Category Archives: 技術

DTCP Order Format 小註解

繼上次的 key format 之後, 又多了一個進階題叫做 order format. 根據 [1] 的 p. 20, 有 3 種 order formats. 價格也略有不同, 當然大客戶比較便宜 (large adopter) 是無庸置疑的. 為何 fomrat 3 比較貴呢?

根據定義, order format 1/3/5 的差異可以用 certificate (證書) / key 和 full / restricted 的排列組合來表現. 如下表, order foramt 3 的範圍最廣, license fee 也就最貴, Order format 1 居中, Order foramt 5 的範圍最小. 

Certificate\Key Full Restricted
Full Order Format 1/3/5 Order Format 1/3
Restricted Order Format 3 Order Format 3

根據 [1] 的 P.2, 證書和 key 的說明如下:

1.11 “Device Certificate” means a cryptographically encoded value which may be provided by
DTLA or its designee which authorizes a device to exchange certain Commercial Entertainment
Content.
1.12 “Device Keys” means cryptographic values which may be provided by DTLA or its designee
for use in devices, and include the “Private Device Key” and the “Public Device Key” and keys
associated with Restricted Authentication, all identified in the Specification.

DTCP 的 content 裡面包括一個 CCI (copy control information), CCI 裡面存放 EMI (encryption mode indicator) 來標記可以做甚麼樣的加密: copy free, copy never, copy once.

當 copy once 的 content 被 DTCP sink 處理的時候, 它的 EMI 若改記為 copy no more, 後續就可以只做 restricted authentication ([3] 的 P.891). 假如 content 被標記為 “copy never”, 就必須做 full authentication.

當需要做 full authentication 時, source 和 sink 要互相檢查對方的證書 (certificate), 然後做 key exchange. Restricted authentication 時, sink 只要向 source 證明他們的 secret key 都一樣. 

因此對於一個 recorder 來說, 它可能可以支援 full authentication certificate (計算能力夠強), 也可能只支援 restricted authetication certificate (計算能力弱). 為了降低計算需求, 採用 restricted authetication 比較方便.  但 key 為何又分為 full 和 restricted 呢? 這牽涉到 full authentication 下要選擇 order format 1 或是 5?

我們可以發現 restricted certificate 就不能選 full key, 但是 full certificate 可以選 restricted key. 我推測這是給予 full certificate 去選擇要把 copy once 減一成為 copy never (full key) 或是單純降為 copy no more (restricted key) 的權利.

客戶又問了 AP 和 AL 是 0 還是 1? 

AL flag (1 bit). Additional Localization flag. The AL flag is set to value of one to indicate that the associated device is capable of performing the additional localization test, otherwise shall be set to value of zero.

AP flag (1 bit). Authentication Proxy flag. A device certificate with an AP flag value of one is used by a DTCP bus bridge device, which receives a content stream using a sink function and retransmits that stream to another bus using a source function5.

首先看 Localization flag 是什麼? 根據 [4], 它在 DTCP + 1394 的規格也出現過. IEEE 1394 就是那個已經沒人在用的 DV 規格, 但 localization 的精神應該是一樣的. 基本上, 它要避免利用網路來遠端破解 DTCP, 所以要用網路封包的 round trip time 來檢查 sink 是否在很遠的地方. 如果我們要遠端 debug DTCP-IP 的 content, 我當然希望是 AL = 0. 但正常的產品給 AL = 1 即可.

什麼是 authentication proxy 呢? 顧名思義, 這是不是一個 DTCP 橋接器, 把左手的 DTCP 送給右手. 做為一個 recorder 來說, AP 應該要為 0. 因為不能把收進來的 DTCP-IP 不解就直接寫進 time shift buffer 等下次用. 既然 DTCP-IP 和 Time shift buffer 的 key 不能共用, AP = 0 就好.

[Note]

  1. http://www.dtcp.com/documents/licensing/dtla-adopter-agreement.pdf
  2. ITU-T_J.95Y1999.PDF
  3. Multimedia Encryption and Authentication Techniques and Applications
  4. https://www.dtcp.com/documents/dtcp/info-20070615-dtcp-v1sf-rev-1-p-0.pdf

DTCP Key Format 小註解

因為 OEM 在問, 所以我上網找了些公開的資料. DTCP (Digital Transmission Content Protection) 的概念類似 HDCP, 由 DTLA (Digital Transmission License Administrator) [1] 所維護. 顧名思義 DTCP 強調傳輸的部分.

版本又分成 DTCP [3] 和 DTCP2, “2” 和 “1” 不相容, DTCP2 主要是用來保護 4K, 8K 的 content. 舊版的的 DTCP 主要用來保護 HD 的影像. 再來就講到 key 的內容了, 首先分成 unique key 和 common key.

CK flag (1 bit): A value of zero indicates the device is using unique DTCP2 keying material
(Unique-key Device) and a value of one indicates that the device is using common keying material
(Common-key Device).
 

詳細的說明在 [4] 的 P.6, 本來每個 device 的 key 都要長得不一樣. 但是如果你是大戶買很多把的話, 就可以都用一樣的 key 比較方便, 這個叫做 common key. 當然 common key 被濫用的話, 必須要能夠被註銷. 這些規範寫在 Section 2.2 of the Procedural Appendix. F (p. 60).

2.3 Device Certificate and Device Keys. Device Certificates and Device Keys are necessary to
manufacture Licensed Products. These are generated under the direction of DTLA and, except in the
case that Adopter elects to use a Common Device Certificate and Common Device Key for certain
devices as described in the Procedural Appendix and Compliance Rules, are generated uniquely per
device. Without limiting any other provision of this Agreement, Adopter may not use the same
Device Key or Device Certificate in more than one individual unit or copy of any product or
component except for the use of Common Device Keys and Common Device Certificates in
accordance with Section 2.2 of the Procedural Appendix. F

Unique key 在 DTCP 有三種 certificate format, 在 DTCP2 只有一種. DTCP 的三種 format. 定義在  RFC7562 [2]. Format 0 給計算能力比較有限的 device 用. Format 1 給計算能力強的 device 用, Format 3 就給有額外需求的 device 用 [3]. 看起來 embedded system 比較適合 format 0.

Certificate Format (4 bits). This field specifies the format for a specific type of certificate. Currently three
formats are defined:
o Format 0 = the Restricted Authentication device certificate format (See Chapter 5).
o Format 1 = the Baseline Full Authentication device certificate format.
o Format 2 = the Extended Full Authentication device certificate format (NOT ESTABLISHED2
).
o Other encodings are currently reserved.

DTCP certificates issued by [DTLA] to DTLA-compliant devices come in
   three general variations (see Section 4.2.3.1 of [DTCP]):

   o  Restricted Authentication device certificate format (Format 0):
      Typically issued to devices with limited computation resources.

   o  Baseline Full Authentication device certificate format (Format 1):
      This is the most commonly issued certificate format.  Format 1
      certificates include a unique DeviceID and device EC-DSA public/
      private key pair generated by the DTLA.  (See Section 4.3 of
      [DTCP]).

   o  Extended Full Authentication device certificate format (Format 2):
      This is issued to devices that possess additional functions (e.g.,
      additional channel ciphers, specific device properties).  The
      presence of these additional functions is indicated by the device
      capability mask as specified in Section 4.2.3.2 of [DTCP].  Format
      2 certificates also include a unique DeviceID and device EC-DSA
      public/private key pair generated by the DTLA (see Section 4.3 of
      [DTCP]).

   The mechanism specified in this document allows only Formats 1 and 2
   DTCP certificates to be exchanged in the supplemental data message
   since it requires the use of the EC-DSA private key associated with
   the certificate.

既然 DTCP2 用來保護 4K, 8K 的內容, 當然就不用顧及老弱殘兵的計算能力了. 按照 2018 年的 DTCP2 spec., 就只有 format 1 一種.

Format (4 bits): This field specifies certificate format and currently only one format is defined:
116 : DTCP2 Device Certificate Format 1
 

[Ref]

1. https://www.dtcp.com/default.aspx

2. https://tools.ietf.org/html/rfc7562#page-6

3. http://www.dtcp.com/documents/dtcp/info-20130605-dtcp-v1-rev-1-7-ed2.pdf

4. http://www.dtcp.com/documents/licensing/dtla-adopter-agreement.pdf

ECM 與 EMM 小註解

初學的時候, 對這兩個名詞很容易搞混, 只是硬記.

ECM = Entitlement Control Messages

EMM = Entitlement Management Messages

後來看了 RDK Summit 2019 的文件, 覺得解釋得很好. 在腦海中翻譯成中文後就更加心領神會了.

首先我有一個受保護的資料要解擾, 因此用一個 Control Word 來解擾它. 解擾和解密的差異在於 Control Word 會一直換, 達到擾亂的目的. 就算一時可以矇對, 可能每隔 15 秒就換一次 Control Word. 

Control 是控制的意思. 我們那屆的控制系, 系服背後就寫著大大的 “Everything is under Control” , 穿起來很風光. 而我們電信系的系服上的 “Comunication” 因為少了一個 m 所以很少人穿.  咳… 管理 Control word 的資訊當然就是 Control Message. 因為表彰管理權限, 給予權利, 所以是 Entitlement Control Message.

ECM –> Decrypt –> Control Word 

Scrambled data + Control Word –> Discramble –> Clear data

控制是針對普遍性, 但管理要考慮獨特性. 因此在控制的上面要多一層管理. 對事情、對人、對 key 都用這個聯想, 就變好記了. 國有國法、家有家規, 凡事都按照規定來做是控制, 而上面要有一個 Manager 就是要管理差異性.

EMM + Device Unique Key –> ECM key

ECM + ECM Key  –> Dercypt –> Control Word

Scrambled data + Control Word –> Discramble –> Clear data