AACS 2.0 uses different public keys than AACS 1.0. While public by
definition, they are not known. Skip content certificate signature
validation so that AACS 2.0 media can be played under certain
conditions:
- "UHD friendly" drive is used, those are AACS 1.0 drives that can
  read UHD media
- non-revoked AACS 1.0 host certificate is available
- disc VUK is available

Official UHD drives, that implement AACS 2.0 will not work. Special
drive is needed because AACS 2.0 mandates bus encryption. With bus
encryption, even with valid disc VUK data is still encrypted by the
drive on the fly. The so called UHD friendly drives bypass that.
---
 src/libaacs/content_cert.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/libaacs/content_cert.c b/src/libaacs/content_cert.c
index 5618ac0..ec0d46d 100644
--- a/src/libaacs/content_cert.c
+++ b/src/libaacs/content_cert.c
@@ -40,7 +40,7 @@ CONTENT_CERT *cc_parse(const void *data, size_t len)
         BD_DEBUG(DBG_AACS | DBG_CRIT, "Invalid content certificate (length %zd 
< 87)\n", len);
         return NULL;
     }
-    if (p[0] != 0) {
+    if (p[0] != 0 && p[0] != 0x10) {
         BD_DEBUG(DBG_AACS | DBG_CRIT, "Invalid content certificate type 
0x%02x\n", p[0]);
         return NULL;
     }
@@ -58,9 +58,9 @@ CONTENT_CERT *cc_parse(const void *data, size_t len)
         return NULL;
     }
 
-    /* check signature */
+    /* check signature only for AACS 1.0 content certificates */
 
-    if (!crypto_aacs_verify_aacscc(p + cert_data_len, p, cert_data_len)) {
+    if (p[0] == 0 && !crypto_aacs_verify_aacscc(p + cert_data_len, p, 
cert_data_len)) {
         BD_DEBUG(DBG_AACS | DBG_CRIT, "Invalid content certificate 
signature\n");
         return NULL;
     }
-- 
2.15.1

_______________________________________________
libaacs-devel mailing list
libaacs-devel@videolan.org
https://mailman.videolan.org/listinfo/libaacs-devel

Reply via email to