Difference between revisions of "Signature"
(explained the signature generation process ... mostly...) |
(rough draft of full .sig spec) |
||
Line 7: | Line 7: | ||
# playlists |
# playlists |
||
− | + | In broad strokes, these signatures are created by taking the MD5 hash of the file (or drive id), signing that with a 1024-bit RSA [[private key]], and then running that output through a [[bit-scrambling]] routine to prevent us from figuring it out. :) |
|
The signatures are verified by descrambling, decrypting the signature with the [[public key]], and comparing the output to the MD5 hash of the actual file. |
The signatures are verified by descrambling, decrypting the signature with the [[public key]], and comparing the output to the MD5 hash of the actual file. |
||
+ | Specifically, here is how you create a PhatBox .sig file: |
||
− | Here is what little can be said about their format: |
||
+ | |||
+ | * take input file, compute MD5 hash |
||
+ | * create the following ASN.1 structure: |
||
+ | |||
+ | 0:d=0 hl=2 l= 32 cons: SEQUENCE |
||
+ | 2:d=1 hl=2 l= 12 cons: SEQUENCE |
||
+ | 4:d=2 hl=2 l= 8 prim: OBJECT :md5 |
||
+ | 14:d=2 hl=2 l= 0 prim: NULL |
||
+ | 16:d=1 hl=2 l= 16 prim: OCTET STRING |
||
+ | 0000 - 64 ec a2 bb a8 30 87 b6-1b 90 39 48 a3 97 d3 65 <16-byte MD5 hash> |
||
+ | |||
+ | More or less, this is a structure that holds 1. a hash type (here, MD5) 2. a hash (here, a 16-byte MD5 sum) |
||
+ | |||
+ | In hex: |
||
+ | |||
+ | 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ |
||
+ | 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ |
||
+ | 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ |
||
+ | 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ |
||
+ | 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ |
||
+ | 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff 00 30 20 ..............0 |
||
+ | 0060 - 30 0c 06 08 2a 86 48 86-f7 0d 02 05 05 00 04 10 0...*.H......... |
||
+ | 0070 - 64 ec a2 bb a8 30 87 b6-1b 90 39 48 a3 97 d3 65 d....0....9H...e |
||
+ | |||
+ | Here, bytes 0x70-0x7F should be filled in with your MD5 sum. |
||
+ | |||
+ | Next, this needs to be encrypted with the appropriate [[private key]]. This yields (for the above example): |
||
+ | |||
+ | 000000 ae a4 cf b9 3d 93 7d 86 0c 7a fb 7a b6 99 78 ba |
||
+ | 000010 2e ad f7 c9 1c 2f b6 0d 6b 99 39 1a 6d 17 77 cc |
||
+ | 000020 85 d6 c2 30 23 a3 8b e7 09 de 1e 5a 02 7f be e9 |
||
+ | 000030 fe 38 ae 66 f2 ad 7c 5a 21 94 77 8a 8a 3c 88 54 |
||
+ | 000040 d9 3f f4 ed 73 0d c1 e6 9a bc a1 e6 75 16 54 f9 |
||
+ | 000050 14 44 85 ca 35 57 e0 6a 57 60 93 a7 ac cb 55 ae |
||
+ | 000060 94 40 2d 02 0d 38 88 ef 3c 18 9f 89 56 1a 7b 3b |
||
+ | 000070 5f 42 7d 89 dc b5 74 86 7e 62 04 00 15 b8 27 d0 |
||
+ | |||
+ | At this stage, it needs to have some PhatBox-specific processing done. First, headers and footers need to be added: |
||
+ | |||
+ | // assuming little-endian byte ordering, sizeof(unsigned int)=4 |
||
+ | struct signature_block { |
||
+ | unsigned int id1=1, id2=2, id3=2; // fixme |
||
+ | unsigned int hash=5; // md5? |
||
+ | unsigned int reserved=0; // ? |
||
+ | unsigned int file_len; // length of original file |
||
+ | unsigned char rsa_signature[128]; |
||
+ | unsigned int footer=0x80; |
||
+ | }; |
||
+ | |||
+ | Put all together, before the scrambling algorithm is applied, it looks like this: |
||
+ | |||
+ | <insert example here> |
||
+ | |||
+ | Lastly, a bizzarro (yes, that is a technical term) [[bit-scrambling]] algorithm needs to be applied. |
||
+ | |||
+ | When that is complete, you end up with: |
||
struct signature { |
struct signature { |
||
− | unsigned |
+ | unsigned int length; // in bits |
− | unsigned char |
+ | unsigned char scrambled_data[]; // variable length |
} |
} |
||
Latest revision as of 22:16, 11 August 2005
The phatbox uses digital signatures all over the place -- to authenticate
- the DMS drive
- firmware images for the 8051
- pld images for the Xilinx chip
- executables
- playlists
In broad strokes, these signatures are created by taking the MD5 hash of the file (or drive id), signing that with a 1024-bit RSA private key, and then running that output through a bit-scrambling routine to prevent us from figuring it out. :)
The signatures are verified by descrambling, decrypting the signature with the public key, and comparing the output to the MD5 hash of the actual file.
Specifically, here is how you create a PhatBox .sig file:
- take input file, compute MD5 hash
- create the following ASN.1 structure:
0:d=0 hl=2 l= 32 cons: SEQUENCE 2:d=1 hl=2 l= 12 cons: SEQUENCE 4:d=2 hl=2 l= 8 prim: OBJECT :md5 14:d=2 hl=2 l= 0 prim: NULL 16:d=1 hl=2 l= 16 prim: OCTET STRING 0000 - 64 ec a2 bb a8 30 87 b6-1b 90 39 48 a3 97 d3 65 <16-byte MD5 hash>
More or less, this is a structure that holds 1. a hash type (here, MD5) 2. a hash (here, a 16-byte MD5 sum)
In hex:
0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff 00 30 20 ..............0 0060 - 30 0c 06 08 2a 86 48 86-f7 0d 02 05 05 00 04 10 0...*.H......... 0070 - 64 ec a2 bb a8 30 87 b6-1b 90 39 48 a3 97 d3 65 d....0....9H...e
Here, bytes 0x70-0x7F should be filled in with your MD5 sum.
Next, this needs to be encrypted with the appropriate private key. This yields (for the above example):
000000 ae a4 cf b9 3d 93 7d 86 0c 7a fb 7a b6 99 78 ba 000010 2e ad f7 c9 1c 2f b6 0d 6b 99 39 1a 6d 17 77 cc 000020 85 d6 c2 30 23 a3 8b e7 09 de 1e 5a 02 7f be e9 000030 fe 38 ae 66 f2 ad 7c 5a 21 94 77 8a 8a 3c 88 54 000040 d9 3f f4 ed 73 0d c1 e6 9a bc a1 e6 75 16 54 f9 000050 14 44 85 ca 35 57 e0 6a 57 60 93 a7 ac cb 55 ae 000060 94 40 2d 02 0d 38 88 ef 3c 18 9f 89 56 1a 7b 3b 000070 5f 42 7d 89 dc b5 74 86 7e 62 04 00 15 b8 27 d0
At this stage, it needs to have some PhatBox-specific processing done. First, headers and footers need to be added:
// assuming little-endian byte ordering, sizeof(unsigned int)=4 struct signature_block { unsigned int id1=1, id2=2, id3=2; // fixme unsigned int hash=5; // md5? unsigned int reserved=0; // ? unsigned int file_len; // length of original file unsigned char rsa_signature[128]; unsigned int footer=0x80; };
Put all together, before the scrambling algorithm is applied, it looks like this:
<insert example here>
Lastly, a bizzarro (yes, that is a technical term) bit-scrambling algorithm needs to be applied.
When that is complete, you end up with:
struct signature { unsigned int length; // in bits unsigned char scrambled_data[]; // variable length }
an example:
000000 0772 0000 a9a8 a4a9 051a 54a8 5465 1061 <--- length 000010 4464 5165 4120 8019 2041 2141 6545 6444 000020 2000 5954 9814 9101 9001 6545 4951 0200 000030 5595 4595 1560 4606 5094 1590 0491 1020 000040 4124 2112 0841 0941 1915 1205 5195 4521 000050 1152 0102 8416 0805 5904 0650 4518 1002 000060 9556 6510 1800 1801 1841 5810 0900 4165 000070 1161 5518 5559 9549 9444 6000 2005 4814 000080 1854 0600 1655 5180 8564 0805 4951 5841 000090 4841 0250 0190 0161 1460 1561 0464 5556 0000a0 0112 1556 6502 6114 2005 1185 0094 1594 0000b0 5524 1020 0521 4061 0525 0160 4124 5558 0000c0 1059 1012 9006 9414 6050 1644 5214 4645 0000d0 1645 4604 1204 1180 1449 4919 5805 6190 0000e0 2400 1190 1419 6549 5595 1160 0520 6019 0000f0 a000 0002