locked
Get public key from OPM (p7b) certificate chain (MSDN subscriber) RRS feed

  • Question

  •  

    Hello!

    I need to perform OPM communication. I asked a question here but get no response. Being an MSDN subscriber, I ask the question here hoping to get a feedback.

    I have received p7b certificate chain from video driver, opened it with CertOpenStore, verifyed.

    The main problem I am having right now is extracting public key from the leaf certificate in the OPM chain, implementation of function GetPublicKeyFromCertificate from an example:

     

     // Get the public key from the certificate. (Not shown.)
     hr = GetPublicKeyFromCertificate(
     pbCertificate,
     cbCertificate,
     &pKey
     );

     

    I try to do it with CryptDecodeObject, but it says ASN1 tag is bad in SubjectPublicKeyInfo of CERT_INFO structure:

     

    	// Need to verify certificates signatures
    	// This loop starts on the root certificate and goes to the leaf
    	DWORD chain_size = opm_chain_context_ptr->rgpChain[0]->cElement;
    	PCERT_PUBLIC_KEY_INFO signer_public_key = &opm_chain_context_ptr->rgpChain[0]->rgpElement[0/*leaf*/]->pCertContext->pCertInfo->SubjectPublicKeyInfo;
    
    	// Get Public key from certificate
    	DWORD pubkey_decoded_size;
    	BYTE *pubkey_decoded = NULL;
    	BOOL crypt_decode_res = FALSE;
    
    	PCERT_PUBLIC_KEY_INFO pubkey = signer_public_key;
    	DWORD pubkey_len = sizeof(CERT_PUBLIC_KEY_INFO);
    	crypt_decode_res = CryptDecodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, X509_PUBLIC_KEY_INFO, (BYTE*) pubkey, pubkey_len, CRYPT_DECODE_NO_SIGNATURE_BYTE_REVERSAL_FLAG, NULL, &pubkey_decoded_size);
    	if (!crypt_decode_res) {
    		HRESULT decode_hr = __HRESULT_FROM_WIN32(GetLastError());
    		return decode_hr;
    	}
    	pubkey_decoded = reinterpret_cast<BYTE*>(malloc(pubkey_decoded_size));
    	crypt_decode_res = CryptDecodeObject(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, (BYTE*) pubkey, pubkey_len, 0, pubkey_decoded, &pubkey_decoded_size);
    	if (!crypt_decode_res) {
    		HRESULT decode_hr = __HRESULT_FROM_WIN32(GetLastError());
    		return decode_hr;
    	}
    
    	DWORD decoded_key_size;
    	crypt_decode_res = CryptDecodeObject(X509_ASN_ENCODING, RSA_CSP_PUBLICKEYBLOB,
    		((CERT_PUBLIC_KEY_INFO*) pubkey_decoded)->PublicKey.pbData,
    		((CERT_PUBLIC_KEY_INFO*) pubkey_decoded)->PublicKey.cbData, 0,
    		NULL, &decoded_key_size);
    	if (!crypt_decode_res) {
    		HRESULT decode_hr = __HRESULT_FROM_WIN32(GetLastError());
    		return decode_hr;
    	}
    
    	struct RSAPublicKey1024
    	{
    		PUBLICKEYSTRUC publickeystruc;
    		RSAPUBKEY rsapubkey;
    		BYTE modulus[1024/8];
    	};
    
    	assert(decoded_key_size == sizeof(RSAPublicKey1024));
    
    	RSAPublicKey1024 rsa_pub_key;
    
    	crypt_decode_res = CryptDecodeObject(X509_ASN_ENCODING, RSA_CSP_PUBLICKEYBLOB,
    		((CERT_PUBLIC_KEY_INFO*) pubkey_decoded)->PublicKey.pbData,
    		((CERT_PUBLIC_KEY_INFO*) pubkey_decoded)->PublicKey.cbData, 0,
    		reinterpret_cast<BYTE*>(&rsa_pub_key), &decoded_key_size);
    	if (!crypt_decode_res) {
    		HRESULT decode_hr = __HRESULT_FROM_WIN32(GetLastError());
    		return decode_hr;
    	}
    

    How can I extract public key for ImportRsaPublicKey function? It seems I need to extract these elements:

     

     struct RSAPublicKey1024
     {
     PUBLICKEYSTRUC publickeystruc;
     RSAPUBKEY rsapubkey;
     BYTE modulus[1024/8];
     };
    

     

    If you need dumped certificate chain, just let me know.

    Thursday, June 2, 2011 8:31 AM

All replies

  • Anyone?
    Friday, June 10, 2011 3:00 AM
  • DRM is not my area of expertise, so I am following up with some other people on this.  Are you a PMP licensee?  There is documentation related to DRM functionality that is only available to licensees, and it might have documentation on what means are used to extract the key.
    Wednesday, July 27, 2011 12:34 AM