README
4.67 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
Use of the api in bbtoolsapi.c
Content Publisher:
Use API:
int generateUnsignedContentMetaDataHead(
u32 contentRlVersion,
u32 caCrlVersion,
u32 cpCrlVersion,
BbContentId contentId,
u32 contentSize,
u32 descFlags, /* is it common encryption
use BB_CMD_DESC_COMMON_KEY*/
u8 * commonIv, /* if we want
common encryption */
u8 * commonKey, /* this is in virage*/
u8 * contentKey,
u8 * contentHash,
u8 * contentIv,
/* make this opaque to the server:7 words */
u32 * contentProperties,
u32 bbid, /* optional to attach to one BB*/
u8 *issuername,
void *metadata);
Context:
Content publisher is a program that takes
Inputs: content and a contentProperties file pair, whether or not it is
commonly encrypted (only for system app), a particular bbid for this content
(optional).
Outputs: the encrypted content and content meta data pair.
The API helps to create the content meta data output.
Each field description:
From server/ server database:
contentRlVersion: content revocation list version number
caCrlVersion: cert auth version number
cpCrlVersion: content publisher crl version number
content ID: unique each published content
issuername: from database, name of server example,
Root-CPCA01020304-CP01020304
From program run:
contentSize
if input is common encryption,
set descFlags,
feed in commonKey: should the common key in virage
commonIv: any random
if input is not common encryption all above fields are zero
contentKey: generate random, use it to encrypt content
contentHash: compute before encryption
contentIv: generate random, use it to encrypt content
contentProperties: read these 7 32 bit words from a file and input
word array.
bbid: if a particular bbid is input to this program, pass here,
else zeros
metadata: output serialized word array.
POSTPROCESSING:
prepend contentDesc data
prepend (as first field) the size of contentDesc data + content meta data
head (TBD: this will be a constant defined in bbmetadata.h)
Sign entire content not including last 256 bytes, and write the sign
in last 256 bytes of the returned metadata blob (look at example of
format in bbplayer/tools/mkCmd.c using charstring_to_bigint())
The contentProperties file contains the following fields set for
every content before it is ready to publish:
u32 loadAddress,
u32 romOffset,
u32 bootLength,
u32 execFlags,
u32 hwAccessRights,
u32 secureKernelRights,
u32 sizeState,
_____________________________________________________________________
Ticket server:
Use API
int generateUnsignedEncryptedTicket( void *metadata,
u32 bbid,
u32 tsCrlVersion,
BbAesIv cmdIv,
BbEccPrivateKey serverprivateKey,
BbEccPublicKey serverpublicKey,
BbEccPublicKey bbpublicKey,
u8 *issuername,
void *ticketdata);
Input: metadata from prev result (signed)
bbid: requesting bbid
tsCrlVersion: from database, ticket server crl version number
cmdIv: is the random Iv to be used for encrypting the ticket portion
internal to the api
serverprivateKey: is the random key used for server key pair
serverpublicKey is the result of
eccGenPublicKey(BbEccPublicKey publickey, BbEccPrivateKey privatekey);
(this can be done once and used throughout a session)
issuername is ticket server name like Root-TSCA01020304-TS01020304
ticketdata is output.
Postprocessing:
any variable length input is prepended,
the size is prepended as first field (size = variable length
blob size + entire content meta data + ticket head size (TBD constant).
The sign is overwritten in last 256 bytes.