pax_global_header00006660000000000000000000000064146231133770014521gustar00rootroot0000000000000052 comment=30e6057722058cb85c292dcb7b77760ad6410d4e tpm2-tss-4.1.3/000077500000000000000000000000001462311337700132175ustar00rootroot00000000000000tpm2-tss-4.1.3/.appveyor.yml000066400000000000000000000003661462311337700156720ustar00rootroot00000000000000version: '{build}' pull_requests: do_not_increment_build_number: true skip_tags: true image: Visual Studio 2019 configuration: - Debug - Release platform: - x86 - x64 build: project: tpm2-tss.sln parallel: false verbosity: normal tpm2-tss-4.1.3/.ci/000077500000000000000000000000001462311337700136705ustar00rootroot00000000000000tpm2-tss-4.1.3/.ci/coverity.run000077500000000000000000000061071462311337700162710ustar00rootroot00000000000000#!/usr/bin/env bash # SPDX-License-Identifier: BSD-3-Clause set -eo pipefail # Override project to the old project name becuase coverity didn't understand the rename from # 01org/TPM2.0-TSS to tpm2-software/tpm2-tss export PROJECT='01org/TPM2.0-TSS' echo "PROJECT=$PROJECT" if [ -z "$COVERITY_SCAN_TOKEN" ]; then echo "coverity.run invoked without COVERITY_SCAN_TOKEN set...exiting!" exit 1 fi if [ -z "$COVERITY_SUBMISSION_EMAIL" ]; then echo "coverity.run invoked without COVERITY_SUBMISSION_EMAIL set...exiting!" exit 1 fi # Sanity check, this should only be executing on the coverity_scan branch if [[ "$REPO_BRANCH" != *coverity_scan ]]; then echo "coverity.run invoked for non-coverity branch $REPO_BRANCH...exiting!" exit 1 fi if [[ "$CC" == clang* ]]; then echo "Coverity scan branch detected, not running with clang...exiting!" exit 1 fi # branch is coverity_scan echo "Running coverity build" # ensure coverity_scan tool is available to the container # We cannot package these in the docker image, as we would be distributing their software # for folks not coupled to our COVERITY_SCAN_TOKEN. if [ ! -f "$(pwd)/cov-analysis/bin/cov-build" ]; then curl --data-urlencode "project=$PROJECT" \ --data-urlencode "token=$COVERITY_SCAN_TOKEN" \ "https://scan.coverity.com/download/linux64" -o coverity_tool.tgz stat coverity_tool.tgz curl --data-urlencode "project=$PROJECT" \ --data-urlencode "token=$COVERITY_SCAN_TOKEN" \ --data-urlencode "md5=1" \ "https://scan.coverity.com/download/linux64" -o coverity_tool.md5 stat coverity_tool.md5 cat coverity_tool.md5 md5sum coverity_tool.tgz echo "$(cat coverity_tool.md5)" coverity_tool.tgz | md5sum -c echo "unpacking cov-analysis" tar -xf coverity_tool.tgz mv cov-analysis-* cov-analysis fi export PATH=$PATH:$(pwd)/cov-analysis/bin echo "Which cov-build: $(which cov-build)" pushd "$DOCKER_BUILD_DIR" source ".ci/docker-prelude.sh" echo "Performing build with Coverity Scan" rm -rf cov-int ./bootstrap && ./configure --enable-debug && make clean cov-build --dir $DOCKER_BUILD_DIR/cov-int make -j $(nproc) echo "Collecting Coverity data for submission" rm -fr README AUTHOR="$(git log -1 $HEAD --pretty="%aN")" AUTHOR_EMAIL="$(git log -1 $HEAD --pretty="%aE")" VERSION="$(git rev-parse HEAD)" echo "Name: $AUTHOR" >> README echo "Email: $AUTHOR_EMAIL" >> README echo "Project: $PROJECT" >> README echo "Build-Version: $VERSION" >> README echo "Description: $REPO_NAME $REPO_BRANCH" >> README echo "Submitted-by: $PROJECT CI" >> README echo "---README---" cat README echo "---EOF---" rm -f scan.tgz tar -czf scan.tgz README cov-int rm -rf README cov-int # upload the results echo "Testing for scan results..." scan_file=$(stat --printf='%n' scan.tgz) echo "Submitting data to Coverity" curl --form token="$COVERITY_SCAN_TOKEN" \ --form email="$COVERITY_SUBMISSION_EMAIL" \ --form project="$PROJECT" \ --form file=@"$scan_file" \ --form version="$VERSION" \ --form description="$REPO_NAME $REPO_BRANCH" \ "https://scan.coverity.com/builds?project=$PROJECT" rm -rf scan.tgz popd exit 0 tpm2-tss-4.1.3/.ci/docker-prelude.sh000077500000000000000000000007601462311337700171370ustar00rootroot00000000000000#!/usr/bin/env bash # SPDX-License-Identifier: BSD-3-Clause # all command failures are fatal set -e WORKSPACE=`dirname $DOCKER_BUILD_DIR` echo "Workspace: $WORKSPACE" source $DOCKER_BUILD_DIR/.ci/download-deps.sh get_deps "$WORKSPACE" export LD_LIBRARY_PATH=/usr/local/lib/ # Change to the build dir echo "echo changing to $DOCKER_BUILD_DIR" cd $DOCKER_BUILD_DIR # workaround to solve problem with unsafe directory with alpine git config --global --add safe.directory /workspace/tpm2-tss tpm2-tss-4.1.3/.ci/docker.env000066400000000000000000000004351462311337700156530ustar00rootroot00000000000000# SPDX-License-Identifier: BSD-3-Clause DOCKER_BUILD_DIR=/workspace/tpm2-tss CC CXX PROJECT REPO_BRANCH REPO_NAME BASE_REF DOCKER_IMAGE COVERITY_SCAN_TOKEN COVERITY_SUBMISSION_EMAIL COVERALLS_REPO_TOKEN SCANBUILD WITH_CRYPTO WITH_TCTI GEN_FUZZ TEST_TCTI_CONFIG ENABLE_COVERAGE tpm2-tss-4.1.3/.ci/docker.run000077500000000000000000000142541462311337700156760ustar00rootroot00000000000000#!/usr/bin/env bash # SPDX-License-Identifier: BSD-3-Clause set -eo pipefail source $DOCKER_BUILD_DIR/.ci/docker-prelude.sh export CONFIGURE_OPTIONS= if [ -d build ]; then rm -rf build fi if [ -d ./build-no-tests ]; then rm -rf build-no-tests fi if [ -d ./config_test ]; then rm -rf config_test fi if [ -z "$WITH_CRYPTO" ]; then echo "variable WITH_CRYPTO not set, defaulting to ossl" export WITH_CRYPTO="ossl" fi little_endian=$(echo -n I | od -to2 | awk 'FNR==1{ print substr($2,6,1)}') if [ $little_endian -eq 0 ]; then export CONFIGURE_OPTIONS="$CONFIGURE_OPTIONS --with-integrationtcti=libtpms" fi if [ "$WITH_CRYPTO" != "ossl" ]; then export CONFIGURE_OPTIONS="$CONFIGURE_OPTIONS --disable-fapi --disable-policy" fi ./bootstrap # Is it a fuzz run, if so build the fuzz test and exit. if [ "$GEN_FUZZ" == "1" ]; then ./configure --with-fuzzing=libfuzzer --enable-tcti-fuzzing \ --disable-tcti-device --disable-tcti-mssim --disable-tcti-swtpm \ --disable-shared --with-crypto="$WITH_CRYPTO" make -j$(nproc) check exit 0 fi if [ "$TEST_TCTI_CONFIG" != "true" ]; then # # General build runs # # build with no tests enabled mkdir ./build-no-tests pushd ./build-no-tests echo "PWD: $(pwd)" echo "ls -la ../ $(ls -la ../)" ../configure --with-crypto=$WITH_CRYPTO $CONFIGURE_OPTIONS make -j$(nproc) popd if [ "$WITH_CRYPTO" == "none" ]; then echo "Exiting without running tests becuase crypto backend is none" exit 0 fi # build with all tests enabled mkdir ./build pushd ./build if [[ "$CC" == "gcc" && "$ENABLE_COVERAGE" == "true" ]]; then export CONFIGURE_OPTIONS="$CONFIGURE_OPTIONS --enable-code-coverage"; fi if ldconfig -p 2>/dev/null| grep libasan > /dev/null && ldconfig -p 2>/dev/null| grep libubsan > /dev/null; then if [ $little_endian -eq 1 ]; then SANITIZER_OPTION="--with-sanitizer=undefined,address" fi fi if [ "$SCANBUILD" == "yes" ]; then scan-build --status-bugs ../configure --enable-unit --enable-self-generated-certificate --enable-integration --with-crypto=$WITH_CRYPTO $CONFIGURE_OPTIONS elif [ "$CC" == "clang" ]; then ../configure --enable-unit --enable-self-generated-certificate --enable-integration --with-maxloglevel=none --with-crypto=$WITH_CRYPTO $CONFIGURE_OPTIONS else if [ "$WITH_TCTI" == "mssim" ]; then ../configure $SANITIZER_OPTION --disable-tcti-swtpm --enable-unit --enable-self-generated-certificate --enable-integration --with-crypto=$WITH_CRYPTO $CONFIGURE_OPTIONS else ../configure $SANITIZER_OPTION --with-maxloglevel=none --enable-debug=yes --enable-unit --enable-self-generated-certificate --enable-integration --with-crypto=$WITH_CRYPTO $CONFIGURE_OPTIONS fi fi if [ "$SCANBUILD" == "yes" ]; then scan-build --status-bugs make -j elif [ "$CC" == "clang" ]; then make -j distcheck else make -j check fi popd else # TEST_TCTI_CONFIG == true mkdir ./config_test pushd ./config_test if [ "$CC" == "gcc" ]; then # No TCTI - expect to fail echo "========================== START TEST - NO TCTI ==========================" (../configure --disable-doxygen-doc --enable-unit --enable-self-generated-certificate --enable-integration --disable-tcti-swtpm --disable-tcti-mssim --disable-tcti-device && exit 1) || echo "failed as expected"; # only device TCTI echo "========================== START TEST - device TCTI ==========================" mkdir -p ./dev/tpm0 && ../configure --disable-doxygen-doc --enable-unit --enable-self-generated-certificate --enable-integration --disable-tcti-swtpm --disable-tcti-mssim --enable-tcti-device --with-device=./dev/tpm0 make -j check TESTS="test/unit/tcti-device" && rm -rf ./dev # only mssim TCTI echo "========================== START TEST - mssim TCTI ==========================" ../configure --disable-doxygen-doc --enable-unit --enable-self-generated-certificate --enable-integration --disable-tcti-swtpm --enable-tcti-mssim --disable-tcti-device make -j check TESTS="test/unit/tcti-mssim" # device and mssim TCTIs echo "========================== START TEST - mssim & device TCTI ==========================" ../configure --disable-doxygen-doc --enable-unit --enable-self-generated-certificate --enable-integration --disable-tcti-swtpm --enable-tcti-mssim --enable-tcti-device make -j check TESTS="test/unit/tcti-device test/unit/tcti-mssim" # only swtmp TCTI echo "========================== START TEST - swtpm TCTI ==========================" ../configure --disable-doxygen-doc --enable-unit --enable-self-generated-certificate --enable-integration --enable-tcti-swtpm --disable-tcti-mssim --disable-tcti-device make -j check TESTS="test/unit/tcti-swtpm" # swtmp and device TCTIs echo "========================== START TEST - swtpm & device TCTI ==========================" ../configure --disable-doxygen-doc --enable-unit --enable-self-generated-certificate --enable-integration --enable-tcti-swtpm --disable-tcti-mssim --enable-tcti-device make -j check TESTS="test/unit/tcti-swtpm test/unit/tcti-device" # swtmp and mssim TCTIs echo "========================== START TEST - swtpm & mssim TCTI ==========================" ../configure --disable-doxygen-doc --enable-unit --enable-self-generated-certificate --enable-integration --enable-tcti-swtpm --enable-tcti-mssim --disable-tcti-device make -j check TESTS="test/unit/tcti-swtpm test/unit/tcti-mssim" # all TCTIs echo "========================== START TEST - swtpm & mssim & device TCTI ==========================" ../configure --disable-doxygen-doc --enable-unit --enable-self-generated-certificate --enable-integration --enable-tcti-swtpm --enable-tcti-mssim --enable-tcti-device make -j check TESTS="test/unit/tcti-swtpm test/unit/tcti-mssim test/unit/tcti-device" fi # CC == gcc popd fi # TEST_TCTI_CONFIG # back in root git directory, check for whitespace errors. We do this post CI # so people can verify the rest of their patch works in CI before dying. # git diff --check fails with a non-zero return code causing the shell to die # as it has a set -e executed. if [ -n "$BASE_REF" ]; then echo "Running whitespace check" git fetch origin "$BASE_REF" git diff --check "origin/$BASE_REF" fi if [ "$ENABLE_COVERAGE" == "true" ]; then bash <(curl -s https://codecov.io/bash) fi exit 0 tpm2-tss-4.1.3/.ci/download-deps.sh000077500000000000000000000001461462311337700167700ustar00rootroot00000000000000#!/usr/bin/env bash # SPDX-License-Identifier: BSD-3-Clause function get_deps() { echo "no deps" } tpm2-tss-4.1.3/.cirrus.yml000066400000000000000000000033321462311337700153300ustar00rootroot00000000000000task: env: CFLAGS: "-I/usr/local/include -I/usr/local/openssl/include" LDFLAGS: -L/usr/local/lib ibmtpm_name: ibmtpm1637 libusb_version: v1.0.26 freebsd_instance: matrix: image_family: freebsd-13-2 install_script: - IGNORE_OSVERSION=yes - pkg update -f - pkg upgrade -y - pkg install -y bash gmake coreutils libtool pkgconf autoconf autoconf-archive - pkg install -y automake openssl json-c cmocka uthash wget curl git util-linux - pkg install -y libftdi1 - wget --quiet --show-progress --progress=dot:giga "https://downloads.sourceforge.net/project/ibmswtpm2/$ibmtpm_name.tar.gz" - shasum -a256 $ibmtpm_name.tar.gz | grep ^dd3a4c3f7724243bc9ebcd5c39bbf87b82c696d1c1241cb8e5883534f6e2e327 - mkdir -p $ibmtpm_name - tar xvf $ibmtpm_name.tar.gz -C $ibmtpm_name && cd $ibmtpm_name/src - sed -i '' -e 's/gcc/clang/g' makefile - sed -i '' -e 's/-Wall //g' makefile - sed -i '' -e 's/-Werror //g' makefile - gmake -j && cp tpm_server /usr/bin/ - cd - - rm -fr $ibmtpm_name $ibmtpm_name.tar.gz - git clone --depth 1 -b $libusb_version https://github.com/libusb/libusb - cd libusb && ./bootstrap.sh && ./configure && gmake -j install - cd - && rm -fr libusb script: # # Due to a race condition that only occurs in the cirrus ci, "make distcheck" has been replaced by "make check". # ./bootstrap && ./configure --enable-self-generated-certificate --enable-unit=yes --enable-integration=yes --with-crypto=ossl --disable-doxygen-doc --enable-tcti-swtpm=no --enable-tcti-libtpms=no --enable-tcti-mssim=yes --disable-dependency-tracking && gmake -j check || { cat /tmp/cirrus-ci-build/tpm2-tss-*/_build/sub/test-suite.log; exit 1; } tpm2-tss-4.1.3/.codecov.yml000066400000000000000000000001641462311337700154430ustar00rootroot00000000000000ignore: - "test" coverage: status: project: default: threshold: 1% comment: behavior: new tpm2-tss-4.1.3/.dockerignore000066400000000000000000000000221462311337700156650ustar00rootroot00000000000000test/fuzz/*.fuzz* tpm2-tss-4.1.3/.gitattributes000066400000000000000000000010211462311337700161040ustar00rootroot00000000000000# Set the default behavior, in case people don't have core.autocrlf set. * text=auto # Explicitly declare text files you want to always be normalized and converted # to native line endings on checkout. *.c text eol=lf *.cpp text eol=lf *.h text eol=lf *.am text eol=lf *.in text eol=lf *.ac text eol=lf install text eol=lf # Declare files that will always have CRLF line endings on checkout. *.sln text eol=crlf *.vcxproj text eol=crlf *.mak text eol=crlf # Denote all files that are truly binary and should not be modified. tpm2-tss-4.1.3/.github/000077500000000000000000000000001462311337700145575ustar00rootroot00000000000000tpm2-tss-4.1.3/.github/workflows/000077500000000000000000000000001462311337700166145ustar00rootroot00000000000000tpm2-tss-4.1.3/.github/workflows/cifuzz.yml000066400000000000000000000012211462311337700206450ustar00rootroot00000000000000name: CIFuzz on: [pull_request] jobs: Fuzzing: runs-on: ubuntu-latest steps: - name: Build Fuzzers id: build uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master with: oss-fuzz-project-name: 'tpm2-tss' dry-run: false - name: Run Fuzzers uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master with: oss-fuzz-project-name: 'tpm2-tss' fuzz-seconds: 600 dry-run: false - name: Upload Crash uses: actions/upload-artifact@v1 if: failure() && steps.build.outcome == 'success' with: name: artifacts path: ./out/artifacts tpm2-tss-4.1.3/.github/workflows/codeql.yml000066400000000000000000000045041462311337700206110ustar00rootroot00000000000000name: "CodeQL" on: push: branches: [ "master" ] pull_request: branches: [ "master" ] schedule: - cron: "20 3 * * 3" jobs: analyze: name: Analyze runs-on: ubuntu-latest permissions: actions: read contents: read security-events: write strategy: fail-fast: false matrix: language: [ python, cpp ] steps: - name: Checkout uses: actions/checkout@v3 - name: Install Packages (cpp) if: ${{ matrix.language == 'cpp' }} run: | sudo apt-get update sudo apt-get install --yes \ autoconf-archive \ libcmocka0 \ libcmocka-dev \ procps \ iproute2 \ build-essential \ git \ pkg-config \ gcc \ libtool \ automake \ libssl-dev \ uthash-dev \ autoconf \ libjson-c-dev \ libini-config-dev \ libcurl4-openssl-dev \ uuid-dev \ libltdl-dev \ libusb-1.0-0-dev \ libftdi-dev - name: After Prepare (cpp) if: ${{ matrix.language == 'cpp' }} run: | cd "$RUNNER_TEMP" mkdir installdir git clone https://github.com/stefanberger/libtpms.git cd libtpms ./bootstrap.sh ./configure --prefix="$RUNNER_TEMP/installdir/usr" --disable-doxygen-dox make install export PKG_CONFIG_PATH="$RUNNER_TEMP/installdir/usr/lib/pkgconfig:$PKG_CONFIG_PATH" && echo "PKG_CONFIG_PATH=$PKG_CONFIG_PATH" >> $GITHUB_ENV export LD_LIBRARY_PATH="$RUNNER_TEMP/installdir/usr/lib:$LD_LIBRARY_PATH" && echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >> $GITHUB_ENV export C_INCLUDE_PATH="$RUNNER_TEMP/installdir/usr/include/" && echo "C_INCLUDE_PATH=$C_INCLUDE_PATH" >> $GITHUB_ENV - name: Initialize CodeQL uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} queries: +security-and-quality - name: Autobuild uses: github/codeql-action/autobuild@v2 - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 with: category: "/language:${{ matrix.language }}" tpm2-tss-4.1.3/.github/workflows/main.yml000066400000000000000000000127161462311337700202720ustar00rootroot00000000000000name: CI on: [push, pull_request] jobs: build-test: runs-on: ubuntu-latest if: "!contains(github.ref, 'coverity_scan')" strategy: matrix: docker_image: [ubuntu-20.04, fedora-32, opensuse-leap, ubuntu-22.04, alpine-3.15] compiler: [gcc, clang] steps: - name: Check out repository uses: actions/checkout@v2 with: fetch-depth: 0 - name: fix-sanitizer run: sudo sysctl vm.mmap_rnd_bits=28 - name: Launch Action uses: tpm2-software/ci/runCI@main with: DOCKER_IMAGE: ${{ matrix.docker_image }} CC: ${{ matrix.compiler }} BASE_REF: ${{ github.base_ref }} PROJECT_NAME: ${{ github.event.repository.name }} - name: failure if: ${{ failure() }} run: cat $(find ../ -name test-suite.log) || true scanbuild: runs-on: ubuntu-latest if: "!contains(github.ref, 'coverity_scan')" steps: - name: Check out repository uses: actions/checkout@v2 with: fetch-depth: 0 - name: fix-sanitizer run: sudo sysctl vm.mmap_rnd_bits=28 - name: Launch Action uses: tpm2-software/ci/runCI@main with: CC: clang DOCKER_IMAGE: fedora-32 SCANBUILD: yes PROJECT_NAME: ${{ github.event.repository.name }} - name: failure if: ${{ failure() }} run: cat $(find ../ -name test-suite.log) || true test-tcti-config: runs-on: ubuntu-latest if: "!contains(github.ref, 'coverity_scan')" steps: - name: Check out repository uses: actions/checkout@v2 with: fetch-depth: 0 - name: fix-sanitizer run: sudo sysctl vm.mmap_rnd_bits=28 - name: Launch Action uses: tpm2-software/ci/runCI@main with: CC: gcc DOCKER_IMAGE: fedora-32 TEST_TCTI_CONFIG: true PROJECT_NAME: ${{ github.event.repository.name }} - name: failure if: ${{ failure() }} run: cat $(find ../ -name test-suite.log) || true test-mbedtls: runs-on: ubuntu-latest if: "!contains(github.ref, 'coverity_scan')" strategy: matrix: docker_image: [ubuntu-20.04, ubuntu-22.04-mbedtls-3.1] steps: - name: Check out repository uses: actions/checkout@v2 with: fetch-depth: 0 - name: fix-sanitizer run: sudo sysctl vm.mmap_rnd_bits=28 - name: Launch Action uses: tpm2-software/ci/runCI@main with: CC: gcc DOCKER_IMAGE: ${{ matrix.docker_image }} WITH_CRYPTO: mbed PROJECT_NAME: ${{ github.event.repository.name }} - name: failure if: ${{ failure() }} run: cat $(find ../ -name test-suite.log) || true test-no-crypto-build: runs-on: ubuntu-latest if: "!contains(github.ref, 'coverity_scan')" steps: - name: Check out repository uses: actions/checkout@v2 with: fetch-depth: 0 - name: fix-sanitizer run: sudo sysctl vm.mmap_rnd_bits=28 - name: Launch Action uses: tpm2-software/ci/runCI@main with: CC: gcc DOCKER_IMAGE: ubuntu-20.04 WITH_CRYPTO: none PROJECT_NAME: ${{ github.event.repository.name }} - name: failure if: ${{ failure() }} run: cat $(find ../ -name test-suite.log) || true test-coverage: runs-on: ubuntu-latest if: "!contains(github.ref, 'coverity_scan')" steps: - name: Check out repository uses: actions/checkout@v2 with: fetch-depth: 0 - name: fix-sanitizer run: sudo sysctl vm.mmap_rnd_bits=28 - name: Launch Action uses: tpm2-software/ci/runCI@main with: CC: gcc DOCKER_IMAGE: ubuntu-20.04 ENABLE_COVERAGE: true PROJECT_NAME: ${{ github.event.repository.name }} - name: failure if: ${{ failure() }} run: cat $(find ../ -name test-suite.log) || true test-fuzz: runs-on: ubuntu-latest if: "!contains(github.ref, 'coverity_scan')" steps: - name: Check out repository uses: actions/checkout@v2 with: fetch-depth: 0 - name: Launch Action uses: tpm2-software/ci/runCI@main with: DOCKER_IMAGE: fedora-32 GEN_FUZZ: 1 CXX: clang++ CC: clang PROJECT_NAME: ${{ github.event.repository.name }} - name: failure if: ${{ failure() }} run: cat $(find ../ -name test-suite.log) || true coverity-test: runs-on: ubuntu-latest if: contains(github.ref, 'coverity_scan') steps: - name: Check out repository uses: actions/checkout@v2 with: fetch-depth: 0 - name: fix-sanitizer run: sudo sysctl vm.mmap_rnd_bits=28 - name: Launch Coverity Action uses: tpm2-software/ci/coverityScan@main with: PROJECT_NAME: ${{ github.event.repository.name }} REPO_BRANCH: ${{ github.ref }} REPO_NAME: ${{ github.repository }} ENABLE_COVERITY: true DOCKER_IMAGE: ubuntu-20.04 CC: gcc COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} COVERITY_SUBMISSION_EMAIL: tadeusz.struk@intel.com - name: failure if: ${{ failure() }} run: cat $(find ../ -name test-suite.log) || true tpm2-tss-4.1.3/.lgtm.yml000066400000000000000000000011111462311337700147550ustar00rootroot00000000000000extraction: cpp: prepare: packages: - autoconf-archive - libssl-dev after_prepare: - cd "$LGTM_WORKSPACE" - mkdir installdir - git clone https://github.com/stefanberger/libtpms.git - cd libtpms - ./bootstrap.sh - ./configure --prefix="$LGTM_WORKSPACE/installdir/usr" - make install - export PKG_CONFIG_PATH="$LGTM_WORKSPACE/installdir/usr/lib/pkgconfig:$PKG_CONFIG_PATH" - export LD_LIBRARY_PATH="$LGTM_WORKSPACE/installdir/usr/lib:$LD_LIBRARY_PATH" - export C_INCLUDE_PATH="$LGTM_WORKSPACE/installdir/usr/include/"; tpm2-tss-4.1.3/.readthedocs.yml000066400000000000000000000003451462311337700163070ustar00rootroot00000000000000# Read the Docs configuration file # See https://docs.readthedocs.io/en/stable/config-file/v2.html for details version: 2 build: os: ubuntu-22.04 tools: python: "3" sphinx: builder: html configuration: sphinx/conf.pytpm2-tss-4.1.3/CHANGELOG.md000066400000000000000000001611431462311337700150360ustar00rootroot00000000000000# Change Log All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) ## [4.1.3] - 2024-05-17 ### Fixed - Fix name collisions during dlopen() on some linkers ## [4.1.2] - 2024-05-14 ### Fixed - configure.ac: Fix test of == to = to be POSIX comliant - Remove use of which in favor of command -v ## [4.1.1] - 2024-05-07 ### Fixed - Fixed inclusion of .map and .def files in release tar balls ## [4.1.0] - 2024-04-26 ### Security - Fixed CVE-2024-29040 ### Fixed - fapi: Fix length check on FAPI auth callbacks - mu: Correct error message for errors - tss2-rc: fix unknown laer handler dropping bits. - fapi: Fix deviation from CEL specification (template_value was used instead of template_data). - fapi: Fix json syntax error in FAPI profiles which was ignored by json-c. - build: fix build fail after make clean. - mu: Fix unneeded size check in TPM2B unmarshaling. - fapi: Fix missing parameter encryption. - build: Fix failed build with --disable-vendor. - fapi: Fix flush of persistent handles. - fapi: Fix test provisioning with template with self generated certificate disabled. - fapi: Fix error in Fapi_GetInfo it TPM supports SHA3 hash algs. - fapi: Revert pcr extension for EV_NO_ACTION events. - fapi: Fix strange error messages if nv, ext, or policy path does not exits. - fapi: Fix segfault caused by wrong allocation of pcr policy. - esys: Fix leak in Esys_EvictControl for persistent handles. - tss2-tcti: tcti-libtpms: fix test failure on big-endian platform. - esys: Add reference counting for Esys_TR_FromTPMPublic. - esys: Fix HMAC error if session bind key has an auth value with a trailing 0. - fapi: fix usage of self signed certificates in TPM. - fapi: Usage of self signed certificates. - fapi: A segfault after the error handling of non existing keys. - fapi: Fix several leaks. - fapi: Fix error handling for policy execution. - fapi: Fix usage of persistent handles (should not be flushed) - fapi: Fix test provisioning with template (skip test without self generated certificate). - fapi: Fix pcr extension for EV_NO_ACTION - test: Fix fapi-key-create-policy-signed-keyedhash with P_ECC384 profile - tcti_spi_helper_transmit: ensure FIFO is accessed only after TPM reports commandReady bit is set - fapi: Fix read large system eventlog (> UINT16_MAX). - esys tests: Fix layer check for TPM2_RC_COMMAND_CODE (for /dev/tpmrm0) - test: unit: tcti-libtpms: fix test failed at 32-bit platforms. - fapi: Fix possible null pointer dereferencing in Fapi_List. - sys: Fix size check in Tss2_Sys_GetCapability. - esys: Fix leak in Esys_TR_FromTPMPublic. - esys: fix unchecked return value in esys crypto. - fapi: Fix wrong usage of local variable in provisioning. - fapi: Fix memset 0 in ifapi_json_TPMS_POLICYNV_deserialize. - fapi: Fix possible out of bound array access in IMA parser. - tcti device: Fix possible unmarshalling from uninitialized variable. - fapi: Fix error checking authorization of signing key. - fapi: Fix cleanup of policy sessions. - fapi: Eventlog H-CRTM events and different localities. - fapi: Fix missing synchronization of quote and eventlog. - faii: Fix invalid free in Fapi_Quote with empty eventlog. ### Added - tcti: LetsTrust-TPM2Go TCTI module spi-ltt2go. - mbedtls: add sha512 hmac. - fapi: Enable usage of external keys for Fapi_Encrypt. - fapi: Support download of AMD certificates. - tcti: Add USB TPM (FTDI MPSSE USB to SPI bridge) TCTI module. - fapi: The recreation of primaries (except EK) in the owner hierarchy instead the endorsement hierarchy is fixed. - rc: New TPM return codes added. - fapi: Further Nuvoton certificates added. - tpm_types/esys: Add support for Attestable TPM changes in latest TPM spec. - tcti: Add '/dev/tcm0' to default conf - fapi: New Nuvoton certificates added. - esys: Fix leak in Esys_TR_FromTPMPublic. ### Removed - Testing on Ubuntu 18.04 as it's near EOL (May 2023). ## [4.0.1] - 2023-01-23 ### Fixed: - A buffer overflow in tss2-rc as CVE-2023-22745. ## [4.0.0] - 2023-01-02 ### Fixed - tcti-ldr: Use heap instead of stack when tcti initialize - Fix usage of NULL pointer if Esys_TR_SetAuth is calles with ESYS_TR_NONE. - Conditionally check user/group manipulation commands. - Store VERSION into the release tarball. - When using DESTDIR for make einstall, do not invoke systemd-sysusers and systemd-tmpfiles. - esys_iutil: fix possible NPD. - Tss2_Sys_Flushcontext: flushHandle was encoded as a handleArea handle and not as parameter one, this affected the contents of cpHash. - esys: fix allow usage of HMAC sessions for Esys_TR_FromTPMPublic. - fapi: fix usage of policy_nv with a TPM nv index. - linking tcti for libtpms against tss2-tctildr. It should be linked against tss2-mu. - build: Remove erroneous trailing comma in linker option. Bug #2391. - fapi: fix encoding of complex tpm2bs in authorize nv, duplication select and policy template policies. Now the complex and TPMT or TPMS representations can be used. Bug #2383 - The error message for unsupported FAPI curves was in hex without a leading 0x, make it integer output to clarify. - Documentation that had various scalar out pointers as "callee allocated". - test: build with opaque FILE structure like in musl libc. - Transient endorsement keys were not recreated according to the EK credential profile. - Evict control for a persistent EK failed during provisioning if an auth value for the storage hierarchy was set. - The authorization of the storage hierarchy is now added. Fixes FAPI: Provisioning error if an auth value is needed for the storage hierarchy #2438. - Usage of a second profile in a path was not possible because the default profile was always used. - The setting of an empty auth value for Fapi_Provision was fixed. - JSON encoding of a structure TPMS_POLICYAUTHORIZATION used the field keyPEMhashAlg instead of hashAlg as defined in "TCG TSS 2.0 JSON Data Types and Policy Language Specification". Rename to hashAlg but preserve support for reading keyPEMhashAlg for backwards compatibility. - fapi: PolicySecret did not work with keys as secret object. - Esys_PCR_SetAuthValue: remembers the auth like other SetAutg ESAPI functions. - tests: esys-pcr-auth-value.int moved to destructive tests. - FAPI: Fix double free if keystore is corrupted. - Marshaling of TPMU_CAPABILITIES data, only field intelPttProperty was broken before.a - Spec deviation in Fapi_GetDescription caused description to be NULL when it should be empty string. This is API breaking but considered a bug since it deviated from the FAPI spec. - FAPI: undefined reference to curl_url_strerror when using curl less than 7.80.0. - FAPI: Fixed support for EK templates in NV inidices per the spec, see #2518 for details. - FAPI: fix NPD in ifapi_curl logging. - FAPI: Improve documentation fapi-profile - FAPI: Fix CURL HTTP handling. - FAPI: Return FAPI_RC_IO_ERROR if a policy does not exist in keystore. ### Added - TPM version 1.59 support. - ci: ubuntu-22.04 added. - mbedTLS 3.0 is supported by ESAPI. - Add CreationHash to JSON output for usage between applications not using the FAPI keystore, like command line tools. - Reduced code size for SAPI. - Support for Runtime Switchable ESAPI Crypto Backend via `Esys_SetCryptoCallbacks`. - Testing for TCG EK Credential Profile TPM 2.0, Version 2.4 Rev. 3, 2021 for the low and high address range of EK templates. - tss2-rc: Tss2_RC_DecodeInfo function for parsing TSS2_RC into the various bit fields. - FAPI support for P_ECC384 profile. - tss2-rc: Tss2_RC_DecodeInfoError: Function to get a human readable error from a TSS2_RC_INFO returned by Tss2_RC_DecodeInfo - tcti: Generic SPI driver, implementors only need to connect to acquire/release, transmit/receive, and sleep/timeout functions. - FAPI: Add event logging for Firmware and IMA Events. See #2170 for details. - FAPI: Fix Fapi_ChangeAuth updates on hierarchy objects not being reflected across profiles. - FAPI: Allow keyedhash keys in PolicySigned. - ESAPI: Support sha512 for mbedtls crypto backend. - TPM2B_MAX_CAP_BUFFER and mu routines - vendor field to TPMU_CAPABILTIIES - FAPI: support for PolicyTemplate ### Changed - libmu soname from 0:0:0 to 0:1:0. - tss2-sys soname from 1:0:0 to 1:1:0 - tss2-esys: from 0:0:0 to 0:1:0 - FAPI ignores vendor properties on Fapi_GetInfo - FAPI Event Logging JSON format, See #2170 for details. ### Removed - Dead struct TPMS_ALGORITHM_DESCRIPTION - Dead field intelPttProperty from TPMU_CAPABILITIES - Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Marshal - Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Unmarshal ## [3.2.0] - 2022-02-18 ### Fixed - FAPI: fix curl_url_set call - FAPI: Fix usage of curl url (Should fix Ubuntu 22.04) - Fix buffer upcast leading to misalignment - Fix check whether SM3 is available - Update git.mk to support R/O src-dir - Fixed file descriptor leak when tcti initialization failed. - 32 Bit builds of the integration tests. - Primary key creation, in some cases the unique field was not cleared before calling create primary. - Primary keys was used for signing the object were cleared after loading. So access e.g. to the certificate did not work. - Primary keys created with Fapi_Create with an auth value, the auth_value was not used in inSensitive to recreate the primary key. Now the auth value callback is used to initialize inSensitive. - The not possible usage of policies for primary keys generated with Fapi_CreatePrimary has been fixed. - An infinite loop when parsing erroneous JSON was fixed in FAPI. - A buffer overflow in ESAPI xor parameter obfuscation was fixed. - Certificates could be read only once in one application The setting the init state of the state automaton for getting certificates was fixed. - A double free when executing policy action was fixed. - A leak in Fapi_Quote was fixed. - The wrong file locking in FAPI IO was fixed. - Enable creation of tss group and user on systems with busybox for fapi. - One fapi integration test did change the auth value of the storage hierarchy. - A leak in fapi crypto with ossl3 was fixed. - Add initial camelia support to FAPI - Fix tests of fapi PCR - Fix tests of ACT functionality if not supported by pTPM - Fix compiler (unused) warning when building without debug logging - Fix leaks in error cases of integration tests - Fix memory leak after ifapi_init_primary_finish failed - Fix double-close of stream in FAPI - Fix segfault when ESYS_TR_NONE is passed to Esys_TR_GetName - Fix the authorization of hierarchy objects used in policy secret. - Fix check of qualifying data in Fapi_VerifyQuote. - Fix some leaks in FAPI error cases. - Make scripts compatible with non-posix shells where `test` does not know `-a` and `-o`. - Fix usage of variable not initialized when fapi keystore is empty. ### Added - Add additional IFX root CAs - Added support for SM2, SM3 and SM4. - Added support for OpenSSL 3.0.0. - Added authPolicy field to the TPMU_CAPABILITIES union. - Added actData field to the TPMU_CAPABILITIES union. - Added TPM2_CAP_AUTH_POLICIES - Added TPM2_CAP_ACT constants. - Added updates to the marshalling and unmarshalling of the TPMU_CAPABILITIES union. - Added updated to the FAPI serializations and deserializations of the TPMU_CAPABILITIES union and associated types. - Add CODE_OF_CONDUCT - tcti-mssim and tcti-swtpm gained support for UDX communication - Missing constant for TPM2_RH_PW ### Removed - Removed support for OpenSSL < 1.1.0. - Marked TPMS_ALGORITHM_DESCRIPTION and corresponding MU routines as deprecated. Those were errorous typedefs that are not use and not useful. So we will remove this with 3.3 - Marked TPM2_RS_PW as deprecated. Use TPM2_RH_PW instead. ## [3.1.0] - 2021-05-17 ### Fixed - Fixed possible access outside the array in ifapi_calculate_tree. - Fix CVE-2020-24455 FAPI PolicyPCR not instatiating correctly Note: that all TPM object created with a PolicyPCR with the currentPcrs and currentPcrsAndBank options have been created with an incorrect policy that ommits PCR checks. All these objects have to be recreated! - Fixed segfault in Fapi_Finalize where a free of a constant string could occur. - Fixed binding to ESYS_TR_RH_NULL for ESYS auth sessions. - Fixed read eagain error handling for freeBSD. - Fixed error cleanup for key loading and policy execution. - Fixed initialization of default log_dir. - Fixed cleanup in several error cases in Fapi. - Added initialise 'out' parameter in ifapi_json_IFAPI_CONFIG_deserialize. - Fixed Regression in Fapi_List. - Fixed memory leak in policy calculation. - Fixed setting of the system flag of NV objects: This will let NV object metadata be created system-wide always instead of locally in the user. Existing metadata will remain in the user directory. It can be moved to the corresponding systemstore manually if needed. - Fixed fapi policy searching, when a policyRef was provided. - Fapi accepts EK-Certs without CRL dist point. - Fixed bad return codes in Fapi_List. - Fixed memleak in Fapi policy execution. - Fixed coverity NULL-pointer check in Fapi. - Fixed the written flag of NV objects in FAPI PolicyNV commands being unset. - Fixed deleting of policy files. - Fixed wrong file loading during object search. - Fixed a memory leak in async keystore load. - Fixed bug in FAPI NV creation with custom index values. - Fixed leftover sessions in error cases in FAPI. - Fixed execution of FAPI policies in some cases. - Fixed handling 0x hex prefixes for TPMU_HA in JSON encoding. - Fixed fix doxygen header of function iesys_update_session_flags. - Fixed issue where nonceTPM was included twice in HMAC. - Fixed issue of unused variable when enabling lower default log levels. - Fixed 'partial' may be used uninitialized in tcti-device. ### Added - Added two new TPM commands TPM2_CC_CertifyX509 and TPM2_CC_ACT_SetTimeout along with SYS and ESYS API calls, new structures definitions, and marshal funtions for them. This make the TSS2 alligned with TPM2 1.59 specification. - Support for auth values larger than an objects nameAlg for NV and key objects. - Async mode of operation for mssim TCTI module - Added pcap TCTI. - Added GlobalSign TPM Root CA certs to FAPI cert store. - Added support for auth value sizes bigger than the size of the name hash alg. for keys and NV objects. - Added better error messages in several FAPI errors. - Added checks to FAPI policy paths. - Added checks if FAPI is correctly provisioned. ### Changed - Changed CI from Travis to GH actions - Changed the default hash algorithm from sha1 to sha256 in all FAPI integration tests - Changed tests to use SHA256 over SHA1. - Changed EncryptDecrypt mode type to align with TPM2.0 spec 1.59. ## [3.0.0] - 2020-08-05 ### Changed or Fixed - Added setgid perms and ACL for FAPI keystore to allow r/w access for tss group - Fixed duoble json_object_put call in event log processing. - Added TSS root dir to include path in CFLAGS - Switch default FAPI profile to ECC. - Enabled all PCR registers for SHA256 bank in the distribution profiles. - Added fix computation of PCR logs and PCR digest of PCR logs. - Added fix size check for Fapi_Encrypt. - Improved log messages in FAPI - Introduced new FAPI return codes FAPI_RC_ALREADY_PROVISIONED, TSS2_BASE_RC_NOT_PROVISIONED, and TSS2_FAPI_RC_NOT_PROVISIONED. - Added missing retry in Fapi_Initialize_Finish. - Added man pages for FAPI config files - Deleted invalid keys from the null hierarchy. - Fixed check of auth state for lockout set. - Fixed check of directory access rights in Fapi_Initialize. - Enabled usage of NULL hierarchy in FAPI. - Added address sanitizer to CI for gcc. - Added asserts to callback functions in integration tests - Added check event log file before Fapi_PcrExtend. - Fixed hierarchy usage and authentication in Fapi_Provision, Fapi_GetCertificate, and Fapi_Delete. - Added description for primary keys to profile. - Fixed non async call of Esys_ContextSave in Fapi_GetEsysBlobs. - Added check for hierarchy needed for EvictControl for deleting objects. - Fixed copying the primary during key loading. - Added a check that prevents deleting of default directories. - Added verification to provisioning. - Fixed usage of persistent handles. - Added missing selectors for some TPMU types in marshal - Added handling for invalid selector when (um)marshal TPMU types - Improved presentation of Fapi_GetInfo. - Fixed computation of the size of a PCR selection. - Added a check for valid pathnames in keystore module. - Added a check for deleting of the SRK. - Fixed computation of random value for objects used for sealing. - Fixed return code for event parsing errors. - Added content of the config file to FAPI Info. - Fixed NV index and path handling in NV creation. - Fixed path checking for keys. - Fixed version retrieval method in Fapi_GetInfo. - Fixed path usage in Fapi_Import. - Fixed settings of default flags for keys creation. - Fixed handle usage in Fapi_ChangeAuth - Fixed systemd-sysusers/-tmpfiles invocation - Changed FAPI callback API. - Fixed initialization of app data in Esys_Initialize - Fixed certificate handling for TPMs without stored certificate. - Replaced strtok with strtok_r - Changed return codes from tcti macros according to the spec - Added check that prevents overwriting objects in key store. - Added session usage to FAPI provisioning. - Enabled CI for FreeBSD - Changed hierarchy param type of Esys_Hash(), Esys_HierarchyControl(), Esys_LoadExternal(), and Esys_SequenceComplete() calls along with their Async versions according to the spec. The can accept both types TPM2_RH and ESYS_TRs as then don't collide. - Changed Tss2_Sys_ReadClock to allow audit session to be consistent with the rev 1.38 version of the TPM2.0 architecture spec. Note: This change brakes ABI backwards compatibility. - Silenced expected errors from Esys_TestParams. - Many improvements for CI builds on Travis and Cirrus, unit tests and integration test code ### Added - Added SWTPM-TCTI - Added mbedTLS ESYS crypto backend - Added the Command TCTI - Added new API function Fapi_GetEsysBlobs. - Added new feature for importing keys with Fapi_Import. ### Removed - Removed libgcrypt ESYS crypto backend - Removed dev-tcti partial read mode configuration flag - Removed dev-tcti async mode configuration flag - Removed obsolete LIBDL_LDFLAGS and replaced broken @LIBDL_LDFLAGS@ with @LIBADD_DL@ - Removed deprecated OpenSSL functions from FAPI and ESYS ## [2.4.0] - 2020-03-11 ### Added - Added a new Feature API (FAPI) implementation - Added Esys_TRSess_GetAuthRequired() ESAPI function - Added Esys_TR_GetTpmHandle() SAPI function - Added Esys_GetSysContext() SAPI function - Added the with-sanitizer configure option - Added CI for FreeBSD - Added tcti-cmd ### Changed - Changed MSSIM TCTI to be async capable - Removed TCTI loaders from ESYS dependencies in pkg-config - Changed getPollHandles to allow num_handles query - Improved CI builds - Converted builds to docker builds - Number of fixes and improvements in the test code - Changed tcti-device in non-async mode to allways block ### Fixed - Fixed hmac calculation for tpm2_clear command in ESAPI - Fixed mixing salted and unsalted sessions in the same ESAPI context - Removed use of VLAs from TPML marshal code - Fixed setting C++ compiler for non-fuzzing builds at configure - Fixed setting the name of session objects - Fixed page alignment errors in Sys_Get/SetAuths functions - Fixed potential buffer overflow in tcti_mssim_receive - Fixed invalid memory alloc failure in Tss2_TctiLdr_Initialize - Fixed list of exported symbols map for libtss2-mu - Fixed resource name calculation in Esys_CreateLoaded - Fixed keysize of ECC curve TPM2_ECC_NISTP224 - Fixed segmentation fault in tctildr if name_conf was too big - Fixed memory leak in tctildr-tcti tests - Fixed HMAC generation for policy sessions - Added check for object node before calling compute_session_value function - Fixed auth calculation in Esys_StartAuthSession called with optional parameters - Fixed compute_encrypted_salt error handling in Esys_StartAuthSession - Fixed exported symbols map for libtss2-mu ### Removed - Remove duplicate ESYS entries from map file - Removed the private implementation of strndup from tctildr ## [2.3.0] - 2019-08-13 ### Added - tss2-tctildr: A new library that helps with tcti initialization Recommend to use this in place of custom tcti loading code now ! - tss2-rc: A new library that provides textual representations for return codes - Added release and maintainance info (~3 per year and latest 2 are supported) - Support for building on VxWorks. - Option to disable NIST-deprecated crypto (--disable-weak-crypto) - Support Esys_TR_FromTPMPublic on sessions (for use in Esys_FlushContext) - Better Windows/VS Support - Fuzz-Testing and Valgrind-Testing - map-files with correct symbol lists for tss2-sys and tss2-esys This may lead to unresolved symbols in linked applications ### Changed - Several further minor fixes and cleanups - Support to call Tss2_Sys_Execute repeatedly on certain errors - Reduced RAM consumption in Esys due to Tss2_Sys_Execute change - Automated session attribution clearing for esys (decrypt and encrypt) per cmd - Switched to git.mk, many ax_ makros and away from gnulib - Switched to config.h and autoheaders ### Removed - Removed libtss2-mu from "Requires" field of libtss2-esys.pc Needs to be added explicitly now ### Fixed - All fixes from 2.2.1, 2.2.2 and 2.2.3 - SPDX License Identifiers - Null-pointer problems in tcti-tbs - Default locality for tcti-mssim set to LOC_0 - coverity and valgrind leaks detected in test programs (not library code) ## [2.2.3] - 2019-05-28 ### Fixed - Fix computation of session name - Fixed PolicyPassword handling of session Attributes - Fixed windows build from dist ball - Fixed default tcti configure option - Fixed nonce size calculation in ESYS sessions ## [2.2.2] - 2019-03-28 ### Fixed - Fixed wrong encryption flag in EncryptDecrypt - Fixing openssl engine invocation ## [2.2.1] - 2019-02-28 ### Fixed - Forced RAND_bytes method to software implementation to avoid session spoofing - Fixed OpenSSL symbolic naming conflict - Fixed leaks of local point variables and BN_ctx - Fixed memory leaks related to using regular free on gcrypt allocated objects - Fixed leak of rsa->n in iesys_cryptossl_pk_encrypt - Fixed memory leaks in iesys_cryptossl_pk_encrypt - Fixed possible NULL dereference of big number ## [2.2.0] - 2019-02-04 ### Fixed - Fixed leak of hkey on success in iesys_cryptossl_hmac_start - Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth - Fixed NULL ptr issue in sequenceHandleNode - Fixed NULL ptr auth handling in Esys_TR_SetAuth - Fixed NULL auth handling in iesys_compute_session_value - Fixed marshaling of TPM2Bs with sub types. - Fixed NULL ptr session handling in Esys_TRSess_SetAttributes - Fixed the way size of the hmac value of a session without authorization - Added missing MU functions for TPM2_NT type - Added missing MU functions for TPMA_ID_OBJECT type - Added missing type TPM2_NT into tss2_tpm2_types.h - Fixed wrong typename _ID_OBJECT in tss2_tpm2_types.h - Fixed build breakage when --with-maxloglevel is not 'trace' - Fixed build breakage in generated configure script when CFLAGS is set - Fixed configure scritp ERROR_IF_NO_PROG macro - Changed TPM2B type unmarshal to use sizeof of the dest buffer instead of dest - Fixed unmarshaling of the TPM2B type with invalid size - Removed dead code defect detected by coverity from Esys_TRSess_GetNonceTPM ### Added - Added support for QNX build - Added support for partial reads in device TCTI ## [2.1.1] - 2019-02-04 ### Fixed - Fixed leak of hkey on success in iesys_cryptossl_hmac_start - Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth - Fixed NULL ptr issue in sequenceHandleNode - Fixed NULL ptr auth handling in Esys_TR_SetAuth - Fixed NULL auth handling in iesys_compute_session_value - Fixed marshaling of TPM2Bs with sub types. - Fixed NULL ptr session handling in Esys_TRSess_SetAttributes - Fixed the way size of the hmac value of a session without authorization - Added missing MU functions for TPM2_NT type - Added missing MU functions for TPMA_ID_OBJECT type - Added missing type TPM2_NT into tss2_tpm2_types.h - Fixed wrong typename _ID_OBJECT in tss2_tpm2_types.h - Fixed build breakage when --with-maxloglevel is not 'trace' - Fixed build breakage in generated configure script when CFLAGS is set - Fixed configure scritp ERROR_IF_NO_PROG macro - Changed TPM2B type unmarshal to use sizeof of the dest buffer instead of dest - Fixed unmarshaling of the TPM2B type with invalid size - Removed dead code defect detected by coverity from Esys_TRSess_GetNonceTPM ## [2.1.0] ### Fixed - Fixed handling of the default TCTI - Changed logging to be ISO-C99 compatible - Fixed leak of dlopen handle - Fixed logging of a response header tag in Tss2_Sys_Execute - Fixed marshaling of TPM2B parameters in SAPI commands - Fixed unnecessary warning in Esys_Startup - Fixed warnings in doxygen documentation ### Added - Added Esys_Free wrapper function for systems using different C runtime libraries - Added Windows TBS TCTI - Added non-blocking mode of operation in tcti-device - Added tests for Esys_HMAC and Esys_Hash - Enabled integration tests on physical TPM device - Added openssl libcrypto backend - Added Doxygen documentation to integration tests ### Changed - Refactored SetDecryptParam - Enabled OpenSSL crypto backend by default ## [2.0.2] - 2019-02-04 ### Fixed - Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth - Fixed NULL ptr issue in sequenceHandleNode - Fixed NULL ptr auth handling in Esys_TR_SetAuth - Fixed NULL auth handling in iesys_compute_session_value - Fixed marshaling of TPM2Bs with sub types. - Fixed NULL ptr session handling in Esys_TRSess_SetAttributes - Fixed the way size of the hmac value of a session without authorization - Added missing MU functions for TPM2_NT type - Added missing MU functions for TPMA_ID_OBJECT type - Added missing type TPM2_NT into tss2_tpm2_types.h - Fixed wrong typename _ID_OBJECT in tss2_tpm2_types.h - Fixed build breakage when --with-maxloglevel is not 'trace' - Fixed build breakage in generated configure script when CFLAGS is set - Fixed configure scritp ERROR_IF_NO_PROG macro - Changed TPM2B type unmarshal to use sizeof of the dest buffer instead of dest - Fixed unmarshaling of the TPM2B type with invalid size - Removed dead code defect detected by coverity from Esys_TRSess_GetNonceTPM ## [2.0.1] - 2018-08-10 ### Fixed - Fixed problems with doxygan failing make distcheck - Fixed conversion of gcrypt mpi numbers to binary data - Fixed an error in parsing socket address in MSSIM TCTI - Fixed compilation error with --disable-tcti-mssim - Added initialization function for gcrypt to suppress warning - Fixed invalid type base type while marshaling TPMI_ECC_CURVE in Tss2_Sys_ECC_Parameters - Fixed invalid RSA encryption with exponent equal to 0 - Fixed checking of return codes in ESAPI commands - Added checks for programs required by the test harness @ configure time - Fixed warning on TPM2_RC_INITIALIZE rc after a Startup in Esys_Startup - Checked for 1.2 TPM type response - Changed constants values in esys header file to unsigned ## [2.0.0] - 2018-06-20 ### Added - Implementation of the Marshal/Unmarshal library (libtss2-mu) - Implementation of the Enhanced System API (libtss2-esys aka ESAPI) - New implemetation of the TPM Command Transmission Interface (TCTI) for: - communication with Linux TPM2 device driver: libtss2-tcti-device - communication with Microsoft software simulator: libtss2-tcti-mssim - New directory layout (API break) - Updated documentation with new doxygen and updated man pages - Support for Windows build with Visual Studio and clang, currently limited to libtss2-mu and libtss2-sys - Implementation of the new Attached Component (AC) commands - Implementation of the new TPM2_PolicyAuthorizeNV command - Implementation of the new TPM2_CreateLoaded command - Implementation of the new TPM2_PolicyTemplate command - Addition of _Complete functions to all TPM commands - New logging framework - Added const qualifiers to API input pointers (API break) - Cleaned up headers and remove implementation.h and tpm2.h (API break) ### Changed - Converted all cpp files to c, removed dependency on C++ compiler. - Cleaned out a number of marshaling functions from the SAPI code. - Update Linux / Unix OS detection to use non-obsolete macros. - Changed TCTI macros to CamelCase (API break) - Changed TPMA_types to unsigned int with defines instead of bitfield structs (API/ABI break) - Changed Get/SetCmd/RspAuths to new parameter types (API/ABI break) - Fixed order of parameters in AC commands: Input command authorizations now come after the input handles, but still before the command parameters. ### Removed - Removed all sysapi/sysapi_utils/*arshal_TPM*.c files ### Fixed - Updated invalid number of handles in TPM2_PolicyNvWritten and TPM2_TestParms - Updated PlatformCommand function from libtss2-tcti-mssim to no longer send CANCEL_OFF before every command. - Expanded TPM2B macros and removed TPM2B_TYPE1 and TPM2B_TYPE2 macros - Fixed wrong return type for Tss2_Sys_Finalize (API break). ## [1.4.0] - 2018-03-02 ### Added - Attached Component commands from the last public review spec. ### Fixed - Essential files missing from release tarballs are now included. - Version string generation has been moved from configure.ac to the bootstrap script. It is now stored in a file named `VERSION` that is shipped in the release tarball. - We've stopped shipping the built man page for InitSocketTcti.3 and now ship the source. ## [1.3.0] - 2017-12-07 ### Added - Implementation of the EncryptDecrypt2 command. - Coding standard documentation. - Support for latest TPM2 simulator v974 (only changes in test harness). - Check cmocka version for compatibility with 1.0 API. ### Fixed - Definition of HMAC_SESSION_LAST and POLICY_SESSION_LAST. - Drop cast from TPM_ALG_XXX definitions - Use mock functions with built-in cast to avoid compiler warnings from manual cast. - Free memory correctly on error condition return paths in InitSysContext & SockServer. ## [1.2.0] - 2017-08-25 ### Added - Support for PTT-specific capabilities. - Manuals with overviews for SAPI and TCTI layers & TCTI init functions. - Further decomposition of the tpmclient program into an integration test harness based on the automake infrastructure. ### Changed - File list generated by bootstrap script is now sorted to play nice with reproducible builds. - Test harness now supports parallel execution of integration tests. - libtcti-socket interrupted syscalls now resume. - Additional hardening of compiler / linker flags. - All options supported by `tpmclient` executable now removed. - Unimplemented TCTI functions now return NOT_IMPLEMENTED RC. ### Fixed - NULL dereference bugs in TCTI modules. - Cleanup & structure initialization to keep coverity scans happy. - Fixed memory leak in integration test harness. ## [1.1.0] - 2017-05-10 ### Changed - tpmclient, disabled all tests that rely on the old resourcemgr. ### Fixed - Fixed definition of PCR_LAST AND TRANSIENT_LAST macros. ### Removed - tpmtest - resourcemgr, replacement is in new repo: https://github.com/01org/tpm2-abrmd ## [1.0] - 2016-11-01 ### Added - Travis-CI integration with GitHub - Unit tests for primitive (un)?marshal functions. - Example systemd unit for resourcemgr. - Allow for unit tests to be enabled selectively. - added pkg-config files for libraries ### Changed - move simulator initialization code to socket TCTI init function. - socket TCTI finalize no longer frees context - rename libtss2 to libsapi - rename libtcti_device to libtcti-device - rename libtcti_socket to libtcti-socket - move $(includedir)/tss to $(includedir)/sapi - Move default compiler flags to config.site file. ### Fixed - Fix run away resourcemgr threads by closing client sockets when resourcemgr recv() call returns 0. - Set MSG_NOSIGNAL for client connections to avoid SIGPIPE killing resourcemgr. - Fixes to handling of persistent objects by resourcemgr. ### Removed - Semicolon from TPMA_* macros definitions. - Windows build files. - SAPI_CLIENT macro tests. ### Security - Fix buffer overflow in resourcemgr. ## [0.98] - 2015-07-28 ### Added - Added ability for resource manager to communicate with a real TPM via /dev/tpm0 (Linux only). Added command line switch to select simulator if not communicating with a real TPM. ### Changed - Rearranged directory structure in a more logical fashion. - Changed name of Linux makefiles from "makefile.linux" to makefile. This was done in preparation for autotools porting (future enhancement). - Changed tpm library's windows makefile from "makefile" to "windows.mak". - Changed all makefiles and Visual Studio solution and project files to work with new directory structure. - Split out debug and TPM platform command code in tpmsockets.cpp into separate files. This code didn't belong in this file. ## [0.97] - 2015-??-?? ### Added - Added code to save context in RM table when an object is context loaded. - Added code to get hierarchy from context when object is context loaded. - Added targeted test to tpmclient.cpp to make sure that hierarchy is saved - Added code to print level-specific messages when errors occur. - Added test for EvictControl.Fixed TestEncryptDecryptSession to work with 1.22 simulator. - Added code to check that TPM2B output parameters' size fields are set to 0 for following structures: TPM2B_ECC_POINT, TPM2B_PUBLIC, TPM2B_NV_PUBLIC, and TPM2B_CREATION_DATA. ### Changed - Fixed resource manager issues with leaving objects and session contexts in TPM memory. This was causing a 902 error on 2nd pass of PolicyTests. And it could have caused issues when error conditions occurred, because in those cases, the contexts weren't being evicted. - Changed TAB/RM into a separate executable (daemon). - Fixed bug: if LoadContext fails when loading objects it should exit ResourceMgrSendTpmCommand immediately. Instead it was loading other objects and proceeding through the rest of ResourceMgrSendTpmCommand function. correctly for ContextLoad command. - Fixed issues with TCTI: opaque data shouldn't be defined in tss2_tcti.h file. - Fixed makefile issue: under Windows, it was using mkdir command instead of md. - Fixed issue with definition of TSS2_TCTI_POLL_HANDLE in tss2_tcti.h file. - Fixed bug: wasn't handling case for TPM errors correctly in CheckPassed. - Changed CheckOverflow to return SAPI error level for errors. Other levels of TSS that call this function will alter the error level field. - Fixed resource manager to properly handle EvictControl commands. Before, if a persistent object was needed, the RM would give a 0xc0002 error. - Fixed printf's in resource manager so that they only print the right # of characters. - Fixed TestShutdown to work with 1.22 simulator. ## [0.96] - 2015-04-16 ### Added - Added buffer overrun checks to all SAPI code. - Added buffer overrun checks to resource manager code. - Added code to Part 3 functions to properly handle null pointers for output parameters. ### Changed - Auto-generated most of the SAPI code from the TPM 2.0 specification. ## [0.95.1] - 2015-01-26 ### Added - Added code to dynamically work around simulator 1.19 bugs: - Added code to RM and simDriver to support timeout on receive calls. - Added code to properly handle TPM errors in ExecuteFinish. Previously it was ignoring these errors, which meant that the rest of the _Complete call would try to unmarshal non-existent response data. Added test case for this. - Added support for cancel commands and tests for this. - Added help text for command line options. - Added code to reset dictionary attacks to start of tpmclient tests: this works around an issue where the simulator doesn't seem to completely clear the dictionary attack counter. - Added support for TCTI setLocality to resource manager and sim driver and made test app use this. - Added RM tests. - Added code to RM to evict contexts for objects, sequences, and sessions whose handles are returned by commands. - Added code to properly support ContextSave. - Added proper error code levels to all RM errors. - Added code to LoadContext function to output TPM formatted error codes. - For Create and Load commands, added proper handling of errors if parent handle not found. - Added tests for bad session handle, both in handle area and in authorization area. - Added command line option to run the StartAuthSession tests by themselves. - Added support for command line control of debug message levels. - Added new error level for resource manager for errors received from TPM from commands sent by RM. - Added error return for insufficiently sized response to ExecuteFinish function. - Added gap support to resource manager. - Added support to resource manager for kicking out oldest session if max sessions have been started and a new one is being created. - Added getCap calls to RM init function for getting max sessions and gap limit. - Added code to teardown the RM. - Added test for session gapping. - Added code to proactively detect MAX_ACTIVE_SESSIONS. - Added SAPI library subproject to test app project. This allows a one-touch build in Visual Studio. - Added changes to return error codes from TAB/RM and layers underneath in a response byte stream. ### Changed - Fixed bug in CreatePrimary and Create: for one-call and decrypt session case, they were copying first parameter from incorrect pointer. - For CopyCreationDataOut, CopyECCPointOut, CopyNvPublicOut, CopyPublicOut added placeholder for return code if size != 0 when called. To be filled in when TSS WG decides on error code. - Fixed bugs in CopySensitiveCreateIn and CopySensitiveIn: they shouldn't look at the size. - Fixed bugs in CopyECCPointIn, CopyNvPublicIn, CopyPublicIn, CopySensitiveIn, and CopySensitiveCreateIn: not handling NULL outpul parameters correctly. - Changes all instances of calls to ExecuteFinish to a timeout that works for all cases including communicating with the simulator over the network. - Fixed call to LoadExternal in TestUnseal: needed to pass in a NULL pointer for the inSensitive parameter. - Fixed bug in CreatePrimary: not passing correct pointer for inSensitive. - Fixed timeouts for all ExecuteFinish calls in test application. - Fixed bugs in RM: cases where I wasn't handling errors and then parsing data that hadn't been received. Caused seg faults under Linux. - Fixed timeout for async Startup test. - Fixed SocketReceiveTpmResponse for blocking case. - Fixed bug in ExecuteFinish: BAD_SEQUENCE error generated early in function was getting overwritten by INSUFFICIENT_RESPONSE error. - Fixed bug in ExecuteFinish: it was always setting timeout to 0 instead of TSS2_TCTI_TIMEOUT_BLOCK. - Fixed bug in resource manager: error level for non-TPM errors was getting overwritten with resource manager error level. - Replace Implementation.h with implementation.h. - Changed name of TPMB.h tpmb.h - GetCapability with bad property returns different error code. - Shutdown with bad value for shutdownValue causes TPM to go into failure mode. - Fixed overlap in error codes: TSS2_BASE_RC_NOT_SUPPORTED and TSS2_BASE_RC_BAD_TCTI_STRUCTURE had same value. - Cleaned up all app level error codes. - Fixed bug with ordering of -startAuthSessionTest command line parameter: if it was not the last option, tpmclient would fail. - Fixed bugs related to ContextLoad. - Fixed bug in EvictContext: it was updating lastSessionSequenceNum even if the ContextSave command failed. - Fixed handling of RM errors that occur during command send. - Fixed bug in simDriver init function. A second TCTI context being initialized was re-initing the whole driver. - Updated to latest 1.19 header files. - Fixed bugs in resource manager: - FindOldestSession wasn't working correctly: it was just finding the first one. - HandleGap needed to un-gap all the session contexts from the older interval. It wasn't doing that. - Fixed bug in handling of command line options: specifying none would cause program to error out. - Fixed issues in cleanup of TestStartAuthSession test. It was leaving some sessions alive. - Updated copyright notices on all files. - Changed test app to use linked list of session structures instead of fixed array. This fixed a host of issues. - Fixed bugs in Certify, CertifyCreation, Commit, Create, CreatePrimary, and GetCapability: if null used for return parameters, the function would fail. - Fixed bug in SimpleHmacOrPolicyTest where it was re-creating the global sysContext causing failures in later tests because the context was too small. - Fixed a bug in ExecuteFinish. If response is too small, code was just using the command buffer as the response buffer instead of returning an error. - Fixed some places in test app where I wasn't deleting entries from the sessions table. - Fixed build warnings related to size mismatch of connectionId. - Changed TeardownSysContext to zero out freed context pointer. - This helps prevent double free errors. - Fixed bug in EncryptDecryptXOR: wasn't setting the size of the outputData buffer. ### Removed - Removed 'extern "C"' statement from resourcemgr.c file. Not needed and causes problems with some compilers. - Removed unneeded includes from resource manager source. ## [0.95] - 2014-10-17 ### Added - Added support for Shutdown/Startup and effects on saved contexts. - Added support for stClear bit objects. On a TPM Restart, objects with this bit set will be removed from the TAB/RM entry list. - Added TCTI teardown function. - Added TAB functionality. - Added TCTI layer below RM to talk to driver. This allows making calls into the SAPI library from the RM without recursing into the RM again. With the separate TCTI context, the RM can route SAPI calls to talk directly to the driver. This fixed the virtual/real handle mess that was occurring with recursively entering the RM. - Added function pointers to TAB/RM for functions that might need to be different based on the environment that TAB/RM is running in: malloc, free, printf. - Added and corrected error codes to match latest SAPI spec. - Added MAX_NV_BUFFER_SIZE and used for max size of MAX_NV_BUFFER_2B. - Added code to TestHash to calculate and validate a hash. - Added code to TestHash to force a flush of an active sequence and then use it to finish the hash calculation. - Added code to SimpleHMACTest to read the NV index back. - Added SimpleHMACOrPolicyTest function which helps illustrate the difference between HMAC and policy sessions. ### Changed - Fixed intermittent access violation bug with GetSetDecryptParamTests function. I was reading off the end of the nvWrite buffer. - Fixed bug in Tss2_Sys_GetContextSize function: it was getting the requested size only, not the requested size plus the context blob's size. Problem was an associativity issue with ternary conditional ?: operator. - Re-architected TAB/RM: - Changed RM from reactive mode to proactive mode. Now instead of reacting to error codes from the TPM that indicate no enough slots, it guarantees that the TPM is always ready for each command (all slots freed after execution of each command). - Replaced the fixed length arrays of RM structures with linked list structures and appropriate functions. - Fixed some cases of using pointers before checking that they're not NULL. - Fixed bugs in marshaling/unmarshaling routines and added some missing unmarshaling functions. - Fixed hash sequence test. - Fixed bugs in CopyCapabilityDataOut function for algorithms. - Fixed bug with ExecuteAsync: passed in BE size to transmit call. Needs to be host-endian. - Changed on bit fields in TPM2 data structures to unsigned int. Previously the compiler was generating incorrect code because these were int bit fields. - Cleaned up TestHash function. ### Removed - Removed most instances of sysContext in tpmclient.cpp. Now most tests use the global one. - Removed pack pragma from header files for external interfaces. ## [0.93] - 2014-08-01 ### Added - Added IsSession routine and fixed all instances in resource manager where a handle is checked for being a session handle (some were incorrect). - Added RollNonces function and used for all tests for HMAC and policy sessions. - Added TCTI malformed response error code. - Added simple HMAC test. - Added test for session parameter encryption and decryption. - Added more descriptive error codes to StartAuthSession function. - Added TpmHashSequence function. Used this build password/PCR policy. - Added more policy tests: password/PCR, authValue, password - Added code to flush context of session handles I'm not using. - Added GetTestResult functions (had missed these previously) - Added tests for asynchronous and synchronous non-one call to Startup tests. - Added GetTestResult tests. - Added test to create a bunch of sessions. This test found some resource manager issues. ### Changed - Fixed bad parameters on call to GetEncryptParam. This only failed on Linux systems. - Fixed minor build errors under Linux. - Eliminated unneeded code in TestPolicy. - Changed how nonce's are setup after StartAuthSession. Before they were being inherently rolled in preparation for first command. Now the RollNonces routine will need to be called before the first command. This makes handling of the nonces consistent for all code that needs to roll them. - Fixed bug in StartAuthSession: wasn't marshaling symmetric parameter properly if algorithm was TPM_ALG_XOR. - Fixed bug in SetDecryptParam: when inserting a decrypt param, the code wasn't updating the command size field. - Fixed bug in ExecuteFinish: wasn't returning TPM error code if no other errors had occurred. - Fixed bug in KDFa function: if key size was zero, this was just returning success, but not generating a key. That behavior is specific to session key generation not to the underlying KDFa function. Upleveled that code into StartAuthSession function so that it only occurs in the session key generation case. - Changed NV attributes for all NV indices to add orderly attribute. This helps, but doesn't entirely relieve, NV wearout issues with the tests. - Changed NV attributes for all NV indices to add orderly attribute. This helps, but doesn't entirely relieve, NV wearout issues with the tests. - Fixed a bunch of resource manager issues. Many of these were exposed by the new policy tests. - Updated resource manager to properly handle sessions. Before we were not swapping them in as needed. - Updated readme.docx file. Now tests can run with V1.15 version of MS simulator. - Made test app work with MS simulator version 1.15. Had to add command to turn on NV. Before this change, when running against MS simulator, TPM2_Startup would fail with 0x923 error: "ERROR: WARNING, TPM_RC_NV_UNAVAILABLE: the command may require writing of NV and NV is not current accessible." - Changed NO_RESPONSE_RECEIVED error code to IO_ERROR. - Cleaned up defines for MS simulator commands. ### Removed? - Removed an unused input parameter from ComputeCommandHmacs and CheckResponseHmacs. - Removed an unused input parameter from ComputeCommandHmacs and CheckResponseHmacs. - Removed DRIVER_NOT_FOUND and DRIVERINFO_NOT_FOUND error codes. ## [0.92] - 2014-06-17 ### Changed - Fixed bugs in sockets send and receive code. Needed to account for actual bytes sent/received instead of assuming them. This was causing intermittent errors when looping continuously on the tests and running the tests remotely (on a different host system than the simulator was running on). - Fixed SAPI and test app builds to not fail if directories are already present. Suppressed error messages related to mkdir. - Turned on compiler warnings and fixed all issues when building under Ubuntu Linux. - Fixed error in readme.docx file. I was specifying the wrong version of the simulator. - Fixed error handling if sockets interface fails to connect. - Fixed build error: now I make directories that are needed. ## [0.91] - 2014-06-04 ### Added - Added code optimized builds to System API library code - Added warning flags to compiler command lines. ### Changed - Fixed all compiler warnings when built under Windows and Linux. ## [0.90] - 2014-05-28 ### Added - Added support for encrypt/decrypt sessions with one-call functions. - Added cleaned up and reorganized header files that comply with latest SAPI specification. - Added changes for supporting get/set encrypt/decrypt functions. - Added latest header file that corresponds to version 1.03 of TPM 2.0 specification. - Added debug display of command string for each command being run. - Added command line flag to slow down test display for demo purposes. - Added option to loop the tests continuously. ### Changed - Ported existing functionality to latest SAPI spec. - Cleaned up and added comments to PasswordTest. - Fixed problem of hang when looping through tests. Sessions table was running out of entries because we weren't removing sessions that were closed. - Fixed issue with resource manager. All virtual handles had the high nibble set to 0xff. Now the high nibble is left intact so that applications can determine the type of the handle. ### Notes 1. Testing is not comprehensive. See test code to see what's tested. Please report any bugs found so that fixes can be rolled out. 2. Range checks within SAPI code not yet implemented. 3. Still need to add support for separate debug and production builds. Production build will be optimized for code size. ## [0.82] - 2013-12-16 ### Added - Added support for building and running system API code and tests under Linux. - Added command line options for host name and port to test application. ### Notes HMAC and cpHash calculations are only supported for NV Read and NV Write commands currently. The system API changes to support this have been prototyped for these commands and are awaitingTSS approval before being ported to all the other commands. ## [0.81] - 2013-12-02 ### Added - Added support for TPM2_PolicyNvWritten command. ### Changed - Altered tests to work with 1.01 simulator. - Fixed errors in readme.docx. ### Notes HMAC and cpHash calculations are only supported for NV Read and NV Write commands currently. The system API changes to support this have been prototyped for these commands and are awaitingTSS approval before being ported to all the other commands. ## [0.80] - 2013-11-19 ### Added - Added code to create a new session for reading/writing the NV index after it's first written. This tests the other case for bound sessions. - Added routine to start policy sessions. - Added policy test code: not used currently. ### Changed - Fixed bugs in resource manager. - Fixed bugs with salted session tests. - Ported tests to work with 0.99 sim's version of support for bound sessions. - Fixed bugs in test code, with how key is generated for encrypting the salt for salted session tests. - Fixed a rather serious bug in HmacSessionTest: CopyNvPublicIn is called to copy a structure, but is had the side effect of modifying the first parameter. This function really wasn't designed to be used the way it is. Worked around the problem by resetting the pointer after calling CopyNvPublicIn. This problem showed up as a stack corruption issue that occurred during the 4th test. Basically the pointer moved enough after the first 3 tests to start corrupting other variables on the stack. - Automated runtime setup of key for salted tests. - Developed changes for NVRead/Write commands to use new 2-stage method for handling HMAC calculations. - Changed CopyPcrSelectionIn function so that it can be used by applications to generate policy hashes. - Fixed build error: changes in header files weren't causing TPM 2.0 library functions to be rebuilt. - Created CalcPHash helper function. - Changed HMAC session code to new architecture that doesn't use any helper function pointers. - Changed return code type form UINT32 to TPM_RC in tss_sysapi.h. - Changed "authHandle" to "sessionHandle" in sample code. - Debugged and fixed StartAuthSession2 function in test code. - Debugged and fixed first policy test. - Used new NvDefine function to help abstract some of the details of creating NV indices. - Used non-MS header file to build system API. - Cleaned up and reorganized files and directories. ### Notes HMAC and cpHash calculations are only supported for NV Read and NV Write commands currently. The system API changes to support this have been prototyped for these commands and are awaitingTSS approval before being ported to all the other commands. ## [0.67] - 2013-08-07 ### Added - Plumbed in a resource mgr (doesn't actually do anything other than pass through at this time). - Added BOUND and SALTED HMAC session tests. BOUND test works, but SALTED doesn't yet work. - Added code to delete an entity from the entity table. - Added code to work around an NV index anomaly with TPM simulator 0.98 and previous versions: after the first NV index write, the name changes. This causes the TPM's HMAC calculation to treat the index as if it's never the BOUND entity, even if it is. This is expected (but weird) behavior which will be fixed in 0.99 simulator. - Created two helper functions pointers for system API and used them for HMAC sessions. - Added support for HMAC session for NV read/write APIs.Added HMAC tests for unbounded/unsalted sessions.Fixed context save/restore functions.Created CopyNvPublicIn function and altered Tpm2_DefineSpace function to use it. - Created TpmHash function - Created TpmHandleToName function - Added HMAC tests for unbounded/unsalted sessions. - Created CopyNvPublicIn function and altered Tpm2_DefineSpace function to use it. - Created TpmHash function - Created TpmHandleToName function - Documented helper function pointers in the system API header file. - Added tests for TpmHandleToName function. - Added functionality needed for KDFa functions ConcatSizedByteBuffer, CopySizedByteBuffer - Added KDFa function in preparation for HMAC session test. Not tested yet. - Added LoadExternalHMACKey function. This function is called by TPM HMAC function. ### Changed - Updated headers with Intel license text. - Split sockets driver into separate code module. - SALTED session test fixes: * Fixed CopyRSAEncryptIon function: wasn't handling some cases correctly. * Backed out change to make parameterSize passed to ComputeSessionHmacPtr function a UINT16. Needs to be UINT32. * For ComputeSessionHmacPtr, changed parameterSize to UINT16 to fix build warning. - Fixed bugs in KDFa(). - Altered all APIs to use pointers to TPM input/output buffers. - Fixed context save/restore functions. - Fixed formatting of prints of sized byte buffers in test app. - Fixed bug in TpmHmac function: needed to set size of result to 0 in case an error occurs. - Fixed bugs in CopySensitiveIn function: uninitialized size field, bad pointers, and incorrect increment of otherData at end of function. - Altered TpmHMAC function to call LoadExternalHMAC key function. This allows a better HMAC function pointer, one that complies with normal HMAC calling convention. Before it was TPM-specific. - Bumped up TPMBUF_LEN to 32k in tpmclient.cpp. This fixed overwriting problems during context save/restore function. - Fixed bugs in ContextLoad function: otherData wasn't initialized before it was used. - Fixed bug in Tpm20LoadExternal command: it wasn't properly marshaling the inPrivate data. ### Removed - Removed tis.h file. Not needed. - Eliminated salted session test (because it doesn't work yet), and changed out.good file to match. - Reorganized directories and moved files to make more logical sense. ### Notes HMAC helper function callouts are only being done for NV Read and NV Write commands currently. The system API changes to support this are still being prototyped. After they are finalized, these changes will be extended to all functions that use sessions. ## [0.66] - 2013-??-?? ### Added - Added CertifyCreation function - Added EcEphemeral function - Added test for tspi_sys_TPM2_HashStart ### Changed - Cleaned up for general TCG release ## [0.65] - 2013-04-10 ### Added - All TPM 2.0 functions now supported. - Limited testing done on following functions: - tspi_sys_TPM2_Startup - tspi_sys_Tpm2_SelfTest - tspi_sys_TPM2_GetCapability - tspi_sys_TPM2_Clear-tested - tspi_sys_TPM2_StartAuthSession - tspi_sys_TPM2_ClearControl - tspi_sys_TPM2_ChangeEPS - tspi_sys_TPM2_HierarchyChangeAuth - tspi_sys_TPM2_Extend - tspi_sys_TPM2_HashSequenceStart - tspi_sys_TPM2_SequenceUpdate - tspi_sys_TPM2_SequenceComplete - tspi_sys_TPM2_EventSequenceComplete - tspi_sys_TPM2_GetRandom - tspi_sys_TPM2_SaveState - tspi_sys_TPM2_PcrRead - tspi_sys_TPM2_NVRead - tspi_sys_TPM2_NVWrite - tspi_sys_TPM2_Unseal - tspi_sys_TPM2_PcrAllocate - tspi_sys_TPM2_DictionaryAttackLockReset - tspi_sys_TPM2_NV_Writelock - tspi_sys_TPM2_PolicyCommandCode - tspi_sys_TPM2_PolicyGetDigest - tspi_sys_TPM2_PolicyOr - tspi_sys_TPM2_PolicyRestart - tspi_sys_TPM2_LoadExternal - tspi_sys_TPM2_HierarchyControl - tspi_sys_TPM2_NV_UndefineSpace - tspi_sys_TPM2_Create - tspi_sys_TPM2_Load - tspi_sys_TPM2_Quote - tspi_sys_TPM2_NV_ReadPublic - tspi_sys_TPM2_ChangePPS - tspi_sys_TPM2_NV_DefineSpace - tspi_sys_TPM2_PolicyLocality - tspi_sys_TPM2_PolicyPCR - tspi_sys_TPM2_CreatePrimary - tspi_sys_TPM2_Shutdown - tspi_sys_TPM2_PCR_Event - tspi_sys_TPM2_PolicyNV - tspi_sys_TPM2_NV_ReadLock - tspi_sys_TPM2_NV_UndefineSpaceSpecial No testing done on all other 61 functions ## [0.60] - 2013-03-29 ### Added - Added changes to make it comply with TSS 2.0 system library API ### Removed - Cleaned up and removed unneeded files. tpm2-tss-4.1.3/CODE_OF_CONDUCT.md000066400000000000000000000125641462311337700160260ustar00rootroot00000000000000 # Contributor Covenant Code of Conduct ## Our Pledge We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation. We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community. ## Our Standards Examples of behavior that contributes to a positive environment for our community include: * Demonstrating empathy and kindness toward other people * Being respectful of differing opinions, viewpoints, and experiences * Giving and gracefully accepting constructive feedback * Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience * Focusing on what is best not just for us as individuals, but for the overall community Examples of unacceptable behavior include: * The use of sexualized language or imagery, and sexual attention or advances of any kind * Trolling, insulting or derogatory comments, and personal or political attacks * Public or private harassment * Publishing others' private information, such as a physical or email address, without their explicit permission * Other conduct which could reasonably be considered inappropriate in a professional setting ## Enforcement Responsibilities Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful. Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate. ## Scope This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at [MAINTAINERS](MAINTAINERS). All complaints will be reviewed and investigated promptly and fairly. All community leaders are obligated to respect the privacy and security of the reporter of any incident. ## Enforcement Guidelines Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct: ### 1. Correction **Community Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community. **Consequence**: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested. ### 2. Warning **Community Impact**: A violation through a single incident or series of actions. **Consequence**: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban. ### 3. Temporary Ban **Community Impact**: A serious violation of community standards, including sustained inappropriate behavior. **Consequence**: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban. ### 4. Permanent Ban **Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals. **Consequence**: A permanent ban from any sort of public interaction within the community. ## Attribution This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.1, available at [https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder][Mozilla CoC]. For answers to common questions about this code of conduct, see the FAQ at [https://www.contributor-covenant.org/faq][FAQ]. Translations are available at [https://www.contributor-covenant.org/translations][translations]. [homepage]: https://www.contributor-covenant.org [v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html [Mozilla CoC]: https://github.com/mozilla/diversity [FAQ]: https://www.contributor-covenant.org/faq [translations]: https://www.contributor-covenant.org/translations tpm2-tss-4.1.3/CONTRIBUTING.md000066400000000000000000000055251462311337700154570ustar00rootroot00000000000000# Guidelines for submitting bugs: All non security bugs should be filed on the Issues tracker: https://github.com/tpm2-software/tpm2-tss/issues Security sensitive bugs should be handled per the instructions in the [SECURITY](SECURITY.md) file. # Guideline for submitting changes: All changes to the source code must follow the coding standard used in the surrounding source and documented [here](doc/coding_standard_c.md). All changes should be introduced via github pull requests. This allows anyone to comment and provide feedback in lieu of having a mailing list. For pull requests opened by non-maintainers, any maintainer may review and merge that pull request. For maintainers, they either must have their pull request reviewed by another maintainer if possible, or leave the PR open for at least 24 hours, we consider this the window for comments. ## Patch requirements * All tests must pass on the CI system for the merge to occur with the exception of Cirrus. Cirrus failures should be manually evaluated by the maintainer to determine if it's a blocking failure or intermittent CI issues with Cirrus. * All changes must not introduce superfluous changes or whitespace errors. * All commits should adhere to the git commit message guidelines described here: https://chris.beams.io/posts/git-commit/ with the following exceptions. * We allow commit subject lines up to 80 characters. * Commit subject lines should be prefixed with a string identifying the effected subsystem. If the change is spread over a number of subsystems then the prefix may be omitted. The general guidelines for prefix is to use the top level directory name, a colon and space. For example, a change to `doc/logging.md` would be "doc: ". Additional, more specific recommended prefixes are below for files in: - src/tss2-sys use prefix "sys: " - src/tss2-esys use prefix "esys: " - src/tss2-fapi use prefix "fapi: " - src/tss2-mu use prefix "mu: " - src/tss2-rc use prefix "rc: " - src/tss2-tcti use prefix "tcti: ". - However, "tcti-" should be used to indicate changes to a specific tcti vs the generic tcti layer. - to src/util is "util: " * All contributions must adhere to the Developers Certificate of Origin. The full text of the DCO is here: https://developercertificate.org/. Contributors must add a 'Signed-off-by' line to their commits. This indicates the submitters acceptance of the DCO. ## Guideline for merging changes Pull Requests MUST be assigned to an upcoming release tag. If a release milestone does not exist, the maintainer SHALL create it per the [RELEASE.md](RELEASE.md) instructions. When accepting and merging a change, the maintainer MUST edit the description field for the release milestone to add the CHANGELOG entry. Changes must be merged with the "rebase" option on github to avoid merge commits. This provides for a clear linear history. tpm2-tss-4.1.3/Doxyfile.in000066400000000000000000003405761462311337700153510ustar00rootroot00000000000000# Unfortunately AC_CONFIG_FILES is too intelligent if this file lives inside the # /doc subdirectory; i.e. it will set @top_srcdir@ to ".." which screws up all # doxygen generation. Thus this file needs to live on top-level until anybody # comes up with a different solution. # Doxyfile 1.8.11 # This file describes the settings to be used by the documentation system # doxygen (www.doxygen.org) for a project. # # All text after a double hash (##) is considered a comment and is placed in # front of the TAG it is preceding. # # All text after a single hash (#) is considered a comment and will be ignored. # The format is: # TAG = value [value, ...] # For lists, items can also be appended using: # TAG += value [value, ...] # Values that contain spaces should be placed between quotes (\" \"). #--------------------------------------------------------------------------- # Project related configuration options #--------------------------------------------------------------------------- # This tag specifies the encoding used for all characters in the config file # that follow. The default is UTF-8 which is also the encoding used for all text # before the first occurrence of this tag. Doxygen uses libiconv (or the iconv # built into libc) for the transcoding. See http://www.gnu.org/software/libiconv # for the list of possible encodings. # The default value is: UTF-8. DOXYFILE_ENCODING = UTF-8 # The PROJECT_NAME tag is a single word (or a sequence of words surrounded by # double-quotes, unless you are using Doxywizard) that should identify the # project for which the documentation is generated. This name is used in the # title of most generated pages and in a few other places. # The default value is: My Project. PROJECT_NAME = @PACKAGE_NAME@ # The PROJECT_NUMBER tag can be used to enter a project or revision number. This # could be handy for archiving the generated documentation or if some version # control system is used. PROJECT_NUMBER = @VERSION@ # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer a # quick idea about the purpose of the project. Keep the description short. PROJECT_BRIEF = "TPM Software stack 2.0 TCG spec compliant implementation" # With the PROJECT_LOGO tag one can specify a logo or an icon that is included # in the documentation. The maximum height of the logo should not exceed 55 # pixels and the maximum width should not exceed 200 pixels. Doxygen will copy # the logo to the output directory. PROJECT_LOGO = # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path # into which the generated documentation will be written. If a relative path is # entered, it will be relative to the location where doxygen was started. If # left blank the current directory will be used. OUTPUT_DIRECTORY = @top_builddir@/doxygen-doc # If the CREATE_SUBDIRS tag is set to YES then doxygen will create 4096 sub- # directories (in 2 levels) under the output directory of each output format and # will distribute the generated files over these directories. Enabling this # option can be useful when feeding doxygen a huge amount of source files, where # putting all generated files in the same directory would otherwise causes # performance problems for the file system. # The default value is: NO. CREATE_SUBDIRS = NO # If the ALLOW_UNICODE_NAMES tag is set to YES, doxygen will allow non-ASCII # characters to appear in the names of generated files. If set to NO, non-ASCII # characters will be escaped, for example _xE3_x81_x84 will be used for Unicode # U+3044. # The default value is: NO. ALLOW_UNICODE_NAMES = NO # The OUTPUT_LANGUAGE tag is used to specify the language in which all # documentation generated by doxygen is written. Doxygen will use this # information to generate all constant output in the proper language. # Possible values are: Afrikaans, Arabic, Armenian, Brazilian, Catalan, Chinese, # Chinese-Traditional, Croatian, Czech, Danish, Dutch, English (United States), # Esperanto, Farsi (Persian), Finnish, French, German, Greek, Hungarian, # Indonesian, Italian, Japanese, Japanese-en (Japanese with English messages), # Korean, Korean-en (Korean with English messages), Latvian, Lithuanian, # Macedonian, Norwegian, Persian (Farsi), Polish, Portuguese, Romanian, Russian, # Serbian, Serbian-Cyrillic, Slovak, Slovene, Spanish, Swedish, Turkish, # Ukrainian and Vietnamese. # The default value is: English. OUTPUT_LANGUAGE = English # If the BRIEF_MEMBER_DESC tag is set to YES, doxygen will include brief member # descriptions after the members that are listed in the file and class # documentation (similar to Javadoc). Set to NO to disable this. # The default value is: YES. BRIEF_MEMBER_DESC = YES # If the REPEAT_BRIEF tag is set to YES, doxygen will prepend the brief # description of a member or function before the detailed description # # Note: If both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the # brief descriptions will be completely suppressed. # The default value is: YES. REPEAT_BRIEF = YES # This tag implements a quasi-intelligent brief description abbreviator that is # used to form the text in various listings. Each string in this list, if found # as the leading text of the brief description, will be stripped from the text # and the result, after processing the whole list, is used as the annotated # text. Otherwise, the brief description is used as-is. If left blank, the # following values are used ($name is automatically replaced with the name of # the entity):The $name class, The $name widget, The $name file, is, provides, # specifies, contains, represents, a, an and the. ABBREVIATE_BRIEF = # If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then # doxygen will generate a detailed section even if there is only a brief # description. # The default value is: NO. ALWAYS_DETAILED_SEC = NO # If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all # inherited members of a class in the documentation of that class as if those # members were ordinary class members. Constructors, destructors and assignment # operators of the base classes will not be shown. # The default value is: NO. INLINE_INHERITED_MEMB = NO # If the FULL_PATH_NAMES tag is set to YES, doxygen will prepend the full path # before files name in the file list and in the header files. If set to NO the # shortest path that makes the file name unique will be used # The default value is: YES. FULL_PATH_NAMES = YES # The STRIP_FROM_PATH tag can be used to strip a user-defined part of the path. # Stripping is only done if one of the specified strings matches the left-hand # part of the path. The tag can be used to show relative paths in the file list. # If left blank the directory from which doxygen is run is used as the path to # strip. # # Note that you can specify absolute paths here, but also relative paths, which # will be relative from the directory where doxygen is started. # This tag requires that the tag FULL_PATH_NAMES is set to YES. STRIP_FROM_PATH = # The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of the # path mentioned in the documentation of a class, which tells the reader which # header file to include in order to use a class. If left blank only the name of # the header file containing the class definition is used. Otherwise one should # specify the list of include paths that are normally passed to the compiler # using the -I flag. STRIP_FROM_INC_PATH = # If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter (but # less readable) file names. This can be useful is your file systems doesn't # support long names like on DOS, Mac, or CD-ROM. # The default value is: NO. SHORT_NAMES = NO # If the JAVADOC_AUTOBRIEF tag is set to YES then doxygen will interpret the # first line (until the first dot) of a Javadoc-style comment as the brief # description. If set to NO, the Javadoc-style will behave just like regular Qt- # style comments (thus requiring an explicit @brief command for a brief # description.) # The default value is: NO. JAVADOC_AUTOBRIEF = NO # If the QT_AUTOBRIEF tag is set to YES then doxygen will interpret the first # line (until the first dot) of a Qt-style comment as the brief description. If # set to NO, the Qt-style will behave just like regular Qt-style comments (thus # requiring an explicit \brief command for a brief description.) # The default value is: NO. QT_AUTOBRIEF = NO # The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make doxygen treat a # multi-line C++ special comment block (i.e. a block of //! or /// comments) as # a brief description. This used to be the default behavior. The new default is # to treat a multi-line C++ comment block as a detailed description. Set this # tag to YES if you prefer the old behavior instead. # # Note that setting this tag to YES also means that rational rose comments are # not recognized any more. # The default value is: NO. MULTILINE_CPP_IS_BRIEF = NO # If the INHERIT_DOCS tag is set to YES then an undocumented member inherits the # documentation from any documented member that it re-implements. # The default value is: YES. INHERIT_DOCS = YES # If the SEPARATE_MEMBER_PAGES tag is set to YES then doxygen will produce a new # page for each member. If set to NO, the documentation of a member will be part # of the file/class/namespace that contains it. # The default value is: NO. SEPARATE_MEMBER_PAGES = NO # The TAB_SIZE tag can be used to set the number of spaces in a tab. Doxygen # uses this value to replace tabs by spaces in code fragments. # Minimum value: 1, maximum value: 16, default value: 4. TAB_SIZE = 4 # This tag can be used to specify a number of aliases that act as commands in # the documentation. An alias has the form: # name=value # For example adding # "sideeffect=@par Side Effects:\n" # will allow you to put the command \sideeffect (or @sideeffect) in the # documentation, which will result in a user-defined paragraph with heading # "Side Effects:". You can put \n's in the value part of an alias to insert # newlines. ALIASES = # This tag can be used to specify a number of word-keyword mappings (TCL only). # A mapping has the form "name=value". For example adding "class=itcl::class" # will allow you to use the command class in the itcl::class meaning. TCL_SUBST = # Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources # only. Doxygen will then generate output that is more tailored for C. For # instance, some of the names that are used will be different. The list of all # members will be omitted, etc. # The default value is: NO. OPTIMIZE_OUTPUT_FOR_C = YES # Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java or # Python sources only. Doxygen will then generate output that is more tailored # for that language. For instance, namespaces will be presented as packages, # qualified scopes will look different, etc. # The default value is: NO. OPTIMIZE_OUTPUT_JAVA = NO # Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran # sources. Doxygen will then generate output that is tailored for Fortran. # The default value is: NO. OPTIMIZE_FOR_FORTRAN = NO # Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL # sources. Doxygen will then generate output that is tailored for VHDL. # The default value is: NO. OPTIMIZE_OUTPUT_VHDL = NO # Doxygen selects the parser to use depending on the extension of the files it # parses. With this tag you can assign which parser to use for a given # extension. Doxygen has a built-in mapping, but you can override or extend it # using this tag. The format is ext=language, where ext is a file extension, and # language is one of the parsers supported by doxygen: IDL, Java, Javascript, # C#, C, C++, D, PHP, Objective-C, Python, Fortran (fixed format Fortran: # FortranFixed, free formatted Fortran: FortranFree, unknown formatted Fortran: # Fortran. In the later case the parser tries to guess whether the code is fixed # or free formatted code, this is the default for Fortran type files), VHDL. For # instance to make doxygen treat .inc files as Fortran files (default is PHP), # and .f files as C (default is Fortran), use: inc=Fortran f=C. # # Note: For files without extension you can use no_extension as a placeholder. # # Note that for custom extensions you also need to set FILE_PATTERNS otherwise # the files are not read by doxygen. EXTENSION_MAPPING = # If the MARKDOWN_SUPPORT tag is enabled then doxygen pre-processes all comments # according to the Markdown format, which allows for more readable # documentation. See http://daringfireball.net/projects/markdown/ for details. # The output of markdown processing is further processed by doxygen, so you can # mix doxygen, HTML, and XML commands with Markdown formatting. Disable only in # case of backward compatibilities issues. # The default value is: YES. MARKDOWN_SUPPORT = YES # When enabled doxygen tries to link words that correspond to documented # classes, or namespaces to their corresponding documentation. Such a link can # be prevented in individual cases by putting a % sign in front of the word or # globally by setting AUTOLINK_SUPPORT to NO. # The default value is: YES. AUTOLINK_SUPPORT = YES # If you use STL classes (i.e. std::string, std::vector, etc.) but do not want # to include (a tag file for) the STL sources as input, then you should set this # tag to YES in order to let doxygen match functions declarations and # definitions whose arguments contain STL classes (e.g. func(std::string); # versus func(std::string) {}). This also make the inheritance and collaboration # diagrams that involve STL classes more complete and accurate. # The default value is: NO. BUILTIN_STL_SUPPORT = NO # If you use Microsoft's C++/CLI language, you should set this option to YES to # enable parsing support. # The default value is: NO. CPP_CLI_SUPPORT = NO # Set the SIP_SUPPORT tag to YES if your project consists of sip (see: # http://www.riverbankcomputing.co.uk/software/sip/intro) sources only. Doxygen # will parse them like normal C++ but will assume all classes use public instead # of private inheritance when no explicit protection keyword is present. # The default value is: NO. SIP_SUPPORT = NO # For Microsoft's IDL there are propget and propput attributes to indicate # getter and setter methods for a property. Setting this option to YES will make # doxygen to replace the get and set methods by a property in the documentation. # This will only work if the methods are indeed getting or setting a simple # type. If this is not the case, or you want to show the methods anyway, you # should set this option to NO. # The default value is: YES. IDL_PROPERTY_SUPPORT = YES # If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC # tag is set to YES then doxygen will reuse the documentation of the first # member in the group (if any) for the other members of the group. By default # all members of a group must be documented explicitly. # The default value is: NO. DISTRIBUTE_GROUP_DOC = NO # If one adds a struct or class to a group and this option is enabled, then also # any nested class or struct is added to the same group. By default this option # is disabled and one has to add nested compounds explicitly via \ingroup. # The default value is: NO. GROUP_NESTED_COMPOUNDS = YES # Set the SUBGROUPING tag to YES to allow class member groups of the same type # (for instance a group of public functions) to be put as a subgroup of that # type (e.g. under the Public Functions section). Set it to NO to prevent # subgrouping. Alternatively, this can be done per class using the # \nosubgrouping command. # The default value is: YES. SUBGROUPING = YES # When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and unions # are shown inside the group in which they are included (e.g. using \ingroup) # instead of on a separate page (for HTML and Man pages) or section (for LaTeX # and RTF). # # Note that this feature does not work in combination with # SEPARATE_MEMBER_PAGES. # The default value is: NO. INLINE_GROUPED_CLASSES = YES # When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and unions # with only public data fields or simple typedef fields will be shown inline in # the documentation of the scope in which they are defined (i.e. file, # namespace, or group documentation), provided this scope is documented. If set # to NO, structs, classes, and unions are shown on a separate page (for HTML and # Man pages) or section (for LaTeX and RTF). # The default value is: NO. INLINE_SIMPLE_STRUCTS = NO # When TYPEDEF_HIDES_STRUCT tag is enabled, a typedef of a struct, union, or # enum is documented as struct, union, or enum with the name of the typedef. So # typedef struct TypeS {} TypeT, will appear in the documentation as a struct # with name TypeT. When disabled the typedef will appear as a member of a file, # namespace, or class. And the struct will be named TypeS. This can typically be # useful for C code in case the coding convention dictates that all compound # types are typedef'ed and only the typedef is referenced, never the tag name. # The default value is: NO. TYPEDEF_HIDES_STRUCT = NO # The size of the symbol lookup cache can be set using LOOKUP_CACHE_SIZE. This # cache is used to resolve symbols given their name and scope. Since this can be # an expensive process and often the same symbol appears multiple times in the # code, doxygen keeps a cache of pre-resolved symbols. If the cache is too small # doxygen will become slower. If the cache is too large, memory is wasted. The # cache size is given by this formula: 2^(16+LOOKUP_CACHE_SIZE). The valid range # is 0..9, the default is 0, corresponding to a cache size of 2^16=65536 # symbols. At the end of a run doxygen will report the cache usage and suggest # the optimal cache size from a speed point of view. # Minimum value: 0, maximum value: 9, default value: 0. LOOKUP_CACHE_SIZE = 0 #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- # If the EXTRACT_ALL tag is set to YES, doxygen will assume all entities in # documentation are documented, even if no documentation was available. Private # class members and static file members will be hidden unless the # EXTRACT_PRIVATE respectively EXTRACT_STATIC tags are set to YES. # Note: This will also disable the warnings about undocumented members that are # normally produced when WARNINGS is set to YES. # The default value is: NO. EXTRACT_ALL = NO # If the EXTRACT_PRIVATE tag is set to YES, all private members of a class will # be included in the documentation. # The default value is: NO. EXTRACT_PRIVATE = NO # If the EXTRACT_PACKAGE tag is set to YES, all members with package or internal # scope will be included in the documentation. # The default value is: NO. EXTRACT_PACKAGE = NO # If the EXTRACT_STATIC tag is set to YES, all static members of a file will be # included in the documentation. # The default value is: NO. EXTRACT_STATIC = NO # If the EXTRACT_LOCAL_CLASSES tag is set to YES, classes (and structs) defined # locally in source files will be included in the documentation. If set to NO, # only classes defined in header files are included. Does not have any effect # for Java sources. # The default value is: YES. EXTRACT_LOCAL_CLASSES = YES # This flag is only useful for Objective-C code. If set to YES, local methods, # which are defined in the implementation section but not in the interface are # included in the documentation. If set to NO, only methods in the interface are # included. # The default value is: NO. EXTRACT_LOCAL_METHODS = NO # If this flag is set to YES, the members of anonymous namespaces will be # extracted and appear in the documentation as a namespace called # 'anonymous_namespace{file}', where file will be replaced with the base name of # the file that contains the anonymous namespace. By default anonymous namespace # are hidden. # The default value is: NO. EXTRACT_ANON_NSPACES = NO # If the HIDE_UNDOC_MEMBERS tag is set to YES, doxygen will hide all # undocumented members inside documented classes or files. If set to NO these # members will be included in the various overviews, but no documentation # section is generated. This option has no effect if EXTRACT_ALL is enabled. # The default value is: NO. HIDE_UNDOC_MEMBERS = NO # If the HIDE_UNDOC_CLASSES tag is set to YES, doxygen will hide all # undocumented classes that are normally visible in the class hierarchy. If set # to NO, these classes will be included in the various overviews. This option # has no effect if EXTRACT_ALL is enabled. # The default value is: NO. HIDE_UNDOC_CLASSES = NO # If the HIDE_FRIEND_COMPOUNDS tag is set to YES, doxygen will hide all friend # (class|struct|union) declarations. If set to NO, these declarations will be # included in the documentation. # The default value is: NO. HIDE_FRIEND_COMPOUNDS = NO # If the HIDE_IN_BODY_DOCS tag is set to YES, doxygen will hide any # documentation blocks found inside the body of a function. If set to NO, these # blocks will be appended to the function's detailed documentation block. # The default value is: NO. HIDE_IN_BODY_DOCS = NO # The INTERNAL_DOCS tag determines if documentation that is typed after a # \internal command is included. If the tag is set to NO then the documentation # will be excluded. Set it to YES to include the internal documentation. # The default value is: NO. INTERNAL_DOCS = NO # If the CASE_SENSE_NAMES tag is set to NO then doxygen will only generate file # names in lower-case letters. If set to YES, upper-case letters are also # allowed. This is useful if you have classes or files whose names only differ # in case and if your file system supports case sensitive file names. Windows # and Mac users are advised to set this option to NO. # The default value is: system dependent. CASE_SENSE_NAMES = NO # If the HIDE_SCOPE_NAMES tag is set to NO then doxygen will show members with # their full class and namespace scopes in the documentation. If set to YES, the # scope will be hidden. # The default value is: NO. HIDE_SCOPE_NAMES = YES # If the HIDE_COMPOUND_REFERENCE tag is set to NO (default) then doxygen will # append additional text to a page's title, such as Class Reference. If set to # YES the compound reference will be hidden. # The default value is: NO. HIDE_COMPOUND_REFERENCE= NO # If the SHOW_INCLUDE_FILES tag is set to YES then doxygen will put a list of # the files that are included by a file in the documentation of that file. # The default value is: YES. SHOW_INCLUDE_FILES = YES # If the SHOW_GROUPED_MEMB_INC tag is set to YES then Doxygen will add for each # grouped member an include statement to the documentation, telling the reader # which file to include in order to use the member. # The default value is: NO. SHOW_GROUPED_MEMB_INC = NO # If the FORCE_LOCAL_INCLUDES tag is set to YES then doxygen will list include # files with double quotes in the documentation rather than with sharp brackets. # The default value is: NO. FORCE_LOCAL_INCLUDES = NO # If the INLINE_INFO tag is set to YES then a tag [inline] is inserted in the # documentation for inline members. # The default value is: YES. INLINE_INFO = YES # If the SORT_MEMBER_DOCS tag is set to YES then doxygen will sort the # (detailed) documentation of file and class members alphabetically by member # name. If set to NO, the members will appear in declaration order. # The default value is: YES. SORT_MEMBER_DOCS = YES # If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the brief # descriptions of file, namespace and class members alphabetically by member # name. If set to NO, the members will appear in declaration order. Note that # this will also influence the order of the classes in the class list. # The default value is: NO. SORT_BRIEF_DOCS = NO # If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen will sort the # (brief and detailed) documentation of class members so that constructors and # destructors are listed first. If set to NO the constructors will appear in the # respective orders defined by SORT_BRIEF_DOCS and SORT_MEMBER_DOCS. # Note: If SORT_BRIEF_DOCS is set to NO this option is ignored for sorting brief # member documentation. # Note: If SORT_MEMBER_DOCS is set to NO this option is ignored for sorting # detailed member documentation. # The default value is: NO. SORT_MEMBERS_CTORS_1ST = NO # If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the hierarchy # of group names into alphabetical order. If set to NO the group names will # appear in their defined order. # The default value is: NO. SORT_GROUP_NAMES = NO # If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be sorted by # fully-qualified names, including namespaces. If set to NO, the class list will # be sorted only by class name, not including the namespace part. # Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. # Note: This option applies only to the class list, not to the alphabetical # list. # The default value is: NO. SORT_BY_SCOPE_NAME = NO # If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to do proper # type resolution of all parameters of a function it will reject a match between # the prototype and the implementation of a member function even if there is # only one candidate or it is obvious which candidate to choose by doing a # simple string match. By disabling STRICT_PROTO_MATCHING doxygen will still # accept a match between prototype and implementation in such cases. # The default value is: NO. STRICT_PROTO_MATCHING = NO # The GENERATE_TODOLIST tag can be used to enable (YES) or disable (NO) the todo # list. This list is created by putting \todo commands in the documentation. # The default value is: YES. GENERATE_TODOLIST = YES # The GENERATE_TESTLIST tag can be used to enable (YES) or disable (NO) the test # list. This list is created by putting \test commands in the documentation. # The default value is: YES. GENERATE_TESTLIST = YES # The GENERATE_BUGLIST tag can be used to enable (YES) or disable (NO) the bug # list. This list is created by putting \bug commands in the documentation. # The default value is: YES. GENERATE_BUGLIST = YES # The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or disable (NO) # the deprecated list. This list is created by putting \deprecated commands in # the documentation. # The default value is: YES. GENERATE_DEPRECATEDLIST= YES # The ENABLED_SECTIONS tag can be used to enable conditional documentation # sections, marked by \if ... \endif and \cond # ... \endcond blocks. ENABLED_SECTIONS = # The MAX_INITIALIZER_LINES tag determines the maximum number of lines that the # initial value of a variable or macro / define can have for it to appear in the # documentation. If the initializer consists of more lines than specified here # it will be hidden. Use a value of 0 to hide initializers completely. The # appearance of the value of individual variables and macros / defines can be # controlled using \showinitializer or \hideinitializer command in the # documentation regardless of this setting. # Minimum value: 0, maximum value: 10000, default value: 30. MAX_INITIALIZER_LINES = 30 # Set the SHOW_USED_FILES tag to NO to disable the list of files generated at # the bottom of the documentation of classes and structs. If set to YES, the # list will mention the files that were used to generate the documentation. # The default value is: YES. SHOW_USED_FILES = YES # Set the SHOW_FILES tag to NO to disable the generation of the Files page. This # will remove the Files entry from the Quick Index and from the Folder Tree View # (if specified). # The default value is: YES. SHOW_FILES = YES # Set the SHOW_NAMESPACES tag to NO to disable the generation of the Namespaces # page. This will remove the Namespaces entry from the Quick Index and from the # Folder Tree View (if specified). # The default value is: YES. SHOW_NAMESPACES = YES # The FILE_VERSION_FILTER tag can be used to specify a program or script that # doxygen should invoke to get the current version for each file (typically from # the version control system). Doxygen will invoke the program by executing (via # popen()) the command command input-file, where command is the value of the # FILE_VERSION_FILTER tag, and input-file is the name of an input file provided # by doxygen. Whatever the program writes to standard output is used as the file # version. For an example see the documentation. FILE_VERSION_FILTER = # The LAYOUT_FILE tag can be used to specify a layout file which will be parsed # by doxygen. The layout file controls the global structure of the generated # output files in an output format independent way. To create the layout file # that represents doxygen's defaults, run doxygen with the -l option. You can # optionally specify a file name after the option, if omitted DoxygenLayout.xml # will be used as the name of the layout file. # # Note that if you run doxygen from a directory containing a file called # DoxygenLayout.xml, doxygen will parse it automatically even if the LAYOUT_FILE # tag is left empty. LAYOUT_FILE = # The CITE_BIB_FILES tag can be used to specify one or more bib files containing # the reference definitions. This must be a list of .bib files. The .bib # extension is automatically appended if omitted. This requires the bibtex tool # to be installed. See also http://en.wikipedia.org/wiki/BibTeX for more info. # For LaTeX the style of the bibliography can be controlled using # LATEX_BIB_STYLE. To use this feature you need bibtex and perl available in the # search path. See also \cite for info how to create references. CITE_BIB_FILES = #--------------------------------------------------------------------------- # Configuration options related to warning and progress messages #--------------------------------------------------------------------------- # The QUIET tag can be used to turn on/off the messages that are generated to # standard output by doxygen. If QUIET is set to YES this implies that the # messages are off. # The default value is: NO. QUIET = YES # The WARNINGS tag can be used to turn on/off the warning messages that are # generated to standard error (stderr) by doxygen. If WARNINGS is set to YES # this implies that the warnings are on. # # Tip: Turn warnings on while writing the documentation. # The default value is: YES. WARNINGS = YES # If the WARN_IF_UNDOCUMENTED tag is set to YES then doxygen will generate # warnings for undocumented members. If EXTRACT_ALL is set to YES then this flag # will automatically be disabled. # The default value is: YES. WARN_IF_UNDOCUMENTED = NO # If the WARN_IF_DOC_ERROR tag is set to YES, doxygen will generate warnings for # potential errors in the documentation, such as not documenting some parameters # in a documented function, or documenting parameters that don't exist or using # markup commands wrongly. # The default value is: YES. WARN_IF_DOC_ERROR = YES # This WARN_NO_PARAMDOC option can be enabled to get warnings for functions that # are documented, but have no documentation for their parameters or return # value. If set to NO, doxygen will only warn about wrong or incomplete # parameter documentation, but not about the absence of documentation. # The default value is: NO. WARN_NO_PARAMDOC = YES # If the WARN_AS_ERROR tag is set to YES then doxygen will immediately stop when # a warning is encountered. # The default value is: NO. WARN_AS_ERROR = NO # The WARN_FORMAT tag determines the format of the warning messages that doxygen # can produce. The string should contain the $file, $line, and $text tags, which # will be replaced by the file and line number from which the warning originated # and the warning text. Optionally the format may contain $version, which will # be replaced by the version of the file (if it could be obtained via # FILE_VERSION_FILTER) # The default value is: $file:$line: $text. WARN_FORMAT = "$file:$line: $text" # The WARN_LOGFILE tag can be used to specify a file to which warning and error # messages should be written. If left blank the output is written to standard # error (stderr). WARN_LOGFILE = #--------------------------------------------------------------------------- # Configuration options related to the input files #--------------------------------------------------------------------------- # The INPUT tag is used to specify the files and/or directories that contain # documented source files. You may enter file names like myfile.cpp or # directories like /usr/src/myproject. Separate the files or directories with # spaces. See also FILE_PATTERNS and EXTENSION_MAPPING # Note: If this tag is empty the current directory is searched. INPUT = @top_srcdir@/doc/coding_standard_c.md \ @top_srcdir@/doc/logging.md \ @top_srcdir@/doc/doxygen.dox \ @top_srcdir@/README.md \ @top_srcdir@/include/tss2/tss2_esys.h \ @top_srcdir@/src/tss2-esys \ @top_srcdir@/include/tss2/tss2_fapi.h \ @top_srcdir@/src/tss2-fapi \ @top_srcdir@/test/integration/esys-audit.int.c \ @top_srcdir@/test/integration/esys-certify-creation.int.c \ @top_srcdir@/test/integration/esys-certify.int.c \ @top_srcdir@/test/integration/esys-change-eps.int.c \ @top_srcdir@/test/integration/esys-clear-control.int.c \ @top_srcdir@/test/integration/esys-clear.int.c \ @top_srcdir@/test/integration/esys-clockset.int.c \ @top_srcdir@/test/integration/esys-commit.int.c \ @top_srcdir@/test/integration/esys-create-fail.int.c \ @top_srcdir@/test/integration/esys-create-password-auth.int.c \ @top_srcdir@/test/integration/esys-create-policy-auth.int.c \ @top_srcdir@/test/integration/esys-create-primary-hmac.int.c \ @top_srcdir@/test/integration/esys-create-session-auth.int.c \ @top_srcdir@/test/integration/esys-createloaded.int.c \ @top_srcdir@/test/integration/esys-duplicate.int.c \ @top_srcdir@/test/integration/esys-ecc-parameters.int.c \ @top_srcdir@/test/integration/esys-ecdh-keygen.int.c \ @top_srcdir@/test/integration/esys-ecdh-zgen.int.c \ @top_srcdir@/test/integration/esys-encrypt-decrypt.int.c \ @top_srcdir@/test/integration/esys-event-sequence-complete.int.c \ @top_srcdir@/test/integration/esys-evict-control-serialization.int.c \ @top_srcdir@/test/integration/esys-field-upgrade.int.c \ @top_srcdir@/test/integration/esys-firmware-read.int.c \ @top_srcdir@/test/integration/esys-get-capability.int.c \ @top_srcdir@/test/integration/esys-get-random.int.c \ @top_srcdir@/test/integration/esys-get-time.int.c \ @top_srcdir@/test/integration/esys-hash.int.c \ @top_srcdir@/test/integration/esys-hashsequencestart.int.c \ @top_srcdir@/test/integration/esys-hierarchy-control.int.c \ @top_srcdir@/test/integration/esys-hierarchychangeauth.int.c \ @top_srcdir@/test/integration/esys-hmac.int.c \ @top_srcdir@/test/integration/esys-hmacsequencestart.int.c \ @top_srcdir@/test/integration/esys-import.int.c \ @top_srcdir@/test/integration/esys-lock.int.c \ @top_srcdir@/test/integration/esys-make-credential.int.c \ @top_srcdir@/test/integration/esys-nv-certify.int.c \ @top_srcdir@/test/integration/esys-nv-ram-counter.int.c \ @top_srcdir@/test/integration/esys-nv-ram-extend-index.int.c \ @top_srcdir@/test/integration/esys-nv-ram-ordinary-index.int.c \ @top_srcdir@/test/integration/esys-nv-ram-set-bits.int.c \ @top_srcdir@/test/integration/esys-object-changeauth.int.c \ @top_srcdir@/test/integration/esys-pcr-auth-value.int.c \ @top_srcdir@/test/integration/esys-pcr-basic.int.c \ @top_srcdir@/test/integration/esys-policy-authorize.int.c \ @top_srcdir@/test/integration/esys-policy-nv-changeauth.int.c \ @top_srcdir@/test/integration/esys-policy-nv-undefine-special.int.c \ @top_srcdir@/test/integration/esys-policy-password.int.c \ @top_srcdir@/test/integration/esys-policy-regression.int.c \ @top_srcdir@/test/integration/esys-policy-authorize-nv-opt.int.c \ @top_srcdir@/test/integration/esys-policy-physical-presence-opt.int.c \ @top_srcdir@/test/integration/esys-policy-template-opt.int.c \ @top_srcdir@/test/integration/esys-policy-ticket.int.c \ @top_srcdir@/test/integration/esys-pp-commands.int.c \ @top_srcdir@/test/integration/esys-quote.int.c \ @top_srcdir@/test/integration/esys-rsa-encrypt-decrypt.int.c \ @top_srcdir@/test/integration/esys-save-and-load-context.int.c \ @top_srcdir@/test/integration/esys-set-algorithm-set.int.c \ @top_srcdir@/test/integration/esys-stir-random.int.c \ @top_srcdir@/test/integration/esys-testparms.int.c \ @top_srcdir@/test/integration/esys-tpm-tests.int.c \ @top_srcdir@/test/integration/esys-tr-fromTpmPublic-key.int.c \ @top_srcdir@/test/integration/esys-tr-fromTpmPublic-nv.int.c \ @top_srcdir@/test/integration/esys-tr-getName-hierarchy.int.c \ @top_srcdir@/test/integration/esys-unseal-password-auth.int.c \ @top_srcdir@/test/integration/esys-verify-signature.int.c \ @top_srcdir@/test/integration/esys-zgen-2phase.int.c \ @top_srcdir@/test/integration/fapi-data-crypt.int.c \ @top_srcdir@/test/integration/fapi-duplicate.int.c \ @top_srcdir@/test/integration/fapi-ext-public-key.int.c \ @top_srcdir@/test/integration/fapi-get-random.int.c \ @top_srcdir@/test/integration/fapi-info.int.c \ @top_srcdir@/test/integration/fapi-key-change-auth.int.c \ @top_srcdir@/test/integration/fapi-key-create-ckda-sign.int.c \ @top_srcdir@/test/integration/fapi-key-create-policies-sign.int.c \ @top_srcdir@/test/integration/fapi-key-create-policy-authorize-nv-sign.int.c \ @top_srcdir@/test/integration/fapi-key-create-policy-authorize-sign.int.c \ @top_srcdir@/test/integration/fapi-key-create-policy-nv-sign.int.c \ @top_srcdir@/test/integration/fapi-key-create-policy-or-sign.int.c \ @top_srcdir@/test/integration/fapi-key-create-policy-pcr-sign.int.c \ @top_srcdir@/test/integration/fapi-key-create-policy-secret-nv-sign.int.c \ @top_srcdir@/test/integration/fapi-key-create-policy-signed.int.c \ @top_srcdir@/test/integration/fapi-key-create-sign.int.c \ @top_srcdir@/test/integration/fapi-key-create-sign-password-provision.int.c \ @top_srcdir@/test/integration/fapi-key-create-sign-policy-provision.int.c \ @top_srcdir@/test/integration/fapi-nv-authorizenv-cphash.int.c \ @top_srcdir@/test/integration/fapi-nv-extend.int.c \ @top_srcdir@/test/integration/fapi-nv-increment.int.c \ @top_srcdir@/test/integration/fapi-nv-ordinary.int.c \ @top_srcdir@/test/integration/fapi-nv-set-bits.int.c \ @top_srcdir@/test/integration/fapi-nv-written-policy.int.c \ @top_srcdir@/test/integration/fapi-pcr-test.int.c \ @top_srcdir@/test/integration/fapi-platform-certificates.int.c \ @top_srcdir@/test/integration/fapi-quote.int.c \ @top_srcdir@/test/integration/fapi-unseal.int.c # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding. Doxygen uses # libiconv (or the iconv built into libc) for the transcoding. See the libiconv # documentation (see: http://www.gnu.org/software/libiconv) for the list of # possible encodings. # The default value is: UTF-8. INPUT_ENCODING = UTF-8 # If the value of the INPUT tag contains directories, you can use the # FILE_PATTERNS tag to specify one or more wildcard patterns (like *.cpp and # *.h) to filter out the source-files in the directories. # # Note that for custom extensions or not directly supported extensions you also # need to set EXTENSION_MAPPING for the extension otherwise the files are not # read by doxygen. # # If left blank the following patterns are tested:*.c, *.cc, *.cxx, *.cpp, # *.c++, *.java, *.ii, *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h, # *.hh, *.hxx, *.hpp, *.h++, *.cs, *.d, *.php, *.php4, *.php5, *.phtml, *.inc, # *.m, *.markdown, *.md, *.mm, *.dox, *.py, *.pyw, *.f90, *.f, *.for, *.tcl, # *.vhd, *.vhdl, *.ucf, *.qsf, *.as and *.js. FILE_PATTERNS = *.c \ *.h \ *.md \ *.dox # The RECURSIVE tag can be used to specify whether or not subdirectories should # be searched for input files as well. # The default value is: NO. RECURSIVE = YES # The EXCLUDE tag can be used to specify files and/or directories that should be # excluded from the INPUT source files. This way you can easily exclude a # subdirectory from a directory tree whose root is specified with the INPUT tag. # # Note that relative paths are relative to the directory from which doxygen is # run. EXCLUDE = # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded # from the input. # The default value is: NO. EXCLUDE_SYMLINKS = NO # If the value of the INPUT tag contains directories, you can use the # EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude # certain files from those directories. # # Note that the wildcards are matched against the file with absolute path, so to # exclude all test directories for example use the pattern */test/* EXCLUDE_PATTERNS = # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names # (namespaces, classes, functions, etc.) that should be excluded from the # output. The symbol name can be a fully qualified name, a word, or if the # wildcard * is used, a substring. Examples: ANamespace, AClass, # AClass::ANamespace, ANamespace::*Test # # Note that the wildcards are matched against the file with absolute path, so to # exclude all test directories use the pattern */test/* EXCLUDE_SYMBOLS = *_IN IESYS_CMD_IN_PARAM # The EXAMPLE_PATH tag can be used to specify one or more files or directories # that contain example code fragments that are included (see the \include # command). EXAMPLE_PATH = # If the value of the EXAMPLE_PATH tag contains directories, you can use the # EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp and # *.h) to filter out the source-files in the directories. If left blank all # files are included. EXAMPLE_PATTERNS = * # If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be # searched for input files to be used with the \include or \dontinclude commands # irrespective of the value of the RECURSIVE tag. # The default value is: NO. EXAMPLE_RECURSIVE = NO # The IMAGE_PATH tag can be used to specify one or more files or directories # that contain images that are to be included in the documentation (see the # \image command). IMAGE_PATH = @top_srcdir@/doc/ # The INPUT_FILTER tag can be used to specify a program that doxygen should # invoke to filter for each input file. Doxygen will invoke the filter program # by executing (via popen()) the command: # # # # where is the value of the INPUT_FILTER tag, and is the # name of an input file. Doxygen will then use the output that the filter # program writes to standard output. If FILTER_PATTERNS is specified, this tag # will be ignored. # # Note that the filter must not add or remove lines; it is applied before the # code is scanned, but not when the output code is generated. If lines are added # or removed, the anchors will not be placed correctly. # # Note that for custom extensions or not directly supported extensions you also # need to set EXTENSION_MAPPING for the extension otherwise the files are not # properly processed by doxygen. INPUT_FILTER = # The FILTER_PATTERNS tag can be used to specify filters on a per file pattern # basis. Doxygen will compare the file name with each pattern and apply the # filter if there is a match. The filters are a list of the form: pattern=filter # (like *.cpp=my_cpp_filter). See INPUT_FILTER for further information on how # filters are used. If the FILTER_PATTERNS tag is empty or if none of the # patterns match the file name, INPUT_FILTER is applied. # # Note that for custom extensions or not directly supported extensions you also # need to set EXTENSION_MAPPING for the extension otherwise the files are not # properly processed by doxygen. FILTER_PATTERNS = # If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using # INPUT_FILTER) will also be used to filter the input files that are used for # producing the source files to browse (i.e. when SOURCE_BROWSER is set to YES). # The default value is: NO. FILTER_SOURCE_FILES = NO # The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file # pattern. A pattern will override the setting for FILTER_PATTERN (if any) and # it is also possible to disable source filtering for a specific pattern using # *.ext= (so without naming a filter). # This tag requires that the tag FILTER_SOURCE_FILES is set to YES. FILTER_SOURCE_PATTERNS = # If the USE_MDFILE_AS_MAINPAGE tag refers to the name of a markdown file that # is part of the input, its contents will be placed on the main page # (index.html). This can be useful if you have a project on for instance GitHub # and want to reuse the introduction page also for the doxygen output. USE_MDFILE_AS_MAINPAGE = README.md #--------------------------------------------------------------------------- # Configuration options related to source browsing #--------------------------------------------------------------------------- # If the SOURCE_BROWSER tag is set to YES then a list of source files will be # generated. Documented entities will be cross-referenced with these sources. # # Note: To get rid of all source code in the generated output, make sure that # also VERBATIM_HEADERS is set to NO. # The default value is: NO. SOURCE_BROWSER = NO # Setting the INLINE_SOURCES tag to YES will include the body of functions, # classes and enums directly into the documentation. # The default value is: NO. INLINE_SOURCES = NO # Setting the STRIP_CODE_COMMENTS tag to YES will instruct doxygen to hide any # special comment blocks from generated source code fragments. Normal C, C++ and # Fortran comments will always remain visible. # The default value is: YES. STRIP_CODE_COMMENTS = YES # If the REFERENCED_BY_RELATION tag is set to YES then for each documented # function all documented functions referencing it will be listed. # The default value is: NO. REFERENCED_BY_RELATION = NO # If the REFERENCES_RELATION tag is set to YES then for each documented function # all documented entities called/used by that function will be listed. # The default value is: NO. REFERENCES_RELATION = NO # If the REFERENCES_LINK_SOURCE tag is set to YES and SOURCE_BROWSER tag is set # to YES then the hyperlinks from functions in REFERENCES_RELATION and # REFERENCED_BY_RELATION lists will link to the source code. Otherwise they will # link to the documentation. # The default value is: YES. REFERENCES_LINK_SOURCE = YES # If SOURCE_TOOLTIPS is enabled (the default) then hovering a hyperlink in the # source code will show a tooltip with additional information such as prototype, # brief description and links to the definition and documentation. Since this # will make the HTML file larger and loading of large files a bit slower, you # can opt to disable this feature. # The default value is: YES. # This tag requires that the tag SOURCE_BROWSER is set to YES. SOURCE_TOOLTIPS = YES # If the USE_HTAGS tag is set to YES then the references to source code will # point to the HTML generated by the htags(1) tool instead of doxygen built-in # source browser. The htags tool is part of GNU's global source tagging system # (see http://www.gnu.org/software/global/global.html). You will need version # 4.8.6 or higher. # # To use it do the following: # - Install the latest version of global # - Enable SOURCE_BROWSER and USE_HTAGS in the config file # - Make sure the INPUT points to the root of the source tree # - Run doxygen as normal # # Doxygen will invoke htags (and that will in turn invoke gtags), so these # tools must be available from the command line (i.e. in the search path). # # The result: instead of the source browser generated by doxygen, the links to # source code will now point to the output of htags. # The default value is: NO. # This tag requires that the tag SOURCE_BROWSER is set to YES. USE_HTAGS = NO # If the VERBATIM_HEADERS tag is set the YES then doxygen will generate a # verbatim copy of the header file for each class for which an include is # specified. Set to NO to disable this. # See also: Section \class. # The default value is: YES. VERBATIM_HEADERS = YES # If the CLANG_ASSISTED_PARSING tag is set to YES then doxygen will use the # clang parser (see: http://clang.llvm.org/) for more accurate parsing at the # cost of reduced performance. This can be particularly helpful with template # rich C++ code for which doxygen's built-in parser lacks the necessary type # information. # Note: The availability of this option depends on whether or not doxygen was # generated with the -Duse-libclang=ON option for CMake. # The default value is: NO. CLANG_ASSISTED_PARSING = NO # If clang assisted parsing is enabled you can provide the compiler with command # line options that you would normally use when invoking the compiler. Note that # the include paths will already be set by doxygen for the files and directories # specified with INPUT and INCLUDE_PATH. # This tag requires that the tag CLANG_ASSISTED_PARSING is set to YES. CLANG_OPTIONS = #--------------------------------------------------------------------------- # Configuration options related to the alphabetical class index #--------------------------------------------------------------------------- # If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index of all # compounds will be generated. Enable this if the project contains a lot of # classes, structs, unions or interfaces. # The default value is: YES. ALPHABETICAL_INDEX = YES # The COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns in # which the alphabetical index list will be split. # Minimum value: 1, maximum value: 20, default value: 5. # This tag requires that the tag ALPHABETICAL_INDEX is set to YES. COLS_IN_ALPHA_INDEX = 5 # In case all classes in a project start with a common prefix, all classes will # be put under the same header in the alphabetical index. The IGNORE_PREFIX tag # can be used to specify a prefix (or a list of prefixes) that should be ignored # while generating the index headers. # This tag requires that the tag ALPHABETICAL_INDEX is set to YES. IGNORE_PREFIX = #--------------------------------------------------------------------------- # Configuration options related to the HTML output #--------------------------------------------------------------------------- # If the GENERATE_HTML tag is set to YES, doxygen will generate HTML output # The default value is: YES. GENERATE_HTML = YES # The HTML_OUTPUT tag is used to specify where the HTML docs will be put. If a # relative path is entered the value of OUTPUT_DIRECTORY will be put in front of # it. # The default directory is: html. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_OUTPUT = html # The HTML_FILE_EXTENSION tag can be used to specify the file extension for each # generated HTML page (for example: .htm, .php, .asp). # The default value is: .html. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_FILE_EXTENSION = .html # The HTML_HEADER tag can be used to specify a user-defined HTML header file for # each generated HTML page. If the tag is left blank doxygen will generate a # standard header. # # To get valid HTML the header file that includes any scripts and style sheets # that doxygen needs, which is dependent on the configuration options used (e.g. # the setting GENERATE_TREEVIEW). It is highly recommended to start with a # default header using # doxygen -w html new_header.html new_footer.html new_stylesheet.css # YourConfigFile # and then modify the file new_header.html. See also section "Doxygen usage" # for information on how to generate the default header that doxygen normally # uses. # Note: The header is subject to change so you typically have to regenerate the # default header when upgrading to a newer version of doxygen. For a description # of the possible markers and block names see the documentation. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_HEADER = # The HTML_FOOTER tag can be used to specify a user-defined HTML footer for each # generated HTML page. If the tag is left blank doxygen will generate a standard # footer. See HTML_HEADER for more information on how to generate a default # footer and what special commands can be used inside the footer. See also # section "Doxygen usage" for information on how to generate the default footer # that doxygen normally uses. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_FOOTER = # The HTML_STYLESHEET tag can be used to specify a user-defined cascading style # sheet that is used by each HTML page. It can be used to fine-tune the look of # the HTML output. If left blank doxygen will generate a default style sheet. # See also section "Doxygen usage" for information on how to generate the style # sheet that doxygen normally uses. # Note: It is recommended to use HTML_EXTRA_STYLESHEET instead of this tag, as # it is more robust and this tag (HTML_STYLESHEET) will in the future become # obsolete. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_STYLESHEET = # The HTML_EXTRA_STYLESHEET tag can be used to specify additional user-defined # cascading style sheets that are included after the standard style sheets # created by doxygen. Using this option one can overrule certain style aspects. # This is preferred over using HTML_STYLESHEET since it does not replace the # standard style sheet and is therefore more robust against future updates. # Doxygen will copy the style sheet files to the output directory. # Note: The order of the extra style sheet files is of importance (e.g. the last # style sheet in the list overrules the setting of the previous ones in the # list). For an example see the documentation. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_EXTRA_STYLESHEET = # The HTML_EXTRA_FILES tag can be used to specify one or more extra images or # other source files which should be copied to the HTML output directory. Note # that these files will be copied to the base HTML output directory. Use the # $relpath^ marker in the HTML_HEADER and/or HTML_FOOTER files to load these # files. In the HTML_STYLESHEET file, use the file name only. Also note that the # files will be copied as-is; there are no commands or markers available. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_EXTRA_FILES = # The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. Doxygen # will adjust the colors in the style sheet and background images according to # this color. Hue is specified as an angle on a colorwheel, see # http://en.wikipedia.org/wiki/Hue for more information. For instance the value # 0 represents red, 60 is yellow, 120 is green, 180 is cyan, 240 is blue, 300 # purple, and 360 is red again. # Minimum value: 0, maximum value: 359, default value: 220. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_COLORSTYLE_HUE = 220 # The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of the colors # in the HTML output. For a value of 0 the output will use grayscales only. A # value of 255 will produce the most vivid colors. # Minimum value: 0, maximum value: 255, default value: 100. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_COLORSTYLE_SAT = 100 # The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to the # luminance component of the colors in the HTML output. Values below 100 # gradually make the output lighter, whereas values above 100 make the output # darker. The value divided by 100 is the actual gamma applied, so 80 represents # a gamma of 0.8, The value 220 represents a gamma of 2.2, and 100 does not # change the gamma. # Minimum value: 40, maximum value: 240, default value: 80. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_COLORSTYLE_GAMMA = 80 # If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML # page will contain the date and time when the page was generated. Setting this # to YES can help to show when doxygen was last run and thus if the # documentation is up to date. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_TIMESTAMP = NO # If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML # documentation will contain sections that can be hidden and shown after the # page has loaded. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_DYNAMIC_SECTIONS = NO # With HTML_INDEX_NUM_ENTRIES one can control the preferred number of entries # shown in the various tree structured indices initially; the user can expand # and collapse entries dynamically later on. Doxygen will expand the tree to # such a level that at most the specified number of entries are visible (unless # a fully collapsed tree already exceeds this amount). So setting the number of # entries 1 will produce a full collapsed tree by default. 0 is a special value # representing an infinite number of entries and will result in a full expanded # tree by default. # Minimum value: 0, maximum value: 9999, default value: 100. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_INDEX_NUM_ENTRIES = 100 # If the GENERATE_DOCSET tag is set to YES, additional index files will be # generated that can be used as input for Apple's Xcode 3 integrated development # environment (see: http://developer.apple.com/tools/xcode/), introduced with # OSX 10.5 (Leopard). To create a documentation set, doxygen will generate a # Makefile in the HTML output directory. Running make will produce the docset in # that directory and running make install will install the docset in # ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find it at # startup. See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html # for more information. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_DOCSET = NO # This tag determines the name of the docset feed. A documentation feed provides # an umbrella under which multiple documentation sets from a single provider # (such as a company or product suite) can be grouped. # The default value is: Doxygen generated docs. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_FEEDNAME = "Doxygen generated docs" # This tag specifies a string that should uniquely identify the documentation # set bundle. This should be a reverse domain-name style string, e.g. # com.mycompany.MyDocSet. Doxygen will append .docset to the name. # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_BUNDLE_ID = org.doxygen.Project # The DOCSET_PUBLISHER_ID tag specifies a string that should uniquely identify # the documentation publisher. This should be a reverse domain-name style # string, e.g. com.mycompany.MyDocSet.documentation. # The default value is: org.doxygen.Publisher. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_PUBLISHER_ID = org.doxygen.Publisher # The DOCSET_PUBLISHER_NAME tag identifies the documentation publisher. # The default value is: Publisher. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_PUBLISHER_NAME = Publisher # If the GENERATE_HTMLHELP tag is set to YES then doxygen generates three # additional HTML index files: index.hhp, index.hhc, and index.hhk. The # index.hhp is a project file that can be read by Microsoft's HTML Help Workshop # (see: http://www.microsoft.com/en-us/download/details.aspx?id=21138) on # Windows. # # The HTML Help Workshop contains a compiler that can convert all HTML output # generated by doxygen into a single compiled HTML file (.chm). Compiled HTML # files are now used as the Windows 98 help format, and will replace the old # Windows help format (.hlp) on all Windows platforms in the future. Compressed # HTML files also contain an index, a table of contents, and you can search for # words in the documentation. The HTML workshop also contains a viewer for # compressed HTML files. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_HTMLHELP = NO # The CHM_FILE tag can be used to specify the file name of the resulting .chm # file. You can add a path in front of the file if the result should not be # written to the html output directory. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. CHM_FILE = # The HHC_LOCATION tag can be used to specify the location (absolute path # including file name) of the HTML help compiler (hhc.exe). If non-empty, # doxygen will try to run the HTML help compiler on the generated index.hhp. # The file has to be specified with full path. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. HHC_LOCATION = # The GENERATE_CHI flag controls if a separate .chi index file is generated # (YES) or that it should be included in the master .chm file (NO). # The default value is: NO. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. GENERATE_CHI = NO # The CHM_INDEX_ENCODING is used to encode HtmlHelp index (hhk), content (hhc) # and project file content. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. CHM_INDEX_ENCODING = # The BINARY_TOC flag controls whether a binary table of contents is generated # (YES) or a normal table of contents (NO) in the .chm file. Furthermore it # enables the Previous and Next buttons. # The default value is: NO. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. BINARY_TOC = NO # The TOC_EXPAND flag can be set to YES to add extra items for group members to # the table of contents of the HTML help documentation and to the tree view. # The default value is: NO. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. TOC_EXPAND = NO # If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and # QHP_VIRTUAL_FOLDER are set, an additional index file will be generated that # can be used as input for Qt's qhelpgenerator to generate a Qt Compressed Help # (.qch) of the generated HTML documentation. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_QHP = NO # If the QHG_LOCATION tag is specified, the QCH_FILE tag can be used to specify # the file name of the resulting .qch file. The path specified is relative to # the HTML output folder. # This tag requires that the tag GENERATE_QHP is set to YES. QCH_FILE = # The QHP_NAMESPACE tag specifies the namespace to use when generating Qt Help # Project output. For more information please see Qt Help Project / Namespace # (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#namespace). # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_QHP is set to YES. QHP_NAMESPACE = org.doxygen.Project # The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating Qt # Help Project output. For more information please see Qt Help Project / Virtual # Folders (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#virtual- # folders). # The default value is: doc. # This tag requires that the tag GENERATE_QHP is set to YES. QHP_VIRTUAL_FOLDER = doc # If the QHP_CUST_FILTER_NAME tag is set, it specifies the name of a custom # filter to add. For more information please see Qt Help Project / Custom # Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom- # filters). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_CUST_FILTER_NAME = # The QHP_CUST_FILTER_ATTRS tag specifies the list of the attributes of the # custom filter to add. For more information please see Qt Help Project / Custom # Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom- # filters). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_CUST_FILTER_ATTRS = # The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this # project's filter section matches. Qt Help Project / Filter Attributes (see: # http://qt-project.org/doc/qt-4.8/qthelpproject.html#filter-attributes). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_SECT_FILTER_ATTRS = # The QHG_LOCATION tag can be used to specify the location of Qt's # qhelpgenerator. If non-empty doxygen will try to run qhelpgenerator on the # generated .qhp file. # This tag requires that the tag GENERATE_QHP is set to YES. QHG_LOCATION = # If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files will be # generated, together with the HTML files, they form an Eclipse help plugin. To # install this plugin and make it available under the help contents menu in # Eclipse, the contents of the directory containing the HTML and XML files needs # to be copied into the plugins directory of eclipse. The name of the directory # within the plugins directory should be the same as the ECLIPSE_DOC_ID value. # After copying Eclipse needs to be restarted before the help appears. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_ECLIPSEHELP = NO # A unique identifier for the Eclipse help plugin. When installing the plugin # the directory name containing the HTML and XML files should also have this # name. Each documentation set should have its own identifier. # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_ECLIPSEHELP is set to YES. ECLIPSE_DOC_ID = org.doxygen.Project # If you want full control over the layout of the generated HTML pages it might # be necessary to disable the index and replace it with your own. The # DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs) at top # of each HTML page. A value of NO enables the index and the value YES disables # it. Since the tabs in the index contain the same information as the navigation # tree, you can set this option to YES if you also set GENERATE_TREEVIEW to YES. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. DISABLE_INDEX = NO # The GENERATE_TREEVIEW tag is used to specify whether a tree-like index # structure should be generated to display hierarchical information. If the tag # value is set to YES, a side panel will be generated containing a tree-like # index structure (just like the one that is generated for HTML Help). For this # to work a browser that supports JavaScript, DHTML, CSS and frames is required # (i.e. any modern browser). Windows users are probably better off using the # HTML help feature. Via custom style sheets (see HTML_EXTRA_STYLESHEET) one can # further fine-tune the look of the index. As an example, the default style # sheet generated by doxygen has an example that shows how to put an image at # the root of the tree instead of the PROJECT_NAME. Since the tree basically has # the same information as the tab index, you could consider setting # DISABLE_INDEX to YES when enabling this option. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_TREEVIEW = YES # The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values that # doxygen will group on one line in the generated HTML documentation. # # Note that a value of 0 will completely suppress the enum values from appearing # in the overview section. # Minimum value: 0, maximum value: 20, default value: 4. # This tag requires that the tag GENERATE_HTML is set to YES. ENUM_VALUES_PER_LINE = 4 # If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be used # to set the initial width (in pixels) of the frame in which the tree is shown. # Minimum value: 0, maximum value: 1500, default value: 250. # This tag requires that the tag GENERATE_HTML is set to YES. TREEVIEW_WIDTH = 250 # If the EXT_LINKS_IN_WINDOW option is set to YES, doxygen will open links to # external symbols imported via tag files in a separate window. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. EXT_LINKS_IN_WINDOW = NO # Use this tag to change the font size of LaTeX formulas included as images in # the HTML documentation. When you change the font size after a successful # doxygen run you need to manually remove any form_*.png images from the HTML # output directory to force them to be regenerated. # Minimum value: 8, maximum value: 50, default value: 10. # This tag requires that the tag GENERATE_HTML is set to YES. FORMULA_FONTSIZE = 10 # Use the FORMULA_TRANPARENT tag to determine whether or not the images # generated for formulas are transparent PNGs. Transparent PNGs are not # supported properly for IE 6.0, but are supported on all modern browsers. # # Note that when changing this option you need to delete any form_*.png files in # the HTML output directory before the changes have effect. # The default value is: YES. # This tag requires that the tag GENERATE_HTML is set to YES. FORMULA_TRANSPARENT = YES # Enable the USE_MATHJAX option to render LaTeX formulas using MathJax (see # http://www.mathjax.org) which uses client side Javascript for the rendering # instead of using pre-rendered bitmaps. Use this if you do not have LaTeX # installed or if you want to formulas look prettier in the HTML output. When # enabled you may also need to install MathJax separately and configure the path # to it using the MATHJAX_RELPATH option. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. USE_MATHJAX = NO # When MathJax is enabled you can set the default output format to be used for # the MathJax output. See the MathJax site (see: # http://docs.mathjax.org/en/latest/output.html) for more details. # Possible values are: HTML-CSS (which is slower, but has the best # compatibility), NativeMML (i.e. MathML) and SVG. # The default value is: HTML-CSS. # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_FORMAT = HTML-CSS # When MathJax is enabled you need to specify the location relative to the HTML # output directory using the MATHJAX_RELPATH option. The destination directory # should contain the MathJax.js script. For instance, if the mathjax directory # is located at the same level as the HTML output directory, then # MATHJAX_RELPATH should be ../mathjax. The default value points to the MathJax # Content Delivery Network so you can quickly see the result without installing # MathJax. However, it is strongly recommended to install a local copy of # MathJax from http://www.mathjax.org before deployment. # The default value is: http://cdn.mathjax.org/mathjax/latest. # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_RELPATH = http://cdn.mathjax.org/mathjax/latest # The MATHJAX_EXTENSIONS tag can be used to specify one or more MathJax # extension names that should be enabled during MathJax rendering. For example # MATHJAX_EXTENSIONS = TeX/AMSmath TeX/AMSsymbols # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_EXTENSIONS = # The MATHJAX_CODEFILE tag can be used to specify a file with javascript pieces # of code that will be used on startup of the MathJax code. See the MathJax site # (see: http://docs.mathjax.org/en/latest/output.html) for more details. For an # example see the documentation. # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_CODEFILE = # When the SEARCHENGINE tag is enabled doxygen will generate a search box for # the HTML output. The underlying search engine uses javascript and DHTML and # should work on any modern browser. Note that when using HTML help # (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets (GENERATE_DOCSET) # there is already a search function so this one should typically be disabled. # For large projects the javascript based search engine can be slow, then # enabling SERVER_BASED_SEARCH may provide a better solution. It is possible to # search using the keyboard; to jump to the search box use + S # (what the is depends on the OS and browser, but it is typically # , /