Difference between revisions of "Certificate chain"

From WiiBrew
Jump to navigation Jump to search
m (Category)
(Storage section)
 
(2 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
Certificates are also used to sign game savedata that is copied to the SD card. Saves are signed by Root-CA00000001-MS00000002-NGxxxxxxxx-AP0000000100000002 where AP is the system menu application cert (ECC/ECC public key), NG the device specific cert (ECC/ECC public key).
 
Certificates are also used to sign game savedata that is copied to the SD card. Saves are signed by Root-CA00000001-MS00000002-NGxxxxxxxx-AP0000000100000002 where AP is the system menu application cert (ECC/ECC public key), NG the device specific cert (ECC/ECC public key).
  
=== Certificates ===
+
== Certificates ==
 
{| class="wikitable"
 
{| class="wikitable"
 
! Certificate
 
! Certificate
Line 9: Line 9:
 
! Public key type
 
! Public key type
 
! Cert name
 
! Cert name
 +
! Issued by
 
! Description
 
! Description
 
|-
 
|-
Line 15: Line 16:
 
| RSA-4096
 
| RSA-4096
 
| Root
 
| Root
 +
| N/A
 
| Root certificate stored in the IOS kernel, in the IOSC section
 
| Root certificate stored in the IOS kernel, in the IOSC section
 
|-
 
|-
Line 21: Line 23:
 
| RSA-2048
 
| RSA-2048
 
| CA00000001
 
| CA00000001
| Used to verify production (retail) XS, CP, MS certs (issued by Root)
+
| Root
 +
| Used to verify production (retail) XS, CP, MS certs
 
|-
 
|-
 
| CA
 
| CA
Line 27: Line 30:
 
| RSA-2048
 
| RSA-2048
 
| CA00000002
 
| CA00000002
| Used to verify debug (test/dev) XS, CP, MS certs (issued by Root)
+
| Root
 +
| Used to verify debug (test/dev) XS, CP, MS certs
 
|-
 
|-
 
| Ticket
 
| Ticket
Line 33: Line 37:
 
| RSA-2048
 
| RSA-2048
 
| XS00000003
 
| XS00000003
| Used to verify retail tickets (issued by Root-CA00000001)
+
| Root-CA00000001
 +
| Used to verify retail tickets
 
|-
 
|-
 
| Ticket
 
| Ticket
Line 39: Line 44:
 
| RSA-2048
 
| RSA-2048
 
| XS00000006
 
| XS00000006
| Used to verify dev tickets (issued by Root-CA00000002)
+
| Root-CA00000002
 +
| Used to verify dev tickets
 
|-
 
|-
 
| TMD
 
| TMD
Line 45: Line 51:
 
| RSA-2048
 
| RSA-2048
 
| CP00000004
 
| CP00000004
| Used to verify retail TMDs (issued by Root-CA00000001)
+
| Root-CA00000001
 +
| Used to verify retail TMDs
 
|-
 
|-
 
| TMD
 
| TMD
Line 51: Line 58:
 
| RSA-2048
 
| RSA-2048
 
| CP00000007
 
| CP00000007
| Used to verify debug TMDs (issued by Root-CA00000002)
+
| Root-CA00000002
 +
| Used to verify debug TMDs
 
|-
 
|-
 
| Device cert issuer
 
| Device cert issuer
Line 57: Line 65:
 
| ECC-B233
 
| ECC-B233
 
| MS00000002
 
| MS00000002
| Used to verify retail device certificates (issued by Root-CA00000001)
+
| Root-CA00000001
 +
| Used to verify retail device certificates
 
|-
 
|-
 
| Device cert issuer
 
| Device cert issuer
Line 63: Line 72:
 
| ECC-B233
 
| ECC-B233
 
| MS00000003
 
| MS00000003
| Used to verify debug device certificates (issued by Root-CA00000002)
+
| Root-CA00000002
 +
| Used to verify debug device certificates
 
|-
 
|-
 
| Device cert
 
| Device cert
Line 69: Line 79:
 
| ECC-B233
 
| ECC-B233
 
| NG%08x (device ID)
 
| NG%08x (device ID)
| Used to verify AP certs (issued by Root-CA00000001-MS00000002)
+
| Root-CA00000001-MS00000002
 +
| Used to verify AP certs
 
|-
 
|-
 
| Application
 
| Application
Line 75: Line 86:
 
| ECC-B233
 
| ECC-B233
 
| AP%016lx (title ID)
 
| AP%016lx (title ID)
| Used to verify savedata (issued by Root-CA00000001-MS00000002-NG%08x)
+
| Root-CA00000001-MS00000002-NG%08x
 +
| Used to verify savedata
 
|}
 
|}
  
=== Child/Parent ===
+
== Storage ==
 +
The main storage location for certificates is [[:/sys/cert.sys]], where all certificates from [[TMD]]s and [[ticket]]s are added, each of which has a certificate chain appended to the end. On the other hand, while [[Savegame Files|saves]] have a smaller NG-AP chain, these are not installed to cert.sys, instead being directly read every time. The location of the MS certificate is not known.
 +
 
 +
== Child/Parent ==
 
Because each certificate is used to sign another certificate or the TMD/Ticket and also is signed by another certificate or the root key each certificate has a child and a parent certificate.
 
Because each certificate is used to sign another certificate or the TMD/Ticket and also is signed by another certificate or the root key each certificate has a child and a parent certificate.
  
Line 87: Line 102:
 
The TMD/Ticket is therefore effectively signed by the root key because if any of the certificates is modified some signature check will fail and the IOS will know that you changed something.
 
The TMD/Ticket is therefore effectively signed by the root key because if any of the certificates is modified some signature check will fail and the IOS will know that you changed something.
  
=== Signature types ===
+
== Signature types ==
 
The following signature types may be used by a certificate:
 
The following signature types may be used by a certificate:
 
{| style="border-collapse: collapse; padding: 0.2em 0.2em 0.2em 0.2em;"
 
{| style="border-collapse: collapse; padding: 0.2em 0.2em 0.2em 0.2em;"
Line 108: Line 123:
 
|}
 
|}
  
=== Key types ===
+
== Key types ==
 
The following key types may be used by a certificate:
 
The following key types may be used by a certificate:
 
{| style="border-collapse: collapse; padding: 0.2em 0.2em 0.2em 0.2em;"
 
{| style="border-collapse: collapse; padding: 0.2em 0.2em 0.2em 0.2em;"
Line 129: Line 144:
 
|}
 
|}
  
=== Certificate structure ===
+
== Certificate structure ==
 
Each certificate in the chain has the following structure (padded to 0x40). Because the offsets and lengths of the data varies depending on the signature and key length the letter "x" represents the signature length, and the letter "y" represents the key length here:
 
Each certificate in the chain has the following structure (padded to 0x40). Because the offsets and lengths of the data varies depending on the signature and key length the letter "x" represents the signature length, and the letter "y" represents the key length here:
 
{| style="border-collapse: collapse; padding: 0.2em 0.2em 0.2em 0.2em;"
 
{| style="border-collapse: collapse; padding: 0.2em 0.2em 0.2em 0.2em;"

Latest revision as of 07:00, 23 July 2021

Certificate chains are intensively used to sign stuff on the Wii. They are normally preceded by a TMD file or a Ticket and are used to verify their signature up to the root key. Most chains contain three certificates, each padded to 0x40.

Certificates are also used to sign game savedata that is copied to the SD card. Saves are signed by Root-CA00000001-MS00000002-NGxxxxxxxx-AP0000000100000002 where AP is the system menu application cert (ECC/ECC public key), NG the device specific cert (ECC/ECC public key).

Certificates

Certificate Signature type Public key type Cert name Issued by Description
Root RSA-4096 RSA-4096 Root N/A Root certificate stored in the IOS kernel, in the IOSC section
CA RSA-4096 RSA-2048 CA00000001 Root Used to verify production (retail) XS, CP, MS certs
CA RSA-4096 RSA-2048 CA00000002 Root Used to verify debug (test/dev) XS, CP, MS certs
Ticket RSA-2048 RSA-2048 XS00000003 Root-CA00000001 Used to verify retail tickets
Ticket RSA-2048 RSA-2048 XS00000006 Root-CA00000002 Used to verify dev tickets
TMD RSA-2048 RSA-2048 CP00000004 Root-CA00000001 Used to verify retail TMDs
TMD RSA-2048 RSA-2048 CP00000007 Root-CA00000002 Used to verify debug TMDs
Device cert issuer RSA-2048 ECC-B233 MS00000002 Root-CA00000001 Used to verify retail device certificates
Device cert issuer RSA-2048 ECC-B233 MS00000003 Root-CA00000002 Used to verify debug device certificates
Device cert ECC-B233 ECC-B233 NG%08x (device ID) Root-CA00000001-MS00000002 Used to verify AP certs
Application ECC-B233 ECC-B233 AP%016lx (title ID) Root-CA00000001-MS00000002-NG%08x Used to verify savedata

Storage

The main storage location for certificates is /sys/cert.sys, where all certificates from TMDs and tickets are added, each of which has a certificate chain appended to the end. On the other hand, while saves have a smaller NG-AP chain, these are not installed to cert.sys, instead being directly read every time. The location of the MS certificate is not known.

Child/Parent

Because each certificate is used to sign another certificate or the TMD/Ticket and also is signed by another certificate or the root key each certificate has a child and a parent certificate.

To get the parent issuer name of a certificate just cut off everything after the last "-" of the issuer name. If this issuer name is "Root" the root key is used to sign the certificate otherwise another certificate in the chain is used.

To get the child you have to append a "-" and the stored child identity to the issuer name. If the child is not in the certificate chain the certificate is used to sign the TMD/Ticket (which will contain the child's name in its issuer field).

The TMD/Ticket is therefore effectively signed by the root key because if any of the certificates is modified some signature check will fail and the IOS will know that you changed something.

Signature types

The following signature types may be used by a certificate:

Type Name Signature Length (x)
0x00010000 RSA-4096 0x200
0x00010001 RSA-2048 0x100
0x00010002 Elliptic Curve 2*30 = 60 = 0x3c

Key types

The following key types may be used by a certificate:

Type Name Length (y) = Modulus + Public Exponent + (Pad to 0x40)
0x00000000 RSA-4096 0x200 + 0x4 + 0x38
0x00000001 RSA-2048 0x100 + 0x4 + 0x38
0x00000002 ECC-B233 60 + 0 + 60

Certificate structure

Each certificate in the chain has the following structure (padded to 0x40). Because the offsets and lengths of the data varies depending on the signature and key length the letter "x" represents the signature length, and the letter "y" represents the key length here:

Start Length Description
0x000 4 Signature type
0x004 x Signature of the certificate data using the parent certificate's key. Calculated starting from the issuer field.
0x040 + x 64 Issuer
0x080 + x 4 Key type
0x084 + x 64 Child Certificate Identity
0x0c4 + x y Public Key (see Key Types)