Difference between revisions of "IOCryptoAcceleratorFamily"

From iPhone Development Wiki
Jump to: navigation, search
(Created page with ''''IOCryptoAcceleratorFamily''' is a collection of kernel extensions that provide hardware-accelerated cryptographic functions, e.g. SHA1, AES, pseudo-random number generator (PR…')
 
Line 1: Line 1:
 
'''IOCryptoAcceleratorFamily''' is a collection of kernel extensions that provide hardware-accelerated cryptographic functions, e.g. SHA1, AES, pseudo-random number generator (PRNG), etc.  
 
'''IOCryptoAcceleratorFamily''' is a collection of kernel extensions that provide hardware-accelerated cryptographic functions, e.g. SHA1, AES, pseudo-random number generator (PRNG), etc.  
  
You can use OpenSSL or CommonCrypto to do the same job without acceleration.
+
You can use the well-documented OpenSSL or CommonCrypto to do the same job if acceleration is not essential.
  
 
== PRNG ==
 
== PRNG ==
 +
The '''IOPRNGAccelerator''' service provides a psuedo-random number generator. Its user client seems not usable in the userland.
 
=== Methods ===
 
=== Methods ===
 
{| class="wikitable"
 
{| class="wikitable"
Line 16: Line 17:
 
<source lang="c">
 
<source lang="c">
 
struct IOPRNGAcceleratorInfo {
 
struct IOPRNGAcceleratorInfo {
   unsigned type;  // ='RND0'
+
   uint32_t type;  // ='RND0'
 
   uint8_t  x78x50[4];
 
   uint8_t  x78x50[4];
 
   void*    reserved;
 
   void*    reserved;
Line 28: Line 29:
  
 
== SHA-1 ==
 
== SHA-1 ==
 +
The '''IOSHA1Accelerator''' service provides a hardware-accelerated SHA-1 hashing.
 
=== Methods ===
 
=== Methods ===
 
{| class="wikitable"
 
{| class="wikitable"
Line 33: Line 35:
 
! Selector !! Action !! Input !! Output
 
! Selector !! Action !! Input !! Output
 
|-
 
|-
| 0 || info || - || 24 bytes of stuff
+
| 0 || info || - || struct IOSHA1AcceleratorInfo (24 bytes)
 
|-
 
|-
 
| 1 || perform || 40 bytes of stuff || 40 bytes of stuff
 
| 1 || perform || 40 bytes of stuff || 40 bytes of stuff
 
|}
 
|}
 +
where
 +
<source lang="c">
 +
struct IOSHA1AcceleratorInfo {
 +
  uint32_t type;  // ='SHA0'
 +
  uint8_t  x78x50[8];
 +
  int      zero;
 +
  uint32_t x78x5c_maybe_plus_0x100000;
 +
  uint32_t x78x58;
 +
};
 +
</source>
  
 
== AES ==
 
== AES ==
 +
The '''IOAESAccelerator''' service provides hardware-accelerated AES encryption/decryption functions. It also provides access to the secure UID (2000) and GID (1000) keys, and the generated securityd (2101/0x835) and various firmware encryption keys (0x836 – 0x838)<ref>http://wikee.iphwn.org/s5l8900:encryption_keys</ref>.
 +
 +
The UID and GID are not privileged to be used by the kernel, and the "securityd key" must be used from a user with ID of _securityd (uid=40).
 
=== Methods ===
 
=== Methods ===
 
{| class="wikitable"
 
{| class="wikitable"
Line 50: Line 65:
 
| 2 || test || - || -
 
| 2 || test || - || -
 
|}
 
|}
where
+
where<ref>http://github.com/planetbeing/xpwn/blob/master/crypto/aes.c</ref>
 
<source lang="c">
 
<source lang="c">
 
struct IOAESAcceleratorInfo {
 
struct IOAESAcceleratorInfo {
   unsigned type;  // ='AES0'
+
   uint32_t type;  // ='AES0'
 
   int      seven;
 
   int      seven;
 
   uint8_t  x78x50[16];
 
   uint8_t  x78x50[16];
Line 74: Line 89:
  
 
== PKE (Public key encryption) ==
 
== PKE (Public key encryption) ==
 +
The '''IOPKEAccelerator''' service provides hardware-accelerated public key encryption/decryption functions.
 
=== Methods ===
 
=== Methods ===
 
{| class="wikitable"
 
{| class="wikitable"
Line 86: Line 102:
 
|}
 
|}
  
 
+
== References ==
 
+
<references/>
 
{{occlass|library=IOKit.framework|navbox=1}}
 
{{occlass|library=IOKit.framework|navbox=1}}

Revision as of 15:48, 3 January 2010

IOCryptoAcceleratorFamily is a collection of kernel extensions that provide hardware-accelerated cryptographic functions, e.g. SHA1, AES, pseudo-random number generator (PRNG), etc.

You can use the well-documented OpenSSL or CommonCrypto to do the same job if acceleration is not essential.

PRNG

The IOPRNGAccelerator service provides a psuedo-random number generator. Its user client seems not usable in the userland.

Methods

Selector Action Input Output
0 info - struct IOPRNGAcceleratorInfo (12 bytes)
1 perform struct IOPRNGAcceleratorArg (8 bytes) struct IOPRNGAcceleratorArg (8 bytes)

where

struct IOPRNGAcceleratorInfo {
  uint32_t type;  // ='RND0'
  uint8_t  x78x50[4];
  void*    reserved;
};

struct IOPRNGAcceleratorArg {
  void* data;
  size_t length;
};

SHA-1

The IOSHA1Accelerator service provides a hardware-accelerated SHA-1 hashing.

Methods

Selector Action Input Output
0 info - struct IOSHA1AcceleratorInfo (24 bytes)
1 perform 40 bytes of stuff 40 bytes of stuff

where

struct IOSHA1AcceleratorInfo {
  uint32_t type;  // ='SHA0'
  uint8_t  x78x50[8];
  int      zero;
  uint32_t x78x5c_maybe_plus_0x100000;
  uint32_t x78x58;
};

AES

The IOAESAccelerator service provides hardware-accelerated AES encryption/decryption functions. It also provides access to the secure UID (2000) and GID (1000) keys, and the generated securityd (2101/0x835) and various firmware encryption keys (0x836 – 0x838)[1].

The UID and GID are not privileged to be used by the kernel, and the "securityd key" must be used from a user with ID of _securityd (uid=40).

Methods

Selector Action Input Output
0 info - struct IOAESAcceleratorInfo (36 bytes)
1 perform struct IOAESAcceleratorArg (72 bytes) struct IOAESAcceleratorArg (72 bytes)
2 test - -

where[2]

struct IOAESAcceleratorInfo {
  uint32_t type;  // ='AES0'
  int      seven;
  uint8_t  x78x50[16];
  int      one_or_three;
  void*    reserved;
  unsigned x78x70;
};

struct IOAESAcceleratorArg {
  const void* in_data;
  void*       out_data;
  size_t      data_length;
  uint8_t     iv[16];
  bool        is_decrypt;
  int         aes_bits;  // 128, 224, 256
  uint8_t     key[32];
  int         special_keys;  // 1000 = gid-key, 2000 = uid-key, 2101 = securityd-key
};

PKE (Public key encryption)

The IOPKEAccelerator service provides hardware-accelerated public key encryption/decryption functions.

Methods

Selector Action Input Output
0 info - 20 bytes of stuff
1 ? 44 bytes of stuff 44 bytes of stuff
2 ? 60 bytes of stuff 60 bytes of stuff

References