Cryptography

Cryptography portion used for sending Smartglass message

Depending on the foreign public key type, the following Elliptic curves can be used:

  • Prime 256R1

  • Prime 384R1

  • Prime 521R1

  1. On Discovery, the console responds with a DiscoveryResponse including a certificate, this certificate holds the console’s public key.

  2. The Client generates appropriate elliptic curve and derives the shared secret using console’s public key

  3. The shared secret is salted via 2x hashes, see kdf_salts

  4. The salted shared secret is hashed using SHA-512

  5. The salted & hashed shared secret is split into the following individual keys:

    • bytes 0-16: Encryption key (AES 128-CBC)

    • bytes 16-32: Initialization Vector key

    • bytes 32-64: Hashing key (HMAC SHA-256)

  6. The resulting public key from this Crypto context is sent with the ConnectRequest message to the console

class xbox.sg.crypto.SaltType

Bases: object

Define whether Salt is pre- or appended

Prepend = 1
Append = 2
class xbox.sg.crypto.Salt(value, salt_type=1)

Bases: object

__init__(value, salt_type=1)

Handle salting of ECDH shared secret

Parameters

  • value (bytes) – Salting bytes

  • salt_type (SaltType) – Salt Type

apply(data)

Appends or prepends salt bytes to data

Parameters

data (bytes) – Data to be salted

Returns

Salted data

Return type

bytes

class xbox.sg.crypto.Crypto(foreign_public_key, privkey=None, pubkey=None)

Bases: object

__init__(foreign_public_key, privkey=None, pubkey=None)

Initialize Crypto context via the foreign public key of the console. The public key is part of the console certificate.

Parameters

  • foreign_public_key (ec.EllipticCurvePublicKey) – The console’s public key

  • privkey (ec.EllipticCurvePrivateKey) – Optional private key

  • pubkey (ec.EllipticCurvePublicKey) – Optional public key

property shared_secret

Shared secret

Returns

Shared secret

Return type

bytes

property pubkey_type

Public Key Type aka. keystrength

Returns

Public Key Type

Return type

PublicKeyType

property pubkey_bytes

Public Key Bytes (minus the first identifier byte!)

Returns

Public key

Return type

bytes

property foreign_pubkey

Foreign key that was used to generate this crypto context

Returns

Console’s public key

Return type

ec.EllipticCurvePublicKey

classmethod from_bytes(foreign_public_key, public_key_type=None)

Initialize Crypto context with foreign public key in bytes / hexstring format.

Parameters

  • foreign_public_key (bytes) – Console’s public key

  • public_key_type (PublicKeyType) – Public Key Type

Returns

Instance

Return type

Crypto

classmethod from_shared_secret(shared_secret)

Set up crypto context with shared secret

Parameters

shared_secret (bytes) – The shared secret

Returns

Instance

Return type

Crypto

generate_iv(seed=None)

Generates an IV to be used in encryption/decryption

Parameters

seed (bytes) – An optional IV seed

Returns

Initialization Vector

Return type

bytes

encrypt(iv, plaintext)

Encrypts plaintext with AES-128-CBC

No padding is added here, data has to be aligned to block size (16 bytes).

Parameters

  • iv (bytes) – The IV to use. None where no IV is used.

  • plaintext (bytes) – The plaintext to encrypt.

Returns

Encrypted Data

Return type

bytes

decrypt(iv, ciphertext)

Decrypts ciphertext

No padding is removed here.

Parameters

  • iv (bytes) – The IV to use. None where no IV is used.

  • ciphertext (bytes) – The hex representation of a ciphertext to be decrypted

Returns

Decrypted data

Return type

bytes

hash(data)

Securely hashes data with HMAC SHA-256

Parameters

data (bytes) – The data to securely hash.

Returns

Hashed data

Return type

bytes

verify(data, secure_hash)

Verifies that the given data generates the given secure_hash

Parameters

  • data (bytes) – The data to validate.

  • secure_hash (bytes) – The secure hash to validate against.

Returns

True on success, False otherwise

Return type

bool

class xbox.sg.crypto.Padding

Bases: object

Padding base class.

static size(length, alignment)

Calculate needed padding size.

Parameters

  • length (int) – Data size

  • alignment (int) – Data alignment

Returns

Padding size

Return type

int

static pad(payload, alignment)

Abstract method to override

Parameters

  • payload (bytes) – Data blob

  • alignment (int) – Data alignment

Returns

Data with padding bytes

Return type

bytes

static remove(payload)

Common method for removing padding from data blob.

Parameters

payload (bytes) – Padded data.

Returns

Data with padding bytes removed

Return type

bytes

class xbox.sg.crypto.PKCS7Padding

Bases: xbox.sg.crypto.Padding

static pad(payload, alignment)

Add PKCS#7 padding to data blob.

Parameters

  • payload (bytes) – Data blob

  • alignment (int) – Data alignment

Returns

Data with padding bytes

Return type

bytes

class xbox.sg.crypto.ANSIX923Padding

Bases: xbox.sg.crypto.Padding

static pad(payload, alignment)

Add ANSI.X923 padding to data blob.

Parameters

  • payload (bytes) – Data blob

  • alignment (int) – Data alignment

Returns

Data with padding bytes

Return type

bytes