hatter/swift-secure-enclave-tool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: updates swift se toolv2

Browse Source
This commit is contained in:
Hatter Jiang
2025-10-16 09:12:23 +08:00
parent a652fff501
commit 260fd1e3c4
2 changed files with 35 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -3,3 +3,9 @@
> Specification: https://openwebstandard.org/rfc1 > Specification: https://openwebstandard.org/rfc1
Swift Secure Enclave Tool Swift Secure Enclave Tool
Disable PQC algorithms:
```shell
swiftc -D DISABLE_QPC swift-secure-enclave-tool-v2.swift
```

32
swift-secure-enclave-tool-v2.swift
View File

@@ -410,6 +410,8 @@ func generateSecureEnclaveP256KeyPair(sign: Bool, request: GenerateSecureEnclave
} }
} }
#if DISABLE_QPC
#else
func generateSecureEnclaveMlKemKeyPair(keyLen: Int, request: GenerateSecureEnclaveKeyPairRequest) -> GenerateSecureEnclaveMlKemKeyPairResponse? { func generateSecureEnclaveMlKemKeyPair(keyLen: Int, request: GenerateSecureEnclaveKeyPairRequest) -> GenerateSecureEnclaveMlKemKeyPairResponse? {
guard let accessCtrl = getSecAccessControlCreateWithFlags(controlFlag: request.controlFlag) else { guard let accessCtrl = getSecAccessControlCreateWithFlags(controlFlag: request.controlFlag) else {
return nil return nil
@@ -434,6 +436,7 @@ func generateSecureEnclaveMlKemKeyPair(keyLen: Int, request: GenerateSecureEncla
return nil return nil
} }
} }
#endif
func signingPrivateKeyToResponse(_ privateKeyReference: SecureEnclave.P256.Signing.PrivateKey) -> GenerateSecureEnclaveP256KeyPairResponse { func signingPrivateKeyToResponse(_ privateKeyReference: SecureEnclave.P256.Signing.PrivateKey) -> GenerateSecureEnclaveP256KeyPairResponse {
let publicKeyPointBase64 = privateKeyReference.publicKey.x963Representation.base64EncodedString() let publicKeyPointBase64 = privateKeyReference.publicKey.x963Representation.base64EncodedString()
@@ -459,6 +462,8 @@ func keyAgreementPrivateKeyToResponse(_ privateKeyReference: SecureEnclave.P256.
) )
} }
#if DISABLE_QPC
#else
func mlKem768PrivateKeyToResponse(_ privateKeyReference: SecureEnclave.MLKEM768.PrivateKey) -> GenerateSecureEnclaveMlKemKeyPairResponse { func mlKem768PrivateKeyToResponse(_ privateKeyReference: SecureEnclave.MLKEM768.PrivateKey) -> GenerateSecureEnclaveMlKemKeyPairResponse {
let publicKeyDerBase64 = privateKeyReference.publicKey.rawRepresentation.base64EncodedString() let publicKeyDerBase64 = privateKeyReference.publicKey.rawRepresentation.base64EncodedString()
let dataRepresentationBase64 = privateKeyReference.dataRepresentation.base64EncodedString() let dataRepresentationBase64 = privateKeyReference.dataRepresentation.base64EncodedString()
@@ -478,6 +483,7 @@ func mlKem1024PrivateKeyToResponse(_ privateKeyReference: SecureEnclave.MLKEM102
data_representation_base64: dataRepresentationBase64 data_representation_base64: dataRepresentationBase64
) )
} }
#endif
func recoverSecureEnclaveP256PublicKey(request: RecoverSecureEnclavePublicKeyRequest, sign: Bool) -> GenerateSecureEnclaveP256KeyPairResponse? { func recoverSecureEnclaveP256PublicKey(request: RecoverSecureEnclavePublicKeyRequest, sign: Bool) -> GenerateSecureEnclaveP256KeyPairResponse? {
guard let privateKeyDataRepresentation = Data( guard let privateKeyDataRepresentation = Data(
@@ -507,6 +513,8 @@ func recoverSecureEnclaveP256PublicKey(request: RecoverSecureEnclavePublicKeyReq
} }
} }
#if DISABLE_QPC
#else
func recoverSecureEnclaveMlKemPublicKey(request: RecoverSecureEnclavePublicKeyRequest, keyLen: Int) -> GenerateSecureEnclaveMlKemKeyPairResponse? { func recoverSecureEnclaveMlKemPublicKey(request: RecoverSecureEnclavePublicKeyRequest, keyLen: Int) -> GenerateSecureEnclaveMlKemKeyPairResponse? {
guard let privateKeyDataRepresentation = Data( guard let privateKeyDataRepresentation = Data(
base64Encoded: request.dataRepresentationBase64 base64Encoded: request.dataRepresentationBase64
@@ -537,6 +545,7 @@ func recoverSecureEnclaveMlKemPublicKey(request: RecoverSecureEnclavePublicKeyRe
return nil return nil
} }
} }
#endif
func computeSecureEnclaveP256Ecsign(request: ComputeP256EcSignRequest) -> ComputeSecureEnclaveP256EcsignResponse? { func computeSecureEnclaveP256Ecsign(request: ComputeP256EcSignRequest) -> ComputeSecureEnclaveP256EcsignResponse? {
guard let privateKeyDataRepresentation = Data( guard let privateKeyDataRepresentation = Data(
@@ -630,6 +639,8 @@ func computeSecureEnclaveP256Ecdh(request: ComputeEcdhRequest) -> ComputeSecureE
} }
} }
#if DISABLE_QPC
#else
func computeSecureEnclaveMlKemEcdh(request: ComputeEcdhRequest, keyLen: Int) -> ComputeSecureEnclaveEcdhResponse? { func computeSecureEnclaveMlKemEcdh(request: ComputeEcdhRequest, keyLen: Int) -> ComputeSecureEnclaveEcdhResponse? {
guard let privateKeyDataRepresentation = Data( guard let privateKeyDataRepresentation = Data(
base64Encoded: request.dataRepresentationBase64 base64Encoded: request.dataRepresentationBase64
@@ -676,6 +687,7 @@ func computeSecureEnclaveMlKemEcdh(request: ComputeEcdhRequest, keyLen: Int) ->
return nil return nil
} }
} }
#endif
func externalSpec() -> ExternalSpecResponse { func externalSpec() -> ExternalSpecResponse {
return ExternalSpecResponse( return ExternalSpecResponse(
@@ -706,6 +718,8 @@ if (command == "generate_p256_ecdh_keypair") {
exitOkWithJson(generateSecureEnclaveP256KeyPair(sign: false, request: request)) exitOkWithJson(generateSecureEnclaveP256KeyPair(sign: false, request: request))
} }
#if DISABLE_QPC
#else
if (command == "generate_mlkem768_ecdh_keypair") { if (command == "generate_mlkem768_ecdh_keypair") {
let request = parseGenerateSecureEnclaveKeyPairRequest()!; let request = parseGenerateSecureEnclaveKeyPairRequest()!;
exitOkWithJson(generateSecureEnclaveMlKemKeyPair(keyLen: 768, request: request)) exitOkWithJson(generateSecureEnclaveMlKemKeyPair(keyLen: 768, request: request))
@@ -715,6 +729,7 @@ if (command == "generate_mlkem1024_ecdh_keypair") {
let request = parseGenerateSecureEnclaveKeyPairRequest()!; let request = parseGenerateSecureEnclaveKeyPairRequest()!;
exitOkWithJson(generateSecureEnclaveMlKemKeyPair(keyLen: 1024, request: request)) exitOkWithJson(generateSecureEnclaveMlKemKeyPair(keyLen: 1024, request: request))
} }
#endif
if (command == "recover_p256_ecsign_public_key") { if (command == "recover_p256_ecsign_public_key") {
let request = parseRecoverSecureEnclavePublicKeyRequest()! let request = parseRecoverSecureEnclavePublicKeyRequest()!
@@ -728,6 +743,8 @@ if (command == "recover_p256_ecdh_public_key") {
exitOkWithJson(response) exitOkWithJson(response)
} }
#if DISABLE_QPC
#else
if (command == "recover_mlkem768_public_key") { if (command == "recover_mlkem768_public_key") {
let request = parseRecoverSecureEnclavePublicKeyRequest()! let request = parseRecoverSecureEnclavePublicKeyRequest()!
let response = recoverSecureEnclaveMlKemPublicKey(request: request, keyLen: 768) let response = recoverSecureEnclaveMlKemPublicKey(request: request, keyLen: 768)
@@ -739,6 +756,7 @@ if (command == "recover_mlkem1024_public_key") {
let response = recoverSecureEnclaveMlKemPublicKey(request: request, keyLen: 1024) let response = recoverSecureEnclaveMlKemPublicKey(request: request, keyLen: 1024)
exitOkWithJson(response) exitOkWithJson(response)
} }
#endif
if (command == "compute_p256_ecsign") { if (command == "compute_p256_ecsign") {
let request = parseComputeP256EcSignRequest()!; let request = parseComputeP256EcSignRequest()!;
@@ -752,6 +770,8 @@ if (command == "compute_p256_ecdh") {
exitOkWithJson(response) exitOkWithJson(response)
} }
#if DISABLE_QPC
#else
if (command == "compute_mlkem768_ecdh") { if (command == "compute_mlkem768_ecdh") {
let request = parseComputeEcdhRequest()!; let request = parseComputeEcdhRequest()!;
let response = computeSecureEnclaveMlKemEcdh(request: request, keyLen: 768) let response = computeSecureEnclaveMlKemEcdh(request: request, keyLen: 768)
@@ -763,6 +783,7 @@ if (command == "compute_mlkem1024_ecdh") {
let response = computeSecureEnclaveMlKemEcdh(request: request, keyLen: 1024) let response = computeSecureEnclaveMlKemEcdh(request: request, keyLen: 1024)
exitOkWithJson(response) exitOkWithJson(response)
} }
#endif
if (command == "external_spec") { if (command == "external_spec") {
exitOkWithJson(externalSpec()) exitOkWithJson(externalSpec())
@@ -791,16 +812,19 @@ if (command == "help" || command == "-h" || command == "--help") {
print("is_support_secure_enclave - is Secure Enclave supported") print("is_support_secure_enclave - is Secure Enclave supported")
print("generate_p256_ecsign_keypair --control-flag <> - generate Secure Enclave P256 EC sign key pair") print("generate_p256_ecsign_keypair --control-flag <> - generate Secure Enclave P256 EC sign key pair")
print("generate_p256_ecdh_keypair --control-flag <> - generate Secure Enclave P256 EC DH key pair") print("generate_p256_ecdh_keypair --control-flag <> - generate Secure Enclave P256 EC DH key pair")
print("generate_mlkem768_ecdh_keypair --control-flag <> - generate Secure Enclave ML-KEM-768 key pair")
print("generate_mlkem1024_ecdh_keypair --control-flag <> - generate Secure Enclave ML-KEM-1024 key pair")
print("recover_p256_ecsign_public_key --private-key <> - recover Secure Enclave P256 EC sign key pair") print("recover_p256_ecsign_public_key --private-key <> - recover Secure Enclave P256 EC sign key pair")
print("recover_p256_ecdh_public_key --private-key <> - recover Secure Enclave P256 EC DH key pair") print("recover_p256_ecdh_public_key --private-key <> - recover Secure Enclave P256 EC DH key pair")
print("recover_mlkem768_public_key --private-key <> - recover Secure Enclave ML-KEM-768 key pair")
print("recover_mlkem1024_public_key --private-key <> - recover Secure Enclave ML-KEM-1024 key pair")
print("compute_p256_ecsign --private-key <> --message-base64 <> [--message-type <>] - compure Secure Enclave P256 EC sign") print("compute_p256_ecsign --private-key <> --message-base64 <> [--message-type <>] - compure Secure Enclave P256 EC sign")
print("compute_p256_ecdh --private-key <> --ephemera-public-key <> - compure Secure Enclave P256 EC DH") print("compute_p256_ecdh --private-key <> --ephemera-public-key <> - compure Secure Enclave P256 EC DH")
#if DISABLE_QPC
#else
print("generate_mlkem768_ecdh_keypair --control-flag <> - generate Secure Enclave ML-KEM-768 key pair")
print("generate_mlkem1024_ecdh_keypair --control-flag <> - generate Secure Enclave ML-KEM-1024 key pair")
print("recover_mlkem768_public_key --private-key <> - recover Secure Enclave ML-KEM-768 key pair")
print("recover_mlkem1024_public_key --private-key <> - recover Secure Enclave ML-KEM-1024 key pair")
print("compute_mlkem768_ecdh --private-key <> --ephemera-public-key <> - compure Secure Enclave ML-KEM-768") print("compute_mlkem768_ecdh --private-key <> --ephemera-public-key <> - compure Secure Enclave ML-KEM-768")
print("compute_mlkem1024_ecdh --private-key <> --ephemera-public-key <> - compure Secure Enclave ML-KEM-1024") print("compute_mlkem1024_ecdh --private-key <> --ephemera-public-key <> - compure Secure Enclave ML-KEM-1024")
#endif
print("external_spec - external specification") print("external_spec - external specification")
print("external_public_key --parameter <> - external public key") print("external_public_key --parameter <> - external public key")
print("external_sign --parameter <> --alg ES256 --message-base64 <> - external sign") print("external_sign --parameter <> --alg ES256 --message-base64 <> - external sign")