Commit 31e8a174 authored by npzacs's avatar npzacs Committed by Ano Nymous
Browse files

Added functions to verify host/drive certificates

parent 87be2219
......@@ -456,7 +456,7 @@ int crypto_aacs_verify_aacsla(const uint8_t *signature, const uint8_t *data, ui
int crypto_aacs_verify_cert(const uint8_t *cert)
{
if (MKINT_BE16(cert+2) != 0x5c) {
DEBUG(DBG_AACS|DBG_CRIT, "Certificate length is invalid (0x%04x), expected 0x005c\n",
DEBUG(DBG_AACS, "Certificate length is invalid (0x%04x), expected 0x005c\n",
MKINT_BE16(cert+2));
return 0;
}
......@@ -464,6 +464,36 @@ int crypto_aacs_verify_cert(const uint8_t *cert)
return crypto_aacs_verify_aacsla(cert + 52, cert, 52);
}
int crypto_aacs_verify_host_cert(const uint8_t *cert)
{
if (cert[0] != 0x02) {
DEBUG(DBG_AACS, "Host certificate type is invalid (0x%02x), expected 0x01\n", cert[0]);
return 0;
}
if (!crypto_aacs_verify_cert(cert)) {
DEBUG(DBG_AACS, "Host certificate signature is invalid\n");
return 0;
}
return 1;
}
int crypto_aacs_verify_drive_cert(const uint8_t *cert)
{
if (cert[0] != 0x01) {
DEBUG(DBG_AACS, "Drive certificate type is invalid (0x%02x), expected 0x01\n", cert[0]);
return 0;
}
if (!crypto_aacs_verify_cert(cert)) {
DEBUG(DBG_AACS, "Drive certificate signature is invalid\n");
return 0;
}
return 1;
}
void crypto_aacs_title_hash(const uint8_t *ukf, uint64_t len, uint8_t *hash)
{
gcry_md_hash_buffer(GCRY_MD_SHA1, hash, ukf, len);
......
......@@ -36,6 +36,8 @@ AACS_PRIVATE void crypto_aacs_title_hash(const uint8_t *ukf, uint64_t len, uint8
AACS_PRIVATE int crypto_aacs_verify(const uint8_t *cert, const uint8_t *signature, const uint8_t *data, uint32_t len);
AACS_PRIVATE int crypto_aacs_verify_aacsla(const uint8_t *signature, const uint8_t *data, uint32_t len);
AACS_PRIVATE int crypto_aacs_verify_cert(const uint8_t *cert);
AACS_PRIVATE int crypto_aacs_verify_host_cert(const uint8_t *cert);
AACS_PRIVATE int crypto_aacs_verify_drive_cert(const uint8_t *cert);
AACS_PRIVATE void crypto_create_host_key_pair(uint8_t *key, uint8_t *key_point);
AACS_PRIVATE void crypto_create_nonce(uint8_t *buf, size_t len);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment