From 65e5002b4d9718f6fd8c79c2193dc96bbc21d99b Mon Sep 17 00:00:00 2001 From: Hatter Jiang Date: Tue, 29 Apr 2025 00:36:33 +0800 Subject: [PATCH] feat: updates --- swift-secure-enclave-tool-v2.swift | 226 +++++++++++++++++------------ 1 file changed, 136 insertions(+), 90 deletions(-) diff --git a/swift-secure-enclave-tool-v2.swift b/swift-secure-enclave-tool-v2.swift index dd0b0cc..f429c70 100644 --- a/swift-secure-enclave-tool-v2.swift +++ b/swift-secure-enclave-tool-v2.swift @@ -37,6 +37,110 @@ func parseGenerateSecureEnclaveP256KeyPairRequest() -> GenerateSecureEnclaveP256 ) } +struct ComputeP256EcSignRequest { + var dataRepresentationBase64: String + var messageBase64: String +} + +func parseComputeP256EcSignRequest() -> ComputeP256EcSignRequest? { + var dataRepresentationBase64Opt: String? + var messageBase64Opt: String? + let len = CommandLine.arguments.count; + if CommandLine.arguments.count > 2 { + var i = 2 + while i < len { + let k = CommandLine.arguments[i]; + if (k == "--data-representation-base64" || k == "--private-key") { + dataRepresentationBase64Opt = CommandLine.arguments[i + 1] + i += 2 + } else if (k == "--message-base64") { + messageBase64Opt = CommandLine.arguments[i + 1] + i += 2 + } else { + i += 1 + } + } + } + guard let dataRepresentationBase64 = dataRepresentationBase64Opt else { + exitError("parameter --data-representation-base64 or --private-key required.") + return nil + } + guard let messageBase64 = messageBase64Opt else { + exitError("parameter --message-base64 required.") + return nil + } + return ComputeP256EcSignRequest( + dataRepresentationBase64: dataRepresentationBase64, + messageBase64: messageBase64 + ) +} + +struct ComputeP256EcdhRequest { + var dataRepresentationBase64: String + var ephemeraPublicKeyBase64: String +} + +func parseComputeP256EcdhRequest() -> ComputeP256EcdhRequest? { + var dataRepresentationBase64Opt: String? + var ephemeraPublicKeyBase64Opt: String? + let len = CommandLine.arguments.count; + if CommandLine.arguments.count > 2 { + var i = 2 + while i < len { + let k = CommandLine.arguments[i]; + if (k == "--data-representation-base64" || k == "--private-key") { + dataRepresentationBase64Opt = CommandLine.arguments[i + 1] + i += 2 + } else if (k == "--ephemera-public-key-base64" || k == "--ephemera-public-key") { + ephemeraPublicKeyBase64Opt = CommandLine.arguments[i + 1] + i += 2 + } else { + i += 1 + } + } + } + guard let dataRepresentationBase64 = dataRepresentationBase64Opt else { + exitError("parameter --data-representation-base64 or --private-key required.") + return nil + } + guard let ephemeraPublicKeyBase64 = ephemeraPublicKeyBase64Opt else { + exitError("parameter --ephemera-public-key-base64 required.") + return nil + } + return ComputeP256EcdhRequest( + dataRepresentationBase64: dataRepresentationBase64, + ephemeraPublicKeyBase64: ephemeraPublicKeyBase64 + ) +} + +struct RecoverSecureEnclaveP256PublicKeyRequest { + var dataRepresentationBase64: String +} + +func parseRecoverSecureEnclaveP256PublicKeyRequest() -> RecoverSecureEnclaveP256PublicKeyRequest? { + var dataRepresentationBase64Opt: String? + let len = CommandLine.arguments.count; + if CommandLine.arguments.count > 2 { + var i = 2 + while i < len { + let k = CommandLine.arguments[i]; + if (k == "--data-representation-base64" || k == "--private-key") { + dataRepresentationBase64Opt = CommandLine.arguments[i + 1] + i += 2 + } else { + i += 1 + } + } + } + guard let dataRepresentationBase64 = dataRepresentationBase64Opt else { + exitError("parameter --data-representation-base64 or --private-key required.") + return nil + } + return RecoverSecureEnclaveP256PublicKeyRequest( + dataRepresentationBase64: dataRepresentationBase64 + ) +} + struct ErrorResponse: Codable { var success: Bool var error: String @@ -173,13 +277,9 @@ func keyAgreementPrivateKeyToResponse(_ privateKeyReference: SecureEnclave.P256. ) } -func recoverSecureEnclaveP256PublicKeyEcsign(privateKeyDataRepresentation: String) -> GenerateSecureEnclaveP256KeyPairResponse? { - return recoverSecureEnclaveP256PublicKey(privateKeyDataRepresentation: privateKeyDataRepresentation, sign: true) -} - -func recoverSecureEnclaveP256PublicKey(privateKeyDataRepresentation: String, sign: Bool) -> GenerateSecureEnclaveP256KeyPairResponse? { +func recoverSecureEnclaveP256PublicKey(request: RecoverSecureEnclaveP256PublicKeyRequest, sign: Bool) -> GenerateSecureEnclaveP256KeyPairResponse? { guard let privateKeyDataRepresentation = Data( - base64Encoded: privateKeyDataRepresentation + base64Encoded: request.dataRepresentationBase64 ) else { exitError("private key base64 decode failed") return nil @@ -205,15 +305,15 @@ func recoverSecureEnclaveP256PublicKey(privateKeyDataRepresentation: String, sig } } -func computeSecureEnclaveP256Ecsign(privateKeyDataRepresentation: String, content: String) -> ComputeSecureEnclaveP256EcsignResponse? { +func computeSecureEnclaveP256Ecsign(request: ComputeP256EcSignRequest) -> ComputeSecureEnclaveP256EcsignResponse? { guard let privateKeyDataRepresentation = Data( - base64Encoded: privateKeyDataRepresentation + base64Encoded: request.dataRepresentationBase64 ) else { exitError("private key base64 decode failed") return nil } guard let contentData = Data( - base64Encoded: content + base64Encoded: request.messageBase64 ) else { exitError("content base64 decode failed") return nil @@ -238,15 +338,15 @@ func computeSecureEnclaveP256Ecsign(privateKeyDataRepresentation: String, conten } } -func computeSecureEnclaveP256Ecdh(privateKeyDataRepresentation: String, ephemeraPublicKey: String) -> ComputeSecureEnclaveP256EcdhResponse? { +func computeSecureEnclaveP256Ecdh(request: ComputeP256EcdhRequest) -> ComputeSecureEnclaveP256EcdhResponse? { guard let privateKeyDataRepresentation = Data( - base64Encoded: privateKeyDataRepresentation + base64Encoded: request.dataRepresentationBase64 ) else { exitError("private key base64 decode failed") return nil } guard let ephemeralPublicKeyRepresentation = Data( - base64Encoded: ephemeraPublicKey + base64Encoded: request.ephemeraPublicKeyBase64 ) else { exitError("ephemeral public key base64 decode failed") return nil @@ -302,42 +402,26 @@ if (command == "generate_p256_ecdh_keypair") { } if (command == "recover_p256_ecsign_public_key") { - if (CommandLine.arguments.count != 3) { - exitError("require two arguments") - } - let response = recoverSecureEnclaveP256PublicKey( - privateKeyDataRepresentation: CommandLine.arguments[2], sign: true) + let request = parseRecoverSecureEnclaveP256PublicKeyRequest()! + let response = recoverSecureEnclaveP256PublicKey(request: request, sign: true) exitOkWithJson(response) } if (command == "recover_p256_ecdh_public_key") { - if (CommandLine.arguments.count != 3) { - exitError("require two arguments") - } - let response = recoverSecureEnclaveP256PublicKey( - privateKeyDataRepresentation: CommandLine.arguments[2], sign: false) + let request = parseRecoverSecureEnclaveP256PublicKeyRequest()! + let response = recoverSecureEnclaveP256PublicKey(request: request, sign: false) exitOkWithJson(response) } if (command == "compute_p256_ecsign") { - if (CommandLine.arguments.count != 4) { - exitError("require three arguments") - } - let response = computeSecureEnclaveP256Ecsign( - privateKeyDataRepresentation: CommandLine.arguments[2], - content: CommandLine.arguments[3] - ) + let request = parseComputeP256EcSignRequest()!; + let response = computeSecureEnclaveP256Ecsign(request: request) exitOkWithJson(response) } if (command == "compute_p256_ecdh") { - if (CommandLine.arguments.count != 4) { - exitError("require three arguments") - } - let response = computeSecureEnclaveP256Ecdh( - privateKeyDataRepresentation: CommandLine.arguments[2], - ephemeraPublicKey: CommandLine.arguments[3] - ) + let request = parseComputeP256EcdhRequest()!; + let response = computeSecureEnclaveP256Ecdh(request: request) exitOkWithJson(response) } @@ -349,65 +433,27 @@ if (command == "version") { exitOkWithJson(VersionResponse(success: true, version: "2.0.0-20250428")) } -struct ComputeP256EcSignRequest { - var dataRepresentationBase64: String - var messageBase64: String -} - -func parseComputeP256EcSignRequest() -> ComputeP256EcSignRequest? { - var dataRepresentationBase64Opt: String? - var messageBase64Opt: String? - let len = CommandLine.arguments.count; - if CommandLine.arguments.count > 2 { - var i = 2 - while i < len { - let k = CommandLine.arguments[i]; - if (k == "--data-representation-base64" || k == "--private-key") { - dataRepresentationBase64Opt = CommandLine.arguments[i + 1] - i += 2 - } else if (k == "--message-base64") { - messageBase64Opt = CommandLine.arguments[i + 1] - i += 2 - } else { - i += 1 - } - } - } - guard let dataRepresentationBase64 = dataRepresentationBase64Opt else { - exitError("parameter --data-representation-base64 or --private-key required.") - return nil - } - guard let messageBase64 = messageBase64Opt else { - exitError("parameter --message-base64 required.") - return nil - } - return ComputeP256EcSignRequest( - dataRepresentationBase64: dataRepresentationBase64, - messageBase64: messageBase64 - ) -} - -if (command == "help") { +if (command == "help" || command == "-h" || command == "--help") { print("swift-secure-enclave-tool-v2 [parameters]") - print("help - print help") - print("version - print version") - print("is_support_secure_enclave - is Secure Enclave supported") - print("generate_p256_ecsign_keypair --control-flag <> - generate Secure Enclave P256 EC sign key pair") - print("generate_p256_ecdh_keypair --control-flag <> - generate Secure Enclave P256 EC DH key pair") - print("recover_p256_ecsign_public_key - recover Secure Enclave P256 EC sign key pair") - print("recover_p256_ecdh_public_key - recover Secure Enclave P256 EC DH key pair") - print("compute_p256_ecsign - compure Secure Enclave P256 EC sign") - print("compute_p256_ecdh - compure Secure Enclave P256 EC DH") - print("external_spec - external specification") - print("external_public_key --parameter - external public key") - print("external_sign - external sign") + print("help - print help") + print("version - print version") + print("is_support_secure_enclave - is Secure Enclave supported") + print("generate_p256_ecsign_keypair --control-flag <> - generate Secure Enclave P256 EC sign key pair") + print("generate_p256_ecdh_keypair --control-flag <> - generate Secure Enclave P256 EC DH key pair") + print("recover_p256_ecsign_public_key --private-key <> - recover Secure Enclave P256 EC sign key pair") + print("recover_p256_ecdh_public_key --private-key <> - recover Secure Enclave P256 EC DH key pair") + print("compute_p256_ecsign --private-key <> --message-base64 <> - compure Secure Enclave P256 EC sign") + print("compute_p256_ecdh --private-key <> --ephemera-public-key <> - compure Secure Enclave P256 EC DH") + print("external_spec - external specification") + print("external_public_key --parameter <> - external public key") + print("external_sign --parameter <> ... - external sign") // print("external_sign --parameter --alg --message-base64 - external sign") print() print("options:") print("> --control-flag - none, userPresence, devicePasscode, biometryAny, biometryCurrentSet") - print("> privateKey - private key representation (dataRepresentationBase64)") - print("> content - content in base64") - print("> ephemeraPublicKey - public key der in base64") + print("> --private-key - private key representation (dataRepresentationBase64)") + print("> --message-base64 - content in base64") + print("> --ephemera-public-key - public key der in base64") exit(0) }