IOCryptoAcceleratorFamily: Difference between revisions

Latest revision as of 06:46, 9 April 2011

IOCryptoAcceleratorFamily is a collection of kernel extensions that provide hardware-accelerated cryptographic functions, e.g. SHA1, AES, pseudo-random number generator (PRNG), etc.

You can use the well-documented OpenSSL or CommonCrypto to do the same job if acceleration is not essential. Hardware acceleration will be used automatically with CommonCrypto when the input text is long enough (1 to 2 KB).

PRNG

The IOPRNGAccelerator service provides a psuedo-random number generator. Its user client seems not usable in the userland.

Methods

Selector	Action	Input	Output
0	info	-	struct IOPRNGAcceleratorInfo (12 bytes)
1	perform	struct IOPRNGAcceleratorArg (8 bytes)	struct IOPRNGAcceleratorArg (8 bytes)

where

struct IOPRNGAcceleratorInfo {
  uint32_t type;  // ='RND0'
  uint8_t  x78x50[4];
  void*    reserved;
};

struct IOPRNGAcceleratorArg {
  void* data;
  size_t length;
};

SHA-1

The IOSHA1Accelerator service provides a hardware-accelerated SHA-1 hashing.

Methods

Selector	Action	Input	Output
0	info	-	struct IOSHA1AcceleratorInfo (24 bytes)
1	perform	40 bytes of stuff	40 bytes of stuff

where

struct IOSHA1AcceleratorInfo {
  uint32_t type;  // ='SHA0'
  uint8_t  x78x50[8];
  int      zero;
  uint32_t x78x5c_maybe_plus_0x100000;
  uint32_t x78x58;
};

AES

The IOAESAccelerator service provides hardware-accelerated AES encryption/decryption functions in CBC mode. It also provides access to the secure UID (2000) and GID (1000) keys, and the generated securityd (2101/0x835) and various firmware encryption keys (0x836 – 0x838)^[1].

The UID and GID are not privileged to be used by the kernel, and the "securityd key" must be used from a user with ID of _securityd (uid=40).

Methods

Selector	Action	Input	Output
0	info	-	struct IOAESAcceleratorInfo (36 bytes)
1	perform	struct IOAESAcceleratorArg (72 bytes)	struct IOAESAcceleratorArg (72 bytes)
2	test	-	-

where^[2]

struct IOAESAcceleratorInfo {
  uint32_t type;  // ='AES0'
  int      seven;
  uint8_t  x78x50[16];
  int      one_or_three;
  void*    reserved;
  unsigned x78x70;
};

struct IOAESAcceleratorArg {
  const void* in_data;
  void*       out_data;
  size_t      data_length;
  uint8_t     iv[16];
  bool        is_decrypt;
  int         aes_bits;  // 128, 224, 256
  uint8_t     key[32];
  int         special_keys;  // 1000 = gid-key, 2000 = uid-key, 2101 = securityd-key
};

PKE (Public key encryption)

The IOPKEAccelerator service provides hardware-accelerated public key encryption/decryption functions.

Methods

Selector	Action	Input	Output
0	info	-	20 bytes of stuff
1	?	44 bytes of stuff	44 bytes of stuff
2	?	60 bytes of stuff	60 bytes of stuff

References

[1] ttp://wikee.iphwn.org/s5l8900:encryption_keys

[2] ttp://github.com/planetbeing/xpwn/blob/master/crypto/aes.c

[1]

[2]

@@ Line 1: / Line 1: @@
 '''IOCryptoAcceleratorFamily''' is a collection of kernel extensions that provide hardware-accelerated cryptographic functions, e.g. SHA1, AES, pseudo-random number generator (PRNG), etc.
-You can use OpenSSL or CommonCrypto to do the same job without acceleration.
+You can use the well-documented OpenSSL or CommonCrypto to do the same job if acceleration is not essential. Hardware acceleration will be used automatically with CommonCrypto when the input text is long enough (1 to 2 KB).
 == PRNG ==
+The '''IOPRNGAccelerator''' service provides a psuedo-random number generator. Its user client seems not usable in the userland.
 === Methods ===
 {| class="wikitable"
@@ Line 16: / Line 17: @@
 <source lang="c">
 struct IOPRNGAcceleratorInfo {
-   unsigned type;  // ='RND0'
+   uint32_t type;  // ='RND0'
    uint8_t  x78x50[4];
    void*    reserved;
@@ Line 28: / Line 29: @@
 == SHA-1 ==
+The '''IOSHA1Accelerator''' service provides a hardware-accelerated SHA-1 hashing.
 === Methods ===
 {| class="wikitable"
@@ Line 33: / Line 35: @@
 ! Selector !! Action !! Input !! Output
 |-
-| 0 || info || - || 24 bytes of stuff
+| 0 || info || - || struct IOSHA1AcceleratorInfo (24 bytes)
 |-
 | 1 || perform || 40 bytes of stuff || 40 bytes of stuff
 |}
+where
+<source lang="c">
+struct IOSHA1AcceleratorInfo {
+  uint32_t type;  // ='SHA0'
+  uint8_t  x78x50[8];
+  int      zero;
+  uint32_t x78x5c_maybe_plus_0x100000;
+  uint32_t x78x58;
+};
+</source>
 == AES ==
+The '''IOAESAccelerator''' service provides hardware-accelerated AES encryption/decryption functions in CBC mode. It also provides access to the secure UID (2000) and GID (1000) keys, and the generated securityd (2101/0x835) and various firmware encryption keys (0x836 – 0x838)<ref>http://wikee.iphwn.org/s5l8900:encryption_keys</ref>.
+The UID and GID are not privileged to be used by the kernel, and the "securityd key" must be used from a user with ID of _securityd (uid=40).
 === Methods ===
 {| class="wikitable"
@@ Line 50: / Line 65: @@
 | 2 || test || - || -
 |}
-where
+where<ref>http://github.com/planetbeing/xpwn/blob/master/crypto/aes.c</ref>
 <source lang="c">
 struct IOAESAcceleratorInfo {
-   unsigned type;  // ='AES0'
+   uint32_t type;  // ='AES0'
    int      seven;
    uint8_t  x78x50[16];
@@ Line 74: / Line 89: @@
 == PKE (Public key encryption) ==
+The '''IOPKEAccelerator''' service provides hardware-accelerated public key encryption/decryption functions.
 === Methods ===
 {| class="wikitable"
@@ Line 86: / Line 102: @@
 |}
+== References ==
+<references/>
 {{occlass|library=IOKit.framework|navbox=1}}