diff --git a/libfprint/fpi-log.c b/libfprint/fpi-log.c index 679b2570..28d54e42 100644 --- a/libfprint/fpi-log.c +++ b/libfprint/fpi-log.c @@ -52,5 +52,6 @@ fp_dbg_hex_dump_gbytes (const gchar *log_domain, { gsize len = 0; const guint8 *buf = g_bytes_get_data (gbytes, &len); + fp_dbg_hex_dump_bytes (log_domain, buf, len); } diff --git a/libfprint/fpi-sdcp-device.c b/libfprint/fpi-sdcp-device.c index 0bc3abcf..69512f34 100644 --- a/libfprint/fpi-sdcp-device.c +++ b/libfprint/fpi-sdcp-device.c @@ -343,6 +343,7 @@ fpi_sdcp_device_open_complete (FpSdcpDevice *self, GError *error) { FpSdcpDeviceClass *cls = FP_SDCP_DEVICE_GET_CLASS (self); + g_autoptr(GBytes) application_secret = NULL; if (!error) @@ -482,6 +483,7 @@ fpi_sdcp_device_connect_complete (FpSdcpDevice *self, { FpSdcpDevicePrivate *priv = fp_sdcp_device_get_instance_private (self); FpSdcpDeviceClass *cls = FP_SDCP_DEVICE_GET_CLASS (self); + g_autoptr(GBytes) application_secret = NULL; FpiDeviceAction action; @@ -506,8 +508,8 @@ fpi_sdcp_device_connect_complete (FpSdcpDevice *self, } if (!device_random || !claim || !mac || - (!claim->model_certificate || !claim->device_public_key || !claim->firmware_public_key - || !claim->firmware_hash || !claim->model_signature || !claim->device_signature)) + (!claim->model_certificate || !claim->device_public_key || !claim->firmware_public_key || + !claim->firmware_hash || !claim->model_signature || !claim->device_signature)) { fp_dbg ("Driver did not provide all required information to callback; returning error instead."); g_clear_pointer (&device_random, g_bytes_unref); @@ -563,6 +565,7 @@ fpi_sdcp_device_reconnect_complete (FpSdcpDevice *self, GError *error) { FpSdcpDevicePrivate *priv = fp_sdcp_device_get_instance_private (self); + g_autoptr(GBytes) application_secret = NULL; FpiDeviceAction action; @@ -687,6 +690,7 @@ fpi_sdcp_device_enroll_commit (FpSdcpDevice *self, GError *error) { FpSdcpDeviceClass *cls = FP_SDCP_DEVICE_GET_CLASS (self); + g_autoptr(GBytes) application_secret = NULL; GBytes *id = NULL; FpPrint *print; @@ -804,6 +808,7 @@ fpi_sdcp_device_identify_complete (FpSdcpDevice *self, GError *error) { FpSdcpDevicePrivate *priv = fp_sdcp_device_get_instance_private (self); + g_autoptr(GBytes) application_secret = NULL; FpPrint *identified_print; FpiDeviceAction action; @@ -822,8 +827,8 @@ fpi_sdcp_device_identify_complete (FpSdcpDevice *self, } /* No error and no valid id/mac provided means that there was no match from the device */ - if (!id || !mac || g_bytes_get_size (id) != SDCP_ENROLLMENT_ID_SIZE - || g_bytes_get_size (mac) != SDCP_MAC_SIZE) + if (!id || !mac || g_bytes_get_size (id) != SDCP_ENROLLMENT_ID_SIZE || + g_bytes_get_size (mac) != SDCP_MAC_SIZE) { g_clear_pointer (&priv->identify_nonce, g_bytes_unref); if (action == FPI_DEVICE_ACTION_VERIFY) @@ -936,7 +941,7 @@ fpi_sdcp_device_get_print_id (FpPrint *print, fp_warn ("SDCP print data is not in expected format."); return; } - + g_variant_get (data, "(@ay)", &id_var); id_data = g_variant_get_fixed_array (id_var, &id_len, sizeof (guint8)); diff --git a/libfprint/fpi-sdcp-device.h b/libfprint/fpi-sdcp-device.h index 7de1d2a0..de0c814a 100644 --- a/libfprint/fpi-sdcp-device.h +++ b/libfprint/fpi-sdcp-device.h @@ -24,13 +24,13 @@ #include "fp-sdcp-device.h" -#define SDCP_PUBLIC_KEY_SIZE 65 -#define SDCP_APPLICATION_SECRET_SIZE 32 -#define SDCP_RANDOM_SIZE 32 -#define SDCP_MAC_SIZE 32 -#define SDCP_NONCE_SIZE 32 -#define SDCP_ENROLLMENT_ID_SIZE 32 -#define SDCP_SIGNATURE_SIZE 64 +#define SDCP_PUBLIC_KEY_SIZE 65 +#define SDCP_APPLICATION_SECRET_SIZE 32 +#define SDCP_RANDOM_SIZE 32 +#define SDCP_MAC_SIZE 32 +#define SDCP_NONCE_SIZE 32 +#define SDCP_ENROLLMENT_ID_SIZE 32 +#define SDCP_SIGNATURE_SIZE 64 /** * FpiSdcpClaim: diff --git a/libfprint/fpi-sdcp.c b/libfprint/fpi-sdcp.c index eb9f003b..c02a2f55 100644 --- a/libfprint/fpi-sdcp.c +++ b/libfprint/fpi-sdcp.c @@ -33,10 +33,10 @@ #include #include -#define SDCP_PRIVATE_KEY_SIZE 32 -#define SDCP_KEY_AGREEMENT_SIZE 32 -#define SDCP_MASTER_SECRET_SIZE 32 -#define SDCP_APPLICATION_KEYS_SIZE 64 +#define SDCP_PRIVATE_KEY_SIZE 32 +#define SDCP_KEY_AGREEMENT_SIZE 32 +#define SDCP_MASTER_SECRET_SIZE 32 +#define SDCP_APPLICATION_KEYS_SIZE 64 /******************************************************************************/ @@ -44,6 +44,7 @@ static void print_openssl_errors (void) { gulong e = 0; + e = ERR_get_error (); while (e != 0) { @@ -61,7 +62,7 @@ print_certificate (X509 *certificate) X509_print (bio, certificate); BIO_get_mem_ptr (bio, &bio_mem); fp_dbg ("SDCP Device reported the following model certificate:\n%.*s\n", - (int) bio_mem->length, bio_mem->data); + (int) bio_mem->length, bio_mem->data); BIO_free (bio); } @@ -79,10 +80,10 @@ fpi_sdcp_verify_signature (EVP_PKEY *pkey, EVP_PKEY_CTX *pctx = NULL; mdctx = EVP_MD_CTX_create (); - pctx = EVP_PKEY_CTX_new(pkey, NULL); - EVP_MD_CTX_set_pkey_ctx(mdctx, pctx); + pctx = EVP_PKEY_CTX_new (pkey, NULL); + EVP_MD_CTX_set_pkey_ctx (mdctx, pctx); - if (!EVP_DigestVerifyInit(mdctx, NULL, EVP_sha256 (), NULL, pkey)) + if (!EVP_DigestVerifyInit (mdctx, NULL, EVP_sha256 (), NULL, pkey)) goto out_error; if (label) @@ -90,16 +91,20 @@ fpi_sdcp_verify_signature (EVP_PKEY *pkey, goto out_error; if (data_a) - if (!EVP_DigestVerifyUpdate (mdctx, - g_bytes_get_data (data_a, NULL), - g_bytes_get_size (data_a))) - goto out_error; + { + if (!EVP_DigestVerifyUpdate (mdctx, + g_bytes_get_data (data_a, NULL), + g_bytes_get_size (data_a))) + goto out_error; + } if (data_b) - if (!EVP_DigestVerifyUpdate (mdctx, - g_bytes_get_data (data_b, NULL), - g_bytes_get_size (data_b))) - goto out_error; + { + if (!EVP_DigestVerifyUpdate (mdctx, + g_bytes_get_data (data_b, NULL), + g_bytes_get_size (data_b))) + goto out_error; + } if (!EVP_DigestVerifyUpdate (mdctx, g_bytes_get_data (signature, NULL), @@ -128,7 +133,7 @@ static X509_STORE * fpi_sdcp_get_truststore (GError **error) { g_autoptr(GResource) truststore_resource = NULL; - const gchar* truststore_resource_path = "/org/freedesktop/fprint/sdcp/truststore/"; + const gchar *truststore_resource_path = "/org/freedesktop/fprint/sdcp/truststore/"; char **trustcert_names = NULL; gchar *trustcert_path = NULL; GBytes *trustcert_gb = NULL; @@ -217,7 +222,7 @@ out: } static gboolean -fpi_sdcp_verify_certificate (X509 *certificate, +fpi_sdcp_verify_certificate (X509 *certificate, GError **error) { X509_STORE *sdcp_truststore = NULL; @@ -245,9 +250,9 @@ fpi_sdcp_verify_certificate (X509 *certificate, /* set X509_V_FLAG_PARTIAL_CHAIN if we want to skip adding all root and intermediate certs */ /* - if (!X509_VERIFY_PARAM_set_flags (param, X509_V_FLAG_PARTIAL_CHAIN)) - goto out_error; - */ + if (!X509_VERIFY_PARAM_set_flags (param, X509_V_FLAG_PARTIAL_CHAIN)) + goto out_error; + */ if (!X509_STORE_set1_param (sdcp_truststore, param)) goto out_error; @@ -438,7 +443,7 @@ fpi_sdcp_get_private_key (EVP_PKEY *pkey, BN_clear_free (priv_bn); res = g_bytes_new_take (priv, priv_len); - + return g_steal_pointer (&res); out_error: @@ -508,7 +513,7 @@ fpi_sdcp_get_private_pkey (GBytes *private_key, goto out_error; public_key_buf = g_malloc0 (SDCP_PUBLIC_KEY_SIZE); if (!EC_POINT_point2oct (group, public_key_point, POINT_CONVERSION_UNCOMPRESSED, - public_key_buf, SDCP_PUBLIC_KEY_SIZE, NULL)) + public_key_buf, SDCP_PUBLIC_KEY_SIZE, NULL)) goto out_error; EC_POINT_free (public_key_point); EC_GROUP_free (group); @@ -516,17 +521,17 @@ fpi_sdcp_get_private_pkey (GBytes *private_key, /* set up parameters */ param_bld = OSSL_PARAM_BLD_new (); - if (!OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_PKEY_PARAM_GROUP_NAME, - SN_X9_62_prime256v1, sizeof (SN_X9_62_prime256v1))) + if (!OSSL_PARAM_BLD_push_utf8_string (param_bld, OSSL_PKEY_PARAM_GROUP_NAME, + SN_X9_62_prime256v1, sizeof (SN_X9_62_prime256v1))) goto out_error; - if (!OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_PKEY_PARAM_PUB_KEY, - public_key_buf, SDCP_PUBLIC_KEY_SIZE)) + if (!OSSL_PARAM_BLD_push_octet_string (param_bld, OSSL_PKEY_PARAM_PUB_KEY, + public_key_buf, SDCP_PUBLIC_KEY_SIZE)) goto out_error; - if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, private_key_bn)) + if (!OSSL_PARAM_BLD_push_BN (param_bld, OSSL_PKEY_PARAM_PRIV_KEY, private_key_bn)) goto out_error; - + params = OSSL_PARAM_BLD_to_param (param_bld); - + /* import pkey from params */ ctx = EVP_PKEY_CTX_new_from_name (NULL, "EC", NULL); if (!EVP_PKEY_fromdata_init (ctx)) @@ -573,13 +578,13 @@ fpi_sdcp_get_public_pkey (GBytes *public_key, ctx = EVP_PKEY_CTX_new_from_name (NULL, "EC", NULL); if (!ctx) goto out_error; - + if (!EVP_PKEY_fromdata_init (ctx)) goto out_error; - if (!EVP_PKEY_fromdata(ctx, &key, EVP_PKEY_PUBLIC_KEY, params)) + if (!EVP_PKEY_fromdata (ctx, &key, EVP_PKEY_PUBLIC_KEY, params)) goto out_error; - + EVP_PKEY_CTX_free (ctx); return g_steal_pointer (&key); diff --git a/tests/test-sdcp-device-fake.c b/tests/test-sdcp-device-fake.c index 408650aa..6cd84473 100644 --- a/tests/test-sdcp-device-fake.c +++ b/tests/test-sdcp-device-fake.c @@ -96,6 +96,7 @@ static void fpi_sdcp_device_fake_reconnect (FpSdcpDevice *sdcp_device) { FpiSdcpDeviceFake *fake_device = FPI_SDCP_DEVICE_FAKE (sdcp_device); + g_autoptr(GError) error = NULL; g_autoptr(GBytes) random = NULL; g_autoptr(GBytes) reconnect_mac = g_bytes_from_hex (reconnect_mac_hex); diff --git a/tests/test-sdcp-utils.c b/tests/test-sdcp-utils.c index 5b2682c0..430f2462 100644 --- a/tests/test-sdcp-utils.c +++ b/tests/test-sdcp-utils.c @@ -19,12 +19,11 @@ #include "test-sdcp-utils.h" -static const guint8 from_hex_map[] = - { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, // 01234567 - 0x08, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 89:;<=>? - 0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, // @abcdef - }; +static const guint8 from_hex_map[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, // 01234567 + 0x08, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 89:;<=>? + 0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, // @abcdef +}; GBytes * g_bytes_from_hex (const gchar *hex) @@ -36,9 +35,9 @@ g_bytes_from_hex (const gchar *hex) for (int i = 0; i < strlen (hex) - 1; i += 2) { - b0 = ((guint8)hex[i+0] & 0x1F) ^ 0x10; - b1 = ((guint8)hex[i+1] & 0x1F) ^ 0x10; - bytes[i/2] = (guint8)(from_hex_map[b0] << 4) | from_hex_map[b1]; + b0 = ((guint8) hex[i + 0] & 0x1F) ^ 0x10; + b1 = ((guint8) hex[i + 1] & 0x1F) ^ 0x10; + bytes[i / 2] = (guint8) (from_hex_map[b0] << 4) | from_hex_map[b1]; } res = g_bytes_new_take (bytes, bytes_len); @@ -50,6 +49,7 @@ FpiSdcpClaim * sdcp_test_claim (void) { FpiSdcpClaim *claim = g_new0 (FpiSdcpClaim, 1); + claim->model_certificate = g_bytes_from_hex (model_certificate_hex); claim->device_public_key = g_bytes_from_hex (device_public_key_hex); claim->firmware_public_key = g_bytes_from_hex (firmware_public_key_hex);