• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * libusb example program to manipulate U.are.U 4000B fingerprint scanner.
3  * Copyright © 2007 Daniel Drake <dsd@gentoo.org>
4  * Copyright © 2016 Nathan Hjelm <hjelmn@mac.com>
5  * Copyright © 2020 Chris Dickens <christopher.a.dickens@gmail.com>
6  *
7  * Basic image capture program only, does not consider the powerup quirks or
8  * the fact that image encryption may be enabled. Not expected to work
9  * flawlessly all of the time.
10  *
11  * This library is free software; you can redistribute it and/or
12  * modify it under the terms of the GNU Lesser General Public
13  * License as published by the Free Software Foundation; either
14  * version 2.1 of the License, or (at your option) any later version.
15  *
16  * This library is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
19  * Lesser General Public License for more details.
20  *
21  * You should have received a copy of the GNU Lesser General Public
22  * License along with this library; if not, write to the Free Software
23  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
24  */
25 
26 #include <config.h>
27 
28 #include <errno.h>
29 #include <signal.h>
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 
34 #include "libusb.h"
35 
36 #if defined(_MSC_VER)
37 #define snprintf _snprintf
38 #endif
39 
40 #if defined(DPFP_THREADED)
41 #if defined(PLATFORM_POSIX)
42 #include <fcntl.h>
43 #include <pthread.h>
44 #include <semaphore.h>
45 #include <unistd.h>
46 
47 #define THREAD_RETURN_VALUE	NULL
48 typedef sem_t * semaphore_t;
49 typedef pthread_t thread_t;
50 
semaphore_create(void)51 static inline semaphore_t semaphore_create(void)
52 {
53 	sem_t *semaphore;
54 	char name[50];
55 
56 	sprintf(name, "/org.libusb.example.dpfp_threaded:%d", (int)getpid());
57 	semaphore = sem_open(name, O_CREAT | O_EXCL, 0, 0);
58 	if (semaphore == SEM_FAILED)
59 		return NULL;
60 	/* Remove semaphore so that it does not persist after process exits */
61 	(void)sem_unlink(name);
62 	return semaphore;
63 }
64 
semaphore_give(semaphore_t semaphore)65 static inline void semaphore_give(semaphore_t semaphore)
66 {
67 	(void)sem_post(semaphore);
68 }
69 
semaphore_take(semaphore_t semaphore)70 static inline void semaphore_take(semaphore_t semaphore)
71 {
72 	(void)sem_wait(semaphore);
73 }
74 
semaphore_destroy(semaphore_t semaphore)75 static inline void semaphore_destroy(semaphore_t semaphore)
76 {
77 	(void)sem_close(semaphore);
78 }
79 
thread_create(thread_t * thread,void * (* thread_entry)(void * arg),void * arg)80 static inline int thread_create(thread_t *thread,
81 	void *(*thread_entry)(void *arg), void *arg)
82 {
83 	return pthread_create(thread, NULL, thread_entry, arg) == 0 ? 0 : -1;
84 }
85 
thread_join(thread_t thread)86 static inline void thread_join(thread_t thread)
87 {
88 	(void)pthread_join(thread, NULL);
89 }
90 #elif defined(PLATFORM_WINDOWS)
91 #define THREAD_RETURN_VALUE	0
92 typedef HANDLE semaphore_t;
93 typedef HANDLE thread_t;
94 
95 #if defined(__CYGWIN__)
96 typedef DWORD thread_return_t;
97 #else
98 #include <process.h>
99 typedef unsigned thread_return_t;
100 #endif
101 
semaphore_create(void)102 static inline semaphore_t semaphore_create(void)
103 {
104 	return CreateSemaphore(NULL, 0, 1, NULL);
105 }
106 
semaphore_give(semaphore_t semaphore)107 static inline void semaphore_give(semaphore_t semaphore)
108 {
109 	(void)ReleaseSemaphore(semaphore, 1, NULL);
110 }
111 
semaphore_take(semaphore_t semaphore)112 static inline void semaphore_take(semaphore_t semaphore)
113 {
114 	(void)WaitForSingleObject(semaphore, INFINITE);
115 }
116 
semaphore_destroy(semaphore_t semaphore)117 static inline void semaphore_destroy(semaphore_t semaphore)
118 {
119 	(void)CloseHandle(semaphore);
120 }
121 
thread_create(thread_t * thread,thread_return_t (__stdcall * thread_entry)(void * arg),void * arg)122 static inline int thread_create(thread_t *thread,
123 	thread_return_t (__stdcall *thread_entry)(void *arg), void *arg)
124 {
125 #if defined(__CYGWIN__)
126 	*thread = CreateThread(NULL, 0, thread_entry, arg, 0, NULL);
127 #else
128 	*thread = (HANDLE)_beginthreadex(NULL, 0, thread_entry, arg, 0, NULL);
129 #endif
130 	return *thread != NULL ? 0 : -1;
131 }
132 
thread_join(thread_t thread)133 static inline void thread_join(thread_t thread)
134 {
135 	(void)WaitForSingleObject(thread, INFINITE);
136 	(void)CloseHandle(thread);
137 }
138 #endif
139 #endif
140 
141 #define EP_INTR			(1 | LIBUSB_ENDPOINT_IN)
142 #define EP_DATA			(2 | LIBUSB_ENDPOINT_IN)
143 #define CTRL_IN			(LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_ENDPOINT_IN)
144 #define CTRL_OUT		(LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_ENDPOINT_OUT)
145 #define USB_RQ			0x04
146 #define INTR_LENGTH		64
147 
148 enum {
149 	MODE_INIT = 0x00,
150 	MODE_AWAIT_FINGER_ON = 0x10,
151 	MODE_AWAIT_FINGER_OFF = 0x12,
152 	MODE_CAPTURE = 0x20,
153 	MODE_SHUT_UP = 0x30,
154 	MODE_READY = 0x80,
155 };
156 
157 static int next_state(void);
158 
159 enum {
160 	STATE_AWAIT_MODE_CHANGE_AWAIT_FINGER_ON = 1,
161 	STATE_AWAIT_IRQ_FINGER_DETECTED,
162 	STATE_AWAIT_MODE_CHANGE_CAPTURE,
163 	STATE_AWAIT_IMAGE,
164 	STATE_AWAIT_MODE_CHANGE_AWAIT_FINGER_OFF,
165 	STATE_AWAIT_IRQ_FINGER_REMOVED,
166 };
167 
168 static int state = 0;
169 static libusb_device_handle *devh = NULL;
170 static unsigned char imgbuf[0x1b340];
171 static unsigned char irqbuf[INTR_LENGTH];
172 static struct libusb_transfer *img_transfer = NULL;
173 static struct libusb_transfer *irq_transfer = NULL;
174 static int img_idx = 0;
175 static volatile sig_atomic_t do_exit = 0;
176 
177 #if defined(DPFP_THREADED)
178 static semaphore_t exit_semaphore;
179 static thread_t poll_thread;
180 #endif
181 
request_exit(sig_atomic_t code)182 static void request_exit(sig_atomic_t code)
183 {
184 	do_exit = code;
185 #if defined(DPFP_THREADED)
186 	semaphore_give(exit_semaphore);
187 #endif
188 }
189 
190 #if defined(DPFP_THREADED)
191 #if defined(PLATFORM_POSIX)
poll_thread_main(void * arg)192 static void *poll_thread_main(void *arg)
193 #elif defined(PLATFORM_WINDOWS)
194 static thread_return_t __stdcall poll_thread_main(void *arg)
195 #endif
196 {
197 	(void)arg;
198 
199 	printf("poll thread running\n");
200 
201 	while (!do_exit) {
202 		struct timeval tv = { 1, 0 };
203 		int r;
204 
205 		r = libusb_handle_events_timeout(NULL, &tv);
206 		if (r < 0) {
207 			request_exit(2);
208 			break;
209 		}
210 	}
211 
212 	printf("poll thread shutting down\n");
213 	return THREAD_RETURN_VALUE;
214 }
215 #endif
216 
find_dpfp_device(void)217 static int find_dpfp_device(void)
218 {
219 	devh = libusb_open_device_with_vid_pid(NULL, 0x05ba, 0x000a);
220 	if (!devh) {
221 		errno = ENODEV;
222 		return -1;
223 	}
224 	return 0;
225 }
226 
print_f0_data(void)227 static int print_f0_data(void)
228 {
229 	unsigned char data[0x10];
230 	size_t i;
231 	int r;
232 
233 	r = libusb_control_transfer(devh, CTRL_IN, USB_RQ, 0xf0, 0, data,
234 		sizeof(data), 0);
235 	if (r < 0) {
236 		fprintf(stderr, "F0 error %d\n", r);
237 		return r;
238 	}
239 	if (r < (int)sizeof(data)) {
240 		fprintf(stderr, "short read (%d)\n", r);
241 		return -1;
242 	}
243 
244 	printf("F0 data:");
245 	for (i = 0; i < sizeof(data); i++)
246 		printf(" %02x", data[i]);
247 	printf("\n");
248 	return 0;
249 }
250 
get_hwstat(unsigned char * status)251 static int get_hwstat(unsigned char *status)
252 {
253 	int r;
254 
255 	r = libusb_control_transfer(devh, CTRL_IN, USB_RQ, 0x07, 0, status, 1, 0);
256 	if (r < 0) {
257 		fprintf(stderr, "read hwstat error %d\n", r);
258 		return r;
259 	}
260 	if (r < 1) {
261 		fprintf(stderr, "short read (%d)\n", r);
262 		return -1;
263 	}
264 
265 	printf("hwstat reads %02x\n", *status);
266 	return 0;
267 }
268 
set_hwstat(unsigned char data)269 static int set_hwstat(unsigned char data)
270 {
271 	int r;
272 
273 	printf("set hwstat to %02x\n", data);
274 	r = libusb_control_transfer(devh, CTRL_OUT, USB_RQ, 0x07, 0, &data, 1, 0);
275 	if (r < 0) {
276 		fprintf(stderr, "set hwstat error %d\n", r);
277 		return r;
278 	}
279 	if (r < 1) {
280 		fprintf(stderr, "short write (%d)\n", r);
281 		return -1;
282 	}
283 
284 	return 0;
285 }
286 
set_mode(unsigned char data)287 static int set_mode(unsigned char data)
288 {
289 	int r;
290 
291 	printf("set mode %02x\n", data);
292 	r = libusb_control_transfer(devh, CTRL_OUT, USB_RQ, 0x4e, 0, &data, 1, 0);
293 	if (r < 0) {
294 		fprintf(stderr, "set mode error %d\n", r);
295 		return r;
296 	}
297 	if (r < 1) {
298 		fprintf(stderr, "short write (%d)\n", r);
299 		return -1;
300 	}
301 
302 	return 0;
303 }
304 
cb_mode_changed(struct libusb_transfer * transfer)305 static void LIBUSB_CALL cb_mode_changed(struct libusb_transfer *transfer)
306 {
307 	if (transfer->status != LIBUSB_TRANSFER_COMPLETED) {
308 		fprintf(stderr, "mode change transfer not completed!\n");
309 		request_exit(2);
310 	}
311 
312 	printf("async cb_mode_changed length=%d actual_length=%d\n",
313 		transfer->length, transfer->actual_length);
314 	if (next_state() < 0)
315 		request_exit(2);
316 }
317 
set_mode_async(unsigned char data)318 static int set_mode_async(unsigned char data)
319 {
320 	unsigned char *buf = malloc(LIBUSB_CONTROL_SETUP_SIZE + 1);
321 	struct libusb_transfer *transfer;
322 
323 	if (!buf) {
324 		errno = ENOMEM;
325 		return -1;
326 	}
327 
328 	transfer = libusb_alloc_transfer(0);
329 	if (!transfer) {
330 		free(buf);
331 		errno = ENOMEM;
332 		return -1;
333 	}
334 
335 	printf("async set mode %02x\n", data);
336 	libusb_fill_control_setup(buf, CTRL_OUT, USB_RQ, 0x4e, 0, 1);
337 	buf[LIBUSB_CONTROL_SETUP_SIZE] = data;
338 	libusb_fill_control_transfer(transfer, devh, buf, cb_mode_changed, NULL,
339 		1000);
340 
341 	transfer->flags = LIBUSB_TRANSFER_SHORT_NOT_OK
342 		| LIBUSB_TRANSFER_FREE_BUFFER | LIBUSB_TRANSFER_FREE_TRANSFER;
343 	return libusb_submit_transfer(transfer);
344 }
345 
do_sync_intr(unsigned char * data)346 static int do_sync_intr(unsigned char *data)
347 {
348 	int r;
349 	int transferred;
350 
351 	r = libusb_interrupt_transfer(devh, EP_INTR, data, INTR_LENGTH,
352 		&transferred, 1000);
353 	if (r < 0) {
354 		fprintf(stderr, "intr error %d\n", r);
355 		return r;
356 	}
357 	if (transferred < INTR_LENGTH) {
358 		fprintf(stderr, "short read (%d)\n", r);
359 		return -1;
360 	}
361 
362 	printf("recv interrupt %04x\n", *((uint16_t *)data));
363 	return 0;
364 }
365 
sync_intr(unsigned char type)366 static int sync_intr(unsigned char type)
367 {
368 	int r;
369 	unsigned char data[INTR_LENGTH];
370 
371 	while (1) {
372 		r = do_sync_intr(data);
373 		if (r < 0)
374 			return r;
375 		if (data[0] == type)
376 			return 0;
377 	}
378 }
379 
save_to_file(unsigned char * data)380 static int save_to_file(unsigned char *data)
381 {
382 	FILE *f;
383 	char filename[64];
384 
385 	snprintf(filename, sizeof(filename), "finger%d.pgm", img_idx++);
386 	f = fopen(filename, "w");
387 	if (!f)
388 		return -1;
389 
390 	fputs("P5 384 289 255 ", f);
391 	(void)fwrite(data + 64, 1, 384*289, f);
392 	fclose(f);
393 	printf("saved image to %s\n", filename);
394 	return 0;
395 }
396 
next_state(void)397 static int next_state(void)
398 {
399 	int r = 0;
400 
401 	printf("old state: %d\n", state);
402 	switch (state) {
403 	case STATE_AWAIT_IRQ_FINGER_REMOVED:
404 		state = STATE_AWAIT_MODE_CHANGE_AWAIT_FINGER_ON;
405 		r = set_mode_async(MODE_AWAIT_FINGER_ON);
406 		break;
407 	case STATE_AWAIT_MODE_CHANGE_AWAIT_FINGER_ON:
408 		state = STATE_AWAIT_IRQ_FINGER_DETECTED;
409 		break;
410 	case STATE_AWAIT_IRQ_FINGER_DETECTED:
411 		state = STATE_AWAIT_MODE_CHANGE_CAPTURE;
412 		r = set_mode_async(MODE_CAPTURE);
413 		break;
414 	case STATE_AWAIT_MODE_CHANGE_CAPTURE:
415 		state = STATE_AWAIT_IMAGE;
416 		break;
417 	case STATE_AWAIT_IMAGE:
418 		state = STATE_AWAIT_MODE_CHANGE_AWAIT_FINGER_OFF;
419 		r = set_mode_async(MODE_AWAIT_FINGER_OFF);
420 		break;
421 	case STATE_AWAIT_MODE_CHANGE_AWAIT_FINGER_OFF:
422 		state = STATE_AWAIT_IRQ_FINGER_REMOVED;
423 		break;
424 	default:
425 		printf("unrecognised state %d\n", state);
426 	}
427 	if (r < 0) {
428 		fprintf(stderr, "error detected changing state\n");
429 		return r;
430 	}
431 
432 	printf("new state: %d\n", state);
433 	return 0;
434 }
435 
cb_irq(struct libusb_transfer * transfer)436 static void LIBUSB_CALL cb_irq(struct libusb_transfer *transfer)
437 {
438 	unsigned char irqtype = transfer->buffer[0];
439 
440 	if (transfer->status != LIBUSB_TRANSFER_COMPLETED) {
441 		fprintf(stderr, "irq transfer status %d?\n", transfer->status);
442 		goto err_free_transfer;
443 	}
444 
445 	printf("IRQ callback %02x\n", irqtype);
446 	switch (state) {
447 	case STATE_AWAIT_IRQ_FINGER_DETECTED:
448 		if (irqtype == 0x01) {
449 			if (next_state() < 0)
450 				goto err_free_transfer;
451 		} else {
452 			printf("finger-on-sensor detected in wrong state!\n");
453 		}
454 		break;
455 	case STATE_AWAIT_IRQ_FINGER_REMOVED:
456 		if (irqtype == 0x02) {
457 			if (next_state() < 0)
458 				goto err_free_transfer;
459 		} else {
460 			printf("finger-on-sensor detected in wrong state!\n");
461 		}
462 		break;
463 	}
464 	if (libusb_submit_transfer(irq_transfer) < 0)
465 		goto err_free_transfer;
466 
467 	return;
468 
469 err_free_transfer:
470 	libusb_free_transfer(transfer);
471 	irq_transfer = NULL;
472 	request_exit(2);
473 }
474 
cb_img(struct libusb_transfer * transfer)475 static void LIBUSB_CALL cb_img(struct libusb_transfer *transfer)
476 {
477 	if (transfer->status != LIBUSB_TRANSFER_COMPLETED) {
478 		fprintf(stderr, "img transfer status %d?\n", transfer->status);
479 		goto err_free_transfer;
480 	}
481 
482 	printf("Image callback\n");
483 	save_to_file(imgbuf);
484 	if (next_state() < 0)
485 		goto err_free_transfer;
486 
487 	if (libusb_submit_transfer(img_transfer) < 0)
488 		goto err_free_transfer;
489 
490 	return;
491 
492 err_free_transfer:
493 	libusb_free_transfer(transfer);
494 	img_transfer = NULL;
495 	request_exit(2);
496 }
497 
init_capture(void)498 static int init_capture(void)
499 {
500 	int r;
501 
502 	r = libusb_submit_transfer(irq_transfer);
503 	if (r < 0)
504 		return r;
505 
506 	r = libusb_submit_transfer(img_transfer);
507 	if (r < 0) {
508 		libusb_cancel_transfer(irq_transfer);
509 		while (irq_transfer)
510 			if (libusb_handle_events(NULL) < 0)
511 				break;
512 		return r;
513 	}
514 
515 	/* start state machine */
516 	state = STATE_AWAIT_IRQ_FINGER_REMOVED;
517 	return next_state();
518 }
519 
do_init(void)520 static int do_init(void)
521 {
522 	unsigned char status;
523 	int r;
524 
525 	r = get_hwstat(&status);
526 	if (r < 0)
527 		return r;
528 
529 	if (!(status & 0x80)) {
530 		r = set_hwstat(status | 0x80);
531 		if (r < 0)
532 			return r;
533 		r = get_hwstat(&status);
534 		if (r < 0)
535 			return r;
536 	}
537 
538 	status &= ~0x80;
539 	r = set_hwstat(status);
540 	if (r < 0)
541 		return r;
542 
543 	r = get_hwstat(&status);
544 	if (r < 0)
545 		return r;
546 
547 	r = sync_intr(0x56);
548 	if (r < 0)
549 		return r;
550 
551 	return 0;
552 }
553 
alloc_transfers(void)554 static int alloc_transfers(void)
555 {
556 	img_transfer = libusb_alloc_transfer(0);
557 	if (!img_transfer) {
558 		errno = ENOMEM;
559 		return -1;
560 	}
561 
562 	irq_transfer = libusb_alloc_transfer(0);
563 	if (!irq_transfer) {
564 		errno = ENOMEM;
565 		return -1;
566 	}
567 
568 	libusb_fill_bulk_transfer(img_transfer, devh, EP_DATA, imgbuf,
569 		sizeof(imgbuf), cb_img, NULL, 0);
570 	libusb_fill_interrupt_transfer(irq_transfer, devh, EP_INTR, irqbuf,
571 		sizeof(irqbuf), cb_irq, NULL, 0);
572 
573 	return 0;
574 }
575 
sighandler(int signum)576 static void sighandler(int signum)
577 {
578 	(void)signum;
579 
580 	request_exit(1);
581 }
582 
setup_signals(void)583 static void setup_signals(void)
584 {
585 #if defined(PLATFORM_POSIX)
586 	struct sigaction sigact;
587 
588 	sigact.sa_handler = sighandler;
589 	sigemptyset(&sigact.sa_mask);
590 	sigact.sa_flags = 0;
591 	(void)sigaction(SIGINT, &sigact, NULL);
592 	(void)sigaction(SIGTERM, &sigact, NULL);
593 	(void)sigaction(SIGQUIT, &sigact, NULL);
594 #else
595 	(void)signal(SIGINT, sighandler);
596 	(void)signal(SIGTERM, sighandler);
597 #endif
598 }
599 
main(void)600 int main(void)
601 {
602 	int r;
603 
604 	r = libusb_init(NULL);
605 	if (r < 0) {
606 		fprintf(stderr, "failed to initialise libusb %d - %s\n", r, libusb_strerror(r));
607 		exit(1);
608 	}
609 
610 	r = find_dpfp_device();
611 	if (r < 0) {
612 		fprintf(stderr, "Could not find/open device\n");
613 		goto out;
614 	}
615 
616 	r = libusb_claim_interface(devh, 0);
617 	if (r < 0) {
618 		fprintf(stderr, "claim interface error %d - %s\n", r, libusb_strerror(r));
619 		goto out;
620 	}
621 	printf("claimed interface\n");
622 
623 	r = print_f0_data();
624 	if (r < 0)
625 		goto out_release;
626 
627 	r = do_init();
628 	if (r < 0)
629 		goto out_deinit;
630 
631 	/* async from here onwards */
632 	setup_signals();
633 
634 	r = alloc_transfers();
635 	if (r < 0)
636 		goto out_deinit;
637 
638 #if defined(DPFP_THREADED)
639 	exit_semaphore = semaphore_create();
640 	if (!exit_semaphore) {
641 		fprintf(stderr, "failed to initialise semaphore\n");
642 		goto out_deinit;
643 	}
644 
645 	r = thread_create(&poll_thread, poll_thread_main, NULL);
646 	if (r) {
647 		semaphore_destroy(exit_semaphore);
648 		goto out_deinit;
649 	}
650 
651 	r = init_capture();
652 	if (r < 0)
653 		request_exit(2);
654 
655 	while (!do_exit)
656 		semaphore_take(exit_semaphore);
657 #else
658 	r = init_capture();
659 	if (r < 0)
660 		goto out_deinit;
661 
662 	while (!do_exit) {
663 		r = libusb_handle_events(NULL);
664 		if (r < 0)
665 			request_exit(2);
666 	}
667 #endif
668 
669 	printf("shutting down...\n");
670 
671 #if defined(DPFP_THREADED)
672 	thread_join(poll_thread);
673 	semaphore_destroy(exit_semaphore);
674 #endif
675 
676 	if (img_transfer) {
677 		r = libusb_cancel_transfer(img_transfer);
678 		if (r < 0)
679 			fprintf(stderr, "failed to cancel transfer %d - %s\n", r, libusb_strerror(r));
680 	}
681 
682 	if (irq_transfer) {
683 		r = libusb_cancel_transfer(irq_transfer);
684 		if (r < 0)
685 			fprintf(stderr, "failed to cancel transfer %d - %s\n", r, libusb_strerror(r));
686 	}
687 
688 	while (img_transfer || irq_transfer) {
689 		if (libusb_handle_events(NULL) < 0)
690 			break;
691 	}
692 
693 	if (do_exit == 1)
694 		r = 0;
695 	else
696 		r = 1;
697 
698 out_deinit:
699 	if (img_transfer)
700 		libusb_free_transfer(img_transfer);
701 	if (irq_transfer)
702 		libusb_free_transfer(irq_transfer);
703 	set_mode(0);
704 	set_hwstat(0x80);
705 out_release:
706 	libusb_release_interface(devh, 0);
707 out:
708 	libusb_close(devh);
709 	libusb_exit(NULL);
710 	return r >= 0 ? r : -r;
711 }
712