this fix introduces a KeyCheck verification for the code path that te…

…sts existing user keys available in the secret vault (as opposed to the codepath that uses the passphrase to unlock the license), see #51
readium · Jul 25, 2019 · f89dcac · f89dcac
1 parent a2a0d24
commit f89dcac
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/src/lcp-client-lib/CryptoppCryptoProvider.cpp b/src/lcp-client-lib/CryptoppCryptoProvider.cpp
@@ -295,8 +295,15 @@ namespace lcp
 
             //http://www.w3.org/2009/xmlenc11#aes256-gcm
             //http://www.w3.org/2001/04/xmlenc#aes256-cbc
-            const std::string algorithm = license->Crypto()->ContentKeyAlgorithm();
+            const std::string algorithm_ = license->Crypto()->ContentKeyAlgorithm();
+            std::unique_ptr<ISymmetricAlgorithm> contentKeyAlgorithm_(profile->CreateContentKeyAlgorithm(userKey, algorithm_));
+            std::string id = contentKeyAlgorithm_->Decrypt(license->Crypto()->UserKeyCheck());
+            if (!EqualsUtf8(id, license->Id()))
+            {
+                return Status(StatusCode::ErrorDecryptionUserPassphraseNotValid, "ErrorDecryptionUserPassphraseNotValid");
+            }
 
+            const std::string algorithm = license->Crypto()->ContentKeyAlgorithm();
             std::unique_ptr<ISymmetricAlgorithm> contentKeyAlgorithm(profile->CreateContentKeyAlgorithm(userKey, algorithm));
             std::string decryptedContentKey = contentKeyAlgorithm->Decrypt(license->Crypto()->ContentKey());