fdo-mirrors/libfprint
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/libfprint/libfprint.git synced 2026-05-11 11:58:11 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
libfprint/tests/validity
History
Leonardo Francisco 67b9c18696 validity: Add TLS session management (Iteration 2) 
Implement the TLS handshake and encrypted channel for VCSFW sensors:

- validity_tls.c/h: TLS PRF (P_SHA256), AES-256-CBC encrypt/decrypt,
  PSK derivation from DMI (machine binding), flash partition parsing
  (cert/privkey/ECDH blocks with SHA-256 integrity), ClientHello/
  ServerHello builders, full TLS handshake state machine
- validity.c: Integrate TLS into open sequence — check fwext status,
  read flash partition 1, perform TLS handshake when keys available,
  graceful skip when fwext not loaded
- validity.h: Add ValidityTlsState, fwext_loaded flag, TLS fields
- OpenSSL dependency for ECDH, AES-256-CBC, HMAC-SHA256

Tests (18 total in test-validity-tls):
  - 13 unit tests: init/free, ClientHello format, PRF determinism/
    length/short, encrypt roundtrip/alignment, decrypt invalid,
    PSK derivation/determinism, flash parse empty/truncated,
    unwrap invalid
  - 5 regression tests for bugs found during hardware testing:
    - flash parse ordering (PSK must precede parse)
    - READ_FLASH command format (13-byte layout)
    - flash response 6-byte header unwrap
    - ServerHello expects raw TLS (no VCSFW prefix)
    - ClientHello TLS record prefix (0x44000000)
  - Hardware integration test script (test_tls_hardware.py)

All 33 project tests pass (0 fail, 2 skipped).
2026-04-22 03:06:34 +00:00
..
custom.pcapng validity: Add new driver for Validity/Synaptics VCSFW sensors 2026-04-22 03:06:34 +00:00
custom.py validity: Add new driver for Validity/Synaptics VCSFW sensors 2026-04-22 03:06:34 +00:00
device validity: Add new driver for Validity/Synaptics VCSFW sensors 2026-04-22 03:06:34 +00:00
test_tls_hardware.py validity: Add TLS session management (Iteration 2) 2026-04-22 03:06:34 +00:00