hatter/swift-secure-enclave-tool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: updates

Browse Source
This commit is contained in:
Hatter Jiang
2025-04-28 23:12:27 +08:00
parent b590dd47f1
commit 4c09413ec5
1 changed files with 43 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
swift-secure-enclave-tool-v2.swift
View File

@@ -9,6 +9,34 @@ import CryptoKit
import Foundation import Foundation
import LocalAuthentication import LocalAuthentication
struct GenerateSecureEnclaveP256KeyPairRequest {
var controlFlag: String
}
func parseGenerateSecureEnclaveP256KeyPairRequest() -> GenerateSecureEnclaveP256KeyPairRequest? {
var controlFlagOpt: String?
let len = CommandLine.arguments.count;
if CommandLine.arguments.count > 2 {
var i = 2
while i < len {
let k = CommandLine.arguments[i];
if (k == "--control-flag") {
controlFlagOpt = CommandLine.arguments[i + 1]
i += 2
} else {
i += 1
}
}
}
guard let controlFlag = controlFlagOpt else {
exitError("parameter --control-flag required.")
return nil
}
return GenerateSecureEnclaveP256KeyPairRequest(
controlFlag: controlFlag
)
}
struct ErrorResponse: Codable { struct ErrorResponse: Codable {
var success: Bool var success: Bool
var error: String var error: String
@@ -76,9 +104,10 @@ func isSupportSecureEnclave() -> SupportSecureEnclaveResponse {
return SupportSecureEnclaveResponse(success: true, supported: SecureEnclave.isAvailable) return SupportSecureEnclaveResponse(success: true, supported: SecureEnclave.isAvailable)
} }
func generateSecureEnclaveP256KeyPair(sign: Bool, controlFlag: String) -> GenerateSecureEnclaveP256KeyPairResponse? { func generateSecureEnclaveP256KeyPair(sign: Bool, request: GenerateSecureEnclaveP256KeyPairRequest) -> GenerateSecureEnclaveP256KeyPairResponse? {
var error: Unmanaged<CFError>? = nil var error: Unmanaged<CFError>? = nil
let accessControlCreateFlags: SecAccessControlCreateFlags let accessControlCreateFlags: SecAccessControlCreateFlags
let controlFlag = request.controlFlag
if (controlFlag == "none") { if (controlFlag == "none") {
accessControlCreateFlags = [.privateKeyUsage] accessControlCreateFlags = [.privateKeyUsage]
} else if (controlFlag == "userPresence") { } else if (controlFlag == "userPresence") {
@@ -263,17 +292,13 @@ if (command == "is_support_secure_enclave") {
} }
if (command == "generate_p256_ecsign_keypair") { if (command == "generate_p256_ecsign_keypair") {
if (CommandLine.arguments.count != 3) { let request = parseGenerateSecureEnclaveP256KeyPairRequest()!;
exitError("require two arguments") exitOkWithJson(generateSecureEnclaveP256KeyPair(sign: true, request: request))
}
exitOkWithJson(generateSecureEnclaveP256KeyPair(sign: true, controlFlag: CommandLine.arguments[2]))
} }
if (command == "generate_p256_ecdh_keypair") { if (command == "generate_p256_ecdh_keypair") {
if (CommandLine.arguments.count != 3) { let request = parseGenerateSecureEnclaveP256KeyPairRequest()!;
exitError("require two arguments") exitOkWithJson(generateSecureEnclaveP256KeyPair(sign: false, request: request))
}
exitOkWithJson(generateSecureEnclaveP256KeyPair(sign: false, controlFlag: CommandLine.arguments[2]))
} }
if (command == "recover_p256_ecsign_public_key") { if (command == "recover_p256_ecsign_public_key") {
@@ -324,33 +349,6 @@ if (command == "version") {
exitOkWithJson(VersionResponse(success: true, version: "2.0.0-20250428")) exitOkWithJson(VersionResponse(success: true, version: "2.0.0-20250428"))
} }
struct GenerateSecureEnclaveP256KeyPairRequest {
var controlFlag: String
}
func parseGenerateSecureEnclaveP256KeyPairRequest() -> GenerateSecureEnclaveP256KeyPairRequest? {
var controlFlagOpt: String?
let len = CommandLine.arguments.count;
if CommandLine.arguments.count > 2 {
var i = 2
while i < len {
let k = CommandLine.arguments[i];
if (k == "--control-flag") {
controlFlagOpt = CommandLine.arguments[i + 1]
i += 1
}
}
}
guard let controlFlag = controlFlagOpt else {
exitError("parameter --control-flag required.")
return nil
}
return GenerateSecureEnclaveP256KeyPairRequest(
controlFlag: controlFlag
)
}
struct ComputeP256EcSignRequest { struct ComputeP256EcSignRequest {
var dataRepresentationBase64: String var dataRepresentationBase64: String
var messageBase64: String var messageBase64: String
@@ -366,9 +364,11 @@ func parseComputeP256EcSignRequest() -> ComputeP256EcSignRequest? {
let k = CommandLine.arguments[i]; let k = CommandLine.arguments[i];
if (k == "--data-representation-base64" || k == "--private-key") { if (k == "--data-representation-base64" || k == "--private-key") {
dataRepresentationBase64Opt = CommandLine.arguments[i + 1] dataRepresentationBase64Opt = CommandLine.arguments[i + 1]
i += 1 i += 2
} else if (k == "--message-base64") { } else if (k == "--message-base64") {
messageBase64Opt = CommandLine.arguments[i + 1] messageBase64Opt = CommandLine.arguments[i + 1]
i += 2
} else {
i += 1 i += 1
} }
} }
@@ -388,22 +388,23 @@ func parseComputeP256EcSignRequest() -> ComputeP256EcSignRequest? {
} }
if (command == "help") { if (command == "help") {
print("swift-secure-enclave-tool-v2 <command>") print("swift-secure-enclave-tool-v2 <command> [parameters]")
print("help - print help") print("help - print help")
print("version - print version") print("version - print version")
print("is_support_secure_enclave - is Secure Enclave supported") print("is_support_secure_enclave - is Secure Enclave supported")
print("generate_p256_ecsign_keypair <controlFlag> - generate Secure Enclave P256 EC sign key pair") print("generate_p256_ecsign_keypair --control-flag <> - generate Secure Enclave P256 EC sign key pair")
print("generate_p256_ecdh_keypair <controlFlag> - generate Secure Enclave P256 EC DH key pair") print("generate_p256_ecdh_keypair --control-flag <> - generate Secure Enclave P256 EC DH key pair")
print("recover_p256_ecsign_public_key <privateKey> - recover Secure Enclave P256 EC sign key pair") print("recover_p256_ecsign_public_key <privateKey> - recover Secure Enclave P256 EC sign key pair")
print("recover_p256_ecdh_public_key <privateKey> - recover Secure Enclave P256 EC DH key pair") print("recover_p256_ecdh_public_key <privateKey> - recover Secure Enclave P256 EC DH key pair")
print("compute_p256_ecsign <privateKey> <content> - compure Secure Enclave P256 EC sign") print("compute_p256_ecsign <privateKey> <content> - compure Secure Enclave P256 EC sign")
print("compute_p256_ecdh <privateKey> <ephemeraPublicKey> - compure Secure Enclave P256 EC DH") print("compute_p256_ecdh <privateKey> <ephemeraPublicKey> - compure Secure Enclave P256 EC DH")
print("external_spec - external specification") print("external_spec - external specification")
print("external_public_key --parameter <parameter> - external public key") print("external_public_key --parameter <parameter> - external public key")
print("external_sign --parameter <parameter> --alg <alg> --message-base64 <message-in-base64> - external sign") print("external_sign - external sign")
// print("external_sign --parameter <parameter> --alg <alg> --message-base64 <message-in-base64> - external sign")
print() print()
print("options:") print("options:")
print("> controlFlag - none, userPresence, devicePasscode, biometryAny, biometryCurrentSet") print("> --control-flag - none, userPresence, devicePasscode, biometryAny, biometryCurrentSet")
print("> privateKey - private key representation (dataRepresentationBase64)") print("> privateKey - private key representation (dataRepresentationBase64)")
print("> content - content in base64") print("> content - content in base64")
print("> ephemeraPublicKey - public key der in base64") print("> ephemeraPublicKey - public key der in base64")