feat: v1.10.10, se-ecdh and se-ecsign

2024-12-15 12:55:44 +08:00
parent 25b0efd272
commit df6e7eee55
10 changed files with 343 additions and 5 deletions
--- a/src/seutil.rs
+++ b/src/seutil.rs
@@ -1,4 +1,4 @@
-use crate::util::base64_decode;
+use crate::util::{base64_decode, base64_encode};
 use rust_util::XResult;
 use swift_rs::swift;
 use swift_rs::{Bool, SRString};
@@ -7,6 +7,7 @@ swift!(fn is_support_secure_enclave() -> Bool);
 swift!(fn generate_secure_enclave_p256_ecdh_keypair() -> SRString);
 swift!(fn generate_secure_enclave_p256_ecsign_keypair() -> SRString);
 swift!(fn compute_secure_enclave_p256_ecdh(private_key_base64: SRString, ephemera_public_key_base64: SRString) -> SRString);
+swift!(fn compute_secure_enclave_p256_ecsign(private_key_base64: SRString, content: SRString) -> SRString);

 pub fn is_support_se() -> bool {
    unsafe { is_support_secure_enclave() }
@@ -44,3 +45,49 @@ pub fn generate_secure_enclave_p256_keypair(sign: bool) -> XResult<(Vec<u8>, Vec
    let private_key = public_key_and_private_keys[2].to_string();
    Ok((public_key_point, public_key_der, private_key))
 }
+
+pub fn secure_enclave_p256_dh(
+    private_key: &str,
+    ephemeral_public_key_bytes: &[u8],
+) -> XResult<Vec<u8>> {
+    let dh_result = unsafe {
+        compute_secure_enclave_p256_ecdh(
+            SRString::from(private_key),
+            SRString::from(base64_encode(ephemeral_public_key_bytes).as_str()),
+        )
+    };
+    let dh_result_str = dh_result.as_str();
+    if !dh_result_str.starts_with("ok:SharedSecret:") {
+        return simple_error!("ECDH P256 in secure enclave failed: {}", dh_result_str);
+    }
+
+    let shared_secret_hex = dh_result_str
+        .chars()
+        .skip("ok:SharedSecret:".len())
+        .collect::<String>();
+    let shared_secret_hex = shared_secret_hex.trim();
+
+    Ok(opt_result!(
+        hex::decode(shared_secret_hex),
+        "Decrypt shared secret hex: {}, failed: {}",
+        shared_secret_hex
+    ))
+}
+
+pub fn secure_enclave_p256_sign(private_key: &str, content: &[u8]) -> XResult<Vec<u8>> {
+    let signature_result = unsafe {
+        compute_secure_enclave_p256_ecsign(
+            SRString::from(private_key),
+            SRString::from(base64_encode(content).as_str()),
+        )
+    };
+    let signature_result_str = signature_result.as_str();
+    if !signature_result_str.starts_with("ok:") {
+        return simple_error!(
+            "Sign P256 in secure enclave failed: {}",
+            signature_result_str
+        );
+    }
+    let signature = signature_result_str.chars().skip(3).collect::<String>();
+    Ok(base64_decode(&signature)?)
+}