iPhone 是否支持硬件加速 AES 加密?

发布于 2024-10-15 02:01:21 字数 278 浏览 8 评论 0原文

我可以在 iPhone/iPad 上找到“硬件加速 AES 加密”的参考。但是我可以找到进行 AES 加密的 API (CCCrypt)根本不谈论硬件加速。

有谁知道这些 API 是硬件加速的还是还有其他 API?

I could find references to "hardware-accelerated AES encryption" on an iPhone/iPad. But the APIs that I could find to do the AES encryption (CCCrypt) don't talk about hardware-acceleration at all.

Does anyone have any idea if these APIs are the ones that are hardware-accelerated or are there other ones?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

叹倦 2024-10-22 02:01:21

是。

从 4.3 开始,如果消息具有 >64 个块(即 1024 字节),则 AES 的 CCCrypt 函数将使用硬件加速实现。 (顺便说一句,这是通过使用 /dev/aes_0 进行 ioctl 来完成的。)

除了 AES 之外,当输入 > 时,SHA-1 也是硬件加速的。 4096 字节。

Yes.

As of 4.3, if the message has >64 blocks (i.e. 1024 bytes), the CCCrypt function for AES will use the hardware-accelerated implementation. (This is done by ioctling with /dev/aes_0, BTW.)

Besides AES, SHA-1 is also hardware-accelerated when the input is > 4096 bytes.

我的鱼塘能养鲲 2024-10-22 02:01:21

API 的全部意义在于您无需关心支持它的实现细节。实施者(在本例中为苹果)将使用在使用的任何硬件上提供最佳性能和能源使用特征的任何实施方式。这可能是硬件实现,也可能是软件实现,它可能取决于您调用该函数的块大小。

The whole point of an API is that you don't need to care about the implementation details that back it. The implementor (Apple, in this case) will use whatever implementation gives the best performance and energy usage characteristics on whatever hardware is in use. That might be a hardware implementation, or it might be a software implementation, it might depend on the block size for which you are calling the function.

青衫负雪 2024-10-22 02:01:21

iPhone 支持硬件加速 AES 加密吗?

这取决于 iPhone 版本和硬件,但在 2015 年大部分是“是”。Apple

将其用于托管设备的快速“远程擦除”功能。这个想法是一切都被加密,并且密钥存储在由可擦除存储支持的密钥包中(“effaçable”在法语中是“可擦除”的意思)。有关详细信息,请参阅 Jean-Baptiste Bédrune 和 Jean Sigwald iPhone 数据深度保护;以及 Dino Zavi 的 Apple iOS 4 安全评估

该电路位于存储器和内存之间的 DMA 数据路径上,因此穿过该路径的任何内容都会被加密或解密。

如果设备丢失或被盗,则可以向设备发送命令以擦除保存用于加密和解密的密钥的密钥包。由于钥匙包由可擦除存储提供支持,因此钥匙不会因磨损均衡而移动。

Apple 似乎在 iOS 设备上提供了至少两个来源的硬件加速 AES。两者均由 Apple 的 CommonCrypto 封装框架。至少有一种可供程序员使用,而不需要 CommonCrypto。


第一个硬件加速源

第一个源是 ARMv8 及更高版本中提供的标准 ARM 加密。当定义 __ARM_FEATURE_CRYPTO 时,这些指令可用作 C/C++ 内在指令和汇编:

$ clang++ -arch arm64 -dM -E - < /dev/null | sort | egrep -i '(arm|aarch|neon)'
#define __AARCH64EL__ 1
#define __AARCH64_SIMD__ 1
#define __ARM64_ARCH_8__ 1
#define __ARM_64BIT_STATE 1
#define __ARM_ACLE 200
#define __ARM_ALIGN_MAX_STACK_PWR 4
#define __ARM_ARCH 8
#define __ARM_ARCH_ISA_A64 1
#define __ARM_ARCH_PROFILE 'A'
#define __ARM_FEATURE_CLZ 1
#define __ARM_FEATURE_CRYPTO 1
#define __ARM_FEATURE_DIV 1
#define __ARM_FEATURE_FMA 1
#define __ARM_FEATURE_UNALIGNED 1
#define __ARM_FP 0xe
#define __ARM_FP16_FORMAT_IEEE 1
#define __ARM_FP_FENV_ROUNDING 1
#define __ARM_NEON 1
#define __ARM_NEON_FP 7
#define __ARM_NEON__ 1
#define __ARM_PCS_AAPCS64 1
#define __ARM_SIZEOF_MINIMAL_ENUM 4
#define __ARM_SIZEOF_WCHAR_T 4
#define __aarch64__ 1
#define __arm64 1
#define __arm64__ 1

顺便说一句,当定义 __ARM_FEATURE_CRYPTO 时,您应该有权访问硬件加速 SHA-1还有 SHA-2。


第二个硬件加速源

第二个源似乎是自定义的,它存在于 ARMv7 及更低版本中。我不确定如何获取这个加密货币(也许 opensource.apple.com 有答案):

$ clang++ -arch armv7s -dM -E - < /dev/null | sort | egrep -i '(arm|aarch|neon|crc|crypto)'
#define __ARMEL__ 1
#define __ARM_ARCH 7
#define __ARM_ARCH_7S__ 1
#define __ARM_ARCH_EXT_IDIV__ 1
#define __ARM_NEON 1
#define __ARM_NEON__ 1
#define __ARM_SIZEOF_MINIMAL_ENUM 4
#define __ARM_SIZEOF_WCHAR_T 4
#define __ARM_VFPV4__ 1
#define __arm 1
#define __arm__ 1

并且:

$ clang++ -arch armv7 -dM -E - < /dev/null | sort | egrep -i '(arm|aarch|neon|crc|crypto)'
#define __ARMEL__ 1
#define __ARM_ARCH 7
#define __ARM_ARCH_7A__ 1
#define __ARM_ARCH_PROFILE A
#define __ARM_NEON 1
#define __ARM_NEON__ 1
#define __ARM_SIZEOF_MINIMAL_ENUM 4
#define __ARM_SIZEOF_WCHAR_T 4
#define __ARM_VFPV3__ 1
#define __arm 1
#define __arm__ 1

一个相关的问题是Apple 使用哪个硬件芯片/供应商进行硬件加速 AES/SHA-1 加密?


这是我们用于 iOS 的一些代码。它测试 ARM 加密指令的运行时支持。由于代码是基于内在的,因此 iOS、Linux、Windows Phone 和 Windows Store 使用相同的代码。对于 iOS,当指定 -arch arm64 时使用它。

#if (BOOL_ARM32 || BOOL_ARM64) && (/* other support tests */)
# define BOOL_ARM_CRYPTO_INTRINSICS_AVAILABLE 1
#endif
...

static bool TryCrypto()
{
#if (BOOL_ARM_CRYPTO_INTRINSICS_AVAILABLE)
# if defined(_WIN32) || defined(_WIN64)
    __try
    {
        // AES encrypt and decrypt
        static const uint8x16_t data = vdupq_n_u8(0), key = vdupq_n_u8(0); 
        uint8x16_t r1 = vaeseq_u8(data, key);
        uint8x16_t r2 = vaesdq_u8(data, key);
    }
    __except (EXCEPTION_EXECUTE_HANDLER)
    {
        return false;
    }
    return true;
# else
    // longjmp and clobber warnings. Volatile is required.
    volatile bool result = true;

    SigHandler oldHandler = signal(SIGILL, SigIllHandlerCrypto);
    if (oldHandler == SIG_ERR)
        result = false;

    if (setjmp(s_jmpNoCrypto))
        result = false;
    else
    {
        // AES encrypt and decrypt
        static const uint8x16_t data = vdupq_n_u8(0), key = vdupq_n_u8(0); 
        uint8x16_t r1 = vaeseq_u8(data, key);
        uint8x16_t r2 = vaesdq_u8(data, key);
    }

    signal(SIGILL, oldHandler);
    return result;
# endif
#else
    return false;
#endif
}

这是编译期间命令行的样子:

clang++ -DNDEBUG -g2 -O3 -fPIC -pipe -Wall -miphoneos-version-min=7 -arch arm64 -stdlib=libc++ -isysroot
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS8.2.sdk
-c cpu.cpp
cpu.cpp:438:14: warning: unused variable 'r1' [-Wunused-variable]
                uint8x16_t r1 = vaeseq_u8(data, key);
                           ^
cpu.cpp:439:14: warning: unused variable 'r2' [-Wunused-variable]
                uint8x16_t r2 = vaesdq_u8(data, key);
                           ^
2 warnings generated.

Does iPhone support hardware-accelerated AES Encryption?

It depends on the iPhone version and hardware, but mostly YES in 2015.

Apple uses it for the quick "remote wipe" feature for managed devices. The idea is everything is encrypted, and the keys are stored in a keybag backed by effaceable storage ("effaçable" is French for "erasable"). For more information, see Jean-Baptiste Bédrune and Jean Sigwald iPhone data protection in depth; and Dino Zavi's Apple iOS 4 Security Evaluation.

The circuit is placed on the DMA datapath between storage and memory so anything traversing the path is encrypted or decrypted.

If the device is lost or stolen, then a command can be sent to the device to erase the keybag holding the keys used for encryption and decryption. Because the keybag is backed by effaceable storage, the keys don't move around due to wear leveling.

It appears Apple provides hardware accelerated AES from at least two sources on iOS devices. Both are wrapped by Apple's CommonCrypto framework. At least one appears to be available to the programmer without the need for CommonCrypto.


First hardware accelerated source

The first source is standard ARM crypto available in ARMv8 and above. The instructions are available as both C/C++ intinsics and assembly when __ARM_FEATURE_CRYPTO is defined:

$ clang++ -arch arm64 -dM -E - < /dev/null | sort | egrep -i '(arm|aarch|neon)'
#define __AARCH64EL__ 1
#define __AARCH64_SIMD__ 1
#define __ARM64_ARCH_8__ 1
#define __ARM_64BIT_STATE 1
#define __ARM_ACLE 200
#define __ARM_ALIGN_MAX_STACK_PWR 4
#define __ARM_ARCH 8
#define __ARM_ARCH_ISA_A64 1
#define __ARM_ARCH_PROFILE 'A'
#define __ARM_FEATURE_CLZ 1
#define __ARM_FEATURE_CRYPTO 1
#define __ARM_FEATURE_DIV 1
#define __ARM_FEATURE_FMA 1
#define __ARM_FEATURE_UNALIGNED 1
#define __ARM_FP 0xe
#define __ARM_FP16_FORMAT_IEEE 1
#define __ARM_FP_FENV_ROUNDING 1
#define __ARM_NEON 1
#define __ARM_NEON_FP 7
#define __ARM_NEON__ 1
#define __ARM_PCS_AAPCS64 1
#define __ARM_SIZEOF_MINIMAL_ENUM 4
#define __ARM_SIZEOF_WCHAR_T 4
#define __aarch64__ 1
#define __arm64 1
#define __arm64__ 1

By the way, when __ARM_FEATURE_CRYPTO is defined, you should have access to hardware accelerated SHA-1 and SHA-2, also.


Second hardware accelerated source

The second source appears to be custom, and its present in ARMv7s and below. I'm not sure how to get to this crypto (maybe opensource.apple.com has the answer):

$ clang++ -arch armv7s -dM -E - < /dev/null | sort | egrep -i '(arm|aarch|neon|crc|crypto)'
#define __ARMEL__ 1
#define __ARM_ARCH 7
#define __ARM_ARCH_7S__ 1
#define __ARM_ARCH_EXT_IDIV__ 1
#define __ARM_NEON 1
#define __ARM_NEON__ 1
#define __ARM_SIZEOF_MINIMAL_ENUM 4
#define __ARM_SIZEOF_WCHAR_T 4
#define __ARM_VFPV4__ 1
#define __arm 1
#define __arm__ 1

And:

$ clang++ -arch armv7 -dM -E - < /dev/null | sort | egrep -i '(arm|aarch|neon|crc|crypto)'
#define __ARMEL__ 1
#define __ARM_ARCH 7
#define __ARM_ARCH_7A__ 1
#define __ARM_ARCH_PROFILE A
#define __ARM_NEON 1
#define __ARM_NEON__ 1
#define __ARM_SIZEOF_MINIMAL_ENUM 4
#define __ARM_SIZEOF_WCHAR_T 4
#define __ARM_VFPV3__ 1
#define __arm 1
#define __arm__ 1

A related question is Which hardware chip/vendor does Apple use for its hardware-accelerated AES/SHA-1 encryption?


Here's some code we are using for iOS. It test for runtime support of ARM Crypto instructions. Because the code is intrinsic-based, the same code is used for iOS, Linux, Windows Phone and Windows Store. In the case of iOS, its used when -arch arm64 is specified.

#if (BOOL_ARM32 || BOOL_ARM64) && (/* other support tests */)
# define BOOL_ARM_CRYPTO_INTRINSICS_AVAILABLE 1
#endif
...

static bool TryCrypto()
{
#if (BOOL_ARM_CRYPTO_INTRINSICS_AVAILABLE)
# if defined(_WIN32) || defined(_WIN64)
    __try
    {
        // AES encrypt and decrypt
        static const uint8x16_t data = vdupq_n_u8(0), key = vdupq_n_u8(0); 
        uint8x16_t r1 = vaeseq_u8(data, key);
        uint8x16_t r2 = vaesdq_u8(data, key);
    }
    __except (EXCEPTION_EXECUTE_HANDLER)
    {
        return false;
    }
    return true;
# else
    // longjmp and clobber warnings. Volatile is required.
    volatile bool result = true;

    SigHandler oldHandler = signal(SIGILL, SigIllHandlerCrypto);
    if (oldHandler == SIG_ERR)
        result = false;

    if (setjmp(s_jmpNoCrypto))
        result = false;
    else
    {
        // AES encrypt and decrypt
        static const uint8x16_t data = vdupq_n_u8(0), key = vdupq_n_u8(0); 
        uint8x16_t r1 = vaeseq_u8(data, key);
        uint8x16_t r2 = vaesdq_u8(data, key);
    }

    signal(SIGILL, oldHandler);
    return result;
# endif
#else
    return false;
#endif
}

And here's what it looks like from the command line during a compile:

clang++ -DNDEBUG -g2 -O3 -fPIC -pipe -Wall -miphoneos-version-min=7 -arch arm64 -stdlib=libc++ -isysroot
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS8.2.sdk
-c cpu.cpp
cpu.cpp:438:14: warning: unused variable 'r1' [-Wunused-variable]
                uint8x16_t r1 = vaeseq_u8(data, key);
                           ^
cpu.cpp:439:14: warning: unused variable 'r2' [-Wunused-variable]
                uint8x16_t r2 = vaesdq_u8(data, key);
                           ^
2 warnings generated.
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文