tpm2_geteccparameters(1)

1tpm2_geteccparameters(1)    General Commands Manual   tpm2_geteccparameters(1)
2
3
4

NAME

6       tpm2_geteccparameters(1)  -  Retrieves  the  parameters of an ECC curve
7       identified by its TCG-assigned curveID.
8

SYNOPSIS

10       tpm2_geteccparameters [OPTIONS]
11

DESCRIPTION

13       tpm2_geteccparameters(1) - Retrieves the parameters  of  an  ECC  curve
14       identified by its TCG-assigned curveID.
15

OPTIONS

17       • ARGUMENT=ALGORITHM:
18
19         Specify the ECC curve.  Example ecc521.
20
21       • -o, --output=FILE
22
23         Specify the file path to save the ECC parameters.
24
25       • --cphash=FILE
26
27         File path to record the hash of the command parameters.  This is com‐
28         monly termed as cpHash.  NOTE: When this option is selected, The tool
29         will not actually execute the command, it simply returns a cpHash.
30
31   References

Algorithm Specifiers

33       Options that take algorithms support “nice-names”.
34
35       There  are two major algorithm specification string classes, simple and
36       complex.  Only certain algorithms will be accepted by the TPM, based on
37       usage and conditions.
38
39   Simple specifiers
40       These are strings with no additional specification data.  When creating
41       objects, non-specified portions of an object are assumed  to  defaults.
42       You can find the list of known “Simple Specifiers” below.
43
44   Asymmetric
45       • rsa
46
47       • ecc
48
49   Symmetric
50       • aes
51
52       • camellia
53
54       • sm4
55
56   Hashing Algorithms
57       • sha1
58
59       • sha256
60
61       • sha384
62
63       • sha512
64
65       • sm3_256
66
67       • sha3_256
68
69       • sha3_384
70
71       • sha3_512
72
73   Keyed Hash
74       • hmac
75
76       • xor
77
78   Signing Schemes
79       • rsassa
80
81       • rsapss
82
83       • ecdsa
84
85       • ecdaa
86
87       • ecschnorr
88
89       • sm2
90
91   Asymmetric Encryption Schemes
92       • oaep
93
94       • rsaes
95
96       • ecdh
97
98   Modes
99       • ctr
100
101       • ofb
102
103       • cbc
104
105       • cfb
106
107       • ecb
108
109   Misc
110       • null
111
112   Complex Specifiers
113       Objects,  when  specified  for creation by the TPM, have numerous algo‐
114       rithms to populate in the public data.  Things like  type,  scheme  and
115       asymmetric  details,  key  size,  etc.  Below is the general format for
116       specifying this data: <type>:<scheme>:<symmetric-details>
117
118   Type Specifiers
119       This portion of the complex algorithm specifier is required.   The  re‐
120       maining  scheme  and  symmetric  details will default based on the type
121       specified and the type of the object being created.
122
123       • aes - Default AES: aes128
124
125       • aes128<mode> - 128 bit AES with optional mode  (ctr|ofb|cbc|cfb|ecb).
126         If mode is not specified, defaults to null.
127
128       • aes192<mode> - Same as aes128<mode>, except for a 192 bit key size.
129
130       • aes256<mode> - Same as aes128<mode>, except for a 256 bit key size.
131
132       • sm4 - Default SM4: sm4128
133
134       • sm4128   or   sm4_128  <mode>  -  128  bit  SM4  with  optional  mode
135         (ctr|ofb|cbc|cfb|ecb).  If mode is not specified, defaults to null.
136
137       • ecc - Elliptical Curve, defaults to ecc256.
138
139       • ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve
140
141       • ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve
142
143       • ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve
144
145       • ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve
146
147       • ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve
148
149       • ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve
150
151       • rsa - Default RSA: rsa2048
152
153       • rsa1024 - RSA with 1024 bit keysize.
154
155       • rsa2048 - RSA with 2048 bit keysize.
156
157       • rsa3072 - RSA with 3072 bit keysize.
158
159       • rsa4096 - RSA with 4096 bit keysize.
160
161   Scheme Specifiers
162       Next, is an optional field, it can be skipped.
163
164       Schemes are usually Signing Schemes or Asymmetric  Encryption  Schemes.
165       Most signing schemes take a hash algorithm directly following the sign‐
166       ing scheme.  If the hash algorithm is missing, it defaults  to  sha256.
167       Some take no arguments, and some take multiple arguments.
168
169   Hash Optional Scheme Specifiers
170       These  scheme  specifiers are followed by a dash and a valid hash algo‐
171       rithm, For example: oaep-sha256.
172
173       • oaep
174
175       • ecdh
176
177       • rsassa
178
179       • rsapss
180
181       • ecdsa
182
183       • ecschnorr
184
185       • sm2
186
187   Multiple Option Scheme Specifiers
188       This scheme specifier is followed by a count  (max  size  UINT16)  then
189       followed by a dash(-) and a valid hash algorithm.  * ecdaa For example,
190       ecdaa4-sha256.  If no count is specified, it defaults to 4.
191
192   No Option Scheme Specifiers
193       This scheme specifier takes NO arguments.  * rsaes
194
195   Symmetric Details Specifiers
196       This field is optional, and defaults based on the type of object  being
197       created  and it’s attributes.  Generally, any valid Symmetric specifier
198       from the Type Specifiers list should work.  If not specified, an  asym‐
199       metric objects symmetric details defaults to aes128cfb.
200
201   Examples
202   Create an rsa2048 key with an rsaes asymmetric encryption scheme
203       tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv
204
205   Create  an  ecc256  key  with an ecdaa signing scheme with a count of 4 and
206       sha384 hash
207       /tpm2_create  -C  parent.ctx  -G  ecc256:ecdaa4-sha384  -u  key.pub  -r
208       key.priv cryptographic algorithms ALGORITHM.
209

COMMON OPTIONS

211       This  collection of options are common to many programs and provide in‐
212       formation that many users may expect.
213
214       • -h, --help=[man|no-man]: Display the tools manpage.  By  default,  it
215         attempts  to  invoke  the  manpager for the tool, however, on failure
216         will output a short tool summary.  This is the same behavior  if  the
217         “man”  option argument is specified, however if explicit “man” is re‐
218         quested, the tool will provide errors from man  on  stderr.   If  the
219         “no-man”  option  if  specified, or the manpager fails, the short op‐
220         tions will be output to stdout.
221
222         To successfully use the manpages feature requires the manpages to  be
223         installed or on MANPATH, See man(1) for more details.
224
225       • -v,  --version:  Display version information for this tool, supported
226         tctis and exit.
227
228       • -V, --verbose: Increase the information that the tool prints  to  the
229         console  during  its  execution.  When using this option the file and
230         line number are printed.
231
232       • -Q, --quiet: Silence normal tool output to stdout.
233
234       • -Z, --enable-errata: Enable the application of errata fixups.  Useful
235         if  an  errata fixup needs to be applied to commands sent to the TPM.
236         Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent.   in‐
237         formation many users may expect.
238

TCTI Configuration

240       The  TCTI  or  “Transmission  Interface” is the communication mechanism
241       with the TPM.  TCTIs can be changed for communication with TPMs  across
242       different mediums.
243
244       To control the TCTI, the tools respect:
245
246       1. The command line option -T or --tcti
247
248       2. The environment variable: TPM2TOOLS_TCTI.
249
250       Note:  The  command  line option always overrides the environment vari‐
251       able.
252
253       The current known TCTIs are:
254
255       • tabrmd     -     The     resource     manager,     called      tabrmd
256         (https://github.com/tpm2-software/tpm2-abrmd).   Note that tabrmd and
257         abrmd as a tcti name are synonymous.
258
259       • mssim - Typically used for communicating to the TPM software  simula‐
260         tor.
261
262       • device - Used when talking directly to a TPM device file.
263
264       • none  - Do not initalize a connection with the TPM.  Some tools allow
265         for off-tpm options and thus support not using a TCTI.  Tools that do
266         not  support  it  will error when attempted to be used without a TCTI
267         connection.  Does not support ANY options and MUST  BE  presented  as
268         the exact text of “none”.
269
270       The  arguments  to  either  the  command line option or the environment
271       variable are in the form:
272
273       <tcti-name>:<tcti-option-config>
274
275       Specifying an empty string for  either  the  <tcti-name>  or  <tcti-op‐
276       tion-config> results in the default being used for that portion respec‐
277       tively.
278
279   TCTI Defaults
280       When a TCTI is not specified, the default TCTI is  searched  for  using
281       dlopen(3)  semantics.   The  tools  will  search for tabrmd, device and
282       mssim TCTIs IN THAT ORDER and USE THE FIRST ONE FOUND.  You  can  query
283       what TCTI will be chosen as the default by using the -v option to print
284       the version information.  The “default-tcti” key-value pair will  indi‐
285       cate which of the aforementioned TCTIs is the default.
286
287   Custom TCTIs
288       Any TCTI that implements the dynamic TCTI interface can be loaded.  The
289       tools internally use dlopen(3), and the raw tcti-name value is used for
290       the lookup.  Thus, this could be a path to the shared library, or a li‐
291       brary name as understood by dlopen(3) semantics.
292

TCTI OPTIONS

294       This collection of options are used to configure the various known TCTI
295       modules available:
296
297       • device: For the device TCTI, the TPM character device file for use by
298         the device TCTI can be specified.  The default is /dev/tpm0.
299
300         Example:   -T   device:/dev/tpm0   or   export    TPM2TOOLS_TCTI=“de‐
301         vice:/dev/tpm0”
302
303       • mssim:  For  the  mssim  TCTI, the domain name or IP address and port
304         number used by the simulator  can  be  specified.   The  default  are
305         127.0.0.1 and 2321.
306
307         Example:  -T  mssim:host=localhost,port=2321  or export TPM2TOOLS_TC‐
308         TI=“mssim:host=localhost,port=2321”
309
310       • abrmd: For the abrmd TCTI, the configuration string format is  a  se‐
311         ries  of  simple  key value pairs separated by a `,' character.  Each
312         key and value string are separated by a `=' character.
313
314         • TCTI abrmd supports two keys:
315
316           1. `bus_name' : The name of  the  tabrmd  service  on  the  bus  (a
317              string).
318
319           2. `bus_type' : The type of the dbus instance (a string) limited to
320              `session' and `system'.
321
322         Specify the tabrmd tcti name and a config string of  bus_name=com.ex‐
323         ample.FooBar:
324
325                \--tcti=tabrmd:bus_name=com.example.FooBar
326
327         Specify the default (abrmd) tcti and a config string of bus_type=ses‐
328         sion:
329
330                \--tcti:bus_type=session
331
332         NOTE: abrmd and tabrmd are synonymous.  the various known  TCTI  mod‐
333         ules.
334

EXAMPLES

336              tpm2_geteccparameters ecc256 -o ecc.params
337

Returns

339       Tools can return any of the following codes:
340
341       • 0 - Success.
342
343       • 1 - General non-specific error.
344
345       • 2 - Options handling error.
346
347       • 3 - Authentication error.
348
349       • 4 - TCTI related error.
350
351       • 5 - Non supported scheme.  Applicable to tpm2_testparams.
352

BUGS

354       Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
355

HELP

357       See the Mailing List (https://lists.linuxfoundation.org/mailman/listin‐
358       fo/tpm2)
359
360
361
362tpm2-tools                                            tpm2_geteccparameters(1)