IOCryptoAcceleratorFamily is a collection of kernel extensions that provide hardware-accelerated cryptographic functions, e.g. SHA1, AES, pseudo-random number generator (PRNG), etc.
You can use the well-documented OpenSSL or CommonCrypto to do the same job if acceleration is not essential.
PRNG
The IOPRNGAccelerator service provides a psuedo-random number generator. Its user client seems not usable in the userland.
Methods
Selector | Action | Input | Output |
---|---|---|---|
0 | info | - | struct IOPRNGAcceleratorInfo (12 bytes) |
1 | perform | struct IOPRNGAcceleratorArg (8 bytes) | struct IOPRNGAcceleratorArg (8 bytes) |
where
struct IOPRNGAcceleratorInfo {
uint32_t type; // ='RND0'
uint8_t x78x50[4];
void* reserved;
};
struct IOPRNGAcceleratorArg {
void* data;
size_t length;
};
SHA-1
The IOSHA1Accelerator service provides a hardware-accelerated SHA-1 hashing.
Methods
Selector | Action | Input | Output |
---|---|---|---|
0 | info | - | struct IOSHA1AcceleratorInfo (24 bytes) |
1 | perform | 40 bytes of stuff | 40 bytes of stuff |
where
struct IOSHA1AcceleratorInfo {
uint32_t type; // ='SHA0'
uint8_t x78x50[8];
int zero;
uint32_t x78x5c_maybe_plus_0x100000;
uint32_t x78x58;
};
AES
The IOAESAccelerator service provides hardware-accelerated AES encryption/decryption functions. It also provides access to the secure UID (2000) and GID (1000) keys, and the generated securityd (2101/0x835) and various firmware encryption keys (0x836 – 0x838)[1].
The UID and GID are not privileged to be used by the kernel, and the "securityd key" must be used from a user with ID of _securityd (uid=40).
Methods
Selector | Action | Input | Output |
---|---|---|---|
0 | info | - | struct IOAESAcceleratorInfo (36 bytes) |
1 | perform | struct IOAESAcceleratorArg (72 bytes) | struct IOAESAcceleratorArg (72 bytes) |
2 | test | - | - |
where[2]
struct IOAESAcceleratorInfo {
uint32_t type; // ='AES0'
int seven;
uint8_t x78x50[16];
int one_or_three;
void* reserved;
unsigned x78x70;
};
struct IOAESAcceleratorArg {
const void* in_data;
void* out_data;
size_t data_length;
uint8_t iv[16];
bool is_decrypt;
int aes_bits; // 128, 224, 256
uint8_t key[32];
int special_keys; // 1000 = gid-key, 2000 = uid-key, 2101 = securityd-key
};
PKE (Public key encryption)
The IOPKEAccelerator service provides hardware-accelerated public key encryption/decryption functions.
Methods
Selector | Action | Input | Output |
---|---|---|---|
0 | info | - | 20 bytes of stuff |
1 | ? | 44 bytes of stuff | 44 bytes of stuff |
2 | ? | 60 bytes of stuff | 60 bytes of stuff |
References
|