The  signing  scheme  that was used to sign the message.  This option
50         should only be specified if the signature comes in  from  a  non  tss
51         standard,  like  openssl.  See “Signature format specifiers” for more
52         details.  The tss format contains the signature metadata required  to
53         understand it’s signature scheme.
54
55         Signing schemes should follow the “formatting standards”, see section
56         “Algorithm Specifiers”.
57
58--format=SCHEME:
59
60         Deprecated.  Same as --scheme.
61
62-t, --ticket=FILE:
63
64         The ticket file to record the validation structure.
65
66   References

Context Object Format

68       The type of a context object, whether it is a handle or file  name,  is
69       determined according to the following logic in-order:
70
71       • If the argument is a file path, then the file is loaded as a restored
72         TPM transient object.
73
74       • If the argument is a prefix match on one of:
75
76         • owner: the owner hierarchy
77
78         • platform: the platform hierarchy
79
80         • endorsement: the endorsement hierarchy
81
82         • lockout: the lockout control persistent object
83
84       • If the argument argument can be loaded as a number it will  be  treat
85         as a handle, e.g. 0x81010013 and used directly._OBJECT_.
86

Algorithm Specifiers

88       Options that take algorithms support “nice-names”.
89
90       There  are two major algorithm specification string classes, simple and
91       complex.  Only certain algorithms will be accepted by the TPM, based on
92       usage and conditions.
93
94   Simple specifiers
95       These are strings with no additional specification data.  When creating
96       objects, non-specified portions of an object are assumed  to  defaults.
97       You can find the list of known “Simple Specifiers” below.
98
99   Asymmetric
100       • rsa
101
102       • ecc
103
104   Symmetric
105       • aes
106
107       • camellia
108
109       • sm4
110
111   Hashing Algorithms
112       • sha1
113
114       • sha256
115
116       • sha384
117
118       • sha512
119
120       • sm3_256
121
122       • sha3_256
123
124       • sha3_384
125
126       • sha3_512
127
128   Keyed Hash
129       • hmac
130
131       • xor
132
133   Signing Schemes
134       • rsassa
135
136       • rsapss
137
138       • ecdsa
139
140       • ecdaa
141
142       • ecschnorr
143
144       • sm2
145
146   Asymmetric Encryption Schemes
147       • oaep
148
149       • rsaes
150
151       • ecdh
152
153   Modes
154       • ctr
155
156       • ofb
157
158       • cbc
159
160       • cfb
161
162       • ecb
163
164   Misc
165       • null
166
167   Complex Specifiers
168       Objects,  when  specified  for creation by the TPM, have numerous algo‐
169       rithms to populate in the public data.  Things like  type,  scheme  and
170       asymmetric  details,  key  size,  etc.  Below is the general format for
171       specifying this data: <type>:<scheme>:<symmetric-details>
172
173   Type Specifiers
174       This portion of the complex algorithm specifier is required.   The  re‐
175       maining  scheme  and  symmetric  details will default based on the type
176       specified and the type of the object being created.
177
178       • aes - Default AES: aes128
179
180       • aes128<mode> - 128 bit AES with optional mode  (ctr|ofb|cbc|cfb|ecb).
181         If mode is not specified, defaults to null.
182
183       • aes192<mode> - Same as aes128<mode>, except for a 192 bit key size.
184
185       • aes256<mode> - Same as aes128<mode>, except for a 256 bit key size.
186
187       • sm4 - Default SM4: sm4128
188
189       • sm4128   or   sm4_128  <mode>  -  128  bit  SM4  with  optional  mode
190         (ctr|ofb|cbc|cfb|ecb).  If mode is not specified, defaults to null.
191
192       • ecc - Elliptical Curve, defaults to ecc256.
193
194       • ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve
195
196       • ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve
197
198       • ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve
199
200       • ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve
201
202       • ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve
203
204       • ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve
205
206       • rsa - Default RSA: rsa2048
207
208       • rsa1024 - RSA with 1024 bit keysize.
209
210       • rsa2048 - RSA with 2048 bit keysize.
211
212       • rsa3072 - RSA with 3072 bit keysize.
213
214       • rsa4096 - RSA with 4096 bit keysize.
215
216   Scheme Specifiers
217       Next, is an optional field, it can be skipped.
218
219       Schemes are usually Signing Schemes or Asymmetric  Encryption  Schemes.
220       Most signing schemes take a hash algorithm directly following the sign‐
221       ing scheme.  If the hash algorithm is missing, it defaults  to  sha256.
222       Some take no arguments, and some take multiple arguments.
223
224   Hash Optional Scheme Specifiers
225       These  scheme  specifiers are followed by a dash and a valid hash algo‐
226       rithm, For example: oaep-sha256.
227
228       • oaep
229
230       • ecdh
231
232       • rsassa
233
234       • rsapss
235
236       • ecdsa
237
238       • ecschnorr
239
240       • sm2
241
242   Multiple Option Scheme Specifiers
243       This scheme specifier is followed by a count  (max  size  UINT16)  then
244       followed by a dash(-) and a valid hash algorithm.  * ecdaa For example,
245       ecdaa4-sha256.  If no count is specified, it defaults to 4.
246
247   No Option Scheme Specifiers
248       This scheme specifier takes NO arguments.  * rsaes
249
250   Symmetric Details Specifiers
251       This field is optional, and defaults based on the type of object  being
252       created  and it’s attributes.  Generally, any valid Symmetric specifier
253       from the Type Specifiers list should work.  If not specified, an  asym‐
254       metric objects symmetric details defaults to aes128cfb.
255
256   Examples
257   Create an rsa2048 key with an rsaes asymmetric encryption scheme
258       tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv
259
260   Create  an  ecc256  key  with an ecdaa signing scheme with a count of 4 and
261       sha384 hash
262       /tpm2_create  -C  parent.ctx  -G  ecc256:ecdaa4-sha384  -u  key.pub  -r
263       key.priv cryptographic algorithms ALGORITHM.
264

COMMON OPTIONS

266       This  collection of options are common to many programs and provide in‐
267       formation that many users may expect.
268
269-h, --help=[man|no-man]: Display the tools manpage.  By  default,  it
270         attempts  to  invoke  the  manpager for the tool, however, on failure
271         will output a short tool summary.  This is the same behavior  if  the
272         “man”  option argument is specified, however if explicit “man” is re‐
273         quested, the tool will provide errors from man  on  stderr.   If  the
274         “no-man”  option  if  specified, or the manpager fails, the short op‐
275         tions will be output to stdout.
276
277         To successfully use the manpages feature requires the manpages to  be
278         installed or on MANPATH, See man(1) for more details.
279
280-v,  --version:  Display version information for this tool, supported
281         tctis and exit.
282
283-V, --verbose: Increase the information that the tool prints  to  the
284         console  during  its  execution.  When using this option the file and
285         line number are printed.
286
287-Q, --quiet: Silence normal tool output to stdout.
288
289-Z, --enable-errata: Enable the application of errata fixups.  Useful
290         if  an  errata fixup needs to be applied to commands sent to the TPM.
291         Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent.   in‐
292         formation many users may expect.
293

TCTI Configuration

295       The  TCTI  or  “Transmission  Interface” is the communication mechanism
296       with the TPM.  TCTIs can be changed for communication with TPMs  across
297       different mediums.
298
299       To control the TCTI, the tools respect:
300
301       1. The command line option -T or --tcti
302
303       2. The environment variable: TPM2TOOLS_TCTI.
304
305       Note:  The  command  line option always overrides the environment vari‐
306       able.
307
308       The current known TCTIs are:
309
310       • tabrmd     -     The     resource     manager,     called      tabrmd
311         (https://github.com/tpm2-software/tpm2-abrmd).   Note that tabrmd and
312         abrmd as a tcti name are synonymous.
313
314       • mssim - Typically used for communicating to the TPM software  simula‐
315         tor.
316
317       • device - Used when talking directly to a TPM device file.
318
319       • none  - Do not initalize a connection with the TPM.  Some tools allow
320         for off-tpm options and thus support not using a TCTI.  Tools that do
321         not  support  it  will error when attempted to be used without a TCTI
322         connection.  Does not support ANY options and MUST  BE  presented  as
323         the exact text of “none”.
324
325       The  arguments  to  either  the  command line option or the environment
326       variable are in the form:
327
328       <tcti-name>:<tcti-option-config>
329
330       Specifying an empty string for  either  the  <tcti-name>  or  <tcti-op‐
331       tion-config> results in the default being used for that portion respec‐
332       tively.
333
334   TCTI Defaults
335       When a TCTI is not specified, the default TCTI is  searched  for  using
336       dlopen(3)  semantics.   The  tools  will  search for tabrmd, device and
337       mssim TCTIs IN THAT ORDER and USE THE FIRST ONE FOUND.  You  can  query
338       what TCTI will be chosen as the default by using the -v option to print
339       the version information.  The “default-tcti” key-value pair will  indi‐
340       cate which of the aforementioned TCTIs is the default.
341
342   Custom TCTIs
343       Any TCTI that implements the dynamic TCTI interface can be loaded.  The
344       tools internally use dlopen(3), and the raw tcti-name value is used for
345       the lookup.  Thus, this could be a path to the shared library, or a li‐
346       brary name as understood by dlopen(3) semantics.
347

TCTI OPTIONS

349       This collection of options are used to configure the various known TCTI
350       modules available:
351
352device: For the device TCTI, the TPM character device file for use by
353         the device TCTI can be specified.  The default is /dev/tpm0.
354
355         Example:   -T   device:/dev/tpm0   or   export    TPM2TOOLS_TCTI=“de‐
356         vice:/dev/tpm0”
357
358mssim:  For  the  mssim  TCTI, the domain name or IP address and port
359         number used by the simulator  can  be  specified.   The  default  are
360         127.0.0.1 and 2321.
361
362         Example:  -T  mssim:host=localhost,port=2321  or export TPM2TOOLS_TC‐
363         TI=“mssim:host=localhost,port=2321”
364
365abrmd: For the abrmd TCTI, the configuration string format is  a  se‐
366         ries  of  simple  key value pairs separated by a `,' character.  Each
367         key and value string are separated by a `=' character.
368
369         • TCTI abrmd supports two keys:
370
371           1. `bus_name' : The name of  the  tabrmd  service  on  the  bus  (a
372              string).
373
374           2. `bus_type' : The type of the dbus instance (a string) limited to
375              `session' and `system'.
376
377         Specify the tabrmd tcti name and a config string of  bus_name=com.ex‐
378         ample.FooBar:
379
380                \--tcti=tabrmd:bus_name=com.example.FooBar
381
382         Specify the default (abrmd) tcti and a config string of bus_type=ses‐
383         sion:
384
385                \--tcti:bus_type=session
386
387         NOTE: abrmd and tabrmd are synonymous.  the various known  TCTI  mod‐
388         ules.
389

Signature Format Specifiers

391       Format selection for the signature output file.  tss (the default) will
392       output a binary blob according to the TPM 2.0 specification and any po‐
393       tential  compiler padding.  The option plain will output the plain sig‐
394       nature data as defined by the used cryptographic algorithm.
395

EXAMPLES

397   Sign and verify with the TPM using the endorsement hierarchy
398              tpm2_createprimary -C e -c primary.ctx
399
400              tpm2_create -G rsa -u rsa.pub -r rsa.priv -C primary.ctx
401
402              tpm2_load -C primary.ctx -u rsa.pub -r rsa.priv -c rsa.ctx
403
404              echo "my message > message.dat
405
406              tpm2_sign -c rsa.ctx -g sha256 -m message.dat -s sig.rssa
407
408              tpm2_verifysignature -c rsa.ctx -g sha256 -m message.dat -s sig.rssa
409
410   Sign with openssl and verify with the TPM
411              # Generate an ECC key
412              openssl ecparam -name prime256v1 -genkey -noout -out private.ecc.pem
413
414              openssl ec -in private.ecc.pem -out public.ecc.pem -pubout
415
416              # Generate a hash to sign (OSSL needs the hash of the message)
417              echo "data to sign" > data.in.raw
418
419              sha256sum data.in.raw | awk '{ print "000000 " $1 }' | \
420              xxd -r -c 32 > data.in.digest
421
422              # Load the private key for signing
423              tpm2_loadexternal -Q -G ecc -r private.ecc.pem -c key.ctx
424
425              # Sign in the TPM and verify with OSSL
426              tpm2_sign -Q -c key.ctx -g sha256 -d data.in.digest -f plain -s data.out.signed
427
428              openssl dgst -verify public.ecc.pem -keyform pem -sha256 \
429              -signature data.out.signed data.in.raw
430
431              # Sign with openssl and verify with TPM
432              openssl dgst -sha256 -sign private.ecc.pem -out data.out.signed data.in.raw
433
434              tpm2_verifysignature -Q -c key.ctx -g sha256 -m data.in.raw -f ecdsa \
435              -s data.out.signed
436

Returns

438       Tools can return any of the following codes:
439
440       • 0 - Success.
441
442       • 1 - General non-specific error.
443
444       • 2 - Options handling error.
445
446       • 3 - Authentication error.
447
448       • 4 - TCTI related error.
449
450       • 5 - Non supported scheme.  Applicable to tpm2_testparams.
451

BUGS

453       Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
454

HELP

456       See the Mailing List (https://lists.linuxfoundation.org/mailman/listin
457       fo/tpm2)
458
459
460
461tpm2-tools                                             tpm2_verifysignature(1)
Impressum