From f65e8cd9ebcb78ba232eb6b3cf6b3bd1b72a8c9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9gory=20Soutad=C3=A9?= Date: Wed, 21 Dec 2022 21:06:03 +0100 Subject: [PATCH] Check for target user before trying to decrypt a file --- include/libgourou_common.h | 3 ++- src/libgourou.cpp | 9 ++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/include/libgourou_common.h b/include/libgourou_common.h index 22bbd2d..2947b14 100644 --- a/include/libgourou_common.h +++ b/include/libgourou_common.h @@ -129,7 +129,8 @@ namespace gourou DRM_IN_OUT_EQUALS, DRM_MISSING_PARAMETER, DRM_INVALID_KEY_SIZE, - DRM_ERR_ENCRYPTION_KEY_FP + DRM_ERR_ENCRYPTION_KEY_FP, + DRM_INVALID_USER }; #ifndef _NOEXCEPT diff --git a/src/libgourou.cpp b/src/libgourou.cpp index e6d81c7..cf2e9c2 100644 --- a/src/libgourou.cpp +++ b/src/libgourou.cpp @@ -1028,6 +1028,13 @@ namespace gourou { unsigned char rsaKey[RSA_KEY_SIZE]; + std::string user = extractTextElem(rightsDoc, "/adept:rights/licenseToken/user"); + + if (this->user->getUUID() != user) + { + EXCEPTION(DRM_INVALID_USER, "This book has been downloaded for another user (" << user << ")"); + } + if (!encryptionKey) { std::string encryptedKey = extractTextElem(rightsDoc, "/adept:rights/licenseToken/encryptedKey"); @@ -1041,7 +1048,7 @@ namespace gourou ByteArray arrayEncryptedKey = ByteArray::fromBase64(encryptedKey); - std::string privateKeyData = user->getPrivateLicenseKey(); + std::string privateKeyData = this->user->getPrivateLicenseKey(); ByteArray privateRSAKey = ByteArray::fromBase64(privateKeyData); dumpBuffer(gourou::LG_LOG_DEBUG, "To decrypt : ", arrayEncryptedKey.data(), arrayEncryptedKey.length());