diff --git a/swift-secure-enclave-tool-v2.swift b/swift-secure-enclave-tool-v2.swift index bdbc563..dd0b0cc 100644 --- a/swift-secure-enclave-tool-v2.swift +++ b/swift-secure-enclave-tool-v2.swift @@ -9,6 +9,34 @@ import CryptoKit import Foundation import LocalAuthentication +struct GenerateSecureEnclaveP256KeyPairRequest { + var controlFlag: String +} + +func parseGenerateSecureEnclaveP256KeyPairRequest() -> GenerateSecureEnclaveP256KeyPairRequest? { + var controlFlagOpt: String? + let len = CommandLine.arguments.count; + if CommandLine.arguments.count > 2 { + var i = 2 + while i < len { + let k = CommandLine.arguments[i]; + if (k == "--control-flag") { + controlFlagOpt = CommandLine.arguments[i + 1] + i += 2 + } else { + i += 1 + } + } + } + guard let controlFlag = controlFlagOpt else { + exitError("parameter --control-flag required.") + return nil + } + return GenerateSecureEnclaveP256KeyPairRequest( + controlFlag: controlFlag + ) +} + struct ErrorResponse: Codable { var success: Bool var error: String @@ -76,9 +104,10 @@ func isSupportSecureEnclave() -> SupportSecureEnclaveResponse { return SupportSecureEnclaveResponse(success: true, supported: SecureEnclave.isAvailable) } -func generateSecureEnclaveP256KeyPair(sign: Bool, controlFlag: String) -> GenerateSecureEnclaveP256KeyPairResponse? { +func generateSecureEnclaveP256KeyPair(sign: Bool, request: GenerateSecureEnclaveP256KeyPairRequest) -> GenerateSecureEnclaveP256KeyPairResponse? { var error: Unmanaged? = nil let accessControlCreateFlags: SecAccessControlCreateFlags + let controlFlag = request.controlFlag if (controlFlag == "none") { accessControlCreateFlags = [.privateKeyUsage] } else if (controlFlag == "userPresence") { @@ -263,17 +292,13 @@ if (command == "is_support_secure_enclave") { } if (command == "generate_p256_ecsign_keypair") { - if (CommandLine.arguments.count != 3) { - exitError("require two arguments") - } - exitOkWithJson(generateSecureEnclaveP256KeyPair(sign: true, controlFlag: CommandLine.arguments[2])) + let request = parseGenerateSecureEnclaveP256KeyPairRequest()!; + exitOkWithJson(generateSecureEnclaveP256KeyPair(sign: true, request: request)) } if (command == "generate_p256_ecdh_keypair") { - if (CommandLine.arguments.count != 3) { - exitError("require two arguments") - } - exitOkWithJson(generateSecureEnclaveP256KeyPair(sign: false, controlFlag: CommandLine.arguments[2])) + let request = parseGenerateSecureEnclaveP256KeyPairRequest()!; + exitOkWithJson(generateSecureEnclaveP256KeyPair(sign: false, request: request)) } if (command == "recover_p256_ecsign_public_key") { @@ -324,33 +349,6 @@ if (command == "version") { exitOkWithJson(VersionResponse(success: true, version: "2.0.0-20250428")) } - -struct GenerateSecureEnclaveP256KeyPairRequest { - var controlFlag: String -} - -func parseGenerateSecureEnclaveP256KeyPairRequest() -> GenerateSecureEnclaveP256KeyPairRequest? { - var controlFlagOpt: String? - let len = CommandLine.arguments.count; - if CommandLine.arguments.count > 2 { - var i = 2 - while i < len { - let k = CommandLine.arguments[i]; - if (k == "--control-flag") { - controlFlagOpt = CommandLine.arguments[i + 1] - i += 1 - } - } - } - guard let controlFlag = controlFlagOpt else { - exitError("parameter --control-flag required.") - return nil - } - return GenerateSecureEnclaveP256KeyPairRequest( - controlFlag: controlFlag - ) -} - struct ComputeP256EcSignRequest { var dataRepresentationBase64: String var messageBase64: String @@ -366,9 +364,11 @@ func parseComputeP256EcSignRequest() -> ComputeP256EcSignRequest? { let k = CommandLine.arguments[i]; if (k == "--data-representation-base64" || k == "--private-key") { dataRepresentationBase64Opt = CommandLine.arguments[i + 1] - i += 1 + i += 2 } else if (k == "--message-base64") { messageBase64Opt = CommandLine.arguments[i + 1] + i += 2 + } else { i += 1 } } @@ -388,22 +388,23 @@ func parseComputeP256EcSignRequest() -> ComputeP256EcSignRequest? { } if (command == "help") { - print("swift-secure-enclave-tool-v2 ") + print("swift-secure-enclave-tool-v2 [parameters]") print("help - print help") print("version - print version") print("is_support_secure_enclave - is Secure Enclave supported") - print("generate_p256_ecsign_keypair - generate Secure Enclave P256 EC sign key pair") - print("generate_p256_ecdh_keypair - generate Secure Enclave P256 EC DH key pair") + print("generate_p256_ecsign_keypair --control-flag <> - generate Secure Enclave P256 EC sign key pair") + print("generate_p256_ecdh_keypair --control-flag <> - generate Secure Enclave P256 EC DH key pair") print("recover_p256_ecsign_public_key - recover Secure Enclave P256 EC sign key pair") print("recover_p256_ecdh_public_key - recover Secure Enclave P256 EC DH key pair") print("compute_p256_ecsign - compure Secure Enclave P256 EC sign") print("compute_p256_ecdh - compure Secure Enclave P256 EC DH") print("external_spec - external specification") print("external_public_key --parameter - external public key") - print("external_sign --parameter --alg --message-base64 - external sign") + print("external_sign - external sign") + // print("external_sign --parameter --alg --message-base64 - external sign") print() print("options:") - print("> controlFlag - none, userPresence, devicePasscode, biometryAny, biometryCurrentSet") + print("> --control-flag - none, userPresence, devicePasscode, biometryAny, biometryCurrentSet") print("> privateKey - private key representation (dataRepresentationBase64)") print("> content - content in base64") print("> ephemeraPublicKey - public key der in base64")