libaacs | branch: master | npzacs <npz...@gmail.com> | Thu Aug 16 16:02:51 2018 
+0300| [03d30852590b86e73cb8fd52dde808dbe0c2ac0f] | committer: npzacs

crypto_aacs_verify_aacscc(): add AACS2 support

> http://git.videolan.org/gitweb.cgi/libaacs.git/?a=commit;h=03d30852590b86e73cb8fd52dde808dbe0c2ac0f
---

 src/libaacs/crypto.c | 33 +++++++++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)

diff --git a/src/libaacs/crypto.c b/src/libaacs/crypto.c
index 200e401..a99b63e 100644
--- a/src/libaacs/crypto.c
+++ b/src/libaacs/crypto.c
@@ -262,6 +262,11 @@ static const char *_aacs1_curve(void)
     "(n #00"AACS_EC_n"#)";
 }
 
+static const char *_aacs2_curve(void)
+{
+  return "(curve \"NIST P-256\")";
+}
+
 static gcry_error_t _aacs_sexp_key(gcry_sexp_t *p_sexp_key,
                                    const uint8_t *q_x, const uint8_t *q_y,
                                    const uint8_t *priv_key,
@@ -269,11 +274,11 @@ static gcry_error_t _aacs_sexp_key(gcry_sexp_t 
*p_sexp_key,
                                    size_t key_len)
 {
     gcry_mpi_t    mpi_d = NULL;
-    unsigned char Q[41];
+    unsigned char Q[65];
     char          str_Q[sizeof(Q) * 2 + 1];
     gcry_error_t  err;
 
-    BD_ASSERT (key_len == 20);
+    BD_ASSERT (key_len == 20 || key_len == 32);
 
     /* Assign MPI values for ECDSA parameters Q and d.
      * Values are:
@@ -364,7 +369,7 @@ static gcry_error_t _aacs_sexp_hash(gcry_sexp_t 
*p_sexp_data,
                                     enum gcry_md_algos hash_type)
 {
     gcry_mpi_t   mpi_md = NULL;
-    uint8_t      md[20];
+    uint8_t      md[32];
     gcry_error_t err;
     size_t hash_size;
 
@@ -372,6 +377,9 @@ static gcry_error_t _aacs_sexp_hash(gcry_sexp_t 
*p_sexp_data,
     case GCRY_MD_SHA1:
         hash_size = 20;
         break;
+    case GCRY_MD_SHA256:
+        hash_size = 32;
+        break;
     default:
         BD_ASSERT_UNREACHABLE ("unsupported hash algorithm");
         return GPG_ERR_UNKNOWN_ALGORITHM;
@@ -540,6 +548,10 @@ static int _aacs_verify(const uint8_t *signature, enum 
gcry_md_algos hash_type,
         curve = _aacs1_curve();
         key_len = 20;
         break;
+    case GCRY_MD_SHA256:
+        curve = _aacs2_curve();
+        key_len = 32;
+        break;
     default:
         BD_ASSERT_UNREACHABLE ("invalid signature size");
         return 0;
@@ -586,8 +598,21 @@ int  crypto_aacs_verify_aacscc(const uint8_t *signature, 
const uint8_t *data, ui
                                                 0xA4, 0x9F, 0x78, 0x00, 0xC7, 
0x7D, 0xE9, 0x0C, 0xB3, 0x4C };
     static const uint8_t aacs_cc_pubkey_y[] = { 0x00, 0x1D, 0xF3, 0x6B, 0x8F, 
0x2E, 0xCF, 0x83, 0xCD, 0xEE,
                                                 0x43, 0x8F, 0x7F, 0xD1, 0xF4, 
0x80, 0x6F, 0xD2, 0x0D, 0xE7 };
+    static const uint8_t aacs2_cc_pubkey_x[] = { 0xE7, 0x0D, 0x49, 0xD2, 0x6F, 
0x45, 0xEA, 0xA7, 0x36, 0x93, 0x9D, 0x72, 0x88, 0x2E, 0xD8, 0xFB,
+                                                 0xA1, 0x60, 0x70, 0x26, 0x96, 
0x39, 0x49, 0x97, 0x04, 0x96, 0xC9, 0x10, 0xEA, 0x5C, 0x9D, 0xC2 };
+    static const uint8_t aacs2_cc_pubkey_y[] = { 0xD1, 0xF5, 0x89, 0x7C, 0xEC, 
0xB8, 0x44, 0x01, 0x4E, 0x0F, 0xB0, 0x8C, 0xC7, 0x6E, 0x20, 0xE8,
+                                                 0x54, 0x5E, 0xCC, 0x27, 0x1E, 
0xE4, 0x6C, 0x4A, 0xEF, 0x81, 0xD9, 0x16, 0x9B, 0xF8, 0x41, 0x72 };
+    switch (data[0]) {
+    case 0x00: /* AACS 1 */
+        return !_aacs_verify(signature, GCRY_MD_SHA1, aacs_cc_pubkey_x, 
aacs_cc_pubkey_y, data, len);
+    case 0x10: /* AACS 2 */
+        return !_aacs_verify(signature, GCRY_MD_SHA256, aacs2_cc_pubkey_x, 
aacs2_cc_pubkey_y, data, len);
+    default:
+        BD_DEBUG(DBG_AACS | DBG_CRIT, "Unknown content certificate type 
0x%02x\n", data[0]);
+        break;
+    }
 
-    return !_aacs_verify(signature, GCRY_MD_SHA1, aacs_cc_pubkey_x, 
aacs_cc_pubkey_y, data, len);
+    return 0;
 }
 
 static int crypto_aacs_verify_cert(const uint8_t *cert)

_______________________________________________
libaacs-devel mailing list
libaacs-devel@videolan.org
https://mailman.videolan.org/listinfo/libaacs-devel

Reply via email to