1 /*
2 * libusb example program to manipulate U.are.U 4000B fingerprint scanner.
3 * Copyright © 2007 Daniel Drake <dsd@gentoo.org>
4 * Copyright © 2016 Nathan Hjelm <hjelmn@mac.com>
5 *
6 * Basic image capture program only, does not consider the powerup quirks or
7 * the fact that image encryption may be enabled. Not expected to work
8 * flawlessly all of the time.
9 *
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2.1 of the License, or (at your option) any later version.
14 *
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
19 *
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
23 */
24
25 #include <errno.h>
26 #include <pthread.h>
27 #include <semaphore.h>
28 #include <signal.h>
29 #include <string.h>
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <fcntl.h>
33
34 #include "libusb.h"
35
36 #define EP_INTR (1 | LIBUSB_ENDPOINT_IN)
37 #define EP_DATA (2 | LIBUSB_ENDPOINT_IN)
38 #define CTRL_IN (LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_ENDPOINT_IN)
39 #define CTRL_OUT (LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_ENDPOINT_OUT)
40 #define USB_RQ 0x04
41 #define INTR_LENGTH 64
42 #define SEM_NAME "/org.libusb.example.dpfp_threaded"
43
44 enum {
45 MODE_INIT = 0x00,
46 MODE_AWAIT_FINGER_ON = 0x10,
47 MODE_AWAIT_FINGER_OFF = 0x12,
48 MODE_CAPTURE = 0x20,
49 MODE_SHUT_UP = 0x30,
50 MODE_READY = 0x80,
51 };
52
53 static int next_state(void);
54
55 enum {
56 STATE_AWAIT_MODE_CHANGE_AWAIT_FINGER_ON = 1,
57 STATE_AWAIT_IRQ_FINGER_DETECTED,
58 STATE_AWAIT_MODE_CHANGE_CAPTURE,
59 STATE_AWAIT_IMAGE,
60 STATE_AWAIT_MODE_CHANGE_AWAIT_FINGER_OFF,
61 STATE_AWAIT_IRQ_FINGER_REMOVED,
62 };
63
64 static int state = 0;
65 static struct libusb_device_handle *devh = NULL;
66 static unsigned char imgbuf[0x1b340];
67 static unsigned char irqbuf[INTR_LENGTH];
68 static struct libusb_transfer *img_transfer = NULL;
69 static struct libusb_transfer *irq_transfer = NULL;
70 static int img_idx = 0;
71 static volatile sig_atomic_t do_exit = 0;
72
73 static pthread_t poll_thread;
74 static sem_t *exit_sem;
75
request_exit(sig_atomic_t code)76 static void request_exit(sig_atomic_t code)
77 {
78 do_exit = code;
79 sem_post(exit_sem);
80 }
81
poll_thread_main(void * arg)82 static void *poll_thread_main(void *arg)
83 {
84 int r = 0;
85 printf("poll thread running\n");
86
87 (void)arg;
88
89 while (!do_exit) {
90 struct timeval tv = { 1, 0 };
91 r = libusb_handle_events_timeout(NULL, &tv);
92 if (r < 0) {
93 request_exit(2);
94 break;
95 }
96 }
97
98 printf("poll thread shutting down\n");
99 return NULL;
100 }
101
find_dpfp_device(void)102 static int find_dpfp_device(void)
103 {
104 devh = libusb_open_device_with_vid_pid(NULL, 0x05ba, 0x000a);
105 return devh ? 0 : -EIO;
106 }
107
print_f0_data(void)108 static int print_f0_data(void)
109 {
110 unsigned char data[0x10];
111 int r;
112 unsigned int i;
113
114 r = libusb_control_transfer(devh, CTRL_IN, USB_RQ, 0xf0, 0, data,
115 sizeof(data), 0);
116 if (r < 0) {
117 fprintf(stderr, "F0 error %d\n", r);
118 return r;
119 }
120 if ((unsigned int) r < sizeof(data)) {
121 fprintf(stderr, "short read (%d)\n", r);
122 return -1;
123 }
124
125 printf("F0 data:");
126 for (i = 0; i < sizeof(data); i++)
127 printf("%02x ", data[i]);
128 printf("\n");
129 return 0;
130 }
131
get_hwstat(unsigned char * status)132 static int get_hwstat(unsigned char *status)
133 {
134 int r;
135
136 r = libusb_control_transfer(devh, CTRL_IN, USB_RQ, 0x07, 0, status, 1, 0);
137 if (r < 0) {
138 fprintf(stderr, "read hwstat error %d\n", r);
139 return r;
140 }
141 if ((unsigned int) r < 1) {
142 fprintf(stderr, "short read (%d)\n", r);
143 return -1;
144 }
145
146 printf("hwstat reads %02x\n", *status);
147 return 0;
148 }
149
set_hwstat(unsigned char data)150 static int set_hwstat(unsigned char data)
151 {
152 int r;
153
154 printf("set hwstat to %02x\n", data);
155 r = libusb_control_transfer(devh, CTRL_OUT, USB_RQ, 0x07, 0, &data, 1, 0);
156 if (r < 0) {
157 fprintf(stderr, "set hwstat error %d\n", r);
158 return r;
159 }
160 if ((unsigned int) r < 1) {
161 fprintf(stderr, "short write (%d)", r);
162 return -1;
163 }
164
165 return 0;
166 }
167
set_mode(unsigned char data)168 static int set_mode(unsigned char data)
169 {
170 int r;
171 printf("set mode %02x\n", data);
172
173 r = libusb_control_transfer(devh, CTRL_OUT, USB_RQ, 0x4e, 0, &data, 1, 0);
174 if (r < 0) {
175 fprintf(stderr, "set mode error %d\n", r);
176 return r;
177 }
178 if ((unsigned int) r < 1) {
179 fprintf(stderr, "short write (%d)", r);
180 return -1;
181 }
182
183 return 0;
184 }
185
cb_mode_changed(struct libusb_transfer * transfer)186 static void LIBUSB_CALL cb_mode_changed(struct libusb_transfer *transfer)
187 {
188 if (transfer->status != LIBUSB_TRANSFER_COMPLETED) {
189 fprintf(stderr, "mode change transfer not completed!\n");
190 request_exit(2);
191 }
192
193 printf("async cb_mode_changed length=%d actual_length=%d\n",
194 transfer->length, transfer->actual_length);
195 if (next_state() < 0)
196 request_exit(2);
197 }
198
set_mode_async(unsigned char data)199 static int set_mode_async(unsigned char data)
200 {
201 unsigned char *buf = (unsigned char*) malloc(LIBUSB_CONTROL_SETUP_SIZE + 1);
202 struct libusb_transfer *transfer;
203
204 if (!buf)
205 return -ENOMEM;
206
207 transfer = libusb_alloc_transfer(0);
208 if (!transfer) {
209 free(buf);
210 return -ENOMEM;
211 }
212
213 printf("async set mode %02x\n", data);
214 libusb_fill_control_setup(buf, CTRL_OUT, USB_RQ, 0x4e, 0, 1);
215 buf[LIBUSB_CONTROL_SETUP_SIZE] = data;
216 libusb_fill_control_transfer(transfer, devh, buf, cb_mode_changed, NULL,
217 1000);
218
219 transfer->flags = LIBUSB_TRANSFER_SHORT_NOT_OK
220 | LIBUSB_TRANSFER_FREE_BUFFER | LIBUSB_TRANSFER_FREE_TRANSFER;
221 return libusb_submit_transfer(transfer);
222 }
223
do_sync_intr(unsigned char * data)224 static int do_sync_intr(unsigned char *data)
225 {
226 int r;
227 int transferred;
228
229 r = libusb_interrupt_transfer(devh, EP_INTR, data, INTR_LENGTH,
230 &transferred, 1000);
231 if (r < 0) {
232 fprintf(stderr, "intr error %d\n", r);
233 return r;
234 }
235 if (transferred < INTR_LENGTH) {
236 fprintf(stderr, "short read (%d)\n", r);
237 return -1;
238 }
239
240 printf("recv interrupt %04x\n", *((uint16_t *) data));
241 return 0;
242 }
243
sync_intr(unsigned char type)244 static int sync_intr(unsigned char type)
245 {
246 int r;
247 unsigned char data[INTR_LENGTH];
248
249 while (1) {
250 r = do_sync_intr(data);
251 if (r < 0)
252 return r;
253 if (data[0] == type)
254 return 0;
255 }
256 }
257
save_to_file(unsigned char * data)258 static int save_to_file(unsigned char *data)
259 {
260 FILE *fd;
261 char filename[64];
262
263 snprintf(filename, sizeof(filename), "finger%d.pgm", img_idx++);
264 fd = fopen(filename, "w");
265 if (!fd)
266 return -1;
267
268 fputs("P5 384 289 255 ", fd);
269 (void) fwrite(data + 64, 1, 384*289, fd);
270 fclose(fd);
271 printf("saved image to %s\n", filename);
272 return 0;
273 }
274
next_state(void)275 static int next_state(void)
276 {
277 int r = 0;
278 printf("old state: %d\n", state);
279 switch (state) {
280 case STATE_AWAIT_IRQ_FINGER_REMOVED:
281 state = STATE_AWAIT_MODE_CHANGE_AWAIT_FINGER_ON;
282 r = set_mode_async(MODE_AWAIT_FINGER_ON);
283 break;
284 case STATE_AWAIT_MODE_CHANGE_AWAIT_FINGER_ON:
285 state = STATE_AWAIT_IRQ_FINGER_DETECTED;
286 break;
287 case STATE_AWAIT_IRQ_FINGER_DETECTED:
288 state = STATE_AWAIT_MODE_CHANGE_CAPTURE;
289 r = set_mode_async(MODE_CAPTURE);
290 break;
291 case STATE_AWAIT_MODE_CHANGE_CAPTURE:
292 state = STATE_AWAIT_IMAGE;
293 break;
294 case STATE_AWAIT_IMAGE:
295 state = STATE_AWAIT_MODE_CHANGE_AWAIT_FINGER_OFF;
296 r = set_mode_async(MODE_AWAIT_FINGER_OFF);
297 break;
298 case STATE_AWAIT_MODE_CHANGE_AWAIT_FINGER_OFF:
299 state = STATE_AWAIT_IRQ_FINGER_REMOVED;
300 break;
301 default:
302 printf("unrecognised state %d\n", state);
303 }
304 if (r < 0) {
305 fprintf(stderr, "error detected changing state\n");
306 return r;
307 }
308
309 printf("new state: %d\n", state);
310 return 0;
311 }
312
cb_irq(struct libusb_transfer * transfer)313 static void LIBUSB_CALL cb_irq(struct libusb_transfer *transfer)
314 {
315 unsigned char irqtype = transfer->buffer[0];
316
317 if (transfer->status != LIBUSB_TRANSFER_COMPLETED) {
318 fprintf(stderr, "irq transfer status %d?\n", transfer->status);
319 irq_transfer = NULL;
320 request_exit(2);
321 return;
322 }
323
324 printf("IRQ callback %02x\n", irqtype);
325 switch (state) {
326 case STATE_AWAIT_IRQ_FINGER_DETECTED:
327 if (irqtype == 0x01) {
328 if (next_state() < 0) {
329 request_exit(2);
330 return;
331 }
332 } else {
333 printf("finger-on-sensor detected in wrong state!\n");
334 }
335 break;
336 case STATE_AWAIT_IRQ_FINGER_REMOVED:
337 if (irqtype == 0x02) {
338 if (next_state() < 0) {
339 request_exit(2);
340 return;
341 }
342 } else {
343 printf("finger-on-sensor detected in wrong state!\n");
344 }
345 break;
346 }
347 if (libusb_submit_transfer(irq_transfer) < 0)
348 request_exit(2);
349 }
350
cb_img(struct libusb_transfer * transfer)351 static void LIBUSB_CALL cb_img(struct libusb_transfer *transfer)
352 {
353 if (transfer->status != LIBUSB_TRANSFER_COMPLETED) {
354 fprintf(stderr, "img transfer status %d?\n", transfer->status);
355 img_transfer = NULL;
356 request_exit(2);
357 return;
358 }
359
360 printf("Image callback\n");
361 save_to_file(imgbuf);
362 if (next_state() < 0) {
363 request_exit(2);
364 return;
365 }
366 if (libusb_submit_transfer(img_transfer) < 0)
367 request_exit(2);
368 }
369
init_capture(void)370 static int init_capture(void)
371 {
372 int r;
373
374 r = libusb_submit_transfer(irq_transfer);
375 if (r < 0)
376 return r;
377
378 r = libusb_submit_transfer(img_transfer);
379 if (r < 0) {
380 libusb_cancel_transfer(irq_transfer);
381 while (irq_transfer)
382 if (libusb_handle_events(NULL) < 0)
383 break;
384 return r;
385 }
386
387 /* start state machine */
388 state = STATE_AWAIT_IRQ_FINGER_REMOVED;
389 return next_state();
390 }
391
do_init(void)392 static int do_init(void)
393 {
394 unsigned char status;
395 int r;
396
397 r = get_hwstat(&status);
398 if (r < 0)
399 return r;
400
401 if (!(status & 0x80)) {
402 r = set_hwstat(status | 0x80);
403 if (r < 0)
404 return r;
405 r = get_hwstat(&status);
406 if (r < 0)
407 return r;
408 }
409
410 status &= ~0x80;
411 r = set_hwstat(status);
412 if (r < 0)
413 return r;
414
415 r = get_hwstat(&status);
416 if (r < 0)
417 return r;
418
419 r = sync_intr(0x56);
420 if (r < 0)
421 return r;
422
423 return 0;
424 }
425
alloc_transfers(void)426 static int alloc_transfers(void)
427 {
428 img_transfer = libusb_alloc_transfer(0);
429 if (!img_transfer)
430 return -ENOMEM;
431
432 irq_transfer = libusb_alloc_transfer(0);
433 if (!irq_transfer)
434 return -ENOMEM;
435
436 libusb_fill_bulk_transfer(img_transfer, devh, EP_DATA, imgbuf,
437 sizeof(imgbuf), cb_img, NULL, 0);
438 libusb_fill_interrupt_transfer(irq_transfer, devh, EP_INTR, irqbuf,
439 sizeof(irqbuf), cb_irq, NULL, 0);
440
441 return 0;
442 }
443
sighandler(int signum)444 static void sighandler(int signum)
445 {
446 (void)signum;
447
448 request_exit(1);
449 }
450
main(void)451 int main(void)
452 {
453 struct sigaction sigact;
454 int r = 1;
455
456 exit_sem = sem_open (SEM_NAME, O_CREAT, 0);
457 if (!exit_sem) {
458 fprintf(stderr, "failed to initialise semaphore error %d", errno);
459 exit(1);
460 }
461
462 /* only using this semaphore in this process so go ahead and unlink it now */
463 sem_unlink (SEM_NAME);
464
465 r = libusb_init(NULL);
466 if (r < 0) {
467 fprintf(stderr, "failed to initialise libusb\n");
468 exit(1);
469 }
470
471 r = find_dpfp_device();
472 if (r < 0) {
473 fprintf(stderr, "Could not find/open device\n");
474 goto out;
475 }
476
477 r = libusb_claim_interface(devh, 0);
478 if (r < 0) {
479 fprintf(stderr, "usb_claim_interface error %d %s\n", r, strerror(-r));
480 goto out;
481 }
482 printf("claimed interface\n");
483
484 r = print_f0_data();
485 if (r < 0)
486 goto out_release;
487
488 r = do_init();
489 if (r < 0)
490 goto out_deinit;
491
492 /* async from here onwards */
493
494 sigact.sa_handler = sighandler;
495 sigemptyset(&sigact.sa_mask);
496 sigact.sa_flags = 0;
497 sigaction(SIGINT, &sigact, NULL);
498 sigaction(SIGTERM, &sigact, NULL);
499 sigaction(SIGQUIT, &sigact, NULL);
500
501 r = pthread_create(&poll_thread, NULL, poll_thread_main, NULL);
502 if (r)
503 goto out_deinit;
504
505 r = alloc_transfers();
506 if (r < 0) {
507 request_exit(1);
508 pthread_join(poll_thread, NULL);
509 goto out_deinit;
510 }
511
512 r = init_capture();
513 if (r < 0) {
514 request_exit(1);
515 pthread_join(poll_thread, NULL);
516 goto out_deinit;
517 }
518
519 while (!do_exit)
520 sem_wait(exit_sem);
521
522 printf("shutting down...\n");
523 pthread_join(poll_thread, NULL);
524
525 r = libusb_cancel_transfer(irq_transfer);
526 if (r < 0) {
527 request_exit(1);
528 goto out_deinit;
529 }
530
531 r = libusb_cancel_transfer(img_transfer);
532 if (r < 0) {
533 request_exit(1);
534 goto out_deinit;
535 }
536
537 while (img_transfer || irq_transfer)
538 if (libusb_handle_events(NULL) < 0)
539 break;
540
541 if (do_exit == 1)
542 r = 0;
543 else
544 r = 1;
545
546 out_deinit:
547 libusb_free_transfer(img_transfer);
548 libusb_free_transfer(irq_transfer);
549 set_mode(0);
550 set_hwstat(0x80);
551 out_release:
552 libusb_release_interface(devh, 0);
553 out:
554 libusb_close(devh);
555 libusb_exit(NULL);
556 return r >= 0 ? r : -r;
557 }
558