Petri Hintukainen pushed to branch master at VideoLAN / libaacs
Commits:
c0d5c14e by npzacs at 2021-05-18T12:53:02+03:00
aacs: error out after gcrypt AES error.
Output key content is undefined.
- - - - -
2 changed files:
- src/libaacs/aacs.c
- src/libaacs/aacs.h
Changes:
=====================================
src/libaacs/aacs.c
=====================================
@@ -112,6 +112,7 @@ static int _validate_pk(const uint8_t *pk,
crypto_err = crypto_aes128d(pk, cvalue, mk);
if (crypto_err) {
LOG_CRYPTO_ERROR(DBG_AACS, "decrypting media key failed", crypto_err);
+ return AACS_ERROR_UNKNOWN;
}
for (a = 0; a < 4; a++) {
@@ -121,6 +122,7 @@ static int _validate_pk(const uint8_t *pk,
crypto_err = crypto_aes128d(mk, vd, dec_vd);
if (crypto_err) {
LOG_CRYPTO_ERROR(DBG_AACS, "decrypting media key verification data
failed", crypto_err);
+ return AACS_ERROR_UNKNOWN;
}
if (!memcmp(dec_vd, "\x01\x23\x45\x67\x89\xAB\xCD\xEF", 8)) {
BD_DEBUG(DBG_AACS, "Processing key %s is valid!\n", str_print_hex(str,
pk, 16));
@@ -225,7 +227,7 @@ static uint32_t _calc_v_mask(uint32_t uv)
return v_mask;
}
-static void _calc_pk(const uint8_t *dk, uint8_t *pk, uint32_t uv, uint32_t
v_mask, uint32_t dev_key_v_mask)
+static int _calc_pk(const uint8_t *dk, uint8_t *pk, uint32_t uv, uint32_t
v_mask, uint32_t dev_key_v_mask)
{
unsigned char left_child[16], right_child[16];
int crypto_err;
@@ -233,6 +235,7 @@ static void _calc_pk(const uint8_t *dk, uint8_t *pk,
uint32_t uv, uint32_t v_mas
crypto_err = crypto_aesg3(dk, left_child, right_child, pk);
if (crypto_err) {
LOG_CRYPTO_ERROR(DBG_AACS, "PK derivation failed", crypto_err);
+ return AACS_ERROR_UNKNOWN;
}
while (dev_key_v_mask != v_mask) {
@@ -254,6 +257,7 @@ static void _calc_pk(const uint8_t *dk, uint8_t *pk,
uint32_t uv, uint32_t v_mas
crypto_err = crypto_aesg3(curr_key, left_child, right_child, pk);
if (crypto_err) {
LOG_CRYPTO_ERROR(DBG_AACS, "PK derivation failed", crypto_err);
+ return AACS_ERROR_UNKNOWN;
}
dev_key_v_mask = ((int) dev_key_v_mask) >> 1;
@@ -261,6 +265,7 @@ static void _calc_pk(const uint8_t *dk, uint8_t *pk,
uint32_t uv, uint32_t v_mas
char str[40];
BD_DEBUG(DBG_AACS, "Processing key: %s\n", str_print_hex(str, pk, 16));
+ return AACS_SUCCESS;
}
static dk_list *_find_dk(dk_list *dkl, uint32_t *p_dev_key_v_mask, uint32_t
uv, uint32_t u_mask)
@@ -394,7 +399,10 @@ static int _calc_mk_dks(MKB *mkb, dk_list *dkl, uint8_t
*mk)
/* calculate processing key */
uint8_t pk[16];
- _calc_pk(dk->key, pk, uv, v_mask, dev_key_v_mask);
+ if (_calc_pk(dk->key, pk, uv, v_mask, dev_key_v_mask) != AACS_SUCCESS)
{
+ /* try next device */
+ continue;
+ }
/* calculate and verify media key */
@@ -833,6 +841,7 @@ static int _calc_vuk(AACS *aacs, uint8_t *mk, uint8_t *vuk,
config_file *cf)
crypto_err = crypto_aes128d(mk, aacs->vid, vuk);
if (crypto_err) {
LOG_CRYPTO_ERROR(DBG_AACS, "decrypting VUK failed", crypto_err);
+ return AACS_ERROR_UNKNOWN;
}
int a;
@@ -1066,6 +1075,7 @@ static int _calc_uks(AACS *aacs, config_file *cf)
crypto_err = crypto_aes128d(vuk, aacs->uk->enc_uk[i].key,
aacs->uk->uk[i].key);
if (crypto_err) {
LOG_CRYPTO_ERROR(DBG_AACS, "decrypting unit key failed",
crypto_err);
+ return AACS_ERROR_UNKNOWN;
}
char str[40];
@@ -1252,6 +1262,7 @@ const char *aacs_error_str(int err)
[-AACS_ERROR_MMC_OPEN] = "Failed opening MMC device",
[-AACS_ERROR_MMC_FAILURE] = "MMC failure",
[-AACS_ERROR_NO_DK] = "No matching device key",
+ [-AACS_ERROR_UNKNOWN] = "Error",
};
err = -err;
if (err < 0 || (size_t)err >= sizeof(str) / sizeof(str[0]) || !str[err]) {
=====================================
src/libaacs/aacs.h
=====================================
@@ -39,6 +39,7 @@
#define AACS_ERROR_MMC_OPEN -6 /* MMC open failed (no MMC drive ?) */
#define AACS_ERROR_MMC_FAILURE -7 /* MMC failed */
#define AACS_ERROR_NO_DK -8 /* no matching device key */
+#define AACS_ERROR_UNKNOWN -9 /* some other failure, see logs */
AACS_PUBLIC const char *aacs_error_str(int error);
View it on GitLab:
https://code.videolan.org/videolan/libaacs/-/commit/c0d5c14eee98d85c94e1b6c2474f77d59d53b8a3
--
View it on GitLab:
https://code.videolan.org/videolan/libaacs/-/commit/c0d5c14eee98d85c94e1b6c2474f77d59d53b8a3
You're receiving this email because of your account on code.videolan.org.
_______________________________________________
libaacs-devel mailing list
libaacs-devel@videolan.org
https://mailman.videolan.org/listinfo/libaacs-devel
