use base64::engine::general_purpose::STANDARD; use base64::Engine; use rust_util::XResult; use swift_secure_enclave_tool_rs::KeyPurpose; pub fn is_support_se() -> bool { swift_secure_enclave_tool_rs::is_secure_enclave_supported().unwrap_or(false) } pub fn generate_secure_enclave_p256_keypair(sign: bool) -> XResult<(Vec, Vec, String)> { let key_material = if sign { swift_secure_enclave_tool_rs::generate_ecdsa_keypair(KeyPurpose::Signing, true)? } else { swift_secure_enclave_tool_rs::generate_ecdsa_keypair(KeyPurpose::KeyAgreement, true)? }; Ok(( key_material.public_key_point, key_material.public_key_der, STANDARD.encode(&key_material.private_key_representation), )) } pub fn recover_secure_enclave_p256_public_key( private_key: &str, sign: bool, ) -> XResult<(Vec, Vec, String)> { let private_key_representation = STANDARD.decode(private_key)?; let key_material = if sign { swift_secure_enclave_tool_rs::recover_ecdsa_keypair( KeyPurpose::Signing, &private_key_representation, ) } else { swift_secure_enclave_tool_rs::recover_ecdsa_keypair( KeyPurpose::KeyAgreement, &private_key_representation, ) }?; Ok(( key_material.public_key_point, key_material.public_key_der, STANDARD.encode(&key_material.private_key_representation), )) } pub fn secure_enclave_p256_dh( private_key: &str, ephemeral_public_key_bytes: &[u8], ) -> XResult> { let private_key_representation = STANDARD.decode(private_key)?; let shared_secret = swift_secure_enclave_tool_rs::private_key_ecdh( &private_key_representation, ephemeral_public_key_bytes, )?; Ok(shared_secret) } pub fn secure_enclave_p256_sign(private_key: &str, content: &[u8]) -> XResult> { let private_key_representation = STANDARD.decode(private_key)?; let signature = swift_secure_enclave_tool_rs::private_key_ecdsa_sign(&private_key_representation, content)?; Ok(signature) }