Petri Hintukainen pushed to branch master at VideoLAN / libaacs
Commits:
693de0c1 by npzacs at 2021-05-04T18:17:40+03:00
Return error code from crypto_aacs_verify()
- - - - -
b9f59265 by npzacs at 2021-05-04T18:22:13+03:00
mmc: error out if AES fails
(Output buffer content is undefined)
- - - - -
2 changed files:
- src/libaacs/crypto.c
- src/libaacs/mmc.c
Changes:
=====================================
src/libaacs/crypto.c
=====================================
@@ -678,7 +678,7 @@ static int _aacs_verify(const uint8_t *signature, enum
gcry_md_algos hash_type,
int crypto_aacs_verify(const uint8_t *cert, const uint8_t *signature, const
uint8_t *data, uint32_t len)
{
- return !_aacs_verify(signature, GCRY_MD_SHA1, cert + 12, cert + 32, data,
len);
+ return _aacs_verify(signature, GCRY_MD_SHA1, cert + 12, cert + 32, data,
len);
}
int crypto_aacs_verify_aacsla(const uint8_t *signature, const uint8_t *data,
uint32_t len)
=====================================
src/libaacs/mmc.c
=====================================
@@ -435,11 +435,17 @@ static int _verify_signature(const uint8_t *cert, const
uint8_t *signature,
const uint8_t *nonce, const uint8_t *point)
{
uint8_t data[60];
+ int crypto_error;
memcpy(data, nonce, 20);
memcpy(data + 20, point, 40);
- return crypto_aacs_verify(cert, signature, data, 60);
+ crypto_error = crypto_aacs_verify(cert, signature, data, 60);
+ if (crypto_error) {
+ LOG_CRYPTO_ERROR(DBG_MMC, "signature verification failed",
crypto_error);
+ }
+
+ return (crypto_error == 0);
}
static int _mmc_aacs_auth(MMC *mmc, uint8_t agid, const uint8_t
*host_priv_key, const uint8_t *host_cert, uint8_t *bus_key)
@@ -557,9 +563,11 @@ static int _read_vid(MMC *mmc, uint8_t agid, const uint8_t
*bus_key, uint8_t *vi
err = crypto_aes_cmac_16(vid, bus_key, calc_mac);
if (err) {
LOG_CRYPTO_ERROR(DBG_MMC, "VID MAC calculation failed", err);
+ return MMC_ERROR;
}
if (memcmp(calc_mac, mac, 16)) {
BD_DEBUG(DBG_MMC | DBG_CRIT, "VID MAC is incorrect. This means
this Volume ID is not correct.\n");
+ return MMC_ERROR;
}
return MMC_SUCCESS;
@@ -588,9 +596,11 @@ static int _read_pmsn(MMC *mmc, uint8_t agid, const
uint8_t *bus_key, uint8_t *p
err = crypto_aes_cmac_16(pmsn, bus_key, calc_mac);
if (err) {
LOG_CRYPTO_ERROR(DBG_MMC, "PMSN MAC calculation failed", err);
+ return MMC_ERROR;
}
if (memcmp(calc_mac, mac, 16)) {
BD_DEBUG(DBG_MMC | DBG_CRIT, "PMSN MAC is incorrect. This means
this Pre-recorded Medial Serial Number is not correct.\n");
+ return MMC_ERROR;
}
return MMC_SUCCESS;
@@ -614,6 +624,7 @@ static int _read_data_keys(MMC *mmc, uint8_t agid, const
uint8_t *bus_key,
int err = crypto_aes128d(bus_key, encrypted_read_data_key,
read_data_key);
if (err) {
LOG_CRYPTO_ERROR(DBG_MMC, "decrypting read data key failed",
err);
+ return MMC_ERROR;
}
if (DEBUG_KEYS) {
BD_DEBUG(DBG_MMC, "READ DATA KEY : %s\n",
str_print_hex(str, read_data_key, 16));
@@ -623,6 +634,7 @@ static int _read_data_keys(MMC *mmc, uint8_t agid, const
uint8_t *bus_key,
int err = crypto_aes128d(bus_key, encrypted_write_data_key,
write_data_key);
if (err) {
LOG_CRYPTO_ERROR(DBG_MMC, "decrypting write data key failed",
err);
+ return MMC_ERROR;
}
if (DEBUG_KEYS) {
BD_DEBUG(DBG_MMC, "WRITE DATA KEY : %s\n",
str_print_hex(str, write_data_key, 16));
View it on GitLab:
https://code.videolan.org/videolan/libaacs/-/compare/53e37d597fb15a2d3a7cb9a90056d84caf685195...b9f592658d4faba846e2051c9ab37e6986f4bc74
--
View it on GitLab:
https://code.videolan.org/videolan/libaacs/-/compare/53e37d597fb15a2d3a7cb9a90056d84caf685195...b9f592658d4faba846e2051c9ab37e6986f4bc74
You're receiving this email because of your account on code.videolan.org.
_______________________________________________
libaacs-devel mailing list
libaacs-devel@videolan.org
https://mailman.videolan.org/listinfo/libaacs-devel
