card-cli/src/seutil.rs

use base64::engine::general_purpose::STANDARD;
use base64::Engine;
use rust_util::XResult;
use swift_secure_enclave_tool_rs::KeyPurpose;

pub fn is_support_se() -> bool {
    swift_secure_enclave_tool_rs::is_secure_enclave_supported().unwrap_or(false)
}

pub fn generate_secure_enclave_p256_keypair(sign: bool) -> XResult<(Vec<u8>, Vec<u8>, String)> {
    let key_material = if sign {
        swift_secure_enclave_tool_rs::generate_ecdsa_keypair(KeyPurpose::Signing, true)?
    } else {
        swift_secure_enclave_tool_rs::generate_ecdsa_keypair(KeyPurpose::KeyAgreement, true)?
    };
    Ok((
        key_material.public_key_point,
        key_material.public_key_der,
        STANDARD.encode(&key_material.private_key_representation),
    ))
}

pub fn recover_secure_enclave_p256_public_key(
    private_key: &str,
    sign: bool,
) -> XResult<(Vec<u8>, Vec<u8>, String)> {
    let private_key_representation = STANDARD.decode(private_key)?;
    let key_material = if sign {
        swift_secure_enclave_tool_rs::recover_ecdsa_keypair(
            KeyPurpose::Signing,
            &private_key_representation,
        )
    } else {
        swift_secure_enclave_tool_rs::recover_ecdsa_keypair(
            KeyPurpose::KeyAgreement,
            &private_key_representation,
        )
    }?;
    Ok((
        key_material.public_key_point,
        key_material.public_key_der,
        STANDARD.encode(&key_material.private_key_representation),
    ))
}

pub fn secure_enclave_p256_dh(
    private_key: &str,
    ephemeral_public_key_bytes: &[u8],
) -> XResult<Vec<u8>> {
    let private_key_representation = STANDARD.decode(private_key)?;
    let shared_secret = swift_secure_enclave_tool_rs::private_key_ecdh(
        &private_key_representation,
        ephemeral_public_key_bytes,
    )?;
    Ok(shared_secret)
}

pub fn secure_enclave_p256_sign(private_key: &str, content: &[u8]) -> XResult<Vec<u8>> {
    let private_key_representation = STANDARD.decode(private_key)?;
    let signature =
        swift_secure_enclave_tool_rs::private_key_ecdsa_sign(&private_key_representation, content)?;
    Ok(signature)
}