S&E Default packaging
Table of contents:
Default packaging container format
The default packaging creates a container comprised out of three main sections:
header
encrypted files
signature of the header section
Schema
Definition
|
Element |
Description |
|
Data for authenticating and decompose the container |
|
|
The encrypted input file 1 |
|
|
Encrypted segment 2 |
The encrypted input file 2 |
|
Encrypted segment n |
The encrypted input file n |
|
The signature of the composed header |
Header
Schema
Definition
|
Field abbr |
Field name |
Type |
Length in bytes |
Description |
|
ht |
header tag |
US_ASCII string |
8 (Bosch_SE) |
Identify container type. The string is not ‘\0’ terminated. |
|
pv |
packaging version |
uint8 |
1 |
Version of the packaging algorithm. |
|
ml |
meta data file length |
uint16, little-endian |
2 (max file size = 2^16 bytes) |
Length of metadata file in bytes. Value == 0 if metafile is not provided. |
|
ec |
encryption cipher |
uint16, little-endian |
2 |
|
|
sc |
signature cipher |
uint16, little-endian |
2 |
|
|
es |
encrypted segments |
uint8 |
1 (max 2^8 segments) |
Number of encrypted segments in container. |
|
esl[0...n] |
encrypted segment length |
uint32 array, little-endian |
4 (max length per segment 2^32 bytes) |
Length of the corresponding encrypted segment in container. |
|
esh[0..n] |
encrypted segment hash |
byte array |
32 (= sha256 output size) |
SHA256 digest of the corresponding encrypted segment in container including the initialization vector (iv) which is appended to the encrypted output. |
|
mdf |
meta data file |
byte array |
ml bytes (max 2^16 bytes) |
Optional metadata file. |
Encryption cipher enum
|
Byte Value (uint16, little-endian) |
Cipher |
|
0x00 0X00 |
AES256_CBC_PKCS7_PAD |
|
0x01 0X00 |
AES128_CBC_PKCS7_PAD |
|
0x02 0X00 |
AES256_CBC_ZERO_BYTE_PAD |
|
0x03 0X00 |
AES256_ECB_ZERO_BYTE_PAD |
|
0x04 0X00 |
AES128_ECB_ZERO_BYTE_PAD |
|
0x05 0X00 |
AES128_CTR_NO_PAD |
Signature cipher enum
|
Byte Value (uint16, little-endian) |
Cipher |
|
0x00 0X00 |
SHA256_PKCS_V15 |
|
0x01 0X00 |
SHA256_ECDSA |
|
0x02 0X00 |
RSA_3072 |
|
0x03 0X00 |
RSA_4096 |
|
0x04 0X00 |
ECC_NIST_P256 |
|
0x05 0X00 |
ED25519 |
Encrypted segments
|
iv |
encrypted output |
|||||||
If available, the initialization vector (iv) will be attached as the first 16 bytes in the encrypted segment. The rest will be the encrypted output.
Signature of header
For authenticating the container, the complete header will be sha256 hashed, signed with the algorithm defined in the corresponding device configuration and appended at the end of the container.