diff options
| author | Mart Jansink <mart@gofilex.nl> | 2018-02-14 10:51:41 +0100 |
|---|---|---|
| committer | Carl Hetherington <cth@carlh.net> | 2018-02-14 22:16:07 +0000 |
| commit | 0178ec5152c57e1ef9c3cb08ceac87537b2162a5 (patch) | |
| tree | 43e28ae0c0aaef7e4966a2df3b493b6c5ae241e8 | |
| parent | a18b9d20ac2a0353a4f1b0b78ce7a8e26fdd6aa8 (diff) | |
Add the "Multiple Modified Transitional 1" KDM formulation.
| -rw-r--r-- | src/encrypted_kdm.cc | 40 | ||||
| -rw-r--r-- | src/types.h | 1 |
2 files changed, 26 insertions, 15 deletions
diff --git a/src/encrypted_kdm.cc b/src/encrypted_kdm.cc index 054162cc..8030246f 100644 --- a/src/encrypted_kdm.cc +++ b/src/encrypted_kdm.cc @@ -552,12 +552,13 @@ EncryptedKDM::EncryptedKDM ( { /* Fill our XML-ish description in with the juicy bits that the caller has given */ - /* Our ideas about the KDM types are: + /* Our ideas, based on http://isdcf.com/papers/ISDCF-Doc5-kdm-certs.pdf, about the KDM types are: * - * Type Trusted-device thumb ContentAuthenticator - * MODIFIED_TRANSITIONAL_1 assume-trust No - * DCI_ANY assume-trust Yes - * DCI_SPECIFIC as specified Yes + * Type Trusted-device thumb ContentAuthenticator + * MODIFIED_TRANSITIONAL_1 assume-trust No + * MULTIPLE_MODIFIED_TRANSITIONAL_1 as specified No + * DCI_ANY assume-trust Yes + * DCI_SPECIFIC as specified Yes */ data::AuthenticatedPublic& aup = _data->authenticated_public; @@ -589,16 +590,25 @@ EncryptedKDM::EncryptedKDM ( if (formulation == MODIFIED_TRANSITIONAL_1 || formulation == DCI_ANY) { /* Use the "assume trust" thumbprint */ kre.authorized_device_info->certificate_thumbprints.push_back ("2jmj7l5rSw0yVb/vlWAYkK/YBwk="); - } else if (formulation == DCI_SPECIFIC) { - /* As I read the standard we should use the recipient - /and/ other trusted device thumbprints here. MJD - reports that this doesn't work with his setup; - a working KDM does not include the recipient's - thumbprint (recipient.thumbprint()). - Waimea uses only the trusted devices here, too. - */ - BOOST_FOREACH (Certificate const & i, trusted_devices) { - kre.authorized_device_info->certificate_thumbprints.push_back (i.thumbprint ()); + } else if (formulation == MULTIPLE_MODIFIED_TRANSITIONAL_1 || formulation == DCI_SPECIFIC) { + if (trusted_devices.empty ()) { + /* Fall back on the "assume trust" thumbprint so we + can generate "modified-transitional-1" KDMs + together with "multiple-modified-transitional-1" + KDMs in one go, and similarly for "dci-any" etc. + */ + kre.authorized_device_info->certificate_thumbprints.push_back ("2jmj7l5rSw0yVb/vlWAYkK/YBwk="); + } else { + /* As I read the standard we should use the + recipient /and/ other trusted device thumbprints + here. MJD reports that this doesn't work with + his setup; a working KDM does not include the + recipient's thumbprint (recipient.thumbprint()). + Waimea uses only the trusted devices here, too. + */ + BOOST_FOREACH (Certificate const & i, trusted_devices) { + kre.authorized_device_info->certificate_thumbprints.push_back (i.thumbprint ()); + } } } } diff --git a/src/types.h b/src/types.h index 14f10c3f..807c4df0 100644 --- a/src/types.h +++ b/src/types.h @@ -232,6 +232,7 @@ enum Standard { enum Formulation { MODIFIED_TRANSITIONAL_1, + MULTIPLE_MODIFIED_TRANSITIONAL_1, DCI_ANY, DCI_SPECIFIC, /** For testing: adds no AuthorizedDeviceInfo tag */ |