Added functions to verify host/drive certificates

31e8a174 · npzacs · Ano Nymous · 87be2219 · 31e8a174 · 31e8a174
Commit 31e8a174 authored Sep 24, 2011 by npzacs Committed by Ano Nymous Feb 18, 2012
--- a/src/libaacs/crypto.c
+++ b/src/libaacs/crypto.c
@@ -456,7 +456,7 @@ int  crypto_aacs_verify_aacsla(const uint8_t *signature, const uint8_t *data, ui
 int crypto_aacs_verify_cert(const uint8_t *cert)
 {
    if (MKINT_BE16(cert+2) != 0x5c) {
-        DEBUG(DBG_AACS|DBG_CRIT, "Certificate length is invalid (0x%04x), expected 0x005c\n",
+        DEBUG(DBG_AACS, "Certificate length is invalid (0x%04x), expected 0x005c\n",
              MKINT_BE16(cert+2));
        return 0;
    }
@@ -464,6 +464,36 @@ int crypto_aacs_verify_cert(const uint8_t *cert)
    return crypto_aacs_verify_aacsla(cert + 52, cert, 52);
 }

+int crypto_aacs_verify_host_cert(const uint8_t *cert)
+{
+    if (cert[0] != 0x02) {
+        DEBUG(DBG_AACS, "Host certificate type is invalid (0x%02x), expected 0x01\n", cert[0]);
+        return 0;
+    }
+
+    if (!crypto_aacs_verify_cert(cert)) {
+        DEBUG(DBG_AACS, "Host certificate signature is invalid\n");
+        return 0;
+    }
+
+    return 1;
+}
+
+int crypto_aacs_verify_drive_cert(const uint8_t *cert)
+{
+    if (cert[0] != 0x01) {
+        DEBUG(DBG_AACS, "Drive certificate type is invalid (0x%02x), expected 0x01\n", cert[0]);
+        return 0;
+    }
+
+    if (!crypto_aacs_verify_cert(cert)) {
+        DEBUG(DBG_AACS, "Drive certificate signature is invalid\n");
+        return 0;
+    }
+
+    return 1;
+}
+
 void crypto_aacs_title_hash(const uint8_t *ukf, uint64_t len, uint8_t *hash)
 {
    gcry_md_hash_buffer(GCRY_MD_SHA1, hash, ukf, len);

--- a/src/libaacs/crypto.h
+++ b/src/libaacs/crypto.h
@@ -36,6 +36,8 @@ AACS_PRIVATE void crypto_aacs_title_hash(const uint8_t *ukf, uint64_t len, uint8
 AACS_PRIVATE int  crypto_aacs_verify(const uint8_t *cert, const uint8_t *signature, const uint8_t *data, uint32_t len);
 AACS_PRIVATE int  crypto_aacs_verify_aacsla(const uint8_t *signature, const uint8_t *data, uint32_t len);
 AACS_PRIVATE int  crypto_aacs_verify_cert(const uint8_t *cert);
+AACS_PRIVATE int  crypto_aacs_verify_host_cert(const uint8_t *cert);
+AACS_PRIVATE int  crypto_aacs_verify_drive_cert(const uint8_t *cert);

 AACS_PRIVATE void crypto_create_host_key_pair(uint8_t *key, uint8_t *key_point);
 AACS_PRIVATE void crypto_create_nonce(uint8_t *buf, size_t len);