
1.  IPC using pipes
    http://www.compsci.hunter.cuny.edu/~sweiss/course_materials/unix_lecture_notes/chapter_09.pdf


Hubert/Renate...

More details.

1.  Lets discuss fpr piece first.

    In current S63:
    install_permit      = FNV32(20_bit_HW_ID + User_permit)
        e.g.            = FNV32( "ABCDE" + "331CF1194475C333251444113147")
                        = "12345678"

    The "20_bit_HW_ID" may or may not have an I/P embedded.  In the modern 17 char install permit scheme, we include both possibilities in the 17 char permit, and check both.

    Simpler Proposal for oesenc_pi
    HW_ID_32            = 32_bit_HW_ID
                e.g.    = "ABCDEFAB"

    The 32_bit_HW_ID is calculated exactly the same as 20_bit_HW_ID, except we take all 32 bits of the hash results in fpr02 logic:

            //      Hash the string IDs to get the HW_ID
        wxCharBuffer IDsb = IDs.ToUTF8();
        char *s = IDsb.data();

        const unsigned int Prime = 0x01000193; //   16777619
        const unsigned int Seed  = 0x811C9DC5; // 2166136261

        unsigned int hash = Seed;

        for(unsigned int i = 0; i < strlen(s); i++)
        {
            hash = hash ^ (s[i]); // xor next byte into the bottom of the hash
            hash = hash * Prime;  // Multiply by prime number found to work well. ?? Overflow ??
            hash += hash << 13;
            hash ^= hash >> 7;
            hash += hash << 3;
            hash ^= hash >> 17;
            hash += hash << 5;
        }

        // Keep all 32 bits
        //HW_IDi = hash >> 12; // from 32 to 20bit

        HW_ID.Printf(_T("%08X"), hash);

    }
    return HW_ID;

    In the shop, you will create a simple tool, probably modified from existing S63 install_permit generator, which takes a user fpr file, and produces the 8 char oesenc HW_ID_32.  This is NOT communicated to the user.

2.  Now the building of the blob.
  An example linux command to build and encrypt a single S57 (.000) file to an oesenc file will look like this:
  $ OESBuild -e -i ~/Charts/dldr/ENC/US_REGION04/US2EC03M/US2EC03M.000 -o ~/Charts/oeSENC/US2EC03M.oesenc -r /usr/share/opencpn/s57data -f ABCDEFAB

  The "-f" parameter is the HW_ID_32.


  The output will be something like this:

  OESBuild: Executing...
UserKey: 6Tzo-S+C8-izX1-O25m-K8sK-bA
OESBuild: Building eSENC...
    for US2EC03M.000
21:44:54: Preparing to apply ENC updates, target final update is  10.
S57: Applying feature updates from /home/dsr/Charts/oeSENC/US2EC03M.001.
S57: Applying feature updates from /home/dsr/Charts/oeSENC/US2EC03M.002.
S57: Applying feature updates from /home/dsr/Charts/oeSENC/US2EC03M.003.
S57: Applying feature updates from /home/dsr/Charts/oeSENC/US2EC03M.004.
S57: Applying feature updates from /home/dsr/Charts/oeSENC/US2EC03M.005.
S57: Applying feature updates from /home/dsr/Charts/oeSENC/US2EC03M.006.
S57: Applying feature updates from /home/dsr/Charts/oeSENC/US2EC03M.007.
S57: Applying feature updates from /home/dsr/Charts/oeSENC/US2EC03M.008.
S57: Applying feature updates from /home/dsr/Charts/oeSENC/US2EC03M.009.
S57: Applying feature updates from /home/dsr/Charts/oeSENC/US2EC03M.010.
OESBuild: eSENC built OK: /home/dsr/Charts/oeSENC/US2EC03M.oesenc


We can also build and encrypt an entire directory of S57 cells to a specified output directory, all using the same HW_ID_32

$OESBuild -e  -i ~/Charts/dldr/ENC/US_REGION04/ -o ~/Charts/oeSENC -r /usr/share/opencpn/s57data -f 12345678 -k test

In this example, the HW_ID_32 is "12345678".  The optional ProductKey is "test".  This may be up to 10 characters.  It can be recovered at run-time, and used for whatever purpose we (or e.g. Transas) might want.

To make the "blob", simply zip all the files (*.oesenc) found in the output directory (~/Charts/oeSENC).
This whole process should be "scriptable" easily enough.


In both cases above, the "UserKey" ("6Tzo-S+C8-izX1-O25m-K8sK-bA") in the output string is the one that is to be sent to the user with the blob, and entered in OCPN when requested.
The UserKey is created by the OESBuild utility by twiddling and encrypting the HW_ID_32 and the ProductKey.  If we do not need a product key, we should simply specify any 10 digit random string(Customer ID?) to improve the entropy of the resulting blob.

3.  So, you can see by above that the UserKey ties a blob to a single user system by unique HW_ID_32.  User updates will either get a supplemental (new) key by changing the ProductKey when OESBuild is run, or use their original HW_ID_32/ProductKey which the shop has stored and knows.  The OCPN PlugIn will keep a list of UserKeys, and try them in sequence.
Or, said another way, OESBUILD will always produce the same UserKey for same HW_ID_32/ProductKey pair, and that key will be indirectly used to encrypt/decrypt the cells.  The UserKey itself does not depend on the S57 cell contents or blob contents at all.

4.  I will build in an obtuse backdoor.

Pretty soon we can try some real tests of this process, and compare results.  Only a bit more code to build, and then GUI cleanup/optimization....

This is complicated, but necessarily so...

Regards
Dave
























