feat: v1.11.3

src/cmd_se_generate.rs

@@ -30,6 +30,11 @@ impl Command for CommandImpl {
                     .takes_value(true)
                     .help("Host name"),
             )
+            .arg(
+                Arg::with_name("disable-bio")
+                    .long("disable-bio")
+                    .help("Disable bio"),
+            )
             .arg(Arg::with_name("json").long("json").help("JSON output"))
     }
 
@@ -49,9 +54,10 @@ impl Command for CommandImpl {
             "key_agreement" | "ecdh" | "dh" => false,
             _ => return simple_error!("Invalid type: {}", ty),
         };
+        let require_bio = !sub_arg_matches.is_present("disable-bio");
 
         let (public_key_point, public_key_der, private_key) =
-            seutil::generate_secure_enclave_p256_keypair(sign)?;
+            seutil::generate_secure_enclave_p256_keypair(sign, require_bio)?;
 
         let public_key_point_hex = hex::encode(&public_key_point);
         let public_key_pem = bytes_to_pem("PUBLIC KEY", &*public_key_der);

src/seutil.rs

@@ -7,11 +7,14 @@ pub fn is_support_se() -> bool {
     swift_secure_enclave_tool_rs::is_secure_enclave_supported().unwrap_or(false)
 }
 
-pub fn generate_secure_enclave_p256_keypair(sign: bool) -> XResult<(Vec<u8>, Vec<u8>, String)> {
+pub fn generate_secure_enclave_p256_keypair(
+    sign: bool,
+    require_bio: bool,
+) -> XResult<(Vec<u8>, Vec<u8>, String)> {
     let key_material = if sign {
-        swift_secure_enclave_tool_rs::generate_keypair(KeyPurpose::Signing, true)?
+        swift_secure_enclave_tool_rs::generate_keypair(KeyPurpose::Signing, require_bio)?
     } else {
-        swift_secure_enclave_tool_rs::generate_keypair(KeyPurpose::KeyAgreement, true)?
+        swift_secure_enclave_tool_rs::generate_keypair(KeyPurpose::KeyAgreement, require_bio)?
     };
     Ok((
         key_material.public_key_point,