libaacs | branch: master | npzacs <[email protected]> | Mon May 7 11:09:59 2012 +0300| [3ea58ea80d7cc6aa46f6306b79e7019a4c486b2b] | committer: npzacs
Read and cache host revocation list when drive is opened > http://git.videolan.org/gitweb.cgi/libaacs.git/?a=commit;h=3ea58ea80d7cc6aa46f6306b79e7019a4c486b2b --- ChangeLog | 1 + src/libaacs/aacs.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+), 0 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0146b48..b88a2e9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,7 @@ - Added aacs_get_mkb_version() - Fixed memory leaks - Fixed buffer overflow + - Added revocation list caching 2012-03-21: Version 0.3.1 - Added configure option for libgcrypt prefix diff --git a/src/libaacs/aacs.c b/src/libaacs/aacs.c index c8de583..71fc193 100644 --- a/src/libaacs/aacs.c +++ b/src/libaacs/aacs.c @@ -203,6 +203,63 @@ static int _calc_mk(AACS *aacs, uint8_t *mk, pk_list *pkl) return AACS_ERROR_CORRUPTED_DISC; } +static MKB *_get_hrl_mkb(MMC *mmc) +{ + MKB *mkb = NULL; + uint8_t *data; + int size; + + data = mmc_read_mkb(mmc, 0, &size); + + /* check acquired hrl signature */ + if (data && size > 0) { + if (_rl_verify_signature(data, size)) { + mkb = mkb_init(data, size); + DEBUG(DBG_AACS, "Partial hrl mkb read. Version: %d\n", mkb_version(mkb)); + } else { + DEBUG(DBG_AACS | DBG_CRIT, "invalid host revocation list signature, not using it\n"); + X_FREE(data); + } + } + + if (mkb) { + /* use latest version, keep cache up-to-date */ + uint32_t size; + size = mkb_data_size(mkb); + data = cache_get_or_update("hrl", mkb_data(mkb), &size, mkb_version(mkb)); + + if (!_rl_verify_signature(data, size)) { + DEBUG(DBG_AACS | DBG_CRIT, "invalid cached revocation list signature, replacing it\n"); + cache_save("hrl", mkb_version(mkb), mkb_data(mkb), mkb_data_size(mkb)); + X_FREE(data); + } else { + /* use cached version */ + mkb_close(mkb); + mkb = mkb_init(data, size); + } + + } else { + /* use cached version */ + uint32_t size; + data = cache_get_or_update("hrl", NULL, &size, 0); + if (data && size > 0) { + if (!_rl_verify_signature(data, size)) { + mkb = mkb_init(data, size); + } else { + DEBUG(DBG_AACS | DBG_CRIT, "invalid cached revocation list signature, deleting cache\n"); + cache_remove("hrl"); + } + } + } + + + if (mkb) { + DEBUG(DBG_AACS, "Using hrl version %d\n", mkb_version(mkb)); + } + + return mkb; +} + static int _read_vid(AACS *aacs, cert_list *hcl) { /* Use VID given in config file if available */ @@ -217,6 +274,8 @@ static int _read_vid(AACS *aacs, cert_list *hcl) int error_code = AACS_ERROR_NO_CERT; + MKB *hrl_mkb = _get_hrl_mkb(mmc); + for (;hcl && hcl->host_priv_key && hcl->host_cert; hcl = hcl->next) { char tmp_str[2*92+1]; @@ -236,6 +295,7 @@ static int _read_vid(AACS *aacs, cert_list *hcl) int mmc_result = mmc_read_vid(mmc, priv_key, cert, aacs->vid); switch (mmc_result) { case MMC_SUCCESS: + mkb_close(hrl_mkb); mmc_close(mmc); return AACS_SUCCESS; case MMC_ERROR_CERT_REVOKED: @@ -248,6 +308,7 @@ static int _read_vid(AACS *aacs, cert_list *hcl) } } + mkb_close(hrl_mkb); mmc_close(mmc); DEBUG(DBG_AACS, "Error reading VID!\n"); _______________________________________________ libaacs-devel mailing list [email protected] http://mailman.videolan.org/listinfo/libaacs-devel
