MS OPM(输出保护管理器)初始化X509链
[英]MS OPM (Output Protection Manager) Initializing X509 chain
问题描述
I trying to OPM (Output Protection Manager) with Visual C++ (native) using OPMAPI. 
我试图使用OPMAPI与Visual C ++(本机)进行OPM(输出保护管理器)。 My goal is enable HDCP session between HDMI device driver and display to protect contents through out HDMI cable. 我的目标是在HDMI设备驱动程序和显示器之间启用HDCP会话,以通过HDMI电缆保护内容。
I got an example from MSDN 我从MSDN得到了一个例子
In example code there's some undocumented function about certifications. 在示例代码中,有一些未记录的关于认证的功能。 (ValidateX509Certificate, GetPublicKeyFromCertificate) (ValidateX509Certificate,GetPublicKeyFromCertificate)
Here follows example code. 下面是示例代码。
OPM_RANDOM_NUMBER random; // Random number from driver.
ZeroMemory(&random, sizeof(random));
BYTE *pbCertificate = NULL; // Pointer to a buffer to hold the certificate.
ULONG cbCertificate = 0; // Size of the certificate in bytes.
PUBLIC_KEY_VALUES *pKey = NULL; // The driver's public key.
// Get the driver's certificate chain + random number
HRESULT hr = pVideoOutput->StartInitialization(
&random,
&pbCertificate,
&cbCertificate );
// Validate the X.509 certificate. (Not shown.)
hr = ValidateX509Certificate(pbCertificate, cbCertificate);
if (FAILED(hr))
{
goto done;
}
// Get the public key from the certificate. (Not shown.)
hr = GetPublicKeyFromCertificate(
pbCertificate,
cbCertificate,
&pKey );
According to MSDN , IOPMVideoOutput::StartInitialization() retrieves random number and X509 certificate chain (pbCertificate). 根据MSDN , IOPMVideoOutput::StartInitialization()检索随机数和X509证书链(pbCertificate)。
ValidateX509Certificate() and GetPublicKeyFromCertificate() function are not shown. 没有显示ValidateX509Certificate()和GetPublicKeyFromCertificate()函数。
Could anyone explain to me the way to write above two function please? 有人可以向我解释上面两个函数的编写方式吗?
Or I want to know how decode X.509 cert chain data (DER) into CERT_CHAIN_CONTEXT. 或者我想知道如何将X.509证书链数据(DER)解码为CERT_CHAIN_CONTEXT。
2 个解决方案
解决方案1
2 2014-07-04 09:35:05
The StartInitialization function returns the complete certificate chain of the driver as signed PKCS7 data with DER encoding. StartInitialization函数将驱动程序的完整证书链作为带DER编码的签名PKCS7数据返回。 This is not the usual X509 certificate with DER encoding we commonly deal with. 这不是我们通常处理的带有DER编码的普通X509证书。 Unfortunately this is not mentioned in the MSDN pages. 不幸的是,这在MSDN页面中没有提到。
The certificates/certificate chain can be extracted from signed PKCS7 DER using any crypto library/framework. 可以使用任何加密库/框架从已签名的PKCS7 DER中提取证书/证书链。 We can verify and get the public key using Microsoft crypto framework with the folloing steps. 我们可以按照以下步骤使用Microsoft加密框架来验证并获取公钥。
- Get certificate chain with CryptGetMessageCertificates function 使用CryptGetMessageCertificates函数获取证书链
- Optionally you can verify the certificate chain as explained "Performing X.509 Certificate Verification with CryptoAPI" (可选)您可以按照“使用CryptoAPI执行X.509证书验证”中的说明验证证书链。
- Get the subject certificate CERT_CONTEXT as explained in Step 2. The subject public key can be retrieved from pCertInfo of CERT_CONTEXT. 按照步骤2中的说明获取主题证书CERT_CONTEXT 。可以从CERT_CONTEXT的pCertInfo中检索主题公钥。
It is much easier (at least I feel like) to do with OpenSSL which is explained "how to Read the certificates file from the PKCS7.p7b certificate file usind openssl" . 使用OpenSSL更容易(至少在我看来是这样),它被解释为“如何从PKCS7.p7b证书文件usind openssl中读取证书文件” 。 It shows how to retrieve the certificates and you can easily retrieve public key using X509_get_pubkey function. 它显示了如何检索证书,并且您可以使用X509_get_pubkey函数轻松地检索公钥。
解决方案2
-1 2018-12-15 01:59:00
这是一个示例代码,用于实现提到的MSDN中缺少的功能,并展示如何基于标准窗口API https://github.com/wangf1978/D3DTest,CryptoUtil.cpp / OPMSession.cpp使用OPM和相关的加密实现。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.