adding seed

2026-05-05 01:58:02 +02:00 · 2024-11-17 13:09:26 +01:00 · 2024-11-17 13:09:26 +01:00 · 598646e1a9
commit 598646e1a9
parent 3c1408619e
5 changed files with 87 additions and 2 deletions
--- a/.vscode/c_cpp_properties.json
+++ b/.vscode/c_cpp_properties.json
@ -0,0 +1,16 @@
+{
+    "configurations": [
+        {
+            "name": "Linux",
+            "includePath": [
+                "${workspaceFolder}/**"
+            ],
+            "defines": [],
+            "compilerPath": "/run/current-system/sw/bin/clang",
+            "cStandard": "c17",
+            "cppStandard": "c++17",
+            "intelliSenseMode": "linux-clang-x64"
+        }
+    ],
+    "version": 4
+}
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -0,0 +1,5 @@
+{
+    "files.associations": {
+        "cstdlib": "c"
+    }
+}
--- a/flake.nix
+++ b/flake.nix
@ -47,7 +47,7 @@
              src = pkgs.fetchFromGitHub {
              owner = "Xelef2000";
              repo = "libfprint";
-              rev = "56dc7f7524dabc0da55f2a15f7706e73778aa5e7";
+              rev = "05bd17f8eb3cd25e367c67f153d93d3a3bc61c52";
              hash = "sha256-ySifkClM6qjDlm8iPMwWngHs5PrB1reddreziIUEs5k=";
            };
            }))
--- a/libfprint/drivers/crfpmoc/crfpmoc.c
+++ b/libfprint/drivers/crfpmoc/crfpmoc.c
@ -95,6 +95,9 @@ get_print_data_descriptor (FpPrint *print, gint8 template)
 static void
 crfpmoc_set_print_data (FpPrint *print, gint8 template)
 {
+
+  fp_dbg ("Setting print data");
+
  g_autofree gchar *descr = NULL;
  GVariant *print_id_var = NULL;
  GVariant *fpi_data = NULL;
@ -223,6 +226,33 @@ crfpmoc_cmd_fp_mode (FpiDeviceCrfpMoc *self, guint32 inmode, guint32 *outmode, G
  return TRUE;
 }

+static gboolean
+crfpmoc_cmd_fp_seed (FpiDeviceCrfpMoc *self,const char* seed, GError **error)
+{
+  struct crfpmoc_ec_params_fp_seed p;
+  gboolean rv;
+
+  fp_dbg ("Setting seed '%s'", seed);
+
+  if(strlen(seed) != CRFPMOC_FP_CONTEXT_TPM_BYTES)
+  {
+      g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT, "Seed length should be %d", CRFPMOC_FP_CONTEXT_TPM_BYTES);
+      return FALSE;
+  }
+
+
+  p.struct_version = CRFPMOC_FP_TEMPLATE_FORMAT_VERSION;
+  memset(p.seed, 0, CRFPMOC_FP_CONTEXT_TPM_BYTES);
+  memcpy(p.seed, seed, CRFPMOC_FP_CONTEXT_TPM_BYTES);
+
+  rv = crfpmoc_ec_command (self, CRFPMOC_EC_CMD_FP_SEED, 0, &p, sizeof (p), NULL, 0, error);
+
+  if (!rv)
+    return rv;
+
+  return TRUE;
+}
+
 static gboolean
 crfpmoc_cmd_fp_info (FpiDeviceCrfpMoc *self, guint16 *enrolled_templates, GError **error)
 {
@ -299,6 +329,7 @@ crfpmoc_open (FpDevice *device)

  int fd = open (file, O_RDWR);

+
  if (fd < 0)
    {
      g_set_error (&err, G_IO_ERROR, g_io_error_from_errno (errno), "unable to open misc device");
@ -308,6 +339,9 @@ crfpmoc_open (FpDevice *device)

  self->fd = fd;

+  // setting very secure seed
+  crfpmoc_cmd_fp_seed (self, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", &err);
+
  fpi_device_open_complete (device, NULL);
 }

@ -360,6 +394,7 @@ crfpmoc_enroll_run_state (FpiSsm *ssm, FpDevice *device)
  FpiDeviceCrfpMoc *self = FPI_DEVICE_CRFPMOC (device);
  EnrollPrint *enroll_print = fpi_ssm_get_data (ssm);
  g_autofree gchar *user_id = NULL;
+  g_autofree gchar *device_print_id = NULL;
  gboolean r;
  guint32 mode;
  guint16 enrolled_templates = 0;
@ -426,6 +461,8 @@ crfpmoc_enroll_run_state (FpiSsm *ssm, FpDevice *device)
      crfpmoc_cmd_fp_info (self, &enrolled_templates, &error);
      fp_dbg ("Number of enrolled templates is: %d", enrolled_templates);

+      // device_print_id = g_strndup (user_id, EGISMOC_FINGERPRINT_DATA_SIZE);
+
      user_id = fpi_print_generate_user_id (enroll_print->print);
      fp_dbg ("New fingerprint ID: %s", user_id);

@ -434,7 +471,7 @@ crfpmoc_enroll_run_state (FpiSsm *ssm, FpDevice *device)
      crfpmoc_set_print_data (enroll_print->print, enrolled_templates - 1);

      fp_info ("Enrollment was successful!");
-      fp_info ("Testing build setup");
+
      fpi_device_enroll_complete (device, g_object_ref (enroll_print->print), NULL);

      fpi_ssm_mark_completed (ssm);
--- a/libfprint/drivers/crfpmoc/crfpmoc.h
+++ b/libfprint/drivers/crfpmoc/crfpmoc.h
@ -33,6 +33,7 @@

 G_DECLARE_FINAL_TYPE (FpiDeviceCrfpMoc, fpi_device_crfpmoc, FPI, DEVICE_CRFPMOC, FpDevice)

+
 #define CRFPMOC_DRIVER_FULLNAME "ChromeOS Fingerprint Match-on-Chip"

 #define CRFPMOC_NR_ENROLL_STAGES 5
@ -46,6 +47,7 @@ G_DECLARE_FINAL_TYPE (FpiDeviceCrfpMoc, fpi_device_crfpmoc, FPI, DEVICE_CRFPMOC,
 #define CRFPMOC_EC_CMD_FP_MODE 0x0402
 #define CRFPMOC_EC_CMD_FP_INFO 0x0403
 #define CRFPMOC_EC_CMD_FP_STATS 0x0407
+#define CRFPMOC_EC_CMD_FP_SEED 0x0408

 /* Finger enrollment session on-going */
 #define CRFPMOC_FP_MODE_ENROLL_SESSION (1U << 4)
@ -60,9 +62,22 @@ G_DECLARE_FINAL_TYPE (FpiDeviceCrfpMoc, fpi_device_crfpmoc, FPI, DEVICE_CRFPMOC,

 #define CRFPMOC_FPSTATS_MATCHING_INV (1U << 1)

+
+
 /* New Fingerprint sensor event, the event data is fp_events bitmap. */
 #define CRFPMOC_EC_MKBP_EVENT_FINGERPRINT 5

+/* Version of the format of the encrypted templates. */
+#define CRFPMOC_FP_TEMPLATE_FORMAT_VERSION 4
+
+/* Constants for encryption parameters */
+#define CRFPMOC_FP_CONTEXT_NONCE_BYTES 12
+#define CRFPMOC_FP_CONTEXT_USERID_WORDS (32 / sizeof(guint32))
+#define CRFPMOC_FP_CONTEXT_TAG_BYTES 16
+#define CRFPMOC_FP_CONTEXT_ENCRYPTION_SALT_BYTES 16
+#define CRFPMOC_FP_CONTEXT_TPM_BYTES 32
+
+
 struct crfpmoc_ec_params_fp_mode
 {
  guint32 mode; /* as defined by CRFPMOC_FP_MODE_ constants */
@ -87,6 +102,18 @@ struct crfpmoc_ec_response_fp_stats
  gint8  template_matched;
 } __attribute__((packed));

+struct crfpmoc_ec_params_fp_seed {
+	/*
+	 * Version of the structure format (N=3).
+	 */
+	guint16 struct_version;
+	/* Reserved bytes, set to 0. */
+	guint16 reserved;
+	/* Seed from the TPM. */
+	guint8 seed[CRFPMOC_FP_CONTEXT_TPM_BYTES];
+} __attribute__((packed));
+
+
 struct crfpmoc_ec_response_fp_info
 {
  /* Sensor identification */