Petri Hintukainen pushed to branch master at VideoLAN / libaacs


Commits:
c0d5c14e by npzacs at 2021-05-18T12:53:02+03:00
aacs: error out after gcrypt AES error.

Output key content is undefined.

- - - - -


2 changed files:

- src/libaacs/aacs.c
- src/libaacs/aacs.h


Changes:

=====================================
src/libaacs/aacs.c
=====================================
@@ -112,6 +112,7 @@ static int _validate_pk(const uint8_t *pk,
     crypto_err = crypto_aes128d(pk, cvalue, mk);
     if (crypto_err) {
         LOG_CRYPTO_ERROR(DBG_AACS, "decrypting media key failed", crypto_err);
+        return AACS_ERROR_UNKNOWN;
     }
 
     for (a = 0; a < 4; a++) {
@@ -121,6 +122,7 @@ static int _validate_pk(const uint8_t *pk,
     crypto_err = crypto_aes128d(mk, vd, dec_vd);
     if (crypto_err) {
         LOG_CRYPTO_ERROR(DBG_AACS, "decrypting media key verification data 
failed", crypto_err);
+        return AACS_ERROR_UNKNOWN;
     }
     if (!memcmp(dec_vd, "\x01\x23\x45\x67\x89\xAB\xCD\xEF", 8)) {
         BD_DEBUG(DBG_AACS, "Processing key %s is valid!\n", str_print_hex(str, 
pk, 16));
@@ -225,7 +227,7 @@ static uint32_t _calc_v_mask(uint32_t uv)
     return v_mask;
 }
 
-static void _calc_pk(const uint8_t *dk, uint8_t *pk, uint32_t uv, uint32_t 
v_mask, uint32_t dev_key_v_mask)
+static int _calc_pk(const uint8_t *dk, uint8_t *pk, uint32_t uv, uint32_t 
v_mask, uint32_t dev_key_v_mask)
 {
     unsigned char left_child[16], right_child[16];
     int crypto_err;
@@ -233,6 +235,7 @@ static void _calc_pk(const uint8_t *dk, uint8_t *pk, 
uint32_t uv, uint32_t v_mas
     crypto_err = crypto_aesg3(dk, left_child, right_child, pk);
     if (crypto_err) {
         LOG_CRYPTO_ERROR(DBG_AACS, "PK derivation failed", crypto_err);
+        return AACS_ERROR_UNKNOWN;
     }
 
     while (dev_key_v_mask != v_mask) {
@@ -254,6 +257,7 @@ static void _calc_pk(const uint8_t *dk, uint8_t *pk, 
uint32_t uv, uint32_t v_mas
         crypto_err = crypto_aesg3(curr_key, left_child, right_child, pk);
         if (crypto_err) {
             LOG_CRYPTO_ERROR(DBG_AACS, "PK derivation failed", crypto_err);
+            return AACS_ERROR_UNKNOWN;
         }
 
         dev_key_v_mask = ((int) dev_key_v_mask) >> 1;
@@ -261,6 +265,7 @@ static void _calc_pk(const uint8_t *dk, uint8_t *pk, 
uint32_t uv, uint32_t v_mas
 
     char str[40];
     BD_DEBUG(DBG_AACS, "Processing key: %s\n",  str_print_hex(str, pk, 16));
+    return AACS_SUCCESS;
 }
 
 static dk_list *_find_dk(dk_list *dkl, uint32_t *p_dev_key_v_mask, uint32_t 
uv, uint32_t u_mask)
@@ -394,7 +399,10 @@ static int _calc_mk_dks(MKB *mkb, dk_list *dkl, uint8_t 
*mk)
         /* calculate processing key */
 
         uint8_t pk[16];
-        _calc_pk(dk->key, pk, uv, v_mask, dev_key_v_mask);
+        if (_calc_pk(dk->key, pk, uv, v_mask, dev_key_v_mask) != AACS_SUCCESS) 
{
+            /* try next device */
+            continue;
+        }
 
         /* calculate and verify media key */
 
@@ -833,6 +841,7 @@ static int _calc_vuk(AACS *aacs, uint8_t *mk, uint8_t *vuk, 
config_file *cf)
     crypto_err = crypto_aes128d(mk, aacs->vid, vuk);
     if (crypto_err) {
         LOG_CRYPTO_ERROR(DBG_AACS, "decrypting VUK failed", crypto_err);
+        return AACS_ERROR_UNKNOWN;
     }
 
     int a;
@@ -1066,6 +1075,7 @@ static int _calc_uks(AACS *aacs, config_file *cf)
         crypto_err = crypto_aes128d(vuk, aacs->uk->enc_uk[i].key, 
aacs->uk->uk[i].key);
         if (crypto_err) {
             LOG_CRYPTO_ERROR(DBG_AACS, "decrypting unit key failed", 
crypto_err);
+            return AACS_ERROR_UNKNOWN;
         }
 
         char str[40];
@@ -1252,6 +1262,7 @@ const char *aacs_error_str(int err)
        [-AACS_ERROR_MMC_OPEN]         = "Failed opening MMC device",
        [-AACS_ERROR_MMC_FAILURE]      = "MMC failure",
        [-AACS_ERROR_NO_DK]            = "No matching device key",
+       [-AACS_ERROR_UNKNOWN]          = "Error",
     };
     err = -err;
     if (err < 0 || (size_t)err >= sizeof(str) / sizeof(str[0]) || !str[err]) {


=====================================
src/libaacs/aacs.h
=====================================
@@ -39,6 +39,7 @@
 #define AACS_ERROR_MMC_OPEN       -6 /* MMC open failed (no MMC drive ?) */
 #define AACS_ERROR_MMC_FAILURE    -7 /* MMC failed */
 #define AACS_ERROR_NO_DK          -8 /* no matching device key */
+#define AACS_ERROR_UNKNOWN        -9 /* some other failure, see logs */
 
 AACS_PUBLIC const char *aacs_error_str(int error);
 



View it on GitLab: 
https://code.videolan.org/videolan/libaacs/-/commit/c0d5c14eee98d85c94e1b6c2474f77d59d53b8a3

-- 
View it on GitLab: 
https://code.videolan.org/videolan/libaacs/-/commit/c0d5c14eee98d85c94e1b6c2474f77d59d53b8a3
You're receiving this email because of your account on code.videolan.org.


_______________________________________________
libaacs-devel mailing list
libaacs-devel@videolan.org
https://mailman.videolan.org/listinfo/libaacs-devel

Reply via email to