IOCryptoAcceleratorFamily is a collection of kernel extensions that provide hardware-accelerated cryptographic functions, e.g. SHA1, AES, pseudo-random number generator (PRNG), etc.
You can use the well-documented OpenSSL or CommonCrypto to do the same job if acceleration is not essential. Hardware acceleration will be used automatically with CommonCrypto when the input text is long enough (1 to 2 KB).
PRNG
The IOPRNGAccelerator service provides a psuedo-random number generator. Its user client seems not usable in the userland.
Methods
Selector | Action | Input | Output |
---|---|---|---|
0 | info | - | struct IOPRNGAcceleratorInfo (12 bytes) |
1 | perform | struct IOPRNGAcceleratorArg (8 bytes) | struct IOPRNGAcceleratorArg (8 bytes) |
where
struct IOPRNGAcceleratorInfo {
uint32_t type; // ='RND0'
uint8_t x78x50[4];
void* reserved;
};
struct IOPRNGAcceleratorArg {
void* data;
size_t length;
};
SHA-1
The IOSHA1Accelerator service provides a hardware-accelerated SHA-1 hashing.
Methods
Selector | Action | Input | Output |
---|---|---|---|
0 | info | - | struct IOSHA1AcceleratorInfo (24 bytes) |
1 | perform | 40 bytes of stuff | 40 bytes of stuff |
where
struct IOSHA1AcceleratorInfo {
uint32_t type; // ='SHA0'
uint8_t x78x50[8];
int zero;
uint32_t x78x5c_maybe_plus_0x100000;
uint32_t x78x58;
};
AES
The IOAESAccelerator service provides hardware-accelerated AES encryption/decryption functions in CBC mode. It also provides access to the secure UID (2000) and GID (1000) keys, and the generated securityd (2101/0x835) and various firmware encryption keys (0x836 – 0x838)[1].
The UID and GID are not privileged to be used by the kernel, and the "securityd key" must be used from a user with ID of _securityd (uid=40).
Methods
Selector | Action | Input | Output |
---|---|---|---|
0 | info | - | struct IOAESAcceleratorInfo (36 bytes) |
1 | perform | struct IOAESAcceleratorArg (72 bytes) | struct IOAESAcceleratorArg (72 bytes) |
2 | test | - | - |
where[2]
struct IOAESAcceleratorInfo {
uint32_t type; // ='AES0'
int seven;
uint8_t x78x50[16];
int one_or_three;
void* reserved;
unsigned x78x70;
};
struct IOAESAcceleratorArg {
const void* in_data;
void* out_data;
size_t data_length;
uint8_t iv[16];
bool is_decrypt;
int aes_bits; // 128, 224, 256
uint8_t key[32];
int special_keys; // 1000 = gid-key, 2000 = uid-key, 2101 = securityd-key
};
PKE (Public key encryption)
The IOPKEAccelerator service provides hardware-accelerated public key encryption/decryption functions.
Methods
Selector | Action | Input | Output |
---|---|---|---|
0 | info | - | 20 bytes of stuff |
1 | ? | 44 bytes of stuff | 44 bytes of stuff |
2 | ? | 60 bytes of stuff | 60 bytes of stuff |
References
|