Commit 07e540c9 authored by npzacs's avatar npzacs
Browse files

Improved error logging when drive and certificate are incompatible

parent 8564b415
......@@ -288,6 +288,7 @@ static int _read_vid(AACS *aacs, cert_list *hcl)
int error_code = AACS_ERROR_NO_CERT;
MKB *hrl_mkb = _get_hrl_mkb(mmc);
const uint8_t *drive_cert = mmc_get_drive_cert(mmc);
for (;hcl && hcl->host_priv_key && hcl->host_cert; hcl = hcl->next) {
......@@ -302,13 +303,19 @@ static int _read_vid(AACS *aacs, cert_list *hcl)
continue;
}
if (mkb_host_cert_is_revoked(hrl_mkb, cert + 4)) {
if (mkb_host_cert_is_revoked(hrl_mkb, cert + 4) > 0) {
DEBUG(DBG_AACS | DBG_CRIT, "Host certificate %s has been revoked.\n",
print_hex(tmp_str, cert + 4, 6));
error_code = AACS_ERROR_CERT_REVOKED;
//continue;
}
if (drive_cert && (drive_cert[1] & 0x01) && !(cert[1] & 0x01)) {
DEBUG(DBG_AACS, "Certificate (id 0x%s) does not support bus encryption\n",
print_hex(tmp_str, cert + 4, 6));
//continue;
}
DEBUG(DBG_AACS, "Trying host certificate (id 0x%s)...\n",
print_hex(tmp_str, cert + 4, 6));
......@@ -392,6 +399,7 @@ static int _read_pmsn(AACS *aacs, cert_list *hcl)
}
int error_code = AACS_ERROR_NO_CERT;
const uint8_t *drive_cert = mmc_get_drive_cert(mmc);
for (;hcl && hcl->host_priv_key && hcl->host_cert; hcl = hcl->next) {
......@@ -406,6 +414,12 @@ static int _read_pmsn(AACS *aacs, cert_list *hcl)
continue;
}
if (drive_cert && (drive_cert[1] & 0x01) && !(cert[1] & 0x01)) {
DEBUG(DBG_AACS, "Certificate (id 0x%s) does not support bus encryption\n",
print_hex(tmp_str, cert + 4, 6));
//continue;
}
DEBUG(DBG_AACS, "Trying host certificate (id 0x%s)...\n",
print_hex(tmp_str, cert + 4, 6));
......
......@@ -1040,7 +1040,13 @@ static int _mmc_aacs_auth(MMC *mmc, uint8_t agid, const uint8_t *host_priv_key,
// send host cert + nonce
if (!_mmc_send_host_cert(mmc, agid, mmc->host_nonce, host_cert)) {
DEBUG(DBG_MMC | DBG_CRIT, "Host key / Certificate has been revoked by your drive ?\n");
if ((mmc->drive_cert[1] & 0x01) && !(host_cert[1] & 0x01)) {
DEBUG(DBG_MMC | DBG_CRIT, "Certificate (id 0x%s) can not be used with bus encryption capable drive\n",
print_hex(str, host_cert + 4, 6));
} else {
DEBUG(DBG_MMC | DBG_CRIT, "Host key / Certificate has been revoked by your drive ?\n");
}
return MMC_ERROR_CERT_REVOKED;
}
......@@ -1280,6 +1286,14 @@ int mmc_read_drive_cert(MMC *mmc, uint8_t *drive_cert)
return MMC_SUCCESS;
}
const uint8_t *mmc_get_drive_cert(MMC *mmc)
{
if (mmc->drive_cert[0] == 0x01) {
return mmc->drive_cert;
}
return NULL;
}
uint8_t *mmc_read_mkb(MMC *mmc, int address, int *size)
{
uint8_t agid = 0;
......
......@@ -40,6 +40,7 @@ AACS_PRIVATE int mmc_read_pmsn(MMC *mmc, const uint8_t *host_priv_key, const ui
AACS_PRIVATE int mmc_read_data_keys(MMC *mmc, const uint8_t *host_priv_key, const uint8_t *host_cert,
uint8_t *read_data_key, uint8_t *write_data_key);
AACS_PRIVATE int mmc_read_drive_cert(MMC *mmc, uint8_t *drive_cert);
AACS_PRIVATE const uint8_t *mmc_get_drive_cert(MMC *mmc);
/* read partial MKB */
AACS_PRIVATE uint8_t *mmc_read_mkb(MMC *mmc, int address, int *size);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment