- Key Exchange
- KDF Salts
- IV Generation
- Protected Payload Length
- Message Authentication
- Auxiliary Stream encryption
At a high level, SmartGlass uses:
- ECDH over
prime256/384/521v1with a salted
SHA-512KDF for key exchange
AES-128-CBCfor message encryption
HMAC-SHA-256for message authentication
In detail, key exchange works like this:
- On Discovery, the console responds with a Discovery Response including a certificate, this certificate holds the console's public key.
- The client generates elliptic curve and derives the shared secret with console's public key using ECDH and a randomly generated public/private keypair
- The shared secret is salted using static salts, see
- The salted shared secret is hashed using
- The salted & hashed shared secret is split into the following individual keys:
- bytes 0-16: Encryption key (
- bytes 16-32: Initialization Vector key (
- bytes 32-64: Hashing key (
- The client's public key is sent inside the Connect Request message to the console
D6 37 F1 AA E2 F0 41 8C
A8 F8 1A 57 4E 22 8A B7
The IV is randomly generated and transmitted inside the unprotected payload section of the Connect Request packet.
The IV is generated by encrypting the first 16 bytes
of the packet header with
AES-CBC-128 and a null IV.
Protected Payload Length
The protected payload length inside the header indicates the data length without padding.
Protected payloads are padded using out of specification PKCS#7 algorithm to match needed aligment for encryption.
How it differs from specification: Plaintext needs to be aligned to 16 bytes. If the plaintext is 16 bytes aligned already, NO PADDING is used.
NOTE: By specification, a whole padding block (16 bytes) would be appended to the plaintext.
Plaintext (12 bytes)
DE AD BE EF DE AD BE EF DE AD BE EF
Padded (12+4 bytes)
DE AD BE EF DE AD BE EF DE AD BE EF 04 04 04 04
As you can see, the padding consists of the count of bytes:
2 byte padding:
3 byte padding:
03 03 03
6 byte padding:
06 06 06 06 06 06
All encrypted packets are authenticated using
The produced hash has a length of 32 bytes (0x20).
Auxiliary Stream encryption
The host sets all the crypto parameters and informs the client about it.
Client then uses received
HMAC key and
Client/Server IV to setup
the crypto context.