Commit ec918064 authored by npzacs's avatar npzacs
Browse files

Added mkb_host_cert_is_revoked() and mkb_drive_cert_is_revoked()

parent e962a932
......@@ -151,17 +151,25 @@ const uint8_t *mkb_type_and_version_record(MKB *mkb)
const uint8_t *mkb_host_revokation_entries(MKB *mkb, size_t *len)
{
const uint8_t *rec = _record(mkb, 0x21, len);
*len -= 4;
return rec + 4;
if (rec) {
rec += 4;
*len -= 4;
}
return rec;
}
const uint8_t *mkb_drive_revokation_entries(MKB *mkb, size_t *len)
{
const uint8_t *rec = _record(mkb, 0x20, len);
*len -= 4;
return rec + 4;
if (rec) {
rec += 4;
*len -= 4;
}
return rec;
}
const uint8_t *mkb_subdiff_records(MKB *mkb, size_t *len)
......@@ -193,3 +201,58 @@ const uint8_t *mkb_signature(MKB *mkb, size_t *len)
return rec + 4;
}
static int _cert_is_revoked(const uint8_t *rl, size_t rl_size, const uint8_t *cert_id_bin)
{
if (rl) {
uint64_t cert_id = MKINT_BE48(cert_id_bin);
/*int total = MKINT_BE32(rl);*/
int entries = MKINT_BE32(rl + 4);
int ii;
size_t len = 4 + 4 + 8 * entries + 40;
if (len > rl_size) {
DEBUG(DBG_MKB, "revocation list size mismatch\n");
return -1;
}
rl += 8;
for (ii=0; ii < entries; ii++) {
uint16_t len = MKINT_BE16(rl);
uint64_t id = MKINT_BE48(rl + 2);
if (cert_id >= id && cert_id <= id + len) {
DEBUG(DBG_MKB, "Certificate %12llx has been revoked\n", (unsigned long long)cert_id);
return 1;
}
rl += 8;
}
}
return 0;
}
int mkb_host_cert_is_revoked(MKB *mkb, const uint8_t *cert_id)
{
if (mkb) {
size_t rl_size = 0;
const uint8_t *rl = mkb_host_revokation_entries(mkb, &rl_size);
if (rl) {
return _cert_is_revoked(rl, rl_size, cert_id);
}
}
return -1;
}
int mkb_drive_cert_is_revoked(MKB *mkb, const uint8_t *cert_id)
{
if (mkb) {
size_t rl_size = 0;
const uint8_t *rl = mkb_drive_revokation_entries(mkb, &rl_size);
if (rl) {
return _cert_is_revoked(rl, rl_size, cert_id);
}
}
return -1;
}
......@@ -55,6 +55,9 @@ AACS_PRIVATE const uint8_t *mkb_mk_dv(MKB *mkb);
// returns MKB signature
AACS_PRIVATE const uint8_t *mkb_signature(MKB *mkb, size_t *len);
AACS_PRIVATE int mkb_host_cert_is_revoked(MKB *mkb, const uint8_t *cert_id);
AACS_PRIVATE int mkb_drive_cert_is_revoked(MKB *mkb, const uint8_t *cert_id);
/* The Media Key block is of variable size but must be a multiple of 4
* MKB Structure:
* Type and Version record (12 bytes)
......
......@@ -30,6 +30,9 @@
#define MKINT_BE16(X) ( (X)[0] << 8 | (X)[1] )
#define MKINT_BE24(X) ( (X)[0] << 16 | (X)[1] << 8 | (X)[2] )
#define MKINT_BE32(X) ( (X)[0] << 24 | (X)[1] << 16 | (X)[2] << 8 | (X)[3] )
#define MKINT_BE48(X) ( (uint64_t)((X)[0]) << 40 | (uint64_t)((X)[1]) << 32 | (uint64_t)((X)[2]) << 24 | \
(uint64_t)((X)[3]) << 16 | (uint64_t)((X)[4]) << 8 | (uint64_t)((X)[5]) )
#define X_FREE(X) do { if (X) free(X); X = NULL; } while(0)
#endif /* MACRO_H_ */
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment