Inquiring about SecureBIO's Test Vector Certificate

[Lapinee]

While developing the SecureBIO Driver by referring to SecureDeviceConnectionProtocol on GitHub,
I'm sending you an email with any questions about the Test Vector you have posted on GitHub.

Here is our status of developing Fingerprint Driver with SecureBiometrics.

1. Using Lenovo T14s (Intel) NotePC and Enable Enhanced sign-in security (set SecureBiometrics on Registry and enabled SecureBIO SDEV )
   (I checked operation of Synaptics UWP WBDI on Lenovo NotePC T14s with SecureBiometrics - Secured-Core ready PC)

2. Windows 10 Build 20190.1000 (Preview Build), also checked it in 20161, 20170, 20180, 20185 Builds

3. Enable Test Signing Mode (TestSigning On / NoIntegrityChecks On / Debug On)

4. Using TestVector (Model Certificate / Model Private Key) on our fingerprint sensor

5. Implement all necessory SDCP Functions on our device

• Set SecureBIO attributes on INF file
• SensorAdapter

  SecureAdapterConnectSecure

• EngineAdapter

  EngineAdapterCreateKeyAuthenticated
  EngineAdapterCommitEnrollment
  EngineAdapterIdentifyFeatureSetAuthenticated
  and necessory functions (CheckForDuplicate)

When our sensor and driver are connected to the T14s, the creation of the Biometric Unit is normal, but the following error is displayed in the Event Viewer at the actual ConnectSecure stage and does not work.

"The Windows Biometric Service secure component failed to establish a secure connection with sensor. Error Code : 0xc0000428"

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55
0xc0000428 STATUS_INVALID_IMAGE_HASH : The hash for image %hs cannot be found in the system catalogs. The image is likely corrupt or the victim of tampering.

Q1. Can I use the Test Vector (Certificate / Secret Key) on GitHub for development?
When checked in Event Viewer, the certificate is displayed as invalid.
Also, if TestVector has expired, I would like to get a new TestVector Certificate and Private Key.

Q2. Is there a way to check the Event Log related to BioISO (Bio Trustlet)?

Q3. If possible, I would like to know the contact point for SDCP development.

[mamckee]

Are you setting the IntermediateCA1 and IntermediateCA2 parameters to the test CA certs as well? The test certs should chain up to Microsoft ECC Root Certificate Authority 2017. We're still using these certs for internal testing without issue.

We don't have bioiso event logs. If you use feedback hub to take a recording under "Security & Privacy/Windows Hello Fingerprint", and share the feedback ID, we can look at the traces.

[Lapinee]

@mamckee

Thank you for reply this thread.
As you mentioned, I checked the certificate and Intermediate CA1, 2 in our driver source code, but no problem was found.
(Certificate and Intermediate CA1, 2 in use are the same as in the Test Vector.)

If an incorrect certificate is inserted, an error code is E_INVALIDARG (0x80070057)

and I sent feedback via feedback hub. ( https://aka.ms/AA9bn4s )

[mamckee]

@Lapinee

Thanks for filing that. That helped narrow things down a bit. I was able to confirm it doesn't have to do with the expiration, and I see the same details viewing the certificate on my machine (where our tests pass with an these certs). There's a few possibilities for why this code can be returned that I'll have to ask some team members about.

Given that we haven't seen issues with these certificates though, I think there could be some formatting issues with the secure connection buffer. Can you dump a buffer so we can check the contents?

[Lapinee]

@mamckee

Thank you for your cooperation in this matter.
OK, I attach a log of the driver being developed (TraceView) and screenshots of Event Log (SensorAdapterConnectSecure function in SensorAdapter)

[SensorAdapterConnectSecure] -->
[SensorAdapterConnectSecure] WINBIO_SECURE_CONNECTION PARAMS Size : 105

[SensorAdapterConnectSecure] Host's Random Key :
0x4a, 0xf1, 0xea, 0xb9, 0x1e, 0x14, 0x73, 0x9d, 0xa5, 0x86, 0xe7, 0x6a, 0x33, 0x8a, 0x6c, 0x4e,
0xbf, 0xa9, 0xba, 0x04, 0xb1, 0xec, 0xa3, 0xb3, 0x93, 0x4b, 0xd1, 0xae, 0xca, 0xb9, 0x6a, 0x4b

[SensorAdapterConnectSecure] Host's Public Key :
0x04, 0x11, 0x93, 0xee, 0x79, 0x39, 0x01, 0xde, 0x44, 0x5c, 0x97, 0x7c, 0x37, 0xc0, 0x57, 0x41,
0xec, 0x69, 0xd5, 0x60, 0x8f, 0xc0, 0xdf, 0x62, 0x24, 0xbb, 0x54, 0xf8, 0x89, 0x36, 0x8d, 0x76,
0x17, 0x1b, 0x86, 0x0d, 0x8d, 0xb4, 0x89, 0x07, 0xbc, 0x98, 0x7b, 0xfd, 0x83, 0x54, 0xff, 0xea,
0xed, 0xd6, 0xaa, 0x12, 0x66, 0xc8, 0x7e, 0xcf, 0x93, 0x27, 0x6c, 0xd7, 0xf9, 0xd8, 0xc6, 0x63,
0x14

DeviceIoControl IOCTL_BIOMETRIC_CONNECT_SECURE result : 0, bytesReturned : 0
GetOverlappedResult result : 1, bytesReturned : 3360
[SensorAdapterConnectSecure] ///////////////////////////////////
[SensorAdapterConnectSecure] Size : 3360
[SensorAdapterConnectSecure] Version : 1
[SensorAdapterConnectSecure] Flags : 0
[SensorAdapterConnectSecure] CERT_M_SIZE : 846
[SensorAdapterConnectSecure] CERT_CA1 : 1025
[SensorAdapterConnectSecure] CERT_CA2 : 1114

[SensorAdapterConnectSecure] MAC :
0x4c, 0xcf, 0xfb, 0xa9, 0x8d, 0x21, 0x4c, 0x98, 0xfb, 0x42, 0x43, 0xc7, 0x62, 0x04, 0x9c, 0xcb,
0xc2, 0x42, 0x64, 0x18, 0xcf, 0xe6, 0x0c, 0xe9, 0x26, 0x30, 0xd7, 0xc4, 0x32, 0xd4, 0x7b, 0xb0

[SensorAdapterConnectSecure] Certificate_m :
0x30, 0x82, 0x03, 0x4a, 0x30, 0x82, 0x02, 0xf1, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x13, 0x33,
0x00, 0x00, 0x00, 0x04, 0x65, 0x4f, 0x77, 0xfa, 0xd9, 0x1c, 0x24, 0x77, 0x00, 0x00, 0x00, 0x00,
0x00, 0x04, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x7d,
0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30,
0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74,
0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x4d,
0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61,
0x74, 0x69, 0x6f, 0x6e, 0x31, 0x27, 0x30, 0x25, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1e, 0x57,
0x69, 0x6e, 0x64, 0x6f, 0x77, 0x73, 0x20, 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x31, 0x39, 0x42,
0x39, 0x32, 0x39, 0x36, 0x35, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x38, 0x30, 0x1e, 0x17,
0x0d, 0x31, 0x38, 0x30, 0x35, 0x32, 0x34, 0x32, 0x30, 0x33, 0x34, 0x34, 0x32, 0x5a, 0x17, 0x0d,
0x31, 0x39, 0x30, 0x38, 0x32, 0x34, 0x32, 0x30, 0x33, 0x34, 0x34, 0x32, 0x5a, 0x30, 0x1c, 0x31,
0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x11, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65,
0x20, 0x42, 0x49, 0x4f, 0x20, 0x53, 0x65, 0x6e, 0x73, 0x6f, 0x72, 0x30, 0x59, 0x30, 0x13, 0x06,
0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03,
0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x86, 0x83, 0xc1, 0xbd, 0x6b, 0x3b, 0x7c, 0xdc, 0x64, 0x86,
0x29, 0x29, 0x1b, 0xc9, 0xca, 0x98, 0x20, 0x6b, 0x39, 0xd5, 0x94, 0xe1, 0xc8, 0x79, 0x6b, 0xa4,
0xe7, 0x7e, 0x86, 0x24, 0x51, 0xe7, 0x9c, 0xac, 0xf8, 0xbd, 0x82, 0x3f, 0x9d, 0x07, 0x1e, 0x8a,
0x43, 0x68, 0x2d, 0xdf, 0x40, 0xbf, 0x0c, 0x0c, 0xc8, 0xc1, 0x5b, 0x26, 0x05, 0x9f, 0xc5, 0x68,
0x3a, 0x0a, 0xe6, 0xdc, 0x0e, 0x82, 0xa3, 0x82, 0x01, 0xaf, 0x30, 0x82, 0x01, 0xab, 0x30, 0x75,
0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x6e, 0x30, 0x6c, 0xa4, 0x6a, 0x30, 0x68, 0x31, 0x32, 0x30,
0x30, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x04, 0x82, 0x37, 0x64, 0x02, 0x13, 0x24, 0x34, 0x36, 0x44,
0x33, 0x42, 0x30, 0x30, 0x33, 0x2d, 0x30, 0x32, 0x31, 0x46, 0x2d, 0x34, 0x44, 0x31, 0x42, 0x2d,
0x42, 0x31, 0x44, 0x35, 0x2d, 0x36, 0x43, 0x33, 0x33, 0x32, 0x43, 0x46, 0x41, 0x46, 0x36, 0x42,
0x43, 0x31, 0x32, 0x30, 0x30, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x04, 0x82, 0x37, 0x64, 0x01, 0x13,
0x24, 0x46, 0x41, 0x45, 0x30, 0x35, 0x41, 0x39, 0x44, 0x2d, 0x46, 0x43, 0x42, 0x32, 0x2d, 0x34,
0x46, 0x31, 0x34, 0x2d, 0x39, 0x30, 0x37, 0x44, 0x2d, 0x39, 0x36, 0x36, 0x36, 0x43, 0x43, 0x45,
0x31, 0x46, 0x30, 0x38, 0x38, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
0xa7, 0xba, 0x70, 0x4d, 0x99, 0x4b, 0x82, 0x1f, 0xb3, 0xcb, 0xb6, 0x03, 0xd5, 0x30, 0x08, 0xc5,
0xb3, 0x2d, 0x9c, 0xf9, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
0x14, 0x13, 0x93, 0xc8, 0xcd, 0xf2, 0x23, 0x9a, 0x2d, 0xc6, 0x9b, 0x2a, 0xeb, 0x9a, 0xab, 0x99,
0x0b, 0x56, 0x04, 0x5e, 0x7c, 0x30, 0x5f, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x58, 0x30, 0x56,
0x30, 0x54, 0xa0, 0x52, 0xa0, 0x50, 0x86, 0x4e, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77,
0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d,
0x2f, 0x70, 0x6b, 0x69, 0x6f, 0x70, 0x73, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x57, 0x69, 0x6e, 0x64,
0x6f, 0x77, 0x73, 0x25, 0x32, 0x30, 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x25, 0x32, 0x30, 0x31, 0x39,
0x42, 0x39, 0x32, 0x39, 0x36, 0x35, 0x25, 0x32, 0x30, 0x43, 0x41, 0x25, 0x32, 0x30, 0x32, 0x30,
0x31, 0x38, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x6c, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
0x01, 0x01, 0x04, 0x60, 0x30, 0x5e, 0x30, 0x5c, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
0x30, 0x02, 0x86, 0x50, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d,
0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69,
0x6f, 0x70, 0x73, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x73, 0x2f, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77,
0x73, 0x25, 0x32, 0x30, 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x25, 0x32, 0x30, 0x31, 0x39, 0x42, 0x39,
0x32, 0x39, 0x36, 0x35, 0x25, 0x32, 0x30, 0x43, 0x41, 0x25, 0x32, 0x30, 0x32, 0x30, 0x31, 0x38,
0x2e, 0x63, 0x72, 0x74, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02,
0x30, 0x00, 0x30, 0x15, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0e, 0x30, 0x0c, 0x06, 0x0a, 0x2b,
0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x4c, 0x2b, 0x01, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48,
0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x29, 0x3d, 0x2c, 0xb3,
0x27, 0x5a, 0xa6, 0xbb, 0xe3, 0x19, 0x57, 0xec, 0x39, 0x55, 0x5d, 0x0a, 0x4e, 0xe4, 0xca, 0x0a,
0x4b, 0xda, 0xfd, 0x1e, 0xe5, 0x54, 0xf7, 0x40, 0x50, 0xcc, 0xa5, 0x44, 0x02, 0x20, 0x73, 0x85,
0xff, 0x05, 0xc9, 0x05, 0x91, 0x76, 0xe7, 0x5e, 0x48, 0xe6, 0x63, 0x52, 0xcb, 0xe1, 0x27, 0x7c,
0xbf, 0x6d, 0x3d, 0xc0, 0xa0, 0x21, 0x57, 0xf4, 0xb6, 0xa9, 0xaa, 0xbc, 0x3d, 0x25, 0x04

[SensorAdapterConnectSecure] IntermediateCA1 :
0x82, 0x03, 0xfd, 0x30, 0x82, 0x03, 0x82, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x13, 0x33, 0x00,
0x00, 0x00, 0x07, 0xe8, 0x9d, 0x61, 0x62, 0x4d, 0x46, 0x0f, 0x95, 0x00, 0x00, 0x00, 0x00, 0x00,
0x07, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x81, 0x84,
0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30,
0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74,
0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x4d,
0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61,
0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x25, 0x57,
0x69, 0x6e, 0x64, 0x6f, 0x77, 0x73, 0x20, 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x53, 0x65, 0x63,
0x75, 0x72, 0x65, 0x20, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x50, 0x43, 0x41, 0x20,
0x32, 0x30, 0x31, 0x38, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x38, 0x30, 0x31, 0x33, 0x31, 0x31, 0x39,
0x35, 0x34, 0x35, 0x33, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x30, 0x31, 0x33, 0x31, 0x32, 0x30, 0x30,
0x34, 0x35, 0x33, 0x5a, 0x30, 0x7d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61,
0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03,
0x55, 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x27, 0x30, 0x25, 0x06, 0x03,
0x55, 0x04, 0x03, 0x13, 0x1e, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x73, 0x20, 0x48, 0x65, 0x6c,
0x6c, 0x6f, 0x20, 0x31, 0x39, 0x42, 0x39, 0x32, 0x39, 0x36, 0x35, 0x20, 0x43, 0x41, 0x20, 0x32,
0x30, 0x31, 0x38, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01,
0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xbe, 0x4b,
0x90, 0x6e, 0x24, 0xfc, 0xa1, 0x53, 0xc8, 0xa7, 0x3c, 0x70, 0xe8, 0x97, 0xcd, 0x1b, 0x31, 0xe4,
0x95, 0x91, 0x7a, 0x58, 0xa2, 0x86, 0xa8, 0x70, 0xf6, 0x09, 0x30, 0x77, 0x99, 0x3d, 0x10, 0xdf,
0xf7, 0x95, 0x0f, 0x68, 0x83, 0xe6, 0xa4, 0x11, 0x7c, 0xda, 0x82, 0xe7, 0x0b, 0x8b, 0xf2, 0x9d,
0x6b, 0x5b, 0xf5, 0x3e, 0x77, 0xb4, 0xc1, 0x0e, 0x49, 0x00, 0x83, 0xba, 0x94, 0xf8, 0xa3, 0x82,
0x01, 0xd7, 0x30, 0x82, 0x01, 0xd3, 0x30, 0x10, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04,
0x16, 0x04, 0x14, 0x13, 0x93, 0xc8, 0xcd, 0xf2, 0x23, 0x9a, 0x2d, 0xc6, 0x9b, 0x2a, 0xeb, 0x9a,
0xab, 0x99, 0x0b, 0x56, 0x04, 0x5e, 0x7c, 0x30, 0x65, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x5e,
0x30, 0x5c, 0x30, 0x06, 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x52, 0x06, 0x0c, 0x2b, 0x06,
0x01, 0x04, 0x01, 0x82, 0x37, 0x4c, 0x83, 0x7d, 0x01, 0x01, 0x30, 0x42, 0x30, 0x40, 0x06, 0x08,
0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x34, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63,
0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x6f, 0x70, 0x73, 0x2f, 0x44, 0x6f, 0x63, 0x73, 0x2f, 0x52,
0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2e, 0x68, 0x74, 0x6d, 0x00, 0x30, 0x19,
0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00,
0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f,
0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18,
0x30, 0x16, 0x80, 0x14, 0xda, 0xca, 0x4b, 0xd0, 0x4c, 0x56, 0x03, 0x27, 0x5f, 0x97, 0xeb, 0x75,
0xa3, 0x02, 0xc3, 0xbf, 0x45, 0x9c, 0xf8, 0xb1, 0x30, 0x68, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04,
0x61, 0x30, 0x5f, 0x30, 0x5d, 0xa0, 0x5b, 0xa0, 0x59, 0x86, 0x57, 0x68, 0x74, 0x74, 0x70, 0x3a,
0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e,
0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x6f, 0x70, 0x73, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x57,
0x69, 0x6e, 0x64, 0x6f, 0x77, 0x73, 0x25, 0x32, 0x30, 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x25, 0x32,
0x30, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x25, 0x32, 0x30, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65,
0x73, 0x25, 0x32, 0x30, 0x50, 0x43, 0x41, 0x25, 0x32, 0x30, 0x32, 0x30, 0x31, 0x38, 0x2e, 0x63,
0x72, 0x6c, 0x30, 0x75, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x69,
0x30, 0x67, 0x30, 0x65, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x59,
0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f,
0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x6f, 0x70, 0x73, 0x2f,
0x63, 0x65, 0x72, 0x74, 0x73, 0x2f, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x73, 0x25, 0x32, 0x30,
0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x25, 0x32, 0x30, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x25, 0x32,
0x30, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x25, 0x32, 0x30, 0x50, 0x43, 0x41, 0x25, 0x32,
0x30, 0x32, 0x30, 0x31, 0x38, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48,
0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x69, 0x00, 0x30, 0x66, 0x02, 0x31, 0x00, 0x87, 0xb6, 0x82,
0xf3, 0xda, 0xbe, 0xb1, 0x7b, 0x98, 0x7d, 0x3d, 0x0a, 0x90, 0xa8, 0xf5, 0xbf, 0x15, 0xc3, 0xee,
0x8a, 0x4e, 0xc0, 0x7b, 0x10, 0x1d, 0xa9, 0xe3, 0x0b, 0xec, 0x2c, 0x53, 0x4e, 0xa7, 0xbd, 0xf1,
0x6c, 0xad, 0x18, 0x55, 0xba, 0x25, 0x73, 0x55, 0xb7, 0x5b, 0x12, 0x24, 0xf4, 0x02, 0x31, 0x00,
0xaf, 0x02, 0x9c, 0x4b, 0x92, 0xd0, 0x72, 0xa5, 0x80, 0xca, 0x69, 0x2b, 0x38, 0x50, 0x64, 0xd8,
0x58, 0x9e, 0xea, 0xd6, 0x35, 0xcf, 0x68, 0x98, 0x92, 0x81, 0x09, 0x61, 0xc2, 0xbd, 0xb1, 0x4c,
0x7f, 0xae, 0x55, 0x7b, 0xfc, 0x22, 0xdd, 0xd6, 0xb7, 0x7c, 0xb5, 0xa8, 0x18, 0x5d, 0x33

[SensorAdapterConnectSecure] IntermediateCA2 :
0x04, 0x30, 0x82, 0x04, 0x56, 0x30, 0x82, 0x03, 0xdc, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x13,
0x33, 0x00, 0x00, 0x00, 0x03, 0x6c, 0xcf, 0xed, 0xe2, 0x44, 0x70, 0x19, 0xbf, 0x00, 0x00, 0x00,
0x00, 0x00, 0x03, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03, 0x30,
0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e,
0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52,
0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f,
0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3e, 0x30, 0x3c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
0x35, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x45, 0x43, 0x43, 0x20, 0x44,
0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74,
0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74,
0x79, 0x20, 0x32, 0x30, 0x31, 0x37, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x38, 0x30, 0x31, 0x32, 0x35,
0x31, 0x39, 0x34, 0x39, 0x33, 0x38, 0x5a, 0x17, 0x0d, 0x33, 0x33, 0x30, 0x31, 0x32, 0x35, 0x31,
0x39, 0x35, 0x39, 0x33, 0x38, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13,
0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06,
0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30,
0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66,
0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2e, 0x30,
0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x25, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x73, 0x20,
0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x44, 0x65, 0x76,
0x69, 0x63, 0x65, 0x73, 0x20, 0x50, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x38, 0x30, 0x76, 0x30,
0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00,
0x22, 0x03, 0x62, 0x00, 0x04, 0x1d, 0xdd, 0x08, 0x02, 0x03, 0x25, 0x75, 0x20, 0xe2, 0x71, 0x8b,
0xad, 0x28, 0x09, 0x82, 0xe9, 0x06, 0xee, 0x83, 0xc5, 0x3a, 0x6c, 0x4b, 0x71, 0x92, 0x50, 0x4e,
0x20, 0xe9, 0x72, 0xb4, 0xfc, 0x53, 0x2a, 0xef, 0x5d, 0xcc, 0x9a, 0xb4, 0xcd, 0x76, 0xb8, 0x94,
0x97, 0x44, 0xb2, 0x71, 0x0e, 0xc9, 0xb1, 0x16, 0x03, 0xa1, 0x65, 0x2b, 0xb9, 0xe8, 0x5d, 0x5f,
0xf2, 0x30, 0x2e, 0xdd, 0xb1, 0x2b, 0x20, 0xfc, 0xbe, 0x00, 0x88, 0xea, 0x1f, 0xa7, 0x7f, 0x99,
0x84, 0x98, 0x7c, 0x71, 0x3e, 0x4d, 0x34, 0x83, 0x69, 0x9b, 0x08, 0xcb, 0x78, 0xb2, 0x4b, 0xbd,
0xd7, 0x3e, 0xbe, 0x67, 0xa0, 0xa3, 0x82, 0x01, 0xfc, 0x30, 0x82, 0x01, 0xf8, 0x30, 0x10, 0x06,
0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30,
0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xda, 0xca, 0x4b, 0xd0, 0x4c, 0x56,
0x03, 0x27, 0x5f, 0x97, 0xeb, 0x75, 0xa3, 0x02, 0xc3, 0xbf, 0x45, 0x9c, 0xf8, 0xb1, 0x30, 0x65,
0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x5e, 0x30, 0x5c, 0x30, 0x06, 0x06, 0x04, 0x55, 0x1d, 0x20,
0x00, 0x30, 0x52, 0x06, 0x0c, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x4c, 0x83, 0x7d, 0x01,
0x01, 0x30, 0x42, 0x30, 0x40, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16,
0x34, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72,
0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x6f, 0x70, 0x73,
0x2f, 0x44, 0x6f, 0x63, 0x73, 0x2f, 0x52, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79,
0x2e, 0x68, 0x74, 0x6d, 0x00, 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37,
0x14, 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, 0x41,
0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0f, 0x06,
0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f,
0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x14, 0xda, 0x5b, 0xf1, 0x0e,
0x66, 0x47, 0xd1, 0x5d, 0x13, 0x5f, 0x5b, 0x7a, 0xeb, 0xeb, 0x5f, 0x01, 0x08, 0xb5, 0x49, 0x30,
0x7a, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x73, 0x30, 0x71, 0x30, 0x6f, 0xa0, 0x6d, 0xa0, 0x6b,
0x86, 0x69, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63,
0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x6f, 0x70,
0x73, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x25,
0x32, 0x30, 0x45, 0x43, 0x43, 0x25, 0x32, 0x30, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x25,
0x32, 0x30, 0x52, 0x6f, 0x6f, 0x74, 0x25, 0x32, 0x30, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
0x63, 0x61, 0x74, 0x65, 0x25, 0x32, 0x30, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79,
0x25, 0x32, 0x30, 0x32, 0x30, 0x31, 0x37, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x81, 0x87, 0x06, 0x08,
0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x7b, 0x30, 0x79, 0x30, 0x77, 0x06, 0x08,
0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x6b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63,
0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x6f, 0x70, 0x73, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x73, 0x2f,
0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x25, 0x32, 0x30, 0x45, 0x43, 0x43, 0x25,
0x32, 0x30, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x25, 0x32, 0x30, 0x52, 0x6f, 0x6f, 0x74,
0x25, 0x32, 0x30, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x25, 0x32,
0x30, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x25, 0x32, 0x30, 0x32, 0x30, 0x31,
0x37, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03,
0x03, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x30, 0x56, 0x2a, 0xad, 0x72, 0x4c, 0xb9, 0x8c, 0xb3,
0x23, 0x80, 0xf5, 0x5f, 0xf8, 0x21, 0x94, 0x66, 0x0f, 0x76, 0x77, 0xe2, 0x7b, 0x03, 0xdd, 0x30,
0x5e, 0xcb, 0x90, 0xca, 0x78, 0xe6, 0x0b, 0x2d, 0x12, 0xe5, 0xf7, 0x67, 0x31, 0x58, 0x71, 0xe6,
0xf3, 0x64, 0xc1, 0x04, 0xb3, 0x8b, 0xe9, 0xe2, 0x02, 0x31, 0x00, 0xb9, 0x20, 0x61, 0xb9, 0xd0,
0x5e, 0x3a, 0xa4, 0xa2, 0x8a, 0xfe, 0x1d, 0xfc, 0x27, 0x61, 0x0b, 0x98, 0x16, 0x8c, 0x02, 0x9c,
0x20, 0x7f, 0xee, 0xf3, 0xcb, 0x1f, 0x0a, 0x37, 0x62, 0xb1, 0x8e, 0xce, 0xd9, 0x9a, 0x9e, 0xac,
0xe6, 0x1a, 0xd4, 0xb8, 0xf1, 0xa8, 0x2b, 0xb1, 0xb4, 0x40

[SensorAdapterConnectSecure] Device Random :
0xe2, 0x6b, 0x3c, 0x3f, 0x14, 0xce, 0x0d, 0x0b, 0x65, 0xbe, 0x61, 0x8d, 0xfe, 0x28, 0x6f, 0x2c,
0x3c, 0x24, 0xe5, 0x10, 0x43, 0xfe, 0x54, 0xf0, 0x4d, 0xf5, 0x50, 0x75, 0x69, 0xf1, 0xdb, 0x70

[SensorAdapterConnectSecure] Device Public Key :
0xba, 0x1c, 0x22, 0x87, 0xd6, 0x1c, 0xde, 0x55, 0x1c, 0x76, 0xc3, 0xd4, 0x36, 0xd3, 0xf2, 0xfb,
0x9d, 0x66, 0x5d, 0x87, 0x57, 0xee, 0xde, 0x90, 0x94, 0x0c, 0x9e, 0xb2, 0x1b, 0x73, 0xbb, 0x56,
0xc0, 0x91, 0x35, 0xa2, 0xd8, 0xd7, 0x2c, 0xdc, 0xda, 0x1a, 0xf4, 0x55, 0x78, 0x58, 0x4b, 0x13,
0x54, 0x38, 0xe3, 0xbd, 0x18, 0xeb, 0x12, 0xce, 0x9b, 0x81, 0x4f, 0x91, 0x55, 0x4a, 0xa8, 0x54,
0x04,
[SensorAdapterConnectSecure] Firmware Public Key :
0xf2, 0xf0, 0xb2, 0xf7, 0x32, 0x75, 0x56, 0x1b, 0x21, 0xc6, 0xe7, 0xe6, 0x3b, 0x0b, 0xa5, 0x88,
0xaf, 0x92, 0xf9, 0x04, 0x6f, 0x0d, 0x65, 0xdc, 0x76, 0xc4, 0x53, 0x82, 0x87, 0xa2, 0x97, 0x3f,
0x55, 0x60, 0x0c, 0x7f, 0x31, 0x89, 0xaa, 0x88, 0xf4, 0x8c, 0x67, 0xd9, 0xbf, 0xcc, 0x04, 0xd0,
0x3f, 0xc8, 0xba, 0x26, 0x19, 0xcf, 0x7a, 0xa2, 0xd7, 0xbc, 0x73, 0xd9, 0x84, 0x0f, 0x6c, 0x15,
0xc3

[SensorAdapterConnectSecure] Firmware Hash :
0xbf, 0x47, 0xea, 0x1f, 0x4a, 0x4a, 0x60, 0x54, 0x70, 0x31, 0x3c, 0xac, 0xb3, 0xa4, 0x4f, 0x4a,
0x46, 0x1f, 0x68, 0xc6, 0xfa, 0xea, 0xb0, 0x7e, 0x73, 0x76, 0x10, 0xcb, 0x5a, 0xc8, 0x35, 0xce

[SensorAdapterConnectSecure] Model Signature :
0x46, 0x5d, 0x53, 0xff, 0xd5, 0xe9, 0x2a, 0x2b, 0xd8, 0x15, 0x99, 0xd6, 0xbb, 0x0e, 0x24, 0x9b,
0x7e, 0xf7, 0xa1, 0x22, 0xa8, 0xe2, 0x98, 0x17, 0x33, 0xbd, 0x68, 0x6b, 0xa9, 0x0d, 0x7c, 0xf9,
0x5f, 0x7c, 0x6b, 0x7f, 0x0a, 0x7c, 0xdc, 0x1d, 0xf7, 0xf9, 0x91, 0xc7, 0x0e, 0x68, 0xb9, 0x80,
0x23, 0xf7, 0xd7, 0x0a, 0x57, 0x32, 0x96, 0x55, 0x54, 0xae, 0x7d, 0xde, 0x6e, 0xf1, 0xbb, 0x51

[SensorAdapterConnectSecure] Device Signature :
0xda, 0x57, 0x52, 0x0d, 0xdc, 0xb2, 0x4c, 0xe4, 0x07, 0x08, 0xae, 0x7a, 0x2a, 0x40, 0x36, 0x6f,
0xc4, 0xab, 0xe9, 0xb2, 0x4c, 0xaa, 0x30, 0xec, 0xd2, 0xb4, 0x1b, 0xe7, 0x91, 0x9e, 0x49, 0xaa,
0x3f, 0xcb, 0xdf, 0x70, 0xf1, 0xa7, 0x3b, 0x27, 0x0e, 0xd4, 0x49, 0x1a, 0xf0, 0x09, 0x95, 0xac,
0xf9, 0x58, 0xe4, 0x43, 0xad, 0x95, 0xc9, 0xc8, 0x47, 0x13, 0xf3, 0xf2, 0x13, 0xc8, 0xa1, 0x30
[SensorAdapterConnectSecure] ///////////////////////////////////
[SensorAdapterConnectSecure] <--
DLL_THREAD_DETACH

but, when I replace the SensorAdapter of the built-in fingerprint sensor driver to our developing SensorAdapter, it works without problems.

[SensorAdapterConnectSecure] -->
[SensorAdapterConnectSecure] WINBIO_SECURE_CONNECTION PARAMS Size : 105

[SensorAdapterConnectSecure] Host's Random Key :
0x0e, 0xfb, 0x56, 0x09, 0xaa, 0x98, 0x77, 0x71, 0x93, 0xe7, 0x4e, 0x94, 0x20, 0x72, 0xd1, 0xde,
0x61, 0x88, 0xb1, 0x98, 0xbf, 0x09, 0x30, 0x9c, 0x54, 0x69, 0x40, 0xb0, 0x9e, 0x73, 0xba, 0x24

[SensorAdapterConnectSecure] Host's Public Key :
0x04, 0x42, 0xde, 0xcb, 0x17, 0xe9, 0xf5, 0x1f, 0x44, 0xf2, 0x65, 0xea, 0x6b, 0xf1, 0xee, 0xc5,
0x16, 0xd5, 0x4e, 0xdf, 0x65, 0x4e, 0x9f, 0x87, 0xcc, 0x3a, 0xbf, 0x1a, 0x2d, 0xed, 0x84, 0xc3,
0x2d, 0x32, 0x7b, 0x78, 0x32, 0x63, 0x26, 0xf1, 0x98, 0x14, 0x5c, 0xd4, 0x2c, 0x8c, 0x32, 0x18,
0xda, 0x81, 0xd7, 0x15, 0x69, 0x55, 0xf9, 0xe1, 0xff, 0x01, 0x6a, 0x5c, 0x8c, 0x27, 0x9c, 0x26,
0x4c

DeviceIoControl IOCTL_BIOMETRIC_CONNECT_SECURE result : 0, bytesReturned : 0
GetOverlappedResult result : 1, bytesReturned : 3358
[SensorAdapterConnectSecure] ///////////////////////////////////
[SensorAdapterConnectSecure] Size : 3358
[SensorAdapterConnectSecure] Version : 1
[SensorAdapterConnectSecure] Flags : 0
[SensorAdapterConnectSecure] CERT_M_SIZE : 847
[SensorAdapterConnectSecure] CERT_CA1 : 1023
[SensorAdapterConnectSecure] CERT_CA2 : 1114
//...(omit)...
[SensorAdapterConnectSecure] ///////////////////////////////////
[SensorAdapterConnectSecure] <--

[mamckee]

@Lapinee

The certs from the logging don't match the test certs from the wiki exactly. Which certs do the sizes in these logs refer to? The first set of sizes is correct, but the second set matches the incorrect certs.

Model Cert:

• Extra 0x04 at the end
• Size should be 846 bytes, one in the logs is 847 bytes.

CA1 Cert:

• Missing first byte (should be 0x30)
• Missing last byte (should be 0x04, could have been appended to the model cert on accident?)
• Size should be 1025 bytes, one in the logs is only 1023 bytes

CA 2 Cert:

• Extra 0x04 at the beginning
• Missing last byte (Should be 0x9B)
• Size is correct on this one

[Lapinee]

@mamckee

Sorry, There seems to be a problem with the attached previous log.
but As you mentioned, I checked cert_m, Intermediate_CA1, and Intermediate_CA2 again, error state is the same.
(I attached correct log below.)

SDCP_ConnectSecure_Log.txt

Also, the log cases I included last time are as follows.

Case 1. Our driver using Test Vector (SDCP_ConnectSecure_Log.txt)

cert_m : 846 / IntermediateCA1 : 1025 / IntermediateCA2 : 1114

Case 2. The built-in driver (commercial driver) for the notebook replaces and using our SensorAdapter,
so the model certificate and Intermediate CA1, CA2 are not of Test Vector.

cert_m : 847 / IntermediateCA1 : 1023 / IntermediateCA2 : 1114

[Lapinee]

@mamckee

Hello,
Here is Additional Information about Test Cases.

I tested under the following environments.
(In TestSigning Mode, it is possible to upload a modified driver without a valid driver signature. so our replaced SensorAdapter is currently installed with Synaptics' Driver.

Test Steps:

1. Implement SensorAdapterConnectSecure Function on SensorAdapter
2. Using IOCTL_BIOMETRIC_CONNECT_SECURE, WINBIO_SECURE_CONNECTION_DATA including FPR(eg. Synaptics)'s Model Certificate is received from the device driver
3. Transfer WINBIO_SECURE_CONNECTION_DATA to BioTrustlet

In addition, even if Device Driver and IOCTL are not handled, it is possible to check if Secure Connection is properly established in Event Viewer by inserting only SDCP Test Code and Certificate in SensorAdapterConnectSecure function of SensorAdapter.

I’d appreciate it if you could check what certificate is valid, again.
I look forward to hearing from you soon.

[mamckee]

@Lapinee,

I still see a small discrepancy between the model cert in your logs, and the model cert in the wiki. I quickly ran a diff on the two, a couple bytes in the middle are different (wiki cert on the left, test cert from logs on the right):

The CA certs are accurate though. Can you confirm whether those bytes are changed in your code or cert file?

[Lapinee]

@mamckee

Hello
I 'm very grateful to you for all your help .

As a result of verifying the certificates and functions since the last answer,
it was found that the model certificate of our device is wrong.

After fixing the problem of our device, when we put the values of the test vector,
I also checked the result values that are the same as those in github's Test Values.

but, When I change the Test Vector to the actual value(h_r, h_pk, pk_f, sk_f) it still doesn't work.
And the error code displayed in Event Viewer has also been changed to 0x8007001f (ERROR_GEN_FAILURE).

0x8007001f
A device attached to the system is not functioning.

200902_Device_Log.txt
200902_Host_Log.txt

I attached host and device logs and Screenshot of Event Viewer.
Can you please tell us what kind of situation the error is occurring?

and In sdcpcli_hash_claim, it is supposed to put the actual certificate instead of g_model_pub_key.
I am wondering if I can put the certificate (846 bytes) directly or the public key extracted from the certificate.

Always Thank you for everything.

[mamckee]

@Lapinee

Glad to see we fixed the certificate issue. For sdcpcli_hash_claim, you should use the whole model cert instead of the public key. The ERROR_GEN_FAILURE isn't coming from the bio code, so I'd need to look at logs again to get a clue. Let's try using the model cert in sdcpcli_hash_claim to see if that resolves the error. If not, take feedback again and I can try to narrow down where the error is coming from.

[Lapinee]

@mamckee

Hello,
First of all, thank you for your answer.
I tested again from the origin.
As you said, when generating the claim hash, I put the certificate directly (846 bytes).

and I tested three methods like below,

1. ran with github's test vector (came out same result)
2. ran with our developing code (the mac and master secret of host and that of device is same, but the function didn't work on Windows by Error Code : 0x8007001F)
3. ran with synaptics value (The mac values of which we calculated and of those the output from Synaptics FP Sensor were different)

It occured some discrepancy though I thought there wouldn't no problem with the function because the test vector were same.

Additional Information about testing Synaptics Driver.

1. Create Host KeyPair (Public / Private)
2. Transmit the fixed public key; of which created from KeyPair and fixed Host Random value to the Synaptics Driver (this original driver works fine on Windows)
3. Check the value returned by Synaptics FPR.

m: (calculated)
39a132c8aed12288df28119bbbf3d95017739452b502cafe8cde8e96782a7c3e
m: (from Synaptics Driver)
908f2cf1fd4f57b317f13ad1d5f448e2a0ca2a55d43485a398ed455a7658a5d0

*Those were not same between the code of Github and the mac value from Synaptics Driver with using a fixed Host Public Key (and private Key) & Random value

The test code used on below and the log output from the Synaptics FP sensor are attatched like below.
(You can run test code of Synaptics' value with the attached zip file (test/synaptics))

Synaptics_log.txt
SecureDeviceConnectionProtocol.zip

Best Regards.

[mamckee]

@Lapinee

I think the problem is in the master key generation in the example code. We should be using the host public key, and firmware private key instead of the other way around.

ASSERT_EQUAL(0, sdcpcli_derive_master_secret(
        host_key.pk, sizeof(host_key.pk),
        firmware_key.sk, sizeof(firmware_key.sk),
        host_random, sizeof(host_random),
        device_random, sizeof(device_random),
        device_master_secret, sizeof(device_master_secret)));

Let me see if I can dig up that private key, since I don't see it in the example code.

[Lapinee]

@mamckee

Hello,

Synaptics TestCode Example was not processed on the code of device but just on code of Host.
(The code that you explained was code of device.)
I generated Master secret with using <sk_h, pk_f> master secret as instructed on GitHub wiki.

Because the value from Device(Synaptics FP Sensor) is only s_m, s_d, cert_m, r_d, pk_f, pk_d, h_f, I cannot know the private key of firmware.
Besides for verifying the calculated value, the vaue was returned after sending Host Public Key and random value which is fixed for the purpose of test to Synaptics FP Sensor,
not from Host public key and Host random which is generated from Bio Trustlet of Windows.
and the value was not sent from Host Public Key.

Q1. When I excute s_m, s_d, cert_m, r_d, pk_f, pk_d, h_f calculated from Synaptics FP Sensor on GitHub's code,
the Mac value of Synaptics FP Sensor and that of GitHub code has differences.

So would you please to confirm how the MAC value is put out with the attached log value?

0909_test_value.txt

In this case, It seems this problem derived from an error or omission at the calculation of master secret or Claim Hash :H(c) on GitHub's code.

Q2. Why is the error code 0x8007001F come out though I implemented the driver of Github (cert_m of Test Vector)
(Also it comes out same error code 0x8007001F when the incorrect Certificate with Synaptics's driver was input. It needs to be suspicious that the cert_m has some fault.)

Q3. Additionally would you let me know how to get the Real Certificate (with Certificate's Private Key) applied on our FP sensor?

Thank you.

[Lapinee]

@mamckee

Would you have any idea about this matter?
Feel free feedback to me. Thank you!

[mamckee]

@Lapinee

Sorry to get back late, I've had a really busy week.

1. I compared the github code to our test code and can't find any issues with the github sample. How exactly are you getting the fixed values onto the sensor, and is there any way we can see the H(c) and master secret derived on the sensor?

2. There's a lot of places this could be coming from. The error code is ERROR_GEN_FAILURE (A device attached to the system is not functioning) If you take feedback again I can look at the logs to get a better clue, but it's coming from one of the libraries we're calling into.

3. Which certificate do you mean? Are you talking about a new model cert for your FP sensor, or just the github test cert with private key?

[Lapinee]

@mamckee

Hello,
Thank you for your response.

1. I compared the github code to our test code and can't find any issues with the github sample. How exactly are you getting the fixed values onto the sensor, and is there any way we can see the H(c) and master secret derived on the sensor?

As you know it is possible to operate a driver corrected with non-signed if the Windows Test Mode (bcdedit /set TESTSIGNING ON) is activated.
Also it is possible that we can know the values of a device through WINBIO_SECURE_CONNECTION_DATA structure when we send IOCTL_BIOMETRIC_CONNECT_SECURE through SensorAdapter corrected as this picture.

What we can recognize from those values is just the Device Random(r_d), Claim (cert_m, pk_d, pk_f, h_f, s_m, s_d), Mac,
but what we have to calculate by ourselves is for Master Secret and Claim Hash.

Thus what I am just guessing is whether the formula of calculating Claim Hash or generating Master Secret through the Key Agreement is wrong or not.(Please see green)

We cannot calculate the Key Agreement(Master Secret) because the Host Random and the Host Public is transferred from Bio Trustlet on the original Windows Biometrics routine.

2. There's a lot of places this could be coming from. The error code is ERROR_GEN_FAILURE (A device attached to the system is not functioning) If you take feedback again I can look at the logs to get a better clue, but it's coming from one of the libraries we're calling into.

I need your help about how to get an efficient way to the log.

3. Which certificate do you mean? Are you talking about a new model cert for your FP sensor, or just the github test cert with private key?

It just means about the certificate of our commercial FP Sensor.
I’d thought that I can get the Private Key and the certificate which is applicable for the device when we upload the test result through the Hardware Center after proceeding the WHQL test

[mamckee]

@Lapinee

Agreed, it's likely a discrepancy in one or more of those factors. I can run those values through our test code to see, but I probably won't be able to get to it for a bit.

For the logs, just take a recording through feedback hub again (use feedback hub to take a recording under "Security & Privacy/Windows Hello Fingerprint", and share the feedback ID, we can look at the traces)

I'll have to engage with my PMs for getting that cert. Are you on the Microsoft partner portal? If so, we can open a work item to track that.

[Lapinee]

@mamckee

Hello.

Agreed, it's likely a discrepancy in one or more of those factors. I can run those values through our test code to see, but I probably won't be able to get to it for a bit.

Thanks to your hospitality, I will look forward to waiting your reply.

For the logs, just take a recording through feedback hub again (use feedback hub to take a recording under "Security & Privacy/Windows Hello Fingerprint", and share the feedback ID, we can look at the traces)

Reuploaded once again through the feedback hub.

|I'll have to engage with my PMs for getting that cert. Are you on the Microsoft partner portal? If so, we can open a work item to track that.

Yes we are already registered on the Microsoft Partner Portal.
But would you teach me the meaning-open a work item-
In my understanding, what you said is just the way of asking "Collaborate" → "Feedback"?

[mamckee]

@Lapinee,

Sorry for the confusion. Yes, please open a feedback. If should give you an ID number we can find it by.

[Lapinee]

@mamckee

You're welcome.
Here is Feedback's ID on Collaborate. (ID : 380841).

[Lapinee]

@mamckee

Would you share any update?

[mamckee]

@Lapinee

We got the collaborate item and it's assigned to the correct people. As for testing, I haven't had a chance. Earliest I would be able to would be the week after next.