Category Archives: 技術

Windows 10 打開 line in 的方法

Posted by on 2020 年 7 月 5 日 No comments

在 Windows 7 的時候, 我可以從 Realtek 的混音管理程式打開 line in (線路輸入) 的通道.  雖然它有個副作用是 line 進到混音後, 變成 line in 有一次聲音, 混音後又有一次聲音, 兩個聲音必須關掉一個.

但是用了 Windows 10 就有趣了, 明明麥克風的音量條都會動. 但是就是聽不到聲音從喇叭出來. 上網找到微軟客服的回答 [1], 但實在和中文版介面對不起來.

To enable sound for the line-in connection
1. Open Audio Devices and Sound Themes by clicking the Start button, clicking Control Panel, clicking Hardware and Sound, and then clicking Sound.
2. Click the Playback tab, click Speakers, and then click Properties.
3. Click the Levels tab, and then, under Line In, click the Mute button to enable sound for the line-in connection.

按照上面的流程, 第一步走到這裡. 然後它少講了要按右邊側欄的”聲音控制台”, 不然也看不到第二步講的東西. 

第二說三步說要點喇叭 (speaker) 的內容 (property). 但是我又迷失了.  我最後是在聲音控制台 –> 錄製中找到 line in 可以 unmute. 把這個選項打勾就可以聽到 line in 的聲音出現在喇叭了.

[Note]

  1. https://answers.microsoft.com/en-us/windows/forum/all/line-in-speakers-and-microphone-line-in-not/de6d462e-9970-48b3-8c3c-e70e66ccc01b

DTCP Order Format 小註解

Posted by on 2020 年 5 月 19 日 No comments

繼上次的 key format 之後, 又多了一個進階題叫做 order format. 根據 [1] 的 p. 20, 有 3 種 order formats. 價格也略有不同, 當然大客戶比較便宜 (large adopter) 是無庸置疑的. 為何 fomrat 3 比較貴呢?

根據定義, order format 1/3/5 的差異可以用 certificate (證書) / key 和 full / restricted 的排列組合來表現. 如下表, order foramt 3 的範圍最廣, license fee 也就最貴, Order format 1 居中, Order foramt 5 的範圍最小. 

Certificate\Key Full Restricted
Full Order Format 1/3/5 Order Format 1/3
Restricted Order Format 3 Order Format 3

根據 [1] 的 P.2, 證書和 key 的說明如下:

1.11 “Device Certificate” means a cryptographically encoded value which may be provided by
DTLA or its designee which authorizes a device to exchange certain Commercial Entertainment
Content.
1.12 “Device Keys” means cryptographic values which may be provided by DTLA or its designee
for use in devices, and include the “Private Device Key” and the “Public Device Key” and keys
associated with Restricted Authentication, all identified in the Specification.

DTCP 的 content 裡面包括一個 CCI (copy control information), CCI 裡面存放 EMI (encryption mode indicator) 來標記可以做甚麼樣的加密: copy free, copy never, copy once.

當 copy once 的 content 被 DTCP sink 處理的時候, 它的 EMI 若改記為 copy no more, 後續就可以只做 restricted authentication ([3] 的 P.891). 假如 content 被標記為 “copy never”, 就必須做 full authentication.

當需要做 full authentication 時, source 和 sink 要互相檢查對方的證書 (certificate), 然後做 key exchange. Restricted authentication 時, sink 只要向 source 證明他們的 secret key 都一樣. 

因此對於一個 recorder 來說, 它可能可以支援 full authentication certificate (計算能力夠強), 也可能只支援 restricted authetication certificate (計算能力弱). 為了降低計算需求, 採用 restricted authetication 比較方便.  但 key 為何又分為 full 和 restricted 呢? 這牽涉到 full authentication 下要選擇 order format 1 或是 5?

我們可以發現 restricted certificate 就不能選 full key, 但是 full certificate 可以選 restricted key. 我推測這是給予 full certificate 去選擇要把 copy once 減一成為 copy never (full key) 或是單純降為 copy no more (restricted key) 的權利.

客戶又問了 AP 和 AL 是 0 還是 1? 

AL flag (1 bit). Additional Localization flag. The AL flag is set to value of one to indicate that the associated device is capable of performing the additional localization test, otherwise shall be set to value of zero.

AP flag (1 bit). Authentication Proxy flag. A device certificate with an AP flag value of one is used by a DTCP bus bridge device, which receives a content stream using a sink function and retransmits that stream to another bus using a source function5.

首先看 Localization flag 是什麼? 根據 [4], 它在 DTCP + 1394 的規格也出現過. IEEE 1394 就是那個已經沒人在用的 DV 規格, 但 localization 的精神應該是一樣的. 基本上, 它要避免利用網路來遠端破解 DTCP, 所以要用網路封包的 round trip time 來檢查 sink 是否在很遠的地方. 如果我們要遠端 debug DTCP-IP 的 content, 我當然希望是 AL = 0. 但正常的產品給 AL = 1 即可.

什麼是 authentication proxy 呢? 顧名思義, 這是不是一個 DTCP 橋接器, 把左手的 DTCP 送給右手. 做為一個 recorder 來說, AP 應該要為 0. 因為不能把收進來的 DTCP-IP 不解就直接寫進 time shift buffer 等下次用. 既然 DTCP-IP 和 Time shift buffer 的 key 不能共用, AP = 0 就好.

[Note]

  1. http://www.dtcp.com/documents/licensing/dtla-adopter-agreement.pdf
  2. ITU-T_J.95Y1999.PDF
  3. Multimedia Encryption and Authentication Techniques and Applications
  4. https://www.dtcp.com/documents/dtcp/info-20070615-dtcp-v1sf-rev-1-p-0.pdf

DTCP Key Format 小註解

Posted by on 2020 年 4 月 17 日 No comments

因為 OEM 在問, 所以我上網找了些公開的資料. DTCP (Digital Transmission Content Protection) 的概念類似 HDCP, 由 DTLA (Digital Transmission License Administrator) [1] 所維護. 顧名思義 DTCP 強調傳輸的部分.

版本又分成 DTCP [3] 和 DTCP2, “2” 和 “1” 不相容, DTCP2 主要是用來保護 4K, 8K 的 content. 舊版的的 DTCP 主要用來保護 HD 的影像. 再來就講到 key 的內容了, 首先分成 unique key 和 common key.

CK flag (1 bit): A value of zero indicates the device is using unique DTCP2 keying material
(Unique-key Device) and a value of one indicates that the device is using common keying material
(Common-key Device).
 

詳細的說明在 [4] 的 P.6, 本來每個 device 的 key 都要長得不一樣. 但是如果你是大戶買很多把的話, 就可以都用一樣的 key 比較方便, 這個叫做 common key. 當然 common key 被濫用的話, 必須要能夠被註銷. 這些規範寫在 Section 2.2 of the Procedural Appendix. F (p. 60).

2.3 Device Certificate and Device Keys. Device Certificates and Device Keys are necessary to
manufacture Licensed Products. These are generated under the direction of DTLA and, except in the
case that Adopter elects to use a Common Device Certificate and Common Device Key for certain
devices as described in the Procedural Appendix and Compliance Rules, are generated uniquely per
device. Without limiting any other provision of this Agreement, Adopter may not use the same
Device Key or Device Certificate in more than one individual unit or copy of any product or
component except for the use of Common Device Keys and Common Device Certificates in
accordance with Section 2.2 of the Procedural Appendix. F

Unique key 在 DTCP 有三種 certificate format, 在 DTCP2 只有一種. DTCP 的三種 format. 定義在  RFC7562 [2]. Format 0 給計算能力比較有限的 device 用. Format 1 給計算能力強的 device 用, Format 3 就給有額外需求的 device 用 [3]. 看起來 embedded system 比較適合 format 0.

Certificate Format (4 bits). This field specifies the format for a specific type of certificate. Currently three
formats are defined:
o Format 0 = the Restricted Authentication device certificate format (See Chapter 5).
o Format 1 = the Baseline Full Authentication device certificate format.
o Format 2 = the Extended Full Authentication device certificate format (NOT ESTABLISHED2
).
o Other encodings are currently reserved.

DTCP certificates issued by [DTLA] to DTLA-compliant devices come in
   three general variations (see Section 4.2.3.1 of [DTCP]):

   o  Restricted Authentication device certificate format (Format 0):
      Typically issued to devices with limited computation resources.

   o  Baseline Full Authentication device certificate format (Format 1):
      This is the most commonly issued certificate format.  Format 1
      certificates include a unique DeviceID and device EC-DSA public/
      private key pair generated by the DTLA.  (See Section 4.3 of
      [DTCP]).

   o  Extended Full Authentication device certificate format (Format 2):
      This is issued to devices that possess additional functions (e.g.,
      additional channel ciphers, specific device properties).  The
      presence of these additional functions is indicated by the device
      capability mask as specified in Section 4.2.3.2 of [DTCP].  Format
      2 certificates also include a unique DeviceID and device EC-DSA
      public/private key pair generated by the DTLA (see Section 4.3 of
      [DTCP]).

   The mechanism specified in this document allows only Formats 1 and 2
   DTCP certificates to be exchanged in the supplemental data message
   since it requires the use of the EC-DSA private key associated with
   the certificate.

既然 DTCP2 用來保護 4K, 8K 的內容, 當然就不用顧及老弱殘兵的計算能力了. 按照 2018 年的 DTCP2 spec., 就只有 format 1 一種.

Format (4 bits): This field specifies certificate format and currently only one format is defined:
116 : DTCP2 Device Certificate Format 1
 

[Ref]

1. https://www.dtcp.com/default.aspx

2. https://tools.ietf.org/html/rfc7562#page-6

3. http://www.dtcp.com/documents/dtcp/info-20130605-dtcp-v1-rev-1-7-ed2.pdf

4. http://www.dtcp.com/documents/licensing/dtla-adopter-agreement.pdf