[英]MS OPM (Output Protection Manager) Initializing X509 chain
I trying to OPM (Output Protection Manager) with Visual C++ (native) using OPMAPI. 我试图使用OPMAPI与Visual C ++(本机)进行OPM(输出保护管理器)。 My goal is enable HDCP session between HDMI device driver and display to protect contents through out HDMI cable.
我的目标是在HDMI设备驱动程序和显示器之间启用HDCP会话,以通过HDMI电缆保护内容。
I got an example from MSDN 我从MSDN得到了一个例子
In example code there's some undocumented function about certifications. 在示例代码中,有一些未记录的关于认证的功能。 (ValidateX509Certificate, GetPublicKeyFromCertificate)
(ValidateX509Certificate,GetPublicKeyFromCertificate)
Here follows example code. 下面是示例代码。
OPM_RANDOM_NUMBER random; // Random number from driver.
ZeroMemory(&random, sizeof(random));
BYTE *pbCertificate = NULL; // Pointer to a buffer to hold the certificate.
ULONG cbCertificate = 0; // Size of the certificate in bytes.
PUBLIC_KEY_VALUES *pKey = NULL; // The driver's public key.
// Get the driver's certificate chain + random number
HRESULT hr = pVideoOutput->StartInitialization(
&random,
&pbCertificate,
&cbCertificate );
// Validate the X.509 certificate. (Not shown.)
hr = ValidateX509Certificate(pbCertificate, cbCertificate);
if (FAILED(hr))
{
goto done;
}
// Get the public key from the certificate. (Not shown.)
hr = GetPublicKeyFromCertificate(
pbCertificate,
cbCertificate,
&pKey );
According to MSDN , IOPMVideoOutput::StartInitialization()
retrieves random number and X509 certificate chain (pbCertificate). 根据MSDN ,
IOPMVideoOutput::StartInitialization()
检索随机数和X509证书链(pbCertificate)。
ValidateX509Certificate()
and GetPublicKeyFromCertificate()
function are not shown. 没有显示
ValidateX509Certificate()
和GetPublicKeyFromCertificate()
函数。
Could anyone explain to me the way to write above two function please? 有人可以向我解释上面两个函数的编写方式吗?
Or I want to know how decode X.509 cert chain data (DER) into CERT_CHAIN_CONTEXT. 或者我想知道如何将X.509证书链数据(DER)解码为CERT_CHAIN_CONTEXT。
The StartInitialization function returns the complete certificate chain of the driver as signed PKCS7 data with DER encoding. StartInitialization函数将驱动程序的完整证书链作为带DER编码的签名PKCS7数据返回。 This is not the usual X509 certificate with DER encoding we commonly deal with.
这不是我们通常处理的带有DER编码的普通X509证书。 Unfortunately this is not mentioned in the MSDN pages.
不幸的是,这在MSDN页面中没有提到。
The certificates/certificate chain can be extracted from signed PKCS7 DER using any crypto library/framework. 可以使用任何加密库/框架从已签名的PKCS7 DER中提取证书/证书链。 We can verify and get the public key using Microsoft crypto framework with the folloing steps.
我们可以按照以下步骤使用Microsoft加密框架来验证并获取公钥。
It is much easier (at least I feel like) to do with OpenSSL which is explained "how to Read the certificates file from the PKCS7.p7b certificate file usind openssl" . 使用OpenSSL更容易(至少在我看来是这样),它被解释为“如何从PKCS7.p7b证书文件usind openssl中读取证书文件” 。 It shows how to retrieve the certificates and you can easily retrieve public key using X509_get_pubkey function.
它显示了如何检索证书,并且您可以使用X509_get_pubkey函数轻松地检索公钥。
这是一个示例代码,用于实现提到的MSDN中缺少的功能,并展示如何基于标准窗口API https://github.com/wangf1978/D3DTest,CryptoUtil.cpp / OPMSession.cpp使用OPM和相关的加密实现。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.