hatter/swift-secure-enclave-tool-rs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: v1.2.3

Browse Source
This commit is contained in:
Hatter Jiang
2025-08-24 16:16:16 +08:00
parent bbc4cc0c33
commit c629e179b3
2 changed files with 44 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package]
name = "swift-secure-enclave-tool-rs"
version = "1.2.2"
version = "1.2.3"
edition = "2024"
authors = ["Hatter Jiang"]
repository = "https://git.hatter.ink/hatter/swift-secure-enclave-tool-rs"
@@ -12,6 +12,6 @@ categories = ["cryptography"]
[dependencies]
hex = "0.4.3"
base64 = "0.22.1"
rust_util = "0.6.47"
rust_util = "0.6.49"
serde = { version = "1.0.219", features = ["derive"] }
serde_json = "1.0.140"

55
src/lib.rs
View File

@@ -1,11 +1,12 @@
use base64::Engine;
use base64::engine::general_purpose::STANDARD;
use rust_util::{XResult, debugging, opt_result, simple_error};
use rust_util::{XResult, debugging, opt_result, simple_error, util_env};
use serde::{Deserialize, de};
use serde_json::Value;
use std::process::{Command, Output};
const SWIFT_SECURE_ENCLAVE_TOOL_CMD: &str = "swift-secure-enclave-tool-v2";
const ENV_SWIFT_SECURE_ENCLAVE_TOOL_CMD_KEY: &str = "SWIFT_SECURE_ENCLAVE_TOOL_CMD";
const DEFAULT_SWIFT_SECURE_ENCLAVE_TOOL_CMD: &str = "swift-secure-enclave-tool-v2";
#[derive(Debug, Clone, Copy)]
pub enum KeyPurpose {
@@ -36,7 +37,10 @@ impl ControlFlag {
#[derive(Debug, Clone, Copy, Eq, PartialEq)]
pub enum DigestType {
Raw, Sha256, Sha384, Sha512,
Raw,
Sha256,
Sha384,
Sha512,
}
impl DigestType {
@@ -64,7 +68,9 @@ impl DigestType {
Some("sha256") => DigestType::Sha256,
Some("sha384") => DigestType::Sha384,
Some("sha512") => DigestType::Sha512,
Some(other_digest_type) => return simple_error!("Invalid digest type: {}", other_digest_type),
Some(other_digest_type) => {
return simple_error!("Invalid digest type: {}", other_digest_type);
}
})
}
}
@@ -129,7 +135,7 @@ struct ExternalPublicKey {
}
pub fn is_secure_enclave_supported() -> XResult<bool> {
let mut cmd = Command::new(SWIFT_SECURE_ENCLAVE_TOOL_CMD);
let mut cmd = Command::new(get_swift_secure_enclave_tool_cmd());
cmd.arg("is_support_secure_enclave");
let cmd_stdout = run_command_stdout(cmd)?;
@@ -146,7 +152,7 @@ pub fn generate_keypair(
key_purpose: KeyPurpose,
control_flag: ControlFlag,
) -> XResult<KeyMaterial> {
let mut cmd = Command::new(SWIFT_SECURE_ENCLAVE_TOOL_CMD);
let mut cmd = Command::new(get_swift_secure_enclave_tool_cmd());
cmd.arg(match key_purpose {
KeyPurpose::Signing => "generate_p256_ecsign_keypair",
KeyPurpose::KeyAgreement => "generate_p256_ecdh_keypair",
@@ -162,7 +168,7 @@ pub fn recover_keypair(
key_purpose: KeyPurpose,
private_key_representation: &[u8],
) -> XResult<KeyMaterial> {
let mut cmd = Command::new(SWIFT_SECURE_ENCLAVE_TOOL_CMD);
let mut cmd = Command::new(get_swift_secure_enclave_tool_cmd());
cmd.arg(match key_purpose {
KeyPurpose::Signing => "recover_p256_ecsign_public_key",
KeyPurpose::KeyAgreement => "recover_p256_ecdh_public_key",
@@ -178,8 +184,12 @@ pub fn private_key_sign(private_key_representation: &[u8], content: &[u8]) -> XR
private_key_sign_digested(private_key_representation, content, DigestType::Raw)
}
pub fn private_key_sign_digested(private_key_representation: &[u8], content: &[u8], digest_type: DigestType) -> XResult<Vec<u8>> {
let mut cmd = Command::new(SWIFT_SECURE_ENCLAVE_TOOL_CMD);
pub fn private_key_sign_digested(
private_key_representation: &[u8],
content: &[u8],
digest_type: DigestType,
) -> XResult<Vec<u8>> {
let mut cmd = Command::new(get_swift_secure_enclave_tool_cmd());
cmd.arg("compute_p256_ecsign");
cmd.arg("--private-key");
cmd.arg(STANDARD.encode(private_key_representation));
@@ -199,7 +209,7 @@ pub fn private_key_ecdh(
private_key_representation: &[u8],
ephemera_public_key: &[u8],
) -> XResult<Vec<u8>> {
let mut cmd = Command::new(SWIFT_SECURE_ENCLAVE_TOOL_CMD);
let mut cmd = Command::new(get_swift_secure_enclave_tool_cmd());
cmd.arg("compute_p256_ecdh");
cmd.arg("--private-key");
cmd.arg(STANDARD.encode(private_key_representation));
@@ -210,7 +220,12 @@ pub fn private_key_ecdh(
parse_ecdh_result(&cmd_stdout)
}
pub fn external_sign(external_command: &str, parameter: &str, alg: &str, content: &[u8]) -> XResult<Vec<u8>> {
pub fn external_sign(
external_command: &str,
parameter: &str,
alg: &str,
content: &[u8],
) -> XResult<Vec<u8>> {
let mut cmd = Command::new(external_command);
cmd.arg("external_sign");
cmd.arg("--parameter");
@@ -224,7 +239,11 @@ pub fn external_sign(external_command: &str, parameter: &str, alg: &str, content
parse_sign_result(&cmd_stdout)
}
pub fn external_ecdh(external_command: &str, parameter: &str, ephemera_public_key: &[u8]) -> XResult<Vec<u8>> {
pub fn external_ecdh(
external_command: &str,
parameter: &str,
ephemera_public_key: &[u8],
) -> XResult<Vec<u8>> {
let mut cmd = Command::new(external_command);
cmd.arg("external_ecdh");
cmd.arg("--parameter");
@@ -282,7 +301,12 @@ fn run_command(mut cmd: Command) -> XResult<Output> {
if !output.status.success() {
let stderr = String::from_utf8_lossy(&output.stderr);
let stdout = String::from_utf8_lossy(&output.stdout);
simple_error!("Run command not success: {:?}\n - stdout: {}\n - stderr: {}", output.status.code(), stdout, stderr)
simple_error!(
"Run command not success: {:?}\n - stdout: {}\n - stderr: {}",
output.status.code(),
stdout,
stderr
)
} else {
Ok(output)
}
@@ -353,3 +377,8 @@ fn is_success(cmd_stdout: &str) -> XResult<bool> {
}
simple_error!("Bad result: {}", cmd_stdout)
}
fn get_swift_secure_enclave_tool_cmd() -> String {
util_env::env_var(ENV_SWIFT_SECURE_ENCLAVE_TOOL_CMD_KEY)
.unwrap_or_else(|| DEFAULT_SWIFT_SECURE_ENCLAVE_TOOL_CMD.to_string())
}