Add the "Multiple Modified Transitional 1" KDM formulation.

author Mart Jansink <mart@gofilex.nl>

Wed, 14 Feb 2018 09:51:41 +0000 (10:51 +0100)

committer Carl Hetherington <cth@carlh.net>

Wed, 14 Feb 2018 22:16:07 +0000 (22:16 +0000)
author Mart Jansink <mart@gofilex.nl>
Wed, 14 Feb 2018 09:51:41 +0000 (10:51 +0100)
committer Carl Hetherington <cth@carlh.net>
Wed, 14 Feb 2018 22:16:07 +0000 (22:16 +0000)
diff --git a/src/encrypted_kdm.cc b/src/encrypted_kdm.cc

index 054162cc638070d7a7b576fcbeb9a5787ede3c1d..8030246f7cd82b478de5d168a0bfda63f07d7bd8 100644 (file)
--- a/src/encrypted_kdm.cc
+++ b/src/encrypted_kdm.cc
@@ -552,12 +552,13 @@ EncryptedKDM::EncryptedKDM (
  {
         /* Fill our XML-ish description in with the juicy bits that the caller has given */
  
  {
         /* Fill our XML-ish description in with the juicy bits that the caller has given */
  
-       /* Our ideas about the KDM types are:
+       /* Our ideas, based on http://isdcf.com/papers/ISDCF-Doc5-kdm-certs.pdf, about the KDM types are:
          *
          *
-        * Type                      Trusted-device thumb  ContentAuthenticator
-        * MODIFIED_TRANSITIONAL_1   assume-trust          No
-        * DCI_ANY                   assume-trust          Yes
-        * DCI_SPECIFIC              as specified          Yes
+        * Type                               Trusted-device thumb  ContentAuthenticator
+        * MODIFIED_TRANSITIONAL_1            assume-trust          No
+        * MULTIPLE_MODIFIED_TRANSITIONAL_1   as specified          No
+        * DCI_ANY                            assume-trust          Yes
+        * DCI_SPECIFIC                       as specified          Yes
          */
  
         data::AuthenticatedPublic& aup = _data->authenticated_public;
          */
  
         data::AuthenticatedPublic& aup = _data->authenticated_public;
@@ -589,16 +590,25 @@ EncryptedKDM::EncryptedKDM (
                 if (formulation == MODIFIED_TRANSITIONAL_1 || formulation == DCI_ANY) {
                         /* Use the "assume trust" thumbprint */
                         kre.authorized_device_info->certificate_thumbprints.push_back ("2jmj7l5rSw0yVb/vlWAYkK/YBwk=");
                 if (formulation == MODIFIED_TRANSITIONAL_1 || formulation == DCI_ANY) {
                         /* Use the "assume trust" thumbprint */
                         kre.authorized_device_info->certificate_thumbprints.push_back ("2jmj7l5rSw0yVb/vlWAYkK/YBwk=");
-               } else if (formulation == DCI_SPECIFIC) {
-                       /* As I read the standard we should use the recipient
-                          /and/ other trusted device thumbprints here.  MJD
-                          reports that this doesn't work with his setup;
-                          a working KDM does not include the recipient's
-                          thumbprint (recipient.thumbprint()).
-                          Waimea uses only the trusted devices here, too.
-                       */
-                       BOOST_FOREACH (Certificate const & i, trusted_devices) {
-                               kre.authorized_device_info->certificate_thumbprints.push_back (i.thumbprint ());
+               } else if (formulation == MULTIPLE_MODIFIED_TRANSITIONAL_1 || formulation == DCI_SPECIFIC) {
+                       if (trusted_devices.empty ()) {
+                               /* Fall back on the "assume trust" thumbprint so we
+                                        can generate "modified-transitional-1" KDMs
+                                        together with "multiple-modified-transitional-1"
+                                        KDMs in one go, and similarly for "dci-any" etc.
+                               */
+                               kre.authorized_device_info->certificate_thumbprints.push_back ("2jmj7l5rSw0yVb/vlWAYkK/YBwk=");
+                       } else {
+                               /* As I read the standard we should use the
+                                        recipient /and/ other trusted device thumbprints
+                                        here. MJD reports that this doesn't work with
+                                        his setup; a working KDM does not include the
+                                        recipient's thumbprint (recipient.thumbprint()).
+                                        Waimea uses only the trusted devices here, too.
+                               */
+                               BOOST_FOREACH (Certificate const & i, trusted_devices) {
+                                       kre.authorized_device_info->certificate_thumbprints.push_back (i.thumbprint ());
+                               }
                         }
                 }
         }
                         }
                 }
         }
diff --git a/src/types.h b/src/types.h

index 14f10c3fb5f53cf62024559d31b1ada67ab354a9..807c4df0db51a664b3a0db04c2c108f7ecc84a7b 100644 (file)
--- a/src/types.h
+++ b/src/types.h
@@ -232,6 +232,7 @@ enum Standard {
  
  enum Formulation {
         MODIFIED_TRANSITIONAL_1,
  
  enum Formulation {
         MODIFIED_TRANSITIONAL_1,
+       MULTIPLE_MODIFIED_TRANSITIONAL_1,
         DCI_ANY,
         DCI_SPECIFIC,
         /** For testing: adds no AuthorizedDeviceInfo tag */
         DCI_ANY,
         DCI_SPECIFIC,
         /** For testing: adds no AuthorizedDeviceInfo tag */
author	Mart Jansink <mart@gofilex.nl>
	Wed, 14 Feb 2018 09:51:41 +0000 (10:51 +0100)
committer	Carl Hetherington <cth@carlh.net>
	Wed, 14 Feb 2018 22:16:07 +0000 (22:16 +0000)
src/encrypted_kdm.cc		patch \| blob \| history
src/types.h		patch \| blob \| history