From 3506f0fcadcefde83bcb2701f34da7ea5028127d Mon Sep 17 00:00:00 2001
From: Felix <felix@niederer.dev>
Date: Sun, 17 Nov 2024 13:09:26 +0100
Subject: [PATCH] adding seed

---
 .vscode/c_cpp_properties.json       | 16 ++++++++++++
 .vscode/settings.json               |  5 ++++
 flake.nix                           |  2 +-
 libfprint/drivers/crfpmoc/crfpmoc.c | 39 ++++++++++++++++++++++++++++-
 libfprint/drivers/crfpmoc/crfpmoc.h | 27 ++++++++++++++++++++
 5 files changed, 87 insertions(+), 2 deletions(-)
 create mode 100644 .vscode/c_cpp_properties.json
 create mode 100644 .vscode/settings.json

diff --git a/.vscode/c_cpp_properties.json b/.vscode/c_cpp_properties.json
new file mode 100644
index 00000000..f4e387a8
--- /dev/null
+++ b/.vscode/c_cpp_properties.json
@@ -0,0 +1,16 @@
+{
+    "configurations": [
+        {
+            "name": "Linux",
+            "includePath": [
+                "${workspaceFolder}/**"
+            ],
+            "defines": [],
+            "compilerPath": "/run/current-system/sw/bin/clang",
+            "cStandard": "c17",
+            "cppStandard": "c++17",
+            "intelliSenseMode": "linux-clang-x64"
+        }
+    ],
+    "version": 4
+}
\ No newline at end of file
diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 00000000..cc134d0e
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,5 @@
+{
+    "files.associations": {
+        "cstdlib": "c"
+    }
+}
\ No newline at end of file
diff --git a/flake.nix b/flake.nix
index 2ceafd0d..915a4437 100644
--- a/flake.nix
+++ b/flake.nix
@@ -47,7 +47,7 @@
               src = pkgs.fetchFromGitHub {
               owner = "Xelef2000";
               repo = "libfprint";
-              rev = "56dc7f7524dabc0da55f2a15f7706e73778aa5e7";
+              rev = "05bd17f8eb3cd25e367c67f153d93d3a3bc61c52";
               hash = "sha256-ySifkClM6qjDlm8iPMwWngHs5PrB1reddreziIUEs5k=";
             };
             }))
diff --git a/libfprint/drivers/crfpmoc/crfpmoc.c b/libfprint/drivers/crfpmoc/crfpmoc.c
index 788405a4..bd2f3a32 100644
--- a/libfprint/drivers/crfpmoc/crfpmoc.c
+++ b/libfprint/drivers/crfpmoc/crfpmoc.c
@@ -95,6 +95,9 @@ get_print_data_descriptor (FpPrint *print, gint8 template)
 static void
 crfpmoc_set_print_data (FpPrint *print, gint8 template)
 {
+
+  fp_dbg ("Setting print data");
+
   g_autofree gchar *descr = NULL;
   GVariant *print_id_var = NULL;
   GVariant *fpi_data = NULL;
@@ -223,6 +226,33 @@ crfpmoc_cmd_fp_mode (FpiDeviceCrfpMoc *self, guint32 inmode, guint32 *outmode, G
   return TRUE;
 }
 
+static gboolean
+crfpmoc_cmd_fp_seed (FpiDeviceCrfpMoc *self,const char* seed, GError **error)
+{
+  struct crfpmoc_ec_params_fp_seed p;
+  gboolean rv;
+
+  fp_dbg ("Setting seed '%s'", seed);
+
+  if(strlen(seed) != CRFPMOC_FP_CONTEXT_TPM_BYTES)
+  {
+      g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT, "Seed length should be %d", CRFPMOC_FP_CONTEXT_TPM_BYTES);
+      return FALSE;
+  }
+
+
+  p.struct_version = CRFPMOC_FP_TEMPLATE_FORMAT_VERSION;
+  memset(p.seed, 0, CRFPMOC_FP_CONTEXT_TPM_BYTES);
+  memcpy(p.seed, seed, CRFPMOC_FP_CONTEXT_TPM_BYTES);
+
+  rv = crfpmoc_ec_command (self, CRFPMOC_EC_CMD_FP_SEED, 0, &p, sizeof (p), NULL, 0, error);
+
+  if (!rv)
+    return rv;
+
+  return TRUE;
+}
+
 static gboolean
 crfpmoc_cmd_fp_info (FpiDeviceCrfpMoc *self, guint16 *enrolled_templates, GError **error)
 {
@@ -299,6 +329,7 @@ crfpmoc_open (FpDevice *device)
 
   int fd = open (file, O_RDWR);
 
+
   if (fd < 0)
     {
       g_set_error (&err, G_IO_ERROR, g_io_error_from_errno (errno), "unable to open misc device");
@@ -308,6 +339,9 @@ crfpmoc_open (FpDevice *device)
 
   self->fd = fd;
 
+  // setting very secure seed
+  crfpmoc_cmd_fp_seed (self, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", &err);
+
   fpi_device_open_complete (device, NULL);
 }
 
@@ -360,6 +394,7 @@ crfpmoc_enroll_run_state (FpiSsm *ssm, FpDevice *device)
   FpiDeviceCrfpMoc *self = FPI_DEVICE_CRFPMOC (device);
   EnrollPrint *enroll_print = fpi_ssm_get_data (ssm);
   g_autofree gchar *user_id = NULL;
+  g_autofree gchar *device_print_id = NULL;
   gboolean r;
   guint32 mode;
   guint16 enrolled_templates = 0;
@@ -426,6 +461,8 @@ crfpmoc_enroll_run_state (FpiSsm *ssm, FpDevice *device)
       crfpmoc_cmd_fp_info (self, &enrolled_templates, &error);
       fp_dbg ("Number of enrolled templates is: %d", enrolled_templates);
 
+      // device_print_id = g_strndup (user_id, EGISMOC_FINGERPRINT_DATA_SIZE);
+
       user_id = fpi_print_generate_user_id (enroll_print->print);
       fp_dbg ("New fingerprint ID: %s", user_id);
 
@@ -434,7 +471,7 @@ crfpmoc_enroll_run_state (FpiSsm *ssm, FpDevice *device)
       crfpmoc_set_print_data (enroll_print->print, enrolled_templates - 1);
 
       fp_info ("Enrollment was successful!");
-      fp_info ("Testing build setup");
+
       fpi_device_enroll_complete (device, g_object_ref (enroll_print->print), NULL);
 
       fpi_ssm_mark_completed (ssm);
diff --git a/libfprint/drivers/crfpmoc/crfpmoc.h b/libfprint/drivers/crfpmoc/crfpmoc.h
index 68df2e60..cb00e71f 100644
--- a/libfprint/drivers/crfpmoc/crfpmoc.h
+++ b/libfprint/drivers/crfpmoc/crfpmoc.h
@@ -33,6 +33,7 @@
 
 G_DECLARE_FINAL_TYPE (FpiDeviceCrfpMoc, fpi_device_crfpmoc, FPI, DEVICE_CRFPMOC, FpDevice)
 
+
 #define CRFPMOC_DRIVER_FULLNAME "ChromeOS Fingerprint Match-on-Chip"
 
 #define CRFPMOC_NR_ENROLL_STAGES 5
@@ -46,6 +47,7 @@ G_DECLARE_FINAL_TYPE (FpiDeviceCrfpMoc, fpi_device_crfpmoc, FPI, DEVICE_CRFPMOC,
 #define CRFPMOC_EC_CMD_FP_MODE 0x0402
 #define CRFPMOC_EC_CMD_FP_INFO 0x0403
 #define CRFPMOC_EC_CMD_FP_STATS 0x0407
+#define CRFPMOC_EC_CMD_FP_SEED 0x0408
 
 /* Finger enrollment session on-going */
 #define CRFPMOC_FP_MODE_ENROLL_SESSION (1U << 4)
@@ -60,9 +62,22 @@ G_DECLARE_FINAL_TYPE (FpiDeviceCrfpMoc, fpi_device_crfpmoc, FPI, DEVICE_CRFPMOC,
 
 #define CRFPMOC_FPSTATS_MATCHING_INV (1U << 1)
 
+
+
 /* New Fingerprint sensor event, the event data is fp_events bitmap. */
 #define CRFPMOC_EC_MKBP_EVENT_FINGERPRINT 5
 
+/* Version of the format of the encrypted templates. */
+#define CRFPMOC_FP_TEMPLATE_FORMAT_VERSION 4
+
+/* Constants for encryption parameters */
+#define CRFPMOC_FP_CONTEXT_NONCE_BYTES 12
+#define CRFPMOC_FP_CONTEXT_USERID_WORDS (32 / sizeof(guint32))
+#define CRFPMOC_FP_CONTEXT_TAG_BYTES 16
+#define CRFPMOC_FP_CONTEXT_ENCRYPTION_SALT_BYTES 16
+#define CRFPMOC_FP_CONTEXT_TPM_BYTES 32
+
+
 struct crfpmoc_ec_params_fp_mode
 {
   guint32 mode; /* as defined by CRFPMOC_FP_MODE_ constants */
@@ -87,6 +102,18 @@ struct crfpmoc_ec_response_fp_stats
   gint8  template_matched;
 } __attribute__((packed));
 
+struct crfpmoc_ec_params_fp_seed {
+	/*
+	 * Version of the structure format (N=3).
+	 */
+	guint16 struct_version;
+	/* Reserved bytes, set to 0. */
+	guint16 reserved;
+	/* Seed from the TPM. */
+	guint8 seed[CRFPMOC_FP_CONTEXT_TPM_BYTES];
+} __attribute__((packed));
+
+
 struct crfpmoc_ec_response_fp_info
 {
   /* Sensor identification */