[libaacs-devel] Improved error logging when drive and certificate are incompatible

npzacs Sun, 20 Oct 2013 02:06:55 -0700

libaacs | branch: master | npzacs <npz...@gmail.com> | Tue Oct 15 09:38:51 2013 
+0300| [07e540c962b0dc090c3417e4c01ca6d4f5fe762c] | committer: npzacs


Improved error logging when drive and certificate are incompatible

> http://git.videolan.org/gitweb.cgi/libaacs.git/?a=commit;h=07e540c962b0dc090c3417e4c01ca6d4f5fe762c
---

 src/libaacs/aacs.c |   16 +++++++++++++++-
 src/libaacs/mmc.c  |   16 +++++++++++++++-
 src/libaacs/mmc.h  |    1 +
 3 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/src/libaacs/aacs.c b/src/libaacs/aacs.c
index 004333e..55d270e 100644
--- a/src/libaacs/aacs.c
+++ b/src/libaacs/aacs.c
@@ -288,6 +288,7 @@ static int _read_vid(AACS *aacs, cert_list *hcl)
     int error_code = AACS_ERROR_NO_CERT;
 
     MKB *hrl_mkb = _get_hrl_mkb(mmc);
+    const uint8_t *drive_cert = mmc_get_drive_cert(mmc);
 
     for (;hcl && hcl->host_priv_key && hcl->host_cert; hcl = hcl->next) {
 
@@ -302,13 +303,19 @@ static int _read_vid(AACS *aacs, cert_list *hcl)
             continue;
         }
 
-        if (mkb_host_cert_is_revoked(hrl_mkb, cert + 4)) {
+        if (mkb_host_cert_is_revoked(hrl_mkb, cert + 4) > 0) {
             DEBUG(DBG_AACS | DBG_CRIT, "Host certificate %s has been 
revoked.\n",
                   print_hex(tmp_str, cert + 4, 6));
             error_code = AACS_ERROR_CERT_REVOKED;
             //continue;
         }
 
+        if (drive_cert && (drive_cert[1] & 0x01) && !(cert[1] & 0x01)) {
+            DEBUG(DBG_AACS, "Certificate (id 0x%s) does not support bus 
encryption\n",
+                  print_hex(tmp_str, cert + 4, 6));
+            //continue;
+        }
+
         DEBUG(DBG_AACS, "Trying host certificate (id 0x%s)...\n",
               print_hex(tmp_str, cert + 4, 6));
 
@@ -392,6 +399,7 @@ static int _read_pmsn(AACS *aacs, cert_list *hcl)
     }
 
     int error_code = AACS_ERROR_NO_CERT;
+    const uint8_t *drive_cert = mmc_get_drive_cert(mmc);
 
     for (;hcl && hcl->host_priv_key && hcl->host_cert; hcl = hcl->next) {
 
@@ -406,6 +414,12 @@ static int _read_pmsn(AACS *aacs, cert_list *hcl)
             continue;
         }
 
+        if (drive_cert && (drive_cert[1] & 0x01) && !(cert[1] & 0x01)) {
+            DEBUG(DBG_AACS, "Certificate (id 0x%s) does not support bus 
encryption\n",
+                  print_hex(tmp_str, cert + 4, 6));
+            //continue;
+        }
+
         DEBUG(DBG_AACS, "Trying host certificate (id 0x%s)...\n",
               print_hex(tmp_str, cert + 4, 6));
 
diff --git a/src/libaacs/mmc.c b/src/libaacs/mmc.c
index c091d42..ce62d41 100644
--- a/src/libaacs/mmc.c
+++ b/src/libaacs/mmc.c
@@ -1040,7 +1040,13 @@ static int _mmc_aacs_auth(MMC *mmc, uint8_t agid, const 
uint8_t *host_priv_key,
 
     // send host cert + nonce
     if (!_mmc_send_host_cert(mmc, agid, mmc->host_nonce, host_cert)) {
-        DEBUG(DBG_MMC | DBG_CRIT, "Host key / Certificate has been revoked by 
your drive ?\n");
+
+        if ((mmc->drive_cert[1] & 0x01) && !(host_cert[1] & 0x01)) {
+            DEBUG(DBG_MMC | DBG_CRIT, "Certificate (id 0x%s) can not be used 
with bus encryption capable drive\n",
+                  print_hex(str, host_cert + 4, 6));
+        } else {
+            DEBUG(DBG_MMC | DBG_CRIT, "Host key / Certificate has been revoked 
by your drive ?\n");
+        }
         return MMC_ERROR_CERT_REVOKED;
     }
 
@@ -1280,6 +1286,14 @@ int mmc_read_drive_cert(MMC *mmc, uint8_t *drive_cert)
     return MMC_SUCCESS;
 }
 
+const uint8_t *mmc_get_drive_cert(MMC *mmc)
+{
+    if (mmc->drive_cert[0] == 0x01) {
+        return mmc->drive_cert;
+    }
+    return NULL;
+}
+
 uint8_t *mmc_read_mkb(MMC *mmc, int address, int *size)
 {
     uint8_t agid = 0;
diff --git a/src/libaacs/mmc.h b/src/libaacs/mmc.h
index 73fb022..0355408 100644
--- a/src/libaacs/mmc.h
+++ b/src/libaacs/mmc.h
@@ -40,6 +40,7 @@ AACS_PRIVATE int  mmc_read_pmsn(MMC *mmc, const uint8_t 
*host_priv_key, const ui
 AACS_PRIVATE int  mmc_read_data_keys(MMC *mmc, const uint8_t *host_priv_key, 
const uint8_t *host_cert,
                                      uint8_t *read_data_key, uint8_t 
*write_data_key);
 AACS_PRIVATE int  mmc_read_drive_cert(MMC *mmc, uint8_t *drive_cert);
+AACS_PRIVATE const uint8_t *mmc_get_drive_cert(MMC *mmc);
 
 /* read partial MKB */
 AACS_PRIVATE uint8_t *mmc_read_mkb(MMC *mmc, int address, int *size);

_______________________________________________
libaacs-devel mailing list
libaacs-devel@videolan.org
https://mailman.videolan.org/listinfo/libaacs-devel

[libaacs-devel] Improved error logging when drive and certificate are incompatible

Reply via email to