feat: v1.13.4
This commit is contained in:
@@ -1,12 +1,13 @@
|
||||
use crate::cmd_hmac_encrypt;
|
||||
use crate::pkiutil::bytes_to_pem;
|
||||
use crate::{cmdutil, seutil, util};
|
||||
use crate::util::base64_encode;
|
||||
use crate::{cmdutil, seutil, util};
|
||||
use clap::{App, Arg, ArgMatches, SubCommand};
|
||||
use p256::PublicKey;
|
||||
use rust_util::util_clap::{Command, CommandError};
|
||||
use spki::DecodePublicKey;
|
||||
use std::collections::BTreeMap;
|
||||
use crate::cmd_hmac_encrypt;
|
||||
use swift_secure_enclave_tool_rs::ControlFlag;
|
||||
|
||||
pub struct CommandImpl;
|
||||
|
||||
@@ -33,9 +34,11 @@ impl Command for CommandImpl {
|
||||
.help("Host name"),
|
||||
)
|
||||
.arg(
|
||||
Arg::with_name("disable-bio")
|
||||
.long("disable-bio")
|
||||
.help("Disable bio"),
|
||||
Arg::with_name("control-flag")
|
||||
.long("control-flag")
|
||||
.required(true)
|
||||
.takes_value(true)
|
||||
.help("Control flag, e.g. none, user-presence, device-passcode, biometry-any, biometry-current-set"),
|
||||
)
|
||||
.arg(cmdutil::build_with_hmac_encrypt_arg())
|
||||
.arg(cmdutil::build_with_pbe_encrypt_arg())
|
||||
@@ -56,10 +59,18 @@ impl Command for CommandImpl {
|
||||
"key_agreement" | "ecdh" | "dh" => false,
|
||||
_ => return simple_error!("Invalid type: {}", ty),
|
||||
};
|
||||
let require_bio = !sub_arg_matches.is_present("disable-bio");
|
||||
let control_flag = sub_arg_matches.value_of("control-flag").unwrap();
|
||||
let control_flag = match control_flag {
|
||||
"none" => ControlFlag::None,
|
||||
"user-presence" | "up" => ControlFlag::UserPresence,
|
||||
"device-passcode" | "passcode" | "pass" => ControlFlag::DevicePasscode,
|
||||
"biometry-any" | "bio-any" => ControlFlag::BiometryAny,
|
||||
"biometry-current-set" | "bio-current" => ControlFlag::BiometryCurrentSet,
|
||||
_ => return simple_error!("Invalid control flag: {}", control_flag),
|
||||
};
|
||||
|
||||
let (public_key_point, public_key_der, private_key) =
|
||||
seutil::generate_secure_enclave_p256_keypair(sign, require_bio)?;
|
||||
seutil::generate_secure_enclave_p256_keypair(sign, control_flag)?;
|
||||
|
||||
let private_key = cmd_hmac_encrypt::do_encrypt(&private_key, &mut None, sub_arg_matches)?;
|
||||
let key_uri = format!(
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
use crate::util::{base64_decode, base64_encode};
|
||||
use rust_util::XResult;
|
||||
use se_tool::KeyPurpose;
|
||||
use swift_secure_enclave_tool_rs as se_tool;
|
||||
use crate::util::{base64_decode, base64_encode};
|
||||
use swift_secure_enclave_tool_rs::ControlFlag;
|
||||
|
||||
pub fn is_support_se() -> bool {
|
||||
se_tool::is_secure_enclave_supported().unwrap_or_else(|e| {
|
||||
@@ -20,12 +21,12 @@ pub fn check_se_supported() -> XResult<()> {
|
||||
|
||||
pub fn generate_secure_enclave_p256_keypair(
|
||||
sign: bool,
|
||||
require_bio: bool,
|
||||
control_flag: ControlFlag,
|
||||
) -> XResult<(Vec<u8>, Vec<u8>, String)> {
|
||||
let key_material = if sign {
|
||||
se_tool::generate_keypair(KeyPurpose::Signing, require_bio)?
|
||||
se_tool::generate_keypair(KeyPurpose::Signing, control_flag)?
|
||||
} else {
|
||||
se_tool::generate_keypair(KeyPurpose::KeyAgreement, require_bio)?
|
||||
se_tool::generate_keypair(KeyPurpose::KeyAgreement, control_flag)?
|
||||
};
|
||||
Ok((
|
||||
key_material.public_key_point,
|
||||
|
||||
Reference in New Issue
Block a user