Cryptography¶
Cryptography portion used for sending Smartglass message
Depending on the foreign public key type, the following Elliptic curves can be used:
Prime 256R1
Prime 384R1
Prime 521R1
On Discovery, the console responds with a DiscoveryResponse including a certificate, this certificate holds the console’s public key.
The Client generates appropriate elliptic curve and derives the shared secret using console’s public key
The shared secret is salted via 2x hashes, see kdf_salts
The salted shared secret is hashed using SHA-512
The salted & hashed shared secret is split into the following individual keys:
bytes 0-16: Encryption key (AES 128-CBC)
bytes 16-32: Initialization Vector key
bytes 32-64: Hashing key (HMAC SHA-256)
The resulting public key from this
Crypto
context is sent with the ConnectRequest message to the console
-
class
xbox.sg.crypto.
SaltType
¶ Bases:
object
Define whether Salt is pre- or appended
-
Prepend
= 1¶
-
Append
= 2¶
-
-
class
xbox.sg.crypto.
Salt
(value, salt_type=1)¶ Bases:
object
-
__init__
(value, salt_type=1)¶ Handle salting of ECDH shared secret
-
-
class
xbox.sg.crypto.
Crypto
(foreign_public_key, privkey=None, pubkey=None)¶ Bases:
object
-
__init__
(foreign_public_key, privkey=None, pubkey=None)¶ Initialize Crypto context via the foreign public key of the console. The public key is part of the console certificate.
- Parameters
foreign_public_key (
ec.EllipticCurvePublicKey
) – The console’s public keyprivkey (
ec.EllipticCurvePrivateKey
) – Optional private keypubkey (
ec.EllipticCurvePublicKey
) – Optional public key
Shared secret
- Returns
Shared secret
- Return type
-
property
pubkey_type
¶ Public Key Type aka. keystrength
- Returns
Public Key Type
- Return type
-
property
pubkey_bytes
¶ Public Key Bytes (minus the first identifier byte!)
- Returns
Public key
- Return type
-
property
foreign_pubkey
¶ Foreign key that was used to generate this crypto context
- Returns
Console’s public key
- Return type
ec.EllipticCurvePublicKey
-
classmethod
from_bytes
(foreign_public_key, public_key_type=None)¶ Initialize Crypto context with foreign public key in bytes / hexstring format.
- Parameters
foreign_public_key (bytes) – Console’s public key
public_key_type (
PublicKeyType
) – Public Key Type
- Returns
Instance
- Return type
Set up crypto context with shared secret
-
generate_iv
(seed=None)¶ Generates an IV to be used in encryption/decryption
-
encrypt
(iv, plaintext)¶ Encrypts plaintext with AES-128-CBC
No padding is added here, data has to be aligned to block size (16 bytes).
-
decrypt
(iv, ciphertext)¶ Decrypts ciphertext
No padding is removed here.
-
hash
(data)¶ Securely hashes data with HMAC SHA-256
-
-
class
xbox.sg.crypto.
Padding
¶ Bases:
object
Padding base class.
-
static
size
(length, alignment)¶ Calculate needed padding size.
-
static
pad
(payload, alignment)¶ Abstract method to override
-
static
-
class
xbox.sg.crypto.
PKCS7Padding
¶ Bases:
xbox.sg.crypto.Padding