libaacs | branch: master | Janusz Dziemidowicz <rraptorr at nails.eu.org> | Sun Jan 12 14:51:57 2014 +0100| [f60d0d487bb8330e431d5e770e59b18c7bc3bb72] | committer: npzacs
Do not retrieve MKB using MMC commands during AACS-Auth In _mmc_read_auth() MMC commands are used to retrieve MKB from the drive to display a warning if a host certificate is revoked. Unfortunately, reading MKB using MMC is very slow (up to 10 seconds) and it bypasses OS cache so it takes the same amount of time every time. _mmc_read_auth() is called several times (VID retrieval, PMSN retrieval, read data key retrieval), which can cause up to 30 second delay when trying to play a disc (VID is cached, but PMSN is not and BD-J code tends to try to retrieve it even when there is no PMSN on the disc). Fix this by removing MKB retrieval in _mmc_read_auth(). This only causes a warning not to be displayed, however there still will be an information if the host certificate is revoked (drive will simply reject it). 1 file changed, 67 deletions(-) > http://git.videolan.org/gitweb.cgi/libaacs.git/?a=commit;h=f60d0d487bb8330e431d5e770e59b18c7bc3bb72 --- src/libaacs/aacs.c | 67 ---------------------------------------------------- 1 file changed, 67 deletions(-) diff --git a/src/libaacs/aacs.c b/src/libaacs/aacs.c index 7fc5d80..1fcacd0 100644 --- a/src/libaacs/aacs.c +++ b/src/libaacs/aacs.c @@ -431,63 +431,6 @@ static int _calc_mk(AACS *aacs, uint8_t *mk, pk_list *pkl, dk_list *dkl) return AACS_ERROR_CORRUPTED_DISC; } -static MKB *_get_hrl_mkb(MMC *mmc) -{ - MKB *mkb = NULL; - uint8_t *data; - int mkb_size; - - data = mmc_read_mkb(mmc, 0, &mkb_size); - - /* check acquired hrl signature */ - if (data && mkb_size > 0) { - if (_rl_verify_signature(data, mkb_size)) { - mkb = mkb_init(data, mkb_size); - DEBUG(DBG_AACS, "Partial hrl mkb read. Version: %d\n", mkb_version(mkb)); - } else { - DEBUG(DBG_AACS | DBG_CRIT, "invalid host revocation list signature, not using it\n"); - X_FREE(data); - } - } - - if (mkb) { - /* use latest version, keep cache up-to-date */ - uint32_t size; - size = mkb_data_size(mkb); - data = cache_get_or_update("hrl", mkb_data(mkb), &size, mkb_version(mkb)); - - if (!_rl_verify_signature(data, size)) { - DEBUG(DBG_AACS | DBG_CRIT, "invalid cached host revocation list signature, replacing it\n"); - cache_save("hrl", mkb_version(mkb), mkb_data(mkb), mkb_data_size(mkb)); - X_FREE(data); - } else { - /* use cached version */ - mkb_close(mkb); - mkb = mkb_init(data, size); - } - - } else { - /* use cached version */ - uint32_t size; - data = cache_get_or_update("hrl", NULL, &size, 0); - if (data && size > 0) { - if (_rl_verify_signature(data, size)) { - mkb = mkb_init(data, size); - } else { - DEBUG(DBG_AACS | DBG_CRIT, "invalid cached host revocation list signature, deleting cache\n"); - cache_remove("hrl"); - } - } - } - - - if (mkb) { - DEBUG(DBG_AACS, "Using hrl version %d\n", mkb_version(mkb)); - } - - return mkb; -} - static int _mmc_read_auth(AACS *aacs, cert_list *hcl, int type, uint8_t *p1, uint8_t *p2) { MMC* mmc = NULL; @@ -497,7 +440,6 @@ static int _mmc_read_auth(AACS *aacs, cert_list *hcl, int type, uint8_t *p1, uin int error_code = AACS_ERROR_NO_CERT; - MKB *hrl_mkb = _get_hrl_mkb(mmc); const uint8_t *drive_cert = mmc_get_drive_cert(mmc); for (; hcl ; hcl = hcl->next) { @@ -510,13 +452,6 @@ static int _mmc_read_auth(AACS *aacs, cert_list *hcl, int type, uint8_t *p1, uin continue; } - if (mkb_host_cert_is_revoked(hrl_mkb, hcl->host_cert + 4) > 0) { - DEBUG(DBG_AACS | DBG_CRIT, "Host certificate %s has been revoked.\n", - print_hex(tmp_str, hcl->host_cert + 4, 6)); - error_code = AACS_ERROR_CERT_REVOKED; - //continue; - } - if (drive_cert && (drive_cert[1] & 0x01) && !(hcl->host_cert[1] & 0x01)) { DEBUG(DBG_AACS, "Certificate (id 0x%s) does not support bus encryption\n", print_hex(tmp_str, hcl->host_cert + 4, 6)); @@ -529,7 +464,6 @@ static int _mmc_read_auth(AACS *aacs, cert_list *hcl, int type, uint8_t *p1, uin int mmc_result = mmc_read_auth(mmc, hcl->host_priv_key, hcl->host_cert, type, p1, p2); switch (mmc_result) { case MMC_SUCCESS: - mkb_close(hrl_mkb); mmc_close(mmc); return AACS_SUCCESS; case MMC_ERROR_CERT_REVOKED: @@ -542,7 +476,6 @@ static int _mmc_read_auth(AACS *aacs, cert_list *hcl, int type, uint8_t *p1, uin } } - mkb_close(hrl_mkb); mmc_close(mmc); return error_code; _______________________________________________ libaacs-devel mailing list libaacs-devel@videolan.org https://mailman.videolan.org/listinfo/libaacs-devel
