feat: updates

examples/private_ecdh.rs

@@ -5,7 +5,7 @@ use swift_secure_enclave_tool_rs::private_key_ecdh;
 fn main() {
     let args = std::env::args().collect::<Vec<_>>();
     let private_key_representation = STANDARD.decode(&args[1]).unwrap();
-    let epk = hex::decode(&args[2]).unwrap();
+    let epk = STANDARD.decode(&args[2]).unwrap();
 
     let shared_secret = private_key_ecdh(&private_key_representation, &epk).unwrap();
 

src/lib.rs

@@ -1,6 +1,6 @@
-use base64::Engine;
 use base64::engine::general_purpose::STANDARD;
-use rust_util::{XResult, debugging, opt_result, simple_error};
+use base64::Engine;
+use rust_util::{debugging, opt_result, simple_error, XResult};
 use std::process::{Command, Output};
 
 const SWIFT_SECURE_ENCLAVE_TOOL_CMD: &str = "swift-secure-enclave-tool";
@@ -76,6 +76,7 @@ pub fn private_key_ecdsa_sign(
     }
 }
 
+// ephemera_public_key MUST be DER format public key
 pub fn private_key_ecdh(
     private_key_representation: &[u8],
     ephemera_public_key: &[u8],
@@ -86,9 +87,9 @@ pub fn private_key_ecdh(
     cmd.arg(&STANDARD.encode(ephemera_public_key));
 
     let cmd_stdout = run_command_stdout(cmd)?;
-    if cmd_stdout.starts_with("ok:") {
-        let result = cmd_stdout.chars().skip(3).collect::<String>();
-        Ok(STANDARD.decode(result)?)
+    if cmd_stdout.starts_with("ok:SharedSecret:") {
+        let result = cmd_stdout.chars().skip(16).collect::<String>();
+        Ok(hex::decode(result.trim())?)
     } else {
         simple_error!("Invalid compute_p256_ecdh result: {}", cmd_stdout)
     }