Difference between revisions of "Certificate chain"

From WiiBrew
Jump to: navigation, search
(added key types explanation in and removed variable keytype length from table)
(Key types: Add public key type 2 (ECC-B233))
Line 46: Line 46:
 
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | RSA-2048
 
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | RSA-2048
 
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | 0x100 + 0x4 + 0x38
 
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | 0x100 + 0x4 + 0x38
 +
|- style="background-color: #ddd;"
 +
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x00000002
 +
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | ECC-B233
 +
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | 60 + 0 + 60
 
|}
 
|}
  

Revision as of 20:05, 17 May 2018

Certificate chains are intensively used to sign stuff on the Wii. They are normally preceded by a TMD file or a Ticket and are used to verify their signature up to the root key. Most chains contain three certificates, each padded to 0x40.

Child/Parent

Because each certificate is used to sign another certificate or the TMD/Ticket and also is signed by another certificate or the root key each certificate has a child and a parent certificate.

To get the parent issuer name of a certificate just cut off everything after the last "-" of the issuer name. If this issuer name is "Root" the root key is used to sign the certificate otherwise another certificate in the chain is used.

To get the child you have to append a "-" and the stored child identity to the issuer name. If the child is not in the certificate chain the certificate is used to sign the TMD/Ticket (which will contain the child's name in its issuer field).

The TMD/Ticket is therefore effectively signed by the root key because if any of the certificates is modified some signature check will fail and the IOS will know that you changed something.

Signature types

The following signature types may be used by a certificate:

Type Name Signature Length (x)
0x00010000 RSA-4096 0x200
0x00010001 RSA-2048 0x100
0x00010002 Elliptic Curve 0x40

Key types

The following key types may be used by a certificate:

Type Name Length (y) = Modulus + Public Exponent + (Pad to 0x40)
0x00000000 RSA-4096 0x200 + 0x4 + 0x38
0x00000001 RSA-2048 0x100 + 0x4 + 0x38
0x00000002 ECC-B233 60 + 0 + 60

Certificate structure

Each certificate in the chain has the following structure (padded to 0x40). Because the offsets and lengths of the data varies depending on the signature and key length the letter "x" represents the signature length, and the letter "y" represents the key length here:

Start Length Description
0x000 4 Signature type
0x004 x Signature of the data after the issuer by the parent's key
0x040 + x 64 Issuer
0x080 + x 4 Key type
0x084 + x 64 Child Certificate Identity
0x0c4 + x y Public Key (see Key Types)