diff --git a/Cargo.toml b/Cargo.toml index 26bf74e..bdfd9c8 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "swift-secure-enclave-tool-rs" -version = "1.2.2" +version = "1.2.3" edition = "2024" authors = ["Hatter Jiang"] repository = "https://git.hatter.ink/hatter/swift-secure-enclave-tool-rs" @@ -12,6 +12,6 @@ categories = ["cryptography"] [dependencies] hex = "0.4.3" base64 = "0.22.1" -rust_util = "0.6.47" +rust_util = "0.6.49" serde = { version = "1.0.219", features = ["derive"] } serde_json = "1.0.140" diff --git a/src/lib.rs b/src/lib.rs index 2dbf7d2..41e8a27 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,11 +1,12 @@ use base64::Engine; use base64::engine::general_purpose::STANDARD; -use rust_util::{XResult, debugging, opt_result, simple_error}; +use rust_util::{XResult, debugging, opt_result, simple_error, util_env}; use serde::{Deserialize, de}; use serde_json::Value; use std::process::{Command, Output}; -const SWIFT_SECURE_ENCLAVE_TOOL_CMD: &str = "swift-secure-enclave-tool-v2"; +const ENV_SWIFT_SECURE_ENCLAVE_TOOL_CMD_KEY: &str = "SWIFT_SECURE_ENCLAVE_TOOL_CMD"; +const DEFAULT_SWIFT_SECURE_ENCLAVE_TOOL_CMD: &str = "swift-secure-enclave-tool-v2"; #[derive(Debug, Clone, Copy)] pub enum KeyPurpose { @@ -36,7 +37,10 @@ impl ControlFlag { #[derive(Debug, Clone, Copy, Eq, PartialEq)] pub enum DigestType { - Raw, Sha256, Sha384, Sha512, + Raw, + Sha256, + Sha384, + Sha512, } impl DigestType { @@ -64,7 +68,9 @@ impl DigestType { Some("sha256") => DigestType::Sha256, Some("sha384") => DigestType::Sha384, Some("sha512") => DigestType::Sha512, - Some(other_digest_type) => return simple_error!("Invalid digest type: {}", other_digest_type), + Some(other_digest_type) => { + return simple_error!("Invalid digest type: {}", other_digest_type); + } }) } } @@ -129,7 +135,7 @@ struct ExternalPublicKey { } pub fn is_secure_enclave_supported() -> XResult { - let mut cmd = Command::new(SWIFT_SECURE_ENCLAVE_TOOL_CMD); + let mut cmd = Command::new(get_swift_secure_enclave_tool_cmd()); cmd.arg("is_support_secure_enclave"); let cmd_stdout = run_command_stdout(cmd)?; @@ -146,7 +152,7 @@ pub fn generate_keypair( key_purpose: KeyPurpose, control_flag: ControlFlag, ) -> XResult { - let mut cmd = Command::new(SWIFT_SECURE_ENCLAVE_TOOL_CMD); + let mut cmd = Command::new(get_swift_secure_enclave_tool_cmd()); cmd.arg(match key_purpose { KeyPurpose::Signing => "generate_p256_ecsign_keypair", KeyPurpose::KeyAgreement => "generate_p256_ecdh_keypair", @@ -162,7 +168,7 @@ pub fn recover_keypair( key_purpose: KeyPurpose, private_key_representation: &[u8], ) -> XResult { - let mut cmd = Command::new(SWIFT_SECURE_ENCLAVE_TOOL_CMD); + let mut cmd = Command::new(get_swift_secure_enclave_tool_cmd()); cmd.arg(match key_purpose { KeyPurpose::Signing => "recover_p256_ecsign_public_key", KeyPurpose::KeyAgreement => "recover_p256_ecdh_public_key", @@ -178,8 +184,12 @@ pub fn private_key_sign(private_key_representation: &[u8], content: &[u8]) -> XR private_key_sign_digested(private_key_representation, content, DigestType::Raw) } -pub fn private_key_sign_digested(private_key_representation: &[u8], content: &[u8], digest_type: DigestType) -> XResult> { - let mut cmd = Command::new(SWIFT_SECURE_ENCLAVE_TOOL_CMD); +pub fn private_key_sign_digested( + private_key_representation: &[u8], + content: &[u8], + digest_type: DigestType, +) -> XResult> { + let mut cmd = Command::new(get_swift_secure_enclave_tool_cmd()); cmd.arg("compute_p256_ecsign"); cmd.arg("--private-key"); cmd.arg(STANDARD.encode(private_key_representation)); @@ -199,7 +209,7 @@ pub fn private_key_ecdh( private_key_representation: &[u8], ephemera_public_key: &[u8], ) -> XResult> { - let mut cmd = Command::new(SWIFT_SECURE_ENCLAVE_TOOL_CMD); + let mut cmd = Command::new(get_swift_secure_enclave_tool_cmd()); cmd.arg("compute_p256_ecdh"); cmd.arg("--private-key"); cmd.arg(STANDARD.encode(private_key_representation)); @@ -210,7 +220,12 @@ pub fn private_key_ecdh( parse_ecdh_result(&cmd_stdout) } -pub fn external_sign(external_command: &str, parameter: &str, alg: &str, content: &[u8]) -> XResult> { +pub fn external_sign( + external_command: &str, + parameter: &str, + alg: &str, + content: &[u8], +) -> XResult> { let mut cmd = Command::new(external_command); cmd.arg("external_sign"); cmd.arg("--parameter"); @@ -224,7 +239,11 @@ pub fn external_sign(external_command: &str, parameter: &str, alg: &str, content parse_sign_result(&cmd_stdout) } -pub fn external_ecdh(external_command: &str, parameter: &str, ephemera_public_key: &[u8]) -> XResult> { +pub fn external_ecdh( + external_command: &str, + parameter: &str, + ephemera_public_key: &[u8], +) -> XResult> { let mut cmd = Command::new(external_command); cmd.arg("external_ecdh"); cmd.arg("--parameter"); @@ -282,7 +301,12 @@ fn run_command(mut cmd: Command) -> XResult { if !output.status.success() { let stderr = String::from_utf8_lossy(&output.stderr); let stdout = String::from_utf8_lossy(&output.stdout); - simple_error!("Run command not success: {:?}\n - stdout: {}\n - stderr: {}", output.status.code(), stdout, stderr) + simple_error!( + "Run command not success: {:?}\n - stdout: {}\n - stderr: {}", + output.status.code(), + stdout, + stderr + ) } else { Ok(output) } @@ -353,3 +377,8 @@ fn is_success(cmd_stdout: &str) -> XResult { } simple_error!("Bad result: {}", cmd_stdout) } + +fn get_swift_secure_enclave_tool_cmd() -> String { + util_env::env_var(ENV_SWIFT_SECURE_ENCLAVE_TOOL_CMD_KEY) + .unwrap_or_else(|| DEFAULT_SWIFT_SECURE_ENCLAVE_TOOL_CMD.to_string()) +}