14

I have some cryptography code that has multiple implementations, selecting which implementation at runtime based on the features of the CPU it is running on. Porting this has been straightforward so far, with Windows, Linux and Android being easy.

But in iOS it does not seem easy. While x86 CPUs have the cpuid instruction to detect features, even from user mode, the ARM equivalent is privileged. It is not possible to detect CPU features on ARM without OS cooperation.

In Windows, IsProcessorFeaturePresent works for detecting ARM CPU features. On Linux, /proc/cpuinfo is the way to go. Android has a cpufeatures library (and /proc/cpuinfo still works anyway). Mac OS has sysctlbyname with hw.optional.*.

But what about iOS? The iOS kernel has hw.optional.* like Mac OS, but it is locked down in iOS 10. (Thus, my question is not a duplicate of this one, as circumstances have since changed.) Also, getting a list of those seems difficult - Apple's open source web site runs an automated process to scrub all ARM-specific code from the OS source they give out publicly in order to make jailbreakers work harder.

Community
  • 1
  • 1
Myria
  • 3,372
  • 1
  • 24
  • 42
  • 1
    How about running the the different methods and check if they are available or measure the time used. This would obviously be more code to write but i do not know of any other way to detect the best implementation of your crypto code.. – Ben H Mar 16 '18 at 14:00

2 Answers2

0

You may take a look on the iOS Security Guide for business

Apparently, if you can get the CPU series name, you may also deduce which cryptographic component and how it works from the documentation.

You may note that some devices have a Security Enclave:

The Secure Enclave is a coprocessor fabricated in the Apple T1, Apple S2, Apple S3, Apple A7, or later A-series processors.

Page 6

And you may deduce that any older CPU version has not.

Every iOS device has a dedicated AES-256 crypto engine built into the DMA path between the flash storage and main system memory [...]

On T1, S2, S3, and A9 or later A-series processors, each Secure Enclave generates its own UID (Unique ID).

Page 12

Method to access cryptographic components will depend of which kind of data or storage you would to get an access ( local data storage / sync / home data / app / siri / icloud / secure note / keybag / payment / applepay / vpn / wifi password / SSO / airdrop / etc...)

Could you precise which part of the cryptographic part you need to access in your use case?

You may also take a look here and here to get additional information relative to iOS native security and cryptography API.

timiTao
  • 1,417
  • 3
  • 20
  • 34
A. STEFANI
  • 6,707
  • 1
  • 23
  • 48
  • Those cryptographic components are not the ones I'm talking about. I mean the ARMv8 crypto instruction set. The security enclave is not involved, because this is entirely user-mode cryptography. The cryptography API is not involved, because I'm doing cryptographic algorithms not supported by the cryptography API - namely AES-GCM. – Myria Mar 21 '18 at 00:47
-2

The reason behind iOS blocking certain hardware information is very simple. Please read about Apple A11 processor. There is so much stuff in it, also stuff, which will never be documented.

Apple simply does not want developers to be aware of it and use it. I would not expect any progress on this topic.

The only way forward at this moment is to bypass the OS and talk directly to the hardware. You would be amazed what is inside and how quickly it responds!

timiTao
  • 1,417
  • 3
  • 20
  • 34
q74
  • 88
  • 8
  • "I would not expect any progress on this topic unless someone from the lab escapes to a non-extradition country, in which internet access to the rest of the world is still possible" :) – q74 Mar 14 '18 at 19:30
  • 1
    You're saying that we should just use extended processor features and hope we don't crash if they're missing? Then why provide things like arm_neon.h in the SDK at all? – Myria Mar 14 '18 at 19:45
  • I wrote that not everything is always documented. Quite often chip manufacturers do not document certain features. A simple bit in some register set to 1 can open some extra features, which you will never find in an official documentation. This is just how it is, some say that for example this bit is reserved for future use. That's all. – q74 Mar 14 '18 at 20:05
  • But many ARM core features are pretty much std, like the `dotprod` instructions for doing a dotproduct. Should I just use them and have my apps crash on some iphones but not others? This does not make any sense. – gnzlbg Mar 14 '18 at 20:56