Changes

2,136 bytes removed ,  17:41, 26 July 2017
This info was moved in package1
Line 35: Line 35:  
Each keyblob key is used to decrypt its associated keyblob's keydata, and the keyblob key for the first keyblob is additionally used to generate the master device key.
 
Each keyblob key is used to decrypt its associated keyblob's keydata, and the keyblob key for the first keyblob is additionally used to generate the master device key.
 
Each keyblob stores 8 master static key encryption keys, and the stage 2 bootloader decryption key. The master static key is generated by decrypting the master static key seed (one of two constants depending on retail or dev unit) with the master static key encryption key.
 
Each keyblob stores 8 master static key encryption keys, and the stage 2 bootloader decryption key. The master static key is generated by decrypting the master static key seed (one of two constants depending on retail or dev unit) with the master static key encryption key.
  −
=== Step by step generation code ===
  −
  −
* Falcon microcode is loaded, the device keyblob seed generation key is obtained from the Falcon.
  −
* The device keyblob seed generation key is stored in keyslot 0xD.
  −
* [3.0.0+] keyblob key seed 1 is generated by decrypting the keyblob seed constant 1 with the device keyblob seed generation key
  −
* [3.0.0+] keyblob key 1 is generated by decrypting keyblob key seed 1 with the SBK. The result is directly stored in keyslot 0xA without leaving the crypto engine.
  −
* keyblob key seed N is generated by decrypting the keyblob seed constant N with the device keyblob seed generation key
  −
* keyblob key N is generated by decrypting keyblob key seed N with the SBK. The result is directly stored in keyslot 0xD without leaving the crypto engine.
  −
* The SBK and the SSK are cleared.
  −
* The constant MAC key generator block is decrypted with keyblob key N to generate keyblob MAC key N. The result is directly stored in keyslot 0xB without leaving the crypto engine.
  −
* With keyblob MAC key N, AES CMAC is performed over the keyblob.
  −
* With a comparison function which is safe against timing attacks, the CMAC is compared with the stored CMAC. If they differ, panic is called.
  −
* The keyblob data is decrypted with AES-CTR, using the keyblob key N and the stored CTR.
  −
* The stage 2 decryption key (the ninth key in the blob) is loaded in keyslot 0xB.
  −
* The master static key encryption key. is loaded in keyslot 0xC.
  −
* The decrypted keyblob data is erased.
  −
* The master static key is generated by decrypting the master static seed with the master static key encryption key. The result is directly stored in keyslot 0xC without leaving the crypto engine.
  −
* [1.0.0-2.3.0] The master device key is generated by decrypting a constant block with keyslot 0xD (which contains keyblob N's key 1). The result is directly stored in keyslot 0xD without leaving the crypto engine.
  −
* [3.0.0+] The master device key is generated by decrypting a constant block with keyslot 0xA (which contains keyblob 1's key 1). The result is directly stored in keyslot 0xD without leaving the crypto engine.
  −
* [3.0.0+] Keyslot 0xA is cleared.
      
==== Table of used keyblobs ====
 
==== Table of used keyblobs ====
26

edits