tpm2_verifysignature.1 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510
  1. .\" Automatically generated by Pandoc 1.19.2.4
  2. .\"
  3. .TH "tpm2_verifysignature" "1" "" "tpm2\-tools" "General Commands Manual"
  4. .hy
  5. .SH NAME
  6. .PP
  7. \f[B]tpm2_verifysignature\f[](1) \- Validates a signature using the TPM.
  8. .SH SYNOPSIS
  9. .PP
  10. \f[B]tpm2_verifysignature\f[] [\f[I]OPTIONS\f[]]
  11. .SH DESCRIPTION
  12. .PP
  13. \f[B]tpm2_verifysignature\f[](1) \- Uses loaded keys to validate a
  14. signature on a message with the message digest passed to the TPM.
  15. If the signature check succeeds, then the TPM will produce a
  16. \f[B]TPMT_TK_VERIFIED\f[].
  17. Otherwise, the TPM shall return \f[B]TPM_RC_SIGNATURE\f[].
  18. If object references an asymmetric key, only the public portion of the
  19. key needs to be loaded.
  20. If object references a symmetric key, both the public and private
  21. portions need to be loaded.
  22. .SH OPTIONS
  23. .IP \[bu] 2
  24. \f[B]\-c\f[], \f[B]\-\-key\-context\f[]=\f[I]OBJECT\f[]:
  25. .RS 2
  26. .PP
  27. Context object for the key context used for the operation.
  28. Either a file or a handle number.
  29. See section "Context Object Format".
  30. .RE
  31. .IP \[bu] 2
  32. \f[B]\-g\f[], \f[B]\-\-hash\-algorithm\f[]=\f[I]ALGORITHM\f[]:
  33. .RS 2
  34. .PP
  35. The hash algorithm used to digest the message.
  36. Algorithms should follow the "formatting standards", see section
  37. "Algorithm Specifiers".
  38. Also, see section "Supported Hash Algorithms" for a list of supported
  39. hash algorithms.
  40. .RE
  41. .IP \[bu] 2
  42. \f[B]\-m\f[], \f[B]\-\-message\f[]=\f[I]FILE\f[]:
  43. .RS 2
  44. .PP
  45. The message file, containing the content to be digested.
  46. .RE
  47. .IP \[bu] 2
  48. \f[B]\-d\f[], \f[B]\-\-digest\f[]=\f[I]FILE\f[]:
  49. .RS 2
  50. .PP
  51. The input hash file, containing the hash of the message.
  52. If this option is selected, then the message (\f[B]\-m\f[]) and
  53. algorithm (\f[B]\-g\f[]) options do not need to be specified.
  54. .RE
  55. .IP \[bu] 2
  56. \f[B]\-s\f[], \f[B]\-\-signature\f[]=\f[I]FILE\f[]:
  57. .RS 2
  58. .PP
  59. The input signature file of the signature to be validated.
  60. .RE
  61. .IP \[bu] 2
  62. \f[B]\-f\f[], \f[B]\-\-scheme\f[]=\f[I]SCHEME\f[]:
  63. .RS 2
  64. .PP
  65. The signing scheme that was used to sign the message.
  66. This option should only be specified if the signature comes in from a
  67. non \f[I]tss\f[] standard, like openssl.
  68. See "Signature format specifiers" for more details.
  69. The \f[I]tss\f[] format contains the signature metadata required to
  70. understand it\[aq]s signature scheme.
  71. .PP
  72. Signing schemes should follow the "formatting standards", see section
  73. "Algorithm Specifiers".
  74. .RE
  75. .IP \[bu] 2
  76. \f[B]\-\-format\f[]=\f[I]SCHEME\f[]:
  77. .RS 2
  78. .PP
  79. Deprecated.
  80. Same as \f[B]\-\-scheme\f[].
  81. .RE
  82. .IP \[bu] 2
  83. \f[B]\-t\f[], \f[B]\-\-ticket\f[]=\f[I]FILE\f[]:
  84. .RS 2
  85. .PP
  86. The ticket file to record the validation structure.
  87. .RE
  88. .SS References
  89. .SH Context Object Format
  90. .PP
  91. The type of a context object, whether it is a handle or file name, is
  92. determined according to the following logic \f[I]in\-order\f[]:
  93. .IP \[bu] 2
  94. If the argument is a file path, then the file is loaded as a restored
  95. TPM transient object.
  96. .IP \[bu] 2
  97. If the argument is a \f[I]prefix\f[] match on one of:
  98. .RS 2
  99. .IP \[bu] 2
  100. owner: the owner hierarchy
  101. .IP \[bu] 2
  102. platform: the platform hierarchy
  103. .IP \[bu] 2
  104. endorsement: the endorsement hierarchy
  105. .IP \[bu] 2
  106. lockout: the lockout control persistent object
  107. .RE
  108. .IP \[bu] 2
  109. If the argument argument can be loaded as a number it will be treat as a
  110. handle, e.g.
  111. 0x81010013 and used directly.\f[I]OBJECT\f[].
  112. .SH Algorithm Specifiers
  113. .PP
  114. Options that take algorithms support "nice\-names".
  115. .PP
  116. There are two major algorithm specification string classes, simple and
  117. complex.
  118. Only certain algorithms will be accepted by the TPM, based on usage and
  119. conditions.
  120. .SS Simple specifiers
  121. .PP
  122. These are strings with no additional specification data.
  123. When creating objects, non\-specified portions of an object are assumed
  124. to defaults.
  125. You can find the list of known "Simple Specifiers Below".
  126. .SS Asymmetric
  127. .IP \[bu] 2
  128. rsa
  129. .IP \[bu] 2
  130. ecc
  131. .SS Symmetric
  132. .IP \[bu] 2
  133. aes
  134. .IP \[bu] 2
  135. camellia
  136. .SS Hashing Algorithms
  137. .IP \[bu] 2
  138. sha1
  139. .IP \[bu] 2
  140. sha256
  141. .IP \[bu] 2
  142. sha384
  143. .IP \[bu] 2
  144. sha512
  145. .IP \[bu] 2
  146. sm3_256
  147. .IP \[bu] 2
  148. sha3_256
  149. .IP \[bu] 2
  150. sha3_384
  151. .IP \[bu] 2
  152. sha3_512
  153. .SS Keyed Hash
  154. .IP \[bu] 2
  155. hmac
  156. .IP \[bu] 2
  157. xor
  158. .SS Signing Schemes
  159. .IP \[bu] 2
  160. rsassa
  161. .IP \[bu] 2
  162. rsapss
  163. .IP \[bu] 2
  164. ecdsa
  165. .IP \[bu] 2
  166. ecdaa
  167. .IP \[bu] 2
  168. ecschnorr
  169. .SS Asymmetric Encryption Schemes
  170. .IP \[bu] 2
  171. oaep
  172. .IP \[bu] 2
  173. rsaes
  174. .IP \[bu] 2
  175. ecdh
  176. .SS Modes
  177. .IP \[bu] 2
  178. ctr
  179. .IP \[bu] 2
  180. ofb
  181. .IP \[bu] 2
  182. cbc
  183. .IP \[bu] 2
  184. cfb
  185. .IP \[bu] 2
  186. ecb
  187. .SS Misc
  188. .IP \[bu] 2
  189. null
  190. .SS Complex Specifiers
  191. .PP
  192. Objects, when specified for creation by the TPM, have numerous
  193. algorithms to populate in the public data.
  194. Things like type, scheme and asymmetric details, key size, etc.
  195. Below is the general format for specifying this data:
  196. \f[C]<type>:<scheme>:<symmetric\-details>\f[]
  197. .SS Type Specifiers
  198. .PP
  199. This portion of the complex algorithm specifier is required.
  200. The remaining scheme and symmetric details will default based on the
  201. type specified and the type of the object being created.
  202. .IP \[bu] 2
  203. aes \- Default AES: aes128
  204. .IP \[bu] 2
  205. aes128\f[C]<mode>\f[] \- 128 bit AES with optional mode
  206. (\f[I]ctr\f[]|\f[I]ofb\f[]|\f[I]cbc\f[]|\f[I]cfb\f[]|\f[I]ecb\f[]).
  207. If mode is not specified, defaults to \f[I]null\f[].
  208. .IP \[bu] 2
  209. aes192\f[C]<mode>\f[] \- Same as aes128\f[C]<mode>\f[], except for a 192
  210. bit key size.
  211. .IP \[bu] 2
  212. aes256\f[C]<mode>\f[] \- Same as aes128\f[C]<mode>\f[], except for a 256
  213. bit key size.
  214. .IP \[bu] 2
  215. ecc \- Elliptical Curve, defaults to ecc256.
  216. .IP \[bu] 2
  217. ecc192 \- 192 bit ECC
  218. .IP \[bu] 2
  219. ecc224 \- 224 bit ECC
  220. .IP \[bu] 2
  221. ecc256 \- 256 bit ECC
  222. .IP \[bu] 2
  223. ecc384 \- 384 bit ECC
  224. .IP \[bu] 2
  225. ecc521 \- 521 bit ECC
  226. .IP \[bu] 2
  227. rsa \- Default RSA: rsa2048
  228. .IP \[bu] 2
  229. rsa1024 \- RSA with 1024 bit keysize.
  230. .IP \[bu] 2
  231. rsa2048 \- RSA with 2048 bit keysize.
  232. .IP \[bu] 2
  233. rsa4096 \- RSA with 4096 bit keysize.
  234. .SS Scheme Specifiers
  235. .PP
  236. Next, is an optional field, it can be skipped.
  237. .PP
  238. Schemes are usually \f[B]Signing Schemes\f[] or \f[B]Asymmetric
  239. Encryption Schemes\f[].
  240. Most signing schemes take a hash algorithm directly following the
  241. signing scheme.
  242. If the hash algorithm is missing, it defaults to \f[I]sha256\f[].
  243. Some take no arguments, and some take multiple arguments.
  244. .SS Hash Optional Scheme Specifiers
  245. .PP
  246. These scheme specifiers are followed by a dash and a valid hash
  247. algorithm, For example: \f[C]oaep\-sha256\f[].
  248. .IP \[bu] 2
  249. oaep
  250. .IP \[bu] 2
  251. ecdh
  252. .IP \[bu] 2
  253. rsassa
  254. .IP \[bu] 2
  255. rsapss
  256. .IP \[bu] 2
  257. ecdsa
  258. .IP \[bu] 2
  259. ecschnorr
  260. .SS Multiple Option Scheme Specifiers
  261. .PP
  262. This scheme specifier is followed by a count (max size UINT16) then
  263. followed by a dash(\-) and a valid hash algorithm.
  264. * ecdaa For example, ecdaa4\-sha256.
  265. If no count is specified, it defaults to 4.
  266. .SS No Option Scheme Specifiers
  267. .PP
  268. This scheme specifier takes NO arguments.
  269. * rsaes
  270. .SS Symmetric Details Specifiers
  271. .PP
  272. This field is optional, and defaults based on the \f[I]type\f[] of
  273. object being created and it\[aq]s attributes.
  274. Generally, any valid \f[B]Symmetric\f[] specifier from the \f[B]Type
  275. Specifiers\f[] list should work.
  276. If not specified, an asymmetric objects symmetric details defaults to
  277. \f[I]aes128cfb\f[].
  278. .SS Examples
  279. .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme
  280. .PP
  281. \f[C]tpm2_create\ \-C\ parent.ctx\ \-G\ rsa2048:rsaes\ \-u\ key.pub\ \-r\ key.priv\f[]
  282. .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4
  283. and sha384 hash
  284. .PP
  285. \f[C]/tpm2_create\ \-C\ parent.ctx\ \-G\ ecc256:ecdaa4\-sha384\ \-u\ key.pub\ \-r\ key.priv\f[]
  286. cryptographic algorithms \f[I]ALGORITHM\f[].
  287. .SH COMMON OPTIONS
  288. .PP
  289. This collection of options are common to many programs and provide
  290. information that many users may expect.
  291. .IP \[bu] 2
  292. \f[B]\-h\f[], \f[B]\-\-help=[man|no\-man]\f[]: Display the tools
  293. manpage.
  294. By default, it attempts to invoke the manpager for the tool, however, on
  295. failure will output a short tool summary.
  296. This is the same behavior if the "man" option argument is specified,
  297. however if explicit "man" is requested, the tool will provide errors
  298. from man on stderr.
  299. If the "no\-man" option if specified, or the manpager fails, the short
  300. options will be output to stdout.
  301. .RS 2
  302. .PP
  303. To successfully use the manpages feature requires the manpages to be
  304. installed or on \f[I]MANPATH\f[], See man(1) for more details.
  305. .RE
  306. .IP \[bu] 2
  307. \f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this
  308. tool, supported tctis and exit.
  309. .IP \[bu] 2
  310. \f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the
  311. tool prints to the console during its execution.
  312. When using this option the file and line number are printed.
  313. .IP \[bu] 2
  314. \f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout.
  315. .IP \[bu] 2
  316. \f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of
  317. errata fixups.
  318. Useful if an errata fixup needs to be applied to commands sent to the
  319. TPM.
  320. Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent.
  321. information many users may expect.
  322. .SH TCTI Configuration
  323. .PP
  324. The TCTI or "Transmission Interface" is the communication mechanism with
  325. the TPM.
  326. TCTIs can be changed for communication with TPMs across different
  327. mediums.
  328. .PP
  329. To control the TCTI, the tools respect:
  330. .IP "1." 3
  331. The command line option \f[B]\-T\f[] or \f[B]\-\-tcti\f[]
  332. .IP "2." 3
  333. The environment variable: \f[I]TPM2TOOLS_TCTI\f[].
  334. .PP
  335. \f[B]Note:\f[] The command line option always overrides the environment
  336. variable.
  337. .PP
  338. The current known TCTIs are:
  339. .IP \[bu] 2
  340. tabrmd \- The resource manager, called
  341. tabrmd (https://github.com/tpm2-software/tpm2-abrmd).
  342. Note that tabrmd and abrmd as a tcti name are synonymous.
  343. .IP \[bu] 2
  344. mssim \- Typically used for communicating to the TPM software simulator.
  345. .IP \[bu] 2
  346. device \- Used when talking directly to a TPM device file.
  347. .IP \[bu] 2
  348. none \- Do not initalize a connection with the TPM.
  349. Some tools allow for off\-tpm options and thus support not using a TCTI.
  350. Tools that do not support it will error when attempted to be used
  351. without a TCTI connection.
  352. Does not support \f[I]ANY\f[] options and \f[I]MUST BE\f[] presented as
  353. the exact text of "none".
  354. .PP
  355. The arguments to either the command line option or the environment
  356. variable are in the form:
  357. .PP
  358. \f[C]<tcti\-name>:<tcti\-option\-config>\f[]
  359. .PP
  360. Specifying an empty string for either the \f[C]<tcti\-name>\f[] or
  361. \f[C]<tcti\-option\-config>\f[] results in the default being used for
  362. that portion respectively.
  363. .SS TCTI Defaults
  364. .PP
  365. When a TCTI is not specified, the default TCTI is searched for using
  366. \f[I]dlopen(3)\f[] semantics.
  367. The tools will search for \f[I]tabrmd\f[], \f[I]device\f[] and
  368. \f[I]mssim\f[] TCTIs \f[B]IN THAT ORDER\f[] and \f[B]USE THE FIRST ONE
  369. FOUND\f[].
  370. You can query what TCTI will be chosen as the default by using the
  371. \f[B]\-v\f[] option to print the version information.
  372. The "default\-tcti" key\-value pair will indicate which of the
  373. aforementioned TCTIs is the default.
  374. .SS Custom TCTIs
  375. .PP
  376. Any TCTI that implements the dynamic TCTI interface can be loaded.
  377. The tools internally use \f[I]dlopen(3)\f[], and the raw
  378. \f[I]tcti\-name\f[] value is used for the lookup.
  379. Thus, this could be a path to the shared library, or a library name as
  380. understood by \f[I]dlopen(3)\f[] semantics.
  381. .SH TCTI OPTIONS
  382. .PP
  383. This collection of options are used to configure the various known TCTI
  384. modules available:
  385. .IP \[bu] 2
  386. \f[B]device\f[]: For the device TCTI, the TPM character device file for
  387. use by the device TCTI can be specified.
  388. The default is \f[I]/dev/tpm0\f[].
  389. .RS 2
  390. .PP
  391. Example: \f[B]\-T device:/dev/tpm0\f[] or \f[B]export
  392. \f[I]TPM2TOOLS_TCTI\f[]="device:/dev/tpm0"\f[]
  393. .RE
  394. .IP \[bu] 2
  395. \f[B]mssim\f[]: For the mssim TCTI, the domain name or IP address and
  396. port number used by the simulator can be specified.
  397. The default are 127.0.0.1 and 2321.
  398. .RS 2
  399. .PP
  400. Example: \f[B]\-T mssim:host=localhost,port=2321\f[] or \f[B]export
  401. \f[I]TPM2TOOLS_TCTI\f[]="mssim:host=localhost,port=2321"\f[]
  402. .RE
  403. .IP \[bu] 2
  404. \f[B]abrmd\f[]: For the abrmd TCTI, the configuration string format is a
  405. series of simple key value pairs separated by a \[aq],\[aq] character.
  406. Each key and value string are separated by a \[aq]=\[aq] character.
  407. .RS 2
  408. .IP \[bu] 2
  409. TCTI abrmd supports two keys:
  410. .RS 2
  411. .IP "1." 3
  412. \[aq]bus_name\[aq] : The name of the tabrmd service on the bus (a
  413. string).
  414. .IP "2." 3
  415. \[aq]bus_type\[aq] : The type of the dbus instance (a string) limited to
  416. \[aq]session\[aq] and \[aq]system\[aq].
  417. .RE
  418. .PP
  419. Specify the tabrmd tcti name and a config string of
  420. \f[C]bus_name=com.example.FooBar\f[]:
  421. .PP
  422. \f[C]\\\-\-tcti=tabrmd:bus_name=com.example.FooBar\f[]
  423. .PP
  424. Specify the default (abrmd) tcti and a config string of
  425. \f[C]bus_type=session\f[]:
  426. .PP
  427. \f[C]\\\-\-tcti:bus_type=session\f[]
  428. .PP
  429. \f[B]NOTE\f[]: abrmd and tabrmd are synonymous.
  430. the various known TCTI modules.
  431. .RE
  432. .SH Signature Format Specifiers
  433. .PP
  434. Format selection for the signature output file.
  435. \f[B]tss\f[] (the default) will output a binary blob according to the
  436. TPM 2.0 specification and any potential compiler padding.
  437. The option \f[B]plain\f[] will output the plain signature data as
  438. defined by the used cryptographic algorithm.
  439. .SH EXAMPLES
  440. .SS Sign and verify with the TPM using the \f[I]endorsement\f[]
  441. hierarchy
  442. .IP
  443. .nf
  444. \f[C]
  445. tpm2_createprimary\ \-C\ e\ \-c\ primary.ctx
  446. tpm2_create\ \-G\ rsa\ \-u\ rsa.pub\ \-r\ rsa.priv\ \-C\ primary.ctx
  447. tpm2_load\ \-C\ primary.ctx\ \-u\ rsa.pub\ \-r\ rsa.priv\ \-c\ rsa.ctx
  448. echo\ "my\ message\ >\ message.dat
  449. tpm2_sign\ \-c\ rsa.ctx\ \-g\ sha256\ \-m\ message.dat\ \-s\ sig.rssa
  450. tpm2_verifysignature\ \-c\ rsa.ctx\ \-g\ sha256\ \-m\ message.dat\ \-s\ sig.rssa
  451. \f[]
  452. .fi
  453. .SS Sign with openssl and verify with the TPM
  454. .IP
  455. .nf
  456. \f[C]
  457. #\ Generate\ an\ ECC\ key
  458. openssl\ ecparam\ \-name\ prime256v1\ \-genkey\ \-noout\ \-out\ private.ecc.pem
  459. openssl\ ec\ \-in\ private.ecc.pem\ \-out\ public.ecc.pem\ \-pubout
  460. #\ Generate\ a\ hash\ to\ sign\ (OSSL\ needs\ the\ hash\ of\ the\ message)
  461. echo\ "data\ to\ sign"\ >\ data.in.raw
  462. sha256sum\ data.in.raw\ |\ awk\ \[aq]{\ print\ "000000\ "\ $1\ }\[aq]\ |\ \\
  463. xxd\ \-r\ \-c\ 32\ >\ data.in.digest
  464. #\ Load\ the\ private\ key\ for\ signing
  465. tpm2_loadexternal\ \-Q\ \-G\ ecc\ \-r\ private.ecc.pem\ \-c\ key.ctx
  466. #\ Sign\ in\ the\ TPM\ and\ verify\ with\ OSSL
  467. tpm2_sign\ \-Q\ \-c\ key.ctx\ \-g\ sha256\ \-d\ data.in.digest\ \-f\ plain\ \-s\ data.out.signed
  468. openssl\ dgst\ \-verify\ public.ecc.pem\ \-keyform\ pem\ \-sha256\ \\
  469. \-signature\ data.out.signed\ data.in.raw
  470. #\ Sign\ with\ openssl\ and\ verify\ with\ TPM
  471. openssl\ dgst\ \-sha256\ \-sign\ private.ecc.pem\ \-out\ data.out.signed\ data.in.raw
  472. tpm2_verifysignature\ \-Q\ \-c\ key.ctx\ \-g\ sha256\ \-m\ data.in.raw\ \-f\ ecdsa\ \\
  473. \-s\ data.out.signed
  474. \f[]
  475. .fi
  476. .SH Returns
  477. .PP
  478. Tools can return any of the following codes:
  479. .IP \[bu] 2
  480. 0 \- Success.
  481. .IP \[bu] 2
  482. 1 \- General non\-specific error.
  483. .IP \[bu] 2
  484. 2 \- Options handling error.
  485. .IP \[bu] 2
  486. 3 \- Authentication error.
  487. .IP \[bu] 2
  488. 4 \- TCTI related error.
  489. .IP \[bu] 2
  490. 5 \- Non supported scheme.
  491. Applicable to tpm2_testparams.
  492. .SH BUGS
  493. .PP
  494. Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
  495. .SH HELP
  496. .PP
  497. See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)