[libaacs-devel] Added functions to verify host/drive certificates

Sat, 24 Sep 2011 07:18:50 -0700 

libaacs | branch: master | npzacs <[email protected]> | Sat Sep 24 15:36:07 2011 
+0300| [b0f2493bdc922933ccba87eee231bef693605174] | committer: npzacs

Added functions to verify host/drive certificates

> http://git.videolan.org/gitweb.cgi/libaacs.git/?a=commit;h=b0f2493bdc922933ccba87eee231bef693605174
---

 src/libaacs/crypto.c |   32 +++++++++++++++++++++++++++++++-
 src/libaacs/crypto.h |    2 ++
 2 files changed, 33 insertions(+), 1 deletions(-)

diff --git a/src/libaacs/crypto.c b/src/libaacs/crypto.c
index 3328a9e..247ba51 100644
--- a/src/libaacs/crypto.c
+++ b/src/libaacs/crypto.c
@@ -456,7 +456,7 @@ int  crypto_aacs_verify_aacsla(const uint8_t *signature, 
const uint8_t *data, ui
 int crypto_aacs_verify_cert(const uint8_t *cert)
 {
     if (MKINT_BE16(cert+2) != 0x5c) {
-        DEBUG(DBG_AACS|DBG_CRIT, "Certificate length is invalid (0x%04x), 
expected 0x005c\n",
+        DEBUG(DBG_AACS, "Certificate length is invalid (0x%04x), expected 
0x005c\n",
               MKINT_BE16(cert+2));
         return 0;
     }
@@ -464,6 +464,36 @@ int crypto_aacs_verify_cert(const uint8_t *cert)
     return crypto_aacs_verify_aacsla(cert + 52, cert, 52);
 }
 
+int crypto_aacs_verify_host_cert(const uint8_t *cert)
+{
+    if (cert[0] != 0x02) {
+        DEBUG(DBG_AACS, "Host certificate type is invalid (0x%02x), expected 
0x01\n", cert[0]);
+        return 0;
+    }
+
+    if (!crypto_aacs_verify_cert(cert)) {
+        DEBUG(DBG_AACS, "Host certificate signature is invalid\n");
+        return 0;
+    }
+
+    return 1;
+}
+
+int crypto_aacs_verify_drive_cert(const uint8_t *cert)
+{
+    if (cert[0] != 0x01) {
+        DEBUG(DBG_AACS, "Drive certificate type is invalid (0x%02x), expected 
0x01\n", cert[0]);
+        return 0;
+    }
+
+    if (!crypto_aacs_verify_cert(cert)) {
+        DEBUG(DBG_AACS, "Drive certificate signature is invalid\n");
+        return 0;
+    }
+
+    return 1;
+}
+
 void crypto_aacs_title_hash(const uint8_t *ukf, uint64_t len, uint8_t *hash)
 {
     gcry_md_hash_buffer(GCRY_MD_SHA1, hash, ukf, len);
diff --git a/src/libaacs/crypto.h b/src/libaacs/crypto.h
index 1de79c4..d823f22 100644
--- a/src/libaacs/crypto.h
+++ b/src/libaacs/crypto.h
@@ -36,6 +36,8 @@ AACS_PRIVATE void crypto_aacs_title_hash(const uint8_t *ukf, 
uint64_t len, uint8
 AACS_PRIVATE int  crypto_aacs_verify(const uint8_t *cert, const uint8_t 
*signature, const uint8_t *data, uint32_t len);
 AACS_PRIVATE int  crypto_aacs_verify_aacsla(const uint8_t *signature, const 
uint8_t *data, uint32_t len);
 AACS_PRIVATE int  crypto_aacs_verify_cert(const uint8_t *cert);
+AACS_PRIVATE int  crypto_aacs_verify_host_cert(const uint8_t *cert);
+AACS_PRIVATE int  crypto_aacs_verify_drive_cert(const uint8_t *cert);
 
 AACS_PRIVATE void crypto_create_host_key_pair(uint8_t *key, uint8_t 
*key_point);
 AACS_PRIVATE void crypto_create_nonce(uint8_t *buf, size_t len);

_______________________________________________
libaacs-devel mailing list
[email protected]
http://mailman.videolan.org/listinfo/libaacs-devel

Reply via email to