hatter/swift-secure-enclave-tool-rs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: v0.1.1

Browse Source
This commit is contained in:
Hatter Jiang
2025-03-24 01:10:16 +08:00
parent f1c8500873
commit 60767a8d7b
6 changed files with 39 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package] [package]
name = "swift-secure-enclave-tool-rs" name = "swift-secure-enclave-tool-rs"
version = "0.1.0" version = "0.1.1"
edition = "2024" edition = "2024"
authors = ["Hatter Jiang"] authors = ["Hatter Jiang"]
repository = "https://git.hatter.ink/hatter/swift-secure-enclave-tool-rs" repository = "https://git.hatter.ink/hatter/swift-secure-enclave-tool-rs"

11
examples/generate_keypair.rs
View File

@@ -1,7 +1,7 @@
use base64::engine::general_purpose::STANDARD; use base64::engine::general_purpose::STANDARD;
use base64::Engine; use base64::Engine;
use swift_secure_enclave_tool_rs::{ use swift_secure_enclave_tool_rs::{
generate_ecdsa_keypair, is_secure_enclave_supported, KeyMaterial, KeyPurpose, generate_keypair, is_secure_enclave_supported, KeyMaterial, KeyPurpose,
}; };
fn main() { fn main() {
@@ -10,20 +10,19 @@ fn main() {
is_secure_enclave_supported().unwrap() is_secure_enclave_supported().unwrap()
); );
let ecdsa_key_material_require_bio = generate_ecdsa_keypair(KeyPurpose::Signing, true).unwrap(); let ecdsa_key_material_require_bio = generate_keypair(KeyPurpose::Signing, true).unwrap();
print_key_material("Signing key [require bio]", &ecdsa_key_material_require_bio); print_key_material("Signing key [require bio]", &ecdsa_key_material_require_bio);
let ecdsa_key_material_no_bio = generate_ecdsa_keypair(KeyPurpose::Signing, true).unwrap(); let ecdsa_key_material_no_bio = generate_keypair(KeyPurpose::Signing, true).unwrap();
print_key_material("Signing key [no bio]", &ecdsa_key_material_no_bio); print_key_material("Signing key [no bio]", &ecdsa_key_material_no_bio);
let ecdsa_key_material_require_bio = let ecdsa_key_material_require_bio = generate_keypair(KeyPurpose::KeyAgreement, true).unwrap();
generate_ecdsa_keypair(KeyPurpose::KeyAgreement, true).unwrap();
print_key_material( print_key_material(
"Key agreement key [require bio]", "Key agreement key [require bio]",
&ecdsa_key_material_require_bio, &ecdsa_key_material_require_bio,
); );
let ecdsa_key_material_no_bio = generate_ecdsa_keypair(KeyPurpose::KeyAgreement, true).unwrap(); let ecdsa_key_material_no_bio = generate_keypair(KeyPurpose::KeyAgreement, true).unwrap();
print_key_material("Key agreement key [no bio]", &ecdsa_key_material_no_bio); print_key_material("Key agreement key [no bio]", &ecdsa_key_material_no_bio);
} }

4
examples/private_ecdsa_sign.rs
View File

@@ -1,12 +1,12 @@
use base64::engine::general_purpose::STANDARD; use base64::engine::general_purpose::STANDARD;
use base64::Engine; use base64::Engine;
use swift_secure_enclave_tool_rs::private_key_ecdsa_sign; use swift_secure_enclave_tool_rs::private_key_sign;
fn main() { fn main() {
let args = std::env::args().collect::<Vec<_>>(); let args = std::env::args().collect::<Vec<_>>();
let private_key_representation = STANDARD.decode(&args[1]).unwrap(); let private_key_representation = STANDARD.decode(&args[1]).unwrap();
let signature = private_key_ecdsa_sign(&private_key_representation, b"hello world").unwrap(); let signature = private_key_sign(&private_key_representation, b"hello world").unwrap();
println!("{}", hex::encode(&signature)); println!("{}", hex::encode(&signature));
} }

4
examples/recover_ecdh.rs
View File

@@ -1,5 +1,5 @@
use base64::Engine; use base64::Engine;
use swift_secure_enclave_tool_rs::{recover_ecdsa_keypair, KeyPurpose}; use swift_secure_enclave_tool_rs::{recover_keypair, KeyPurpose};
fn main() { fn main() {
let args = std::env::args().collect::<Vec<_>>(); let args = std::env::args().collect::<Vec<_>>();
@@ -7,6 +7,6 @@ fn main() {
.decode(&args[1]) .decode(&args[1])
.unwrap(); .unwrap();
let key_material = let key_material =
recover_ecdsa_keypair(KeyPurpose::KeyAgreement, &private_key_representation).unwrap(); recover_keypair(KeyPurpose::KeyAgreement, &private_key_representation).unwrap();
println!("{:?}", key_material) println!("{:?}", key_material)
} }

5
examples/recover_ecdsa.rs
View File

@@ -1,12 +1,11 @@
use base64::Engine; use base64::Engine;
use swift_secure_enclave_tool_rs::{recover_ecdsa_keypair, KeyPurpose}; use swift_secure_enclave_tool_rs::{recover_keypair, KeyPurpose};
fn main() { fn main() {
let args = std::env::args().collect::<Vec<_>>(); let args = std::env::args().collect::<Vec<_>>();
let private_key_representation = base64::engine::general_purpose::STANDARD let private_key_representation = base64::engine::general_purpose::STANDARD
.decode(&args[1]) .decode(&args[1])
.unwrap(); .unwrap();
let key_material = let key_material = recover_keypair(KeyPurpose::Signing, &private_key_representation).unwrap();
recover_ecdsa_keypair(KeyPurpose::Signing, &private_key_representation).unwrap();
println!("{:?}", key_material) println!("{:?}", key_material)
} }

36
src/lib.rs
View File

@@ -31,41 +31,59 @@ pub fn is_secure_enclave_supported() -> XResult<bool> {
} }
} }
#[deprecated]
pub fn generate_ecdsa_keypair(key_purpose: KeyPurpose, require_bio: bool) -> XResult<KeyMaterial> { pub fn generate_ecdsa_keypair(key_purpose: KeyPurpose, require_bio: bool) -> XResult<KeyMaterial> {
generate_keypair(key_purpose, require_bio)
}
pub fn generate_keypair(key_purpose: KeyPurpose, require_bio: bool) -> XResult<KeyMaterial> {
let mut cmd = Command::new(SWIFT_SECURE_ENCLAVE_TOOL_CMD); let mut cmd = Command::new(SWIFT_SECURE_ENCLAVE_TOOL_CMD);
cmd.arg(match key_purpose { cmd.arg(match key_purpose {
KeyPurpose::Signing => "generate_p256_ecsign_keypair", KeyPurpose::Signing => "generate_p256_ecsign_keypair",
KeyPurpose::KeyAgreement => "generate_p256_ecdh_keypair", KeyPurpose::KeyAgreement => "generate_p256_ecdh_keypair",
}); });
cmd.arg(&format!("{}", require_bio)); cmd.arg(format!("{}", require_bio));
let cmd_stdout = run_command_stdout(cmd)?; let cmd_stdout = run_command_stdout(cmd)?;
parse_keypair_result(&cmd_stdout) parse_keypair_result(&cmd_stdout)
} }
#[deprecated]
pub fn recover_ecdsa_keypair( pub fn recover_ecdsa_keypair(
key_purpose: KeyPurpose, key_purpose: KeyPurpose,
private_key_representation: &[u8], private_key_representation: &[u8],
) -> XResult<KeyMaterial> {
recover_keypair(key_purpose, private_key_representation)
}
pub fn recover_keypair(
key_purpose: KeyPurpose,
private_key_representation: &[u8],
) -> XResult<KeyMaterial> { ) -> XResult<KeyMaterial> {
let mut cmd = Command::new(SWIFT_SECURE_ENCLAVE_TOOL_CMD); let mut cmd = Command::new(SWIFT_SECURE_ENCLAVE_TOOL_CMD);
cmd.arg(match key_purpose { cmd.arg(match key_purpose {
KeyPurpose::Signing => "recover_p256_ecsign_public_key", KeyPurpose::Signing => "recover_p256_ecsign_public_key",
KeyPurpose::KeyAgreement => "recover_p256_ecdh_public_key", KeyPurpose::KeyAgreement => "recover_p256_ecdh_public_key",
}); });
cmd.arg(&STANDARD.encode(private_key_representation)); cmd.arg(STANDARD.encode(private_key_representation));
let cmd_stdout = run_command_stdout(cmd)?; let cmd_stdout = run_command_stdout(cmd)?;
parse_keypair_result(&cmd_stdout) parse_keypair_result(&cmd_stdout)
} }
#[deprecated]
pub fn private_key_ecdsa_sign( pub fn private_key_ecdsa_sign(
private_key_representation: &[u8], private_key_representation: &[u8],
content: &[u8], content: &[u8],
) -> XResult<Vec<u8>> { ) -> XResult<Vec<u8>> {
private_key_sign(private_key_representation, content)
}
pub fn private_key_sign(private_key_representation: &[u8], content: &[u8]) -> XResult<Vec<u8>> {
let mut cmd = Command::new(SWIFT_SECURE_ENCLAVE_TOOL_CMD); let mut cmd = Command::new(SWIFT_SECURE_ENCLAVE_TOOL_CMD);
cmd.arg("compute_p256_ecsign"); cmd.arg("compute_p256_ecsign");
cmd.arg(&STANDARD.encode(private_key_representation)); cmd.arg(STANDARD.encode(private_key_representation));
cmd.arg(&STANDARD.encode(content)); cmd.arg(STANDARD.encode(content));
let cmd_stdout = run_command_stdout(cmd)?; let cmd_stdout = run_command_stdout(cmd)?;
if cmd_stdout.starts_with("ok:") { if cmd_stdout.starts_with("ok:") {
@@ -83,8 +101,8 @@ pub fn private_key_ecdh(
) -> XResult<Vec<u8>> { ) -> XResult<Vec<u8>> {
let mut cmd = Command::new(SWIFT_SECURE_ENCLAVE_TOOL_CMD); let mut cmd = Command::new(SWIFT_SECURE_ENCLAVE_TOOL_CMD);
cmd.arg("compute_p256_ecdh"); cmd.arg("compute_p256_ecdh");
cmd.arg(&STANDARD.encode(private_key_representation)); cmd.arg(STANDARD.encode(private_key_representation));
cmd.arg(&STANDARD.encode(ephemera_public_key)); cmd.arg(STANDARD.encode(ephemera_public_key));
let cmd_stdout = run_command_stdout(cmd)?; let cmd_stdout = run_command_stdout(cmd)?;
if cmd_stdout.starts_with("ok:SharedSecret:") { if cmd_stdout.starts_with("ok:SharedSecret:") {
@@ -121,9 +139,9 @@ fn parse_keypair_result(cmd_stdout: &str) -> XResult<KeyMaterial> {
if cmd_stdout.starts_with("ok:") { if cmd_stdout.starts_with("ok:") {
let result = cmd_stdout.chars().skip(3).collect::<String>(); let result = cmd_stdout.chars().skip(3).collect::<String>();
let parts = result.split(",").collect::<Vec<_>>(); let parts = result.split(",").collect::<Vec<_>>();
let public_key_point = STANDARD.decode(&parts[0])?; let public_key_point = STANDARD.decode(parts[0])?;
let public_key_der = STANDARD.decode(&parts[1])?; let public_key_der = STANDARD.decode(parts[1])?;
let private_key_representation = STANDARD.decode(&parts[2])?; let private_key_representation = STANDARD.decode(parts[2])?;
Ok(KeyMaterial { Ok(KeyMaterial {
public_key_point, public_key_point,
public_key_der, public_key_der,