libfprint

fdo-mirrors/libfprint

Fork 0

mirror of https://gitlab.freedesktop.org/libfprint/libfprint.git synced 2026-05-15 22:08:09 +02:00

Commit graph

Author	SHA1	Message	Date
Leonardo Francisco	5cee45025a	validity: Add TLS session management (Iteration 2) Implement the TLS handshake and encrypted channel for VCSFW sensors: - validity_tls.c/h: TLS PRF (P_SHA256), AES-256-CBC encrypt/decrypt, PSK derivation from DMI (machine binding), flash partition parsing (cert/privkey/ECDH blocks with SHA-256 integrity), ClientHello/ ServerHello builders, full TLS handshake state machine - validity.c: Integrate TLS into open sequence — check fwext status, read flash partition 1, perform TLS handshake when keys available, graceful skip when fwext not loaded - validity.h: Add ValidityTlsState, fwext_loaded flag, TLS fields - OpenSSL dependency for ECDH, AES-256-CBC, HMAC-SHA256 Tests (18 total in test-validity-tls): - 13 unit tests: init/free, ClientHello format, PRF determinism/ length/short, encrypt roundtrip/alignment, decrypt invalid, PSK derivation/determinism, flash parse empty/truncated, unwrap invalid - 5 regression tests for bugs found during hardware testing: - flash parse ordering (PSK must precede parse) - READ_FLASH command format (13-byte layout) - flash response 6-byte header unwrap - ServerHello expects raw TLS (no VCSFW prefix) - ClientHello TLS record prefix (0x44000000) - Hardware integration test script (test_tls_hardware.py) All 33 project tests pass (0 fail, 2 skipped).	2026-04-10 22:18:43 +00:00
Leonardo Francisco	9779493380	validity: Add new driver for Validity/Synaptics VCSFW sensors Add a new "validity" driver for Validity/Synaptics fingerprint sensors that use the VCSFW protocol (as opposed to BMKT). This is iteration 1 of a multi-phase effort to bring native libfprint support to these widely-deployed sensors found in ThinkPad T480/T480s/T580/X1 Carbon Gen6 and many other laptops. This initial iteration implements: - VCSFW command/response transport layer over USB bulk endpoints - GET_VERSION command parsing (firmware version, product ID, build) - Synchronous probe and async open/close state machines - Stub implementations for enroll/verify/identify (return NOT_SUPPORTED) - umockdev replay test with real hardware capture Supported USB IDs (VCSFW protocol): - 138a:0090 (Validity VFS7500) - 138a:0097 (Validity VFS5011) - 06cb:009a (Synaptics Metallica MIS Touch) - 138a:009d (Validity VFS7552) These were previously (incorrectly) claimed by the synaptics driver which uses the BMKT protocol.	2026-04-10 22:18:43 +00:00

Author

SHA1

Message

Date

Leonardo Francisco

5cee45025a

validity: Add TLS session management (Iteration 2)

Implement the TLS handshake and encrypted channel for VCSFW sensors:

- validity_tls.c/h: TLS PRF (P_SHA256), AES-256-CBC encrypt/decrypt,
  PSK derivation from DMI (machine binding), flash partition parsing
  (cert/privkey/ECDH blocks with SHA-256 integrity), ClientHello/
  ServerHello builders, full TLS handshake state machine
- validity.c: Integrate TLS into open sequence — check fwext status,
  read flash partition 1, perform TLS handshake when keys available,
  graceful skip when fwext not loaded
- validity.h: Add ValidityTlsState, fwext_loaded flag, TLS fields
- OpenSSL dependency for ECDH, AES-256-CBC, HMAC-SHA256

Tests (18 total in test-validity-tls):
  - 13 unit tests: init/free, ClientHello format, PRF determinism/
    length/short, encrypt roundtrip/alignment, decrypt invalid,
    PSK derivation/determinism, flash parse empty/truncated,
    unwrap invalid
  - 5 regression tests for bugs found during hardware testing:
    - flash parse ordering (PSK must precede parse)
    - READ_FLASH command format (13-byte layout)
    - flash response 6-byte header unwrap
    - ServerHello expects raw TLS (no VCSFW prefix)
    - ClientHello TLS record prefix (0x44000000)
  - Hardware integration test script (test_tls_hardware.py)

All 33 project tests pass (0 fail, 2 skipped).

2026-04-10 22:18:43 +00:00

Leonardo Francisco

9779493380

validity: Add new driver for Validity/Synaptics VCSFW sensors

Add a new "validity" driver for Validity/Synaptics fingerprint sensors
that use the VCSFW protocol (as opposed to BMKT). This is iteration 1
of a multi-phase effort to bring native libfprint support to these
widely-deployed sensors found in ThinkPad T480/T480s/T580/X1 Carbon
Gen6 and many other laptops.

This initial iteration implements:
- VCSFW command/response transport layer over USB bulk endpoints
- GET_VERSION command parsing (firmware version, product ID, build)
- Synchronous probe and async open/close state machines
- Stub implementations for enroll/verify/identify (return NOT_SUPPORTED)
- umockdev replay test with real hardware capture

Supported USB IDs (VCSFW protocol):
- 138a:0090 (Validity VFS7500)
- 138a:0097 (Validity VFS5011)
- 06cb:009a (Synaptics Metallica MIS Touch)
- 138a:009d (Validity VFS7552)

These were previously (incorrectly) claimed by the synaptics driver
which uses the BMKT protocol.

2026-04-10 22:18:43 +00:00

2 commits