[libaacs-devel] Fixed crypto_aacs_sign().

npzacs Mon, 04 Mar 2013 04:53:00 -0800

libaacs | branch: refs/tags/0.3.0 | npzacs <[email protected]> | Sat Sep 24 
16:35:46 2011 +0300| [b5e510d342362d51f14c5ac6fd6c9f79c5ce7af2] | committer: 
npzacs


Fixed crypto_aacs_sign().
Sometimes gcry_sexp_nth_string() returns more than 20 bytes (data prefixed with 
0).
This results returning invalid signature.

> http://git.videolan.org/gitweb.cgi/libaacs.git/?a=commit;h=b5e510d342362d51f14c5ac6fd6c9f79c5ce7af2
---

 src/libaacs/crypto.c |   17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/src/libaacs/crypto.c b/src/libaacs/crypto.c
index 247ba51..0375c21 100644
--- a/src/libaacs/crypto.c
+++ b/src/libaacs/crypto.c
@@ -349,7 +349,8 @@ void crypto_aacs_sign(const uint8_t *cert, const uint8_t 
*priv_key, uint8_t *sig
                       const uint8_t *nonce, const uint8_t *point)
 {
     gcry_sexp_t sexp_key = NULL, sexp_data = NULL, sexp_sig = NULL, sexp_r = 
NULL, sexp_s = NULL;
-    unsigned char block[60], *r = NULL, *s = NULL;
+    gcry_mpi_t mpi_r = NULL, mpi_s = NULL;
+    unsigned char block[60];
     gcry_error_t err;
 
     GCRY_VERIFY("_aacs_sexp_key",
@@ -389,13 +390,11 @@ void crypto_aacs_sign(const uint8_t *cert, const uint8_t 
*priv_key, uint8_t *sig
         gcry_sexp_dump(sexp_s);
     }
 
-    /* Convert the data for 'r' and 's' into unsigned char form */
-    r = (unsigned char*)gcry_sexp_nth_string(sexp_r, 1);
-    s = (unsigned char*)gcry_sexp_nth_string(sexp_s, 1);
-
     /* Finally concatenate 'r' and 's' to get the ECDSA signature */
-    memcpy(signature, r, 20);
-    memcpy(signature + 20, s, 20);
+    mpi_r = gcry_sexp_nth_mpi (sexp_r, 1, GCRYMPI_FMT_USG);
+    mpi_s = gcry_sexp_nth_mpi (sexp_s, 1, GCRYMPI_FMT_USG);
+    gcry_mpi_print (GCRYMPI_FMT_USG, signature,      20, NULL, mpi_r);
+    gcry_mpi_print (GCRYMPI_FMT_USG, signature + 20, 20, NULL, mpi_s);
 
  error:
 
@@ -405,8 +404,8 @@ void crypto_aacs_sign(const uint8_t *cert, const uint8_t 
*priv_key, uint8_t *sig
     gcry_sexp_release(sexp_sig);
     gcry_sexp_release(sexp_r);
     gcry_sexp_release(sexp_s);
-    gcry_free(r);
-    gcry_free(s);
+    gcry_mpi_release(mpi_r);
+    gcry_mpi_release(mpi_s);
 }
 
 static int _aacs_verify(const uint8_t *signature,

_______________________________________________
libaacs-devel mailing list
[email protected]
http://mailman.videolan.org/listinfo/libaacs-devel

[libaacs-devel] Fixed crypto_aacs_sign().

Reply via email to