1 /*
2  * libusb example program to manipulate U.are.U 4000B fingerprint scanner.
3  * Copyright © 2007 Daniel Drake <dsd@gentoo.org>
4  * Copyright © 2016 Nathan Hjelm <hjelmn@mac.com>
5  *
6  * Basic image capture program only, does not consider the powerup quirks or
7  * the fact that image encryption may be enabled. Not expected to work
8  * flawlessly all of the time.
9  *
10  * This library is free software; you can redistribute it and/or
11  * modify it under the terms of the GNU Lesser General Public
12  * License as published by the Free Software Foundation; either
13  * version 2.1 of the License, or (at your option) any later version.
14  *
15  * This library is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
18  * Lesser General Public License for more details.
19  *
20  * You should have received a copy of the GNU Lesser General Public
21  * License along with this library; if not, write to the Free Software
22  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
23  */
24 
25 #include <errno.h>
26 #include <pthread.h>
27 #include <semaphore.h>
28 #include <signal.h>
29 #include <string.h>
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <fcntl.h>
33 
34 #include "libusb.h"
35 
36 #define EP_INTR			(1 | LIBUSB_ENDPOINT_IN)
37 #define EP_DATA			(2 | LIBUSB_ENDPOINT_IN)
38 #define CTRL_IN			(LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_ENDPOINT_IN)
39 #define CTRL_OUT		(LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_ENDPOINT_OUT)
40 #define USB_RQ			0x04
41 #define INTR_LENGTH		64
42 #define SEM_NAME                "/org.libusb.example.dpfp_threaded"
43 
44 enum {
45 	MODE_INIT = 0x00,
46 	MODE_AWAIT_FINGER_ON = 0x10,
47 	MODE_AWAIT_FINGER_OFF = 0x12,
48 	MODE_CAPTURE = 0x20,
49 	MODE_SHUT_UP = 0x30,
50 	MODE_READY = 0x80,
51 };
52 
53 static int next_state(void);
54 
55 enum {
56 	STATE_AWAIT_MODE_CHANGE_AWAIT_FINGER_ON = 1,
57 	STATE_AWAIT_IRQ_FINGER_DETECTED,
58 	STATE_AWAIT_MODE_CHANGE_CAPTURE,
59 	STATE_AWAIT_IMAGE,
60 	STATE_AWAIT_MODE_CHANGE_AWAIT_FINGER_OFF,
61 	STATE_AWAIT_IRQ_FINGER_REMOVED,
62 };
63 
64 static int state = 0;
65 static struct libusb_device_handle *devh = NULL;
66 static unsigned char imgbuf[0x1b340];
67 static unsigned char irqbuf[INTR_LENGTH];
68 static struct libusb_transfer *img_transfer = NULL;
69 static struct libusb_transfer *irq_transfer = NULL;
70 static int img_idx = 0;
71 static volatile sig_atomic_t do_exit = 0;
72 
73 static pthread_t poll_thread;
74 static sem_t *exit_sem;
75 
request_exit(sig_atomic_t code)76 static void request_exit(sig_atomic_t code)
77 {
78 	do_exit = code;
79 	sem_post(exit_sem);
80 }
81 
poll_thread_main(void * arg)82 static void *poll_thread_main(void *arg)
83 {
84 	int r = 0;
85 	printf("poll thread running\n");
86 
87 	while (!do_exit) {
88 		struct timeval tv = { 1, 0 };
89 		r = libusb_handle_events_timeout(NULL, &tv);
90 		if (r < 0) {
91 			request_exit(2);
92 			break;
93 		}
94 	}
95 
96 	printf("poll thread shutting down\n");
97 	return NULL;
98 }
99 
find_dpfp_device(void)100 static int find_dpfp_device(void)
101 {
102 	devh = libusb_open_device_with_vid_pid(NULL, 0x05ba, 0x000a);
103 	return devh ? 0 : -EIO;
104 }
105 
print_f0_data(void)106 static int print_f0_data(void)
107 {
108 	unsigned char data[0x10];
109 	int r;
110 	unsigned int i;
111 
112 	r = libusb_control_transfer(devh, CTRL_IN, USB_RQ, 0xf0, 0, data,
113 		sizeof(data), 0);
114 	if (r < 0) {
115 		fprintf(stderr, "F0 error %d\n", r);
116 		return r;
117 	}
118 	if ((unsigned int) r < sizeof(data)) {
119 		fprintf(stderr, "short read (%d)\n", r);
120 		return -1;
121 	}
122 
123 	printf("F0 data:");
124 	for (i = 0; i < sizeof(data); i++)
125 		printf("%02x ", data[i]);
126 	printf("\n");
127 	return 0;
128 }
129 
get_hwstat(unsigned char * status)130 static int get_hwstat(unsigned char *status)
131 {
132 	int r;
133 
134 	r = libusb_control_transfer(devh, CTRL_IN, USB_RQ, 0x07, 0, status, 1, 0);
135 	if (r < 0) {
136 		fprintf(stderr, "read hwstat error %d\n", r);
137 		return r;
138 	}
139 	if ((unsigned int) r < 1) {
140 		fprintf(stderr, "short read (%d)\n", r);
141 		return -1;
142 	}
143 
144 	printf("hwstat reads %02x\n", *status);
145 	return 0;
146 }
147 
set_hwstat(unsigned char data)148 static int set_hwstat(unsigned char data)
149 {
150 	int r;
151 
152 	printf("set hwstat to %02x\n", data);
153 	r = libusb_control_transfer(devh, CTRL_OUT, USB_RQ, 0x07, 0, &data, 1, 0);
154 	if (r < 0) {
155 		fprintf(stderr, "set hwstat error %d\n", r);
156 		return r;
157 	}
158 	if ((unsigned int) r < 1) {
159 		fprintf(stderr, "short write (%d)", r);
160 		return -1;
161 	}
162 
163 	return 0;
164 }
165 
set_mode(unsigned char data)166 static int set_mode(unsigned char data)
167 {
168 	int r;
169 	printf("set mode %02x\n", data);
170 
171 	r = libusb_control_transfer(devh, CTRL_OUT, USB_RQ, 0x4e, 0, &data, 1, 0);
172 	if (r < 0) {
173 		fprintf(stderr, "set mode error %d\n", r);
174 		return r;
175 	}
176 	if ((unsigned int) r < 1) {
177 		fprintf(stderr, "short write (%d)", r);
178 		return -1;
179 	}
180 
181 	return 0;
182 }
183 
cb_mode_changed(struct libusb_transfer * transfer)184 static void LIBUSB_CALL cb_mode_changed(struct libusb_transfer *transfer)
185 {
186 	if (transfer->status != LIBUSB_TRANSFER_COMPLETED) {
187 		fprintf(stderr, "mode change transfer not completed!\n");
188 		request_exit(2);
189 	}
190 
191 	printf("async cb_mode_changed length=%d actual_length=%d\n",
192 		transfer->length, transfer->actual_length);
193 	if (next_state() < 0)
194 		request_exit(2);
195 }
196 
set_mode_async(unsigned char data)197 static int set_mode_async(unsigned char data)
198 {
199 	unsigned char *buf = (unsigned char*) malloc(LIBUSB_CONTROL_SETUP_SIZE + 1);
200 	struct libusb_transfer *transfer;
201 
202 	if (!buf)
203 		return -ENOMEM;
204 
205 	transfer = libusb_alloc_transfer(0);
206 	if (!transfer) {
207 		free(buf);
208 		return -ENOMEM;
209 	}
210 
211 	printf("async set mode %02x\n", data);
212 	libusb_fill_control_setup(buf, CTRL_OUT, USB_RQ, 0x4e, 0, 1);
213 	buf[LIBUSB_CONTROL_SETUP_SIZE] = data;
214 	libusb_fill_control_transfer(transfer, devh, buf, cb_mode_changed, NULL,
215 		1000);
216 
217 	transfer->flags = LIBUSB_TRANSFER_SHORT_NOT_OK
218 		| LIBUSB_TRANSFER_FREE_BUFFER | LIBUSB_TRANSFER_FREE_TRANSFER;
219 	return libusb_submit_transfer(transfer);
220 }
221 
do_sync_intr(unsigned char * data)222 static int do_sync_intr(unsigned char *data)
223 {
224 	int r;
225 	int transferred;
226 
227 	r = libusb_interrupt_transfer(devh, EP_INTR, data, INTR_LENGTH,
228 		&transferred, 1000);
229 	if (r < 0) {
230 		fprintf(stderr, "intr error %d\n", r);
231 		return r;
232 	}
233 	if (transferred < INTR_LENGTH) {
234 		fprintf(stderr, "short read (%d)\n", r);
235 		return -1;
236 	}
237 
238 	printf("recv interrupt %04x\n", *((uint16_t *) data));
239 	return 0;
240 }
241 
sync_intr(unsigned char type)242 static int sync_intr(unsigned char type)
243 {
244 	int r;
245 	unsigned char data[INTR_LENGTH];
246 
247 	while (1) {
248 		r = do_sync_intr(data);
249 		if (r < 0)
250 			return r;
251 		if (data[0] == type)
252 			return 0;
253 	}
254 }
255 
save_to_file(unsigned char * data)256 static int save_to_file(unsigned char *data)
257 {
258 	FILE *fd;
259 	char filename[64];
260 
261 	snprintf(filename, sizeof(filename), "finger%d.pgm", img_idx++);
262 	fd = fopen(filename, "w");
263 	if (!fd)
264 		return -1;
265 
266 	fputs("P5 384 289 255 ", fd);
267 	(void) fwrite(data + 64, 1, 384*289, fd);
268 	fclose(fd);
269 	printf("saved image to %s\n", filename);
270 	return 0;
271 }
272 
next_state(void)273 static int next_state(void)
274 {
275 	int r = 0;
276 	printf("old state: %d\n", state);
277 	switch (state) {
278 	case STATE_AWAIT_IRQ_FINGER_REMOVED:
279 		state = STATE_AWAIT_MODE_CHANGE_AWAIT_FINGER_ON;
280 		r = set_mode_async(MODE_AWAIT_FINGER_ON);
281 		break;
282 	case STATE_AWAIT_MODE_CHANGE_AWAIT_FINGER_ON:
283 		state = STATE_AWAIT_IRQ_FINGER_DETECTED;
284 		break;
285 	case STATE_AWAIT_IRQ_FINGER_DETECTED:
286 		state = STATE_AWAIT_MODE_CHANGE_CAPTURE;
287 		r = set_mode_async(MODE_CAPTURE);
288 		break;
289 	case STATE_AWAIT_MODE_CHANGE_CAPTURE:
290 		state = STATE_AWAIT_IMAGE;
291 		break;
292 	case STATE_AWAIT_IMAGE:
293 		state = STATE_AWAIT_MODE_CHANGE_AWAIT_FINGER_OFF;
294 		r = set_mode_async(MODE_AWAIT_FINGER_OFF);
295 		break;
296 	case STATE_AWAIT_MODE_CHANGE_AWAIT_FINGER_OFF:
297 		state = STATE_AWAIT_IRQ_FINGER_REMOVED;
298 		break;
299 	default:
300 		printf("unrecognised state %d\n", state);
301 	}
302 	if (r < 0) {
303 		fprintf(stderr, "error detected changing state\n");
304 		return r;
305 	}
306 
307 	printf("new state: %d\n", state);
308 	return 0;
309 }
310 
cb_irq(struct libusb_transfer * transfer)311 static void LIBUSB_CALL cb_irq(struct libusb_transfer *transfer)
312 {
313 	unsigned char irqtype = transfer->buffer[0];
314 
315 	if (transfer->status != LIBUSB_TRANSFER_COMPLETED) {
316 		fprintf(stderr, "irq transfer status %d?\n", transfer->status);
317 		irq_transfer = NULL;
318 		request_exit(2);
319 		return;
320 	}
321 
322 	printf("IRQ callback %02x\n", irqtype);
323 	switch (state) {
324 	case STATE_AWAIT_IRQ_FINGER_DETECTED:
325 		if (irqtype == 0x01) {
326 			if (next_state() < 0) {
327 				request_exit(2);
328 				return;
329 			}
330 		} else {
331 			printf("finger-on-sensor detected in wrong state!\n");
332 		}
333 		break;
334 	case STATE_AWAIT_IRQ_FINGER_REMOVED:
335 		if (irqtype == 0x02) {
336 			if (next_state() < 0) {
337 				request_exit(2);
338 				return;
339 			}
340 		} else {
341 			printf("finger-on-sensor detected in wrong state!\n");
342 		}
343 		break;
344 	}
345 	if (libusb_submit_transfer(irq_transfer) < 0)
346 		request_exit(2);
347 }
348 
cb_img(struct libusb_transfer * transfer)349 static void LIBUSB_CALL cb_img(struct libusb_transfer *transfer)
350 {
351 	if (transfer->status != LIBUSB_TRANSFER_COMPLETED) {
352 		fprintf(stderr, "img transfer status %d?\n", transfer->status);
353 		img_transfer = NULL;
354 		request_exit(2);
355 		return;
356 	}
357 
358 	printf("Image callback\n");
359 	save_to_file(imgbuf);
360 	if (next_state() < 0) {
361 		request_exit(2);
362 		return;
363 	}
364 	if (libusb_submit_transfer(img_transfer) < 0)
365 		request_exit(2);
366 }
367 
init_capture(void)368 static int init_capture(void)
369 {
370 	int r;
371 
372 	r = libusb_submit_transfer(irq_transfer);
373 	if (r < 0)
374 		return r;
375 
376 	r = libusb_submit_transfer(img_transfer);
377 	if (r < 0) {
378 		libusb_cancel_transfer(irq_transfer);
379 		while (irq_transfer)
380 			if (libusb_handle_events(NULL) < 0)
381 				break;
382 		return r;
383 	}
384 
385 	/* start state machine */
386 	state = STATE_AWAIT_IRQ_FINGER_REMOVED;
387 	return next_state();
388 }
389 
do_init(void)390 static int do_init(void)
391 {
392 	unsigned char status;
393 	int r;
394 
395 	r = get_hwstat(&status);
396 	if (r < 0)
397 		return r;
398 
399 	if (!(status & 0x80)) {
400 		r = set_hwstat(status | 0x80);
401 		if (r < 0)
402 			return r;
403 		r = get_hwstat(&status);
404 		if (r < 0)
405 			return r;
406 	}
407 
408 	status &= ~0x80;
409 	r = set_hwstat(status);
410 	if (r < 0)
411 		return r;
412 
413 	r = get_hwstat(&status);
414 	if (r < 0)
415 		return r;
416 
417 	r = sync_intr(0x56);
418 	if (r < 0)
419 		return r;
420 
421 	return 0;
422 }
423 
alloc_transfers(void)424 static int alloc_transfers(void)
425 {
426 	img_transfer = libusb_alloc_transfer(0);
427 	if (!img_transfer)
428 		return -ENOMEM;
429 
430 	irq_transfer = libusb_alloc_transfer(0);
431 	if (!irq_transfer)
432 		return -ENOMEM;
433 
434 	libusb_fill_bulk_transfer(img_transfer, devh, EP_DATA, imgbuf,
435 		sizeof(imgbuf), cb_img, NULL, 0);
436 	libusb_fill_interrupt_transfer(irq_transfer, devh, EP_INTR, irqbuf,
437 		sizeof(irqbuf), cb_irq, NULL, 0);
438 
439 	return 0;
440 }
441 
sighandler(int signum)442 static void sighandler(int signum)
443 {
444 	request_exit(1);
445 }
446 
main(void)447 int main(void)
448 {
449 	struct sigaction sigact;
450 	int r = 1;
451 
452 	exit_sem = sem_open (SEM_NAME, O_CREAT, 0);
453 	if (!exit_sem) {
454 		fprintf(stderr, "failed to initialise semaphore error %d", errno);
455 		exit(1);
456 	}
457 
458 	/* only using this semaphore in this process so go ahead and unlink it now */
459 	sem_unlink (SEM_NAME);
460 
461 	r = libusb_init(NULL);
462 	if (r < 0) {
463 		fprintf(stderr, "failed to initialise libusb\n");
464 		exit(1);
465 	}
466 
467 	r = find_dpfp_device();
468 	if (r < 0) {
469 		fprintf(stderr, "Could not find/open device\n");
470 		goto out;
471 	}
472 
473 	r = libusb_claim_interface(devh, 0);
474 	if (r < 0) {
475 		fprintf(stderr, "usb_claim_interface error %d %s\n", r, strerror(-r));
476 		goto out;
477 	}
478 	printf("claimed interface\n");
479 
480 	r = print_f0_data();
481 	if (r < 0)
482 		goto out_release;
483 
484 	r = do_init();
485 	if (r < 0)
486 		goto out_deinit;
487 
488 	/* async from here onwards */
489 
490 	sigact.sa_handler = sighandler;
491 	sigemptyset(&sigact.sa_mask);
492 	sigact.sa_flags = 0;
493 	sigaction(SIGINT, &sigact, NULL);
494 	sigaction(SIGTERM, &sigact, NULL);
495 	sigaction(SIGQUIT, &sigact, NULL);
496 
497 	r = pthread_create(&poll_thread, NULL, poll_thread_main, NULL);
498 	if (r)
499 		goto out_deinit;
500 
501 	r = alloc_transfers();
502 	if (r < 0) {
503 		request_exit(1);
504 		pthread_join(poll_thread, NULL);
505 		goto out_deinit;
506 	}
507 
508 	r = init_capture();
509 	if (r < 0) {
510 		request_exit(1);
511 		pthread_join(poll_thread, NULL);
512 		goto out_deinit;
513 	}
514 
515 	while (!do_exit)
516 		sem_wait(exit_sem);
517 
518 	printf("shutting down...\n");
519 	pthread_join(poll_thread, NULL);
520 
521 	r = libusb_cancel_transfer(irq_transfer);
522 	if (r < 0) {
523 		request_exit(1);
524 		goto out_deinit;
525 	}
526 
527 	r = libusb_cancel_transfer(img_transfer);
528 	if (r < 0) {
529 		request_exit(1);
530 		goto out_deinit;
531 	}
532 
533 	while (img_transfer || irq_transfer)
534 		if (libusb_handle_events(NULL) < 0)
535 			break;
536 
537 	if (do_exit == 1)
538 		r = 0;
539 	else
540 		r = 1;
541 
542 out_deinit:
543 	libusb_free_transfer(img_transfer);
544 	libusb_free_transfer(irq_transfer);
545 	set_mode(0);
546 	set_hwstat(0x80);
547 out_release:
548 	libusb_release_interface(devh, 0);
549 out:
550 	libusb_close(devh);
551 	libusb_exit(NULL);
552 	return r >= 0 ? r : -r;
553 }
554