hatter/swift-secure-enclave-tool-rs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: v1.1.0, add external sign/ecdh support

Browse Source
This commit is contained in:
Hatter Jiang
2025-05-14 23:01:55 +08:00
parent f3bc06cc21
commit 800d94e5fb
4 changed files with 70 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package] [package]
name = "swift-secure-enclave-tool-rs" name = "swift-secure-enclave-tool-rs"
version = "1.0.0" version = "1.1.0"
edition = "2024" edition = "2024"
authors = ["Hatter Jiang"] authors = ["Hatter Jiang"]
repository = "https://git.hatter.ink/hatter/swift-secure-enclave-tool-rs" repository = "https://git.hatter.ink/hatter/swift-secure-enclave-tool-rs"

13
examples/external_ecdh.rs Normal file
View File

@@ -0,0 +1,13 @@
use base64::engine::general_purpose::STANDARD;
use base64::Engine;
use swift_secure_enclave_tool_rs::external_ecdh;
fn main() {
let args = std::env::args().collect::<Vec<_>>();
let parameter = &args[1];
let epk = STANDARD.decode(&args[2]).unwrap();
let shared_secret = external_ecdh("card-cli", parameter, &epk).unwrap();
println!("{}", hex::encode(&shared_secret));
}

10
examples/external_sign.rs Normal file
View File

@@ -0,0 +1,10 @@
use swift_secure_enclave_tool_rs::external_sign;
fn main() {
let args = std::env::args().collect::<Vec<_>>();
let parameter = &args[1];
let signature = external_sign("card-cli", parameter, "ES256", b"hello world").unwrap();
println!("{}", hex::encode(&signature));
}

58
src/lib.rs
View File

@@ -133,14 +133,7 @@ pub fn private_key_sign(private_key_representation: &[u8], content: &[u8]) -> XR
cmd.arg(STANDARD.encode(content)); cmd.arg(STANDARD.encode(content));
let cmd_stdout = run_command_stdout(cmd)?; let cmd_stdout = run_command_stdout(cmd)?;
parse_sign_result(&cmd_stdout)
if is_success(&cmd_stdout)? {
let sign_result: SignResult = from_str(&cmd_stdout)?;
Ok(STANDARD.decode(&sign_result.signature_base64)?)
} else {
let error_result: ErrorResult = from_str(&cmd_stdout)?;
simple_error!("{}", error_result.error)
}
} }
// ephemera_public_key MUST be DER format public key // ephemera_public_key MUST be DER format public key
@@ -156,12 +149,51 @@ pub fn private_key_ecdh(
cmd.arg(STANDARD.encode(ephemera_public_key)); cmd.arg(STANDARD.encode(ephemera_public_key));
let cmd_stdout = run_command_stdout(cmd)?; let cmd_stdout = run_command_stdout(cmd)?;
parse_dh_result(&cmd_stdout)
}
if is_success(&cmd_stdout)? { pub fn external_sign(external_command: &str, parameter: &str, alg: &str, content: &[u8]) -> XResult<Vec<u8>> {
let dh_result: DhResult = from_str(&cmd_stdout)?; let mut cmd = Command::new(external_command);
cmd.arg("external_sign");
cmd.arg("--parameter");
cmd.arg(parameter);
cmd.arg("--alg");
cmd.arg(alg);
cmd.arg("--message-base64");
cmd.arg(STANDARD.encode(content));
let cmd_stdout = run_command_stdout(cmd)?;
parse_sign_result(&cmd_stdout)
}
pub fn external_ecdh(external_command: &str, parameter: &str, ephemera_public_key: &[u8]) -> XResult<Vec<u8>> {
let mut cmd = Command::new(external_command);
cmd.arg("external_ecdh");
cmd.arg("--parameter");
cmd.arg(parameter);
cmd.arg("--epk");
cmd.arg(STANDARD.encode(ephemera_public_key));
let cmd_stdout = run_command_stdout(cmd)?;
parse_dh_result(&cmd_stdout)
}
fn parse_sign_result(stdout: &str) -> XResult<Vec<u8>> {
if is_success(stdout)? {
let sign_result: SignResult = from_str(stdout)?;
Ok(STANDARD.decode(&sign_result.signature_base64)?)
} else {
let error_result: ErrorResult = from_str(stdout)?;
simple_error!("{}", error_result.error)
}
}
fn parse_dh_result(stdout: &str) -> XResult<Vec<u8>> {
if is_success(stdout)? {
let dh_result: DhResult = from_str(stdout)?;
Ok(hex::decode(&dh_result.shared_secret_hex)?) Ok(hex::decode(&dh_result.shared_secret_hex)?)
} else { } else {
let error_result: ErrorResult = from_str(&cmd_stdout)?; let error_result: ErrorResult = from_str(stdout)?;
simple_error!("{}", error_result.error) simple_error!("{}", error_result.error)
} }
} }
@@ -180,7 +212,9 @@ fn run_command(mut cmd: Command) -> XResult<Output> {
Ok(output) => { Ok(output) => {
debugging!("Output: {:?}", output); debugging!("Output: {:?}", output);
if !output.status.success() { if !output.status.success() {
simple_error!("Run command not success: {:?}", output.status.code()) let stderr = String::from_utf8_lossy(&output.stderr);
let stdout = String::from_utf8_lossy(&output.stdout);
simple_error!("Run command not success: {:?}\n - stdout: {}\n - stderr: {}", output.status.code(), stdout, stderr)
} else { } else {
Ok(output) Ok(output)
} }