Commit 56ac906a authored by npzacs's avatar npzacs
Browse files

config: parse hex strings

parent f888ebf5
......@@ -75,7 +75,9 @@ bin_PROGRAMS = aacs_info
parser_test_SOURCES = examples/parser_test.c \
file/keydbcfg-parser.y \
file/keydbcfg-lexer.l
file/keydbcfg-lexer.l \
util/strutl.c \
util/logging.c
parser_test_CFLAGS = -std=c99 $(SET_FEATURES) $(SET_INCLUDES)
aacs_info_SOURCES = examples/aacs_info.c
......
......@@ -18,6 +18,7 @@
*/
#include "file/keydbcfg.h"
#include "util/logging.h"
#include <stdio.h>
#include <stdlib.h>
......@@ -51,6 +52,8 @@ static int print_digit_key_pair_enties(digit_key_pair_list *list)
/* Function that prints all entries parsed from a config file */
static int print_title_entries(title_entry_list *list)
{
char tmp[256];
if (!list)
{
printf("Error: No title list passed as parameter.\n");
......@@ -63,7 +66,7 @@ static int print_title_entries(title_entry_list *list)
if (!cursor->entry.discid)
break;
printf("DISCID: %s\n", cursor->entry.discid);
printf("DISCID: %s\n", print_hex(tmp, cursor->entry.discid, 20));
printf(" Title: %s\n", cursor->entry.title);
printf(" Date: %u-%u-%u\n", cursor->entry.date.year,
cursor->entry.date.month, cursor->entry.date.day);
......@@ -103,21 +106,14 @@ static int print_title_entries(title_entry_list *list)
/* Function to print certificate list from config file */
static int print_cert_list(cert_list *list)
{
if (!list)
{
printf("Error: no certificate list object passed in as parameter\n");
return 0;
}
char tmp[256];
printf("Available certificates:\n");
cert_list *cursor = list;
while (cursor)
{
if (!cursor->host_priv_key)
break;
printf(" Host private key: %s\n", cursor->host_priv_key);
printf(" Host certificate: %s\n", cursor->host_cert);
printf(" Host private key: %s\n", print_hex(tmp, cursor->host_priv_key, 20));
printf(" Host certificate: %s\n", print_hex(tmp, cursor->host_cert, 92));
printf("\n");
cursor = cursor->next;
......@@ -131,14 +127,13 @@ static int print_cert_list(cert_list *list)
/* Function to print config file */
static int print_config_file(config_file *cfgfile)
{
char tmp[256];
printf("Available device keys:\n");
dk_list *dkcursor = cfgfile->dkl;
while (dkcursor)
{
if (!dkcursor->key)
break;
printf(" Device key: %s\n", dkcursor->key);
printf(" Device key: %s\n", print_hex(tmp, dkcursor->key, 16));
printf(" Device node: %lu\n", dkcursor->node);
dkcursor = dkcursor->next;
......@@ -151,10 +146,7 @@ static int print_config_file(config_file *cfgfile)
pk_list *cursor = cfgfile->pkl;
while (cursor)
{
if (!cursor->key)
break;
printf(" %s\n", cursor->key);
printf(" %s\n", print_hex(tmp, cursor->key, 16));
cursor = cursor->next;
}
......
......@@ -486,7 +486,6 @@ int keydbcfg_config_file_close(config_file *cfgfile)
while (cfgfile->pkl)
{
pk_list *next = cfgfile->pkl->next;
X_FREE(cfgfile->pkl->key);
X_FREE(cfgfile->pkl);
cfgfile->pkl = next;
}
......@@ -495,7 +494,6 @@ int keydbcfg_config_file_close(config_file *cfgfile)
while (cfgfile->dkl)
{
dk_list *next = cfgfile->dkl->next;
X_FREE(cfgfile->dkl->key);
X_FREE(cfgfile->dkl);
cfgfile->dkl = next;
}
......@@ -504,8 +502,6 @@ int keydbcfg_config_file_close(config_file *cfgfile)
while (cfgfile->host_cert_list)
{
cert_list *next = cfgfile->host_cert_list->next;
X_FREE(cfgfile->host_cert_list->host_priv_key);
X_FREE(cfgfile->host_cert_list->host_cert);
X_FREE(cfgfile->host_cert_list);
cfgfile->host_cert_list = next;
}
......@@ -514,7 +510,6 @@ int keydbcfg_config_file_close(config_file *cfgfile)
while (cfgfile->list)
{
title_entry_list *next = cfgfile->list->next;
X_FREE(cfgfile->list->entry.discid);
X_FREE(cfgfile->list->entry.title);
X_FREE(cfgfile->list->entry.mek);
X_FREE(cfgfile->list->entry.vid);
......@@ -559,7 +554,8 @@ static void add_dk_entry(config_file *cf, char *key, char *node)
entry = entry->next;
}
entry->key = key;
hexstring_to_hex_array(entry->key, 16, key);
X_FREE(key);
entry->node = strtoul(node, NULL, 16);
X_FREE(node);
}
......@@ -590,7 +586,8 @@ static void add_pk_entry(config_file *cf, char *key)
entry = entry->next;
}
entry->key = key;
hexstring_to_hex_array(entry->key, 16, key);
X_FREE(key);
}
/* Function to create new certificate list */
......@@ -633,8 +630,10 @@ static void add_cert_entry(config_file *cf, char *host_priv_key, char *host_cert
entry = entry->next;
}
entry->host_priv_key = host_priv_key;
entry->host_cert = host_cert;
hexstring_to_hex_array(entry->host_priv_key, 20, host_priv_key);
X_FREE(host_priv_key);
hexstring_to_hex_array(entry->host_cert, 92, host_cert);
X_FREE(host_cert);
}
/* Function that returns pointer to new title entry list */
......@@ -672,8 +671,8 @@ static int add_entry(title_entry_list *list, int type, char *entry)
{
case ENTRY_TYPE_DISCID:
CHECK_KEY_LENGTH("discid", 20)
X_FREE(list->entry.discid);
list->entry.discid = entry;
hexstring_to_hex_array(list->entry.discid, 20, entry);
X_FREE(entry);
break;
case ENTRY_TYPE_TITLE:
......
......@@ -45,7 +45,6 @@
#define MIN_FILE_SIZE 20
#define MAX_FILE_SIZE 65535
static int _mkpath(const char *path)
{
struct stat s;
......@@ -172,13 +171,11 @@ static FILE *_open_cfg_file_system(const char *file_name, char **path)
return NULL;
}
static int _is_duplicate_pk(pk_list *list, const char *e)
static int _is_duplicate_pk(pk_list *list, const uint8_t *e)
{
while (list) {
if (list->key) {
if (!memcmp(list->key, e, 2*16)) {
return 1;
}
if (!memcmp(list->key, e, 16)) {
return 1;
}
list = list->next;
}
......@@ -197,22 +194,24 @@ static int _parse_pk_file(config_file *cf, FILE *fp)
while (*p) {
char *str = str_get_hex_string(p, 2*16);
if (str && _is_duplicate_pk(cf->pkl, str)) {
DEBUG(DBG_FILE, "Skipping duplicate processing key %s\n", str);
X_FREE(str);
} else if (str) {
if (str) {
DEBUG(DBG_FILE, "Found processing key %s\n", str);
pk_list *e = calloc(1, sizeof(pk_list));
e->key = str;
e->next = cf->pkl;
hexstring_to_hex_array(e->key, 16, str);
cf->pkl = e;
if (_is_duplicate_pk(cf->pkl, e->key)) {
DEBUG(DBG_FILE, "Skipping duplicate processing key %s\n", str);
X_FREE(e);
} else {
e->next = cf->pkl;
cf->pkl = e;
}
result++;
}
X_FREE(str);
p = str_next_line(p);
}
......@@ -226,13 +225,10 @@ static int _parse_pk_file(config_file *cf, FILE *fp)
static int _is_duplicate_cert(cert_list *list, cert_list *e)
{
while (list) {
if (list->host_priv_key && list->host_cert) {
if (!memcmp(list->host_priv_key, e->host_priv_key, 2*20) &&
!memcmp(list->host_cert, e->host_cert, 2*92)) {
if (!memcmp(list->host_priv_key, e->host_priv_key, 20) &&
!memcmp(list->host_cert, e->host_cert, 92)) {
return 1;
}
return 1;
}
list = list->next;
}
......@@ -240,13 +236,6 @@ static int _is_duplicate_cert(cert_list *list, cert_list *e)
return 0;
}
static void _free_cert_entry(cert_list *e)
{
X_FREE(e->host_priv_key);
X_FREE(e->host_cert);
X_FREE(e);
}
static int _parse_cert_file(config_file *cf, FILE *fp)
{
char *data = _load_file(fp);
......@@ -254,28 +243,35 @@ static int _parse_cert_file(config_file *cf, FILE *fp)
if (data) {
const char *p = data;
cert_list *e = calloc(1, sizeof(cert_list));
e->host_priv_key = str_get_hex_string(p, 2*20);
char *host_cert, *host_priv_key;
host_priv_key = str_get_hex_string(p, 2*20);
p = str_next_line(p);
e->host_cert = str_get_hex_string(p, 2*92);
host_cert = str_get_hex_string(p, 2*92);
X_FREE(data);
if (!e->host_priv_key || !e->host_cert) {
if (!host_priv_key || !host_cert) {
DEBUG(DBG_FILE, "Invalid file\n");
_free_cert_entry(e);
} else if (_is_duplicate_cert(cf->host_cert_list, e)) {
DEBUG(DBG_FILE, "Skipping duplicate certificate entry %s %s\n", e->host_priv_key, e->host_cert);
_free_cert_entry(e);
} else {
DEBUG(DBG_FILE, "Found certificate: %s %s\n", e->host_priv_key, e->host_cert);
e->next = cf->host_cert_list;
cf->host_cert_list = e;
result = 1;
DEBUG(DBG_FILE, "Found certificate: %s %s\n", host_priv_key, host_cert);
cert_list *e = calloc(1, sizeof(cert_list));
hexstring_to_hex_array(e->host_priv_key, 20, host_priv_key);
hexstring_to_hex_array(e->host_cert, 92, host_cert);
if (_is_duplicate_cert(cf->host_cert_list, e)) {
DEBUG(DBG_FILE, "Skipping duplicate certificate entry %s %s\n", host_priv_key, host_cert);
X_FREE(e);
} else {
e->next = cf->host_cert_list;
cf->host_cert_list = e;
result = 1;
}
}
X_FREE(host_priv_key);
X_FREE(host_cert);
}
return result;
......
......@@ -53,7 +53,7 @@ struct date_entry_t
typedef struct dk_entry dk_list;
struct dk_entry
{
char *key;
uint8_t key[16];
unsigned long node;
dk_list *next;
};
......@@ -62,7 +62,7 @@ struct dk_entry
typedef struct pk_entry pk_list;
struct pk_entry
{
char *key;
uint8_t key[16];
pk_list *next;
};
......@@ -70,8 +70,8 @@ struct pk_entry
typedef struct cert_entry cert_list;
struct cert_entry
{
char *host_priv_key;
char *host_cert;
uint8_t host_priv_key[20];
uint8_t host_cert[92];
cert_list *next;
};
......@@ -79,7 +79,7 @@ struct cert_entry
typedef struct title_entry_t title_entry;
struct title_entry_t
{
char *discid;
uint8_t discid[20];
char *title;
date_entry date;
char *mek;
......
......@@ -187,13 +187,11 @@ static int _calc_mk(AACS *aacs, uint8_t *mk, pk_list *pkl)
DEBUG(DBG_AACS, "Get cvalues...\n");
rec = mkb_cvalues(mkb, &len);
for (; pkl && pkl->key; pkl = pkl->next) {
uint8_t pk[16];
hexstring_to_hex_array(pk, sizeof(pk), pkl->key);
for (; pkl; pkl = pkl->next) {
DEBUG(DBG_AACS, "Trying processing key...\n");
for (a = 0; a < num_uvs; a++) {
if (AACS_SUCCESS == _validate_pk(pk, rec + a * 16, uvs + 1 + a * 5,
if (AACS_SUCCESS == _validate_pk(pkl->key, rec + a * 16, uvs + 1 + a * 5,
mkb_mk_dv(mkb), mk)) {
mkb_close(mkb);
X_FREE(buf);
......@@ -285,36 +283,33 @@ static int _mmc_read_auth(AACS *aacs, cert_list *hcl, int type, uint8_t *p1, uin
MKB *hrl_mkb = _get_hrl_mkb(mmc);
const uint8_t *drive_cert = mmc_get_drive_cert(mmc);
for (;hcl && hcl->host_priv_key && hcl->host_cert; hcl = hcl->next) {
for (; hcl ; hcl = hcl->next) {
char tmp_str[2*92+1];
uint8_t priv_key[20], cert[92];
hexstring_to_hex_array(priv_key, sizeof(priv_key), hcl->host_priv_key);
hexstring_to_hex_array(cert, sizeof(cert), hcl->host_cert);
if (!crypto_aacs_verify_host_cert(cert)) {
if (!crypto_aacs_verify_host_cert(hcl->host_cert)) {
DEBUG(DBG_AACS, "Not using invalid host certificate %s.\n",
print_hex(tmp_str, cert, 92));
print_hex(tmp_str, hcl->host_cert, 92));
continue;
}
if (mkb_host_cert_is_revoked(hrl_mkb, cert + 4) > 0) {
if (mkb_host_cert_is_revoked(hrl_mkb, hcl->host_cert + 4) > 0) {
DEBUG(DBG_AACS | DBG_CRIT, "Host certificate %s has been revoked.\n",
print_hex(tmp_str, cert + 4, 6));
print_hex(tmp_str, hcl->host_cert + 4, 6));
error_code = AACS_ERROR_CERT_REVOKED;
//continue;
}
if (drive_cert && (drive_cert[1] & 0x01) && !(cert[1] & 0x01)) {
if (drive_cert && (drive_cert[1] & 0x01) && !(hcl->host_cert[1] & 0x01)) {
DEBUG(DBG_AACS, "Certificate (id 0x%s) does not support bus encryption\n",
print_hex(tmp_str, cert + 4, 6));
print_hex(tmp_str, hcl->host_cert + 4, 6));
//continue;
}
DEBUG(DBG_AACS, "Trying host certificate (id 0x%s)...\n",
print_hex(tmp_str, cert + 4, 6));
print_hex(tmp_str, hcl->host_cert + 4, 6));
int mmc_result = mmc_read_auth(mmc, priv_key, cert, type, p1, p2);
int mmc_result = mmc_read_auth(mmc, hcl->host_priv_key, hcl->host_cert, type, p1, p2);
switch (mmc_result) {
case MMC_SUCCESS:
mkb_close(hrl_mkb);
......@@ -506,19 +501,15 @@ static AACS_FILE_H *_open_content_certificate_file(const char *path)
static void _find_config_entry(AACS *aacs, title_entry_list *ce,
uint8_t *mk, uint8_t *vuk)
{
uint8_t discid[20];
char str[48];
aacs->uks = NULL;
aacs->num_uks = 0;
while (ce && ce->entry.discid) {
memset(discid, 0, sizeof(discid));
hexstring_to_hex_array(discid, sizeof(discid),
ce->entry.discid);
if (!memcmp(aacs->disc_id, discid, 20)) {
if (!memcmp(aacs->disc_id, ce->entry.discid, 20)) {
DEBUG(DBG_AACS, "Found config entry for discid %s\n",
ce->entry.discid);
print_hex(str, ce->entry.discid, 20));
break;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment