hatter/swift-secure-enclave-tool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: updates

Browse Source
This commit is contained in:
Hatter Jiang
2025-04-29 00:36:33 +08:00
parent 4c09413ec5
commit 65e5002b4d
1 changed files with 136 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

214
swift-secure-enclave-tool-v2.swift
View File

@@ -37,6 +37,110 @@ func parseGenerateSecureEnclaveP256KeyPairRequest() -> GenerateSecureEnclaveP256
) )
} }
struct ComputeP256EcSignRequest {
var dataRepresentationBase64: String
var messageBase64: String
}
func parseComputeP256EcSignRequest() -> ComputeP256EcSignRequest? {
var dataRepresentationBase64Opt: String?
var messageBase64Opt: String?
let len = CommandLine.arguments.count;
if CommandLine.arguments.count > 2 {
var i = 2
while i < len {
let k = CommandLine.arguments[i];
if (k == "--data-representation-base64" || k == "--private-key") {
dataRepresentationBase64Opt = CommandLine.arguments[i + 1]
i += 2
} else if (k == "--message-base64") {
messageBase64Opt = CommandLine.arguments[i + 1]
i += 2
} else {
i += 1
}
}
}
guard let dataRepresentationBase64 = dataRepresentationBase64Opt else {
exitError("parameter --data-representation-base64 or --private-key required.")
return nil
}
guard let messageBase64 = messageBase64Opt else {
exitError("parameter --message-base64 required.")
return nil
}
return ComputeP256EcSignRequest(
dataRepresentationBase64: dataRepresentationBase64,
messageBase64: messageBase64
)
}
struct ComputeP256EcdhRequest {
var dataRepresentationBase64: String
var ephemeraPublicKeyBase64: String
}
func parseComputeP256EcdhRequest() -> ComputeP256EcdhRequest? {
var dataRepresentationBase64Opt: String?
var ephemeraPublicKeyBase64Opt: String?
let len = CommandLine.arguments.count;
if CommandLine.arguments.count > 2 {
var i = 2
while i < len {
let k = CommandLine.arguments[i];
if (k == "--data-representation-base64" || k == "--private-key") {
dataRepresentationBase64Opt = CommandLine.arguments[i + 1]
i += 2
} else if (k == "--ephemera-public-key-base64" || k == "--ephemera-public-key") {
ephemeraPublicKeyBase64Opt = CommandLine.arguments[i + 1]
i += 2
} else {
i += 1
}
}
}
guard let dataRepresentationBase64 = dataRepresentationBase64Opt else {
exitError("parameter --data-representation-base64 or --private-key required.")
return nil
}
guard let ephemeraPublicKeyBase64 = ephemeraPublicKeyBase64Opt else {
exitError("parameter --ephemera-public-key-base64 required.")
return nil
}
return ComputeP256EcdhRequest(
dataRepresentationBase64: dataRepresentationBase64,
ephemeraPublicKeyBase64: ephemeraPublicKeyBase64
)
}
struct RecoverSecureEnclaveP256PublicKeyRequest {
var dataRepresentationBase64: String
}
func parseRecoverSecureEnclaveP256PublicKeyRequest() -> RecoverSecureEnclaveP256PublicKeyRequest? {
var dataRepresentationBase64Opt: String?
let len = CommandLine.arguments.count;
if CommandLine.arguments.count > 2 {
var i = 2
while i < len {
let k = CommandLine.arguments[i];
if (k == "--data-representation-base64" || k == "--private-key") {
dataRepresentationBase64Opt = CommandLine.arguments[i + 1]
i += 2
} else {
i += 1
}
}
}
guard let dataRepresentationBase64 = dataRepresentationBase64Opt else {
exitError("parameter --data-representation-base64 or --private-key required.")
return nil
}
return RecoverSecureEnclaveP256PublicKeyRequest(
dataRepresentationBase64: dataRepresentationBase64
)
}
struct ErrorResponse: Codable { struct ErrorResponse: Codable {
var success: Bool var success: Bool
var error: String var error: String
@@ -173,13 +277,9 @@ func keyAgreementPrivateKeyToResponse(_ privateKeyReference: SecureEnclave.P256.
) )
} }
func recoverSecureEnclaveP256PublicKeyEcsign(privateKeyDataRepresentation: String) -> GenerateSecureEnclaveP256KeyPairResponse? { func recoverSecureEnclaveP256PublicKey(request: RecoverSecureEnclaveP256PublicKeyRequest, sign: Bool) -> GenerateSecureEnclaveP256KeyPairResponse? {
return recoverSecureEnclaveP256PublicKey(privateKeyDataRepresentation: privateKeyDataRepresentation, sign: true)
}
func recoverSecureEnclaveP256PublicKey(privateKeyDataRepresentation: String, sign: Bool) -> GenerateSecureEnclaveP256KeyPairResponse? {
guard let privateKeyDataRepresentation = Data( guard let privateKeyDataRepresentation = Data(
base64Encoded: privateKeyDataRepresentation base64Encoded: request.dataRepresentationBase64
) else { ) else {
exitError("private key base64 decode failed") exitError("private key base64 decode failed")
return nil return nil
@@ -205,15 +305,15 @@ func recoverSecureEnclaveP256PublicKey(privateKeyDataRepresentation: String, sig
} }
} }
func computeSecureEnclaveP256Ecsign(privateKeyDataRepresentation: String, content: String) -> ComputeSecureEnclaveP256EcsignResponse? { func computeSecureEnclaveP256Ecsign(request: ComputeP256EcSignRequest) -> ComputeSecureEnclaveP256EcsignResponse? {
guard let privateKeyDataRepresentation = Data( guard let privateKeyDataRepresentation = Data(
base64Encoded: privateKeyDataRepresentation base64Encoded: request.dataRepresentationBase64
) else { ) else {
exitError("private key base64 decode failed") exitError("private key base64 decode failed")
return nil return nil
} }
guard let contentData = Data( guard let contentData = Data(
base64Encoded: content base64Encoded: request.messageBase64
) else { ) else {
exitError("content base64 decode failed") exitError("content base64 decode failed")
return nil return nil
@@ -238,15 +338,15 @@ func computeSecureEnclaveP256Ecsign(privateKeyDataRepresentation: String, conten
} }
} }
func computeSecureEnclaveP256Ecdh(privateKeyDataRepresentation: String, ephemeraPublicKey: String) -> ComputeSecureEnclaveP256EcdhResponse? { func computeSecureEnclaveP256Ecdh(request: ComputeP256EcdhRequest) -> ComputeSecureEnclaveP256EcdhResponse? {
guard let privateKeyDataRepresentation = Data( guard let privateKeyDataRepresentation = Data(
base64Encoded: privateKeyDataRepresentation base64Encoded: request.dataRepresentationBase64
) else { ) else {
exitError("private key base64 decode failed") exitError("private key base64 decode failed")
return nil return nil
} }
guard let ephemeralPublicKeyRepresentation = Data( guard let ephemeralPublicKeyRepresentation = Data(
base64Encoded: ephemeraPublicKey base64Encoded: request.ephemeraPublicKeyBase64
) else { ) else {
exitError("ephemeral public key base64 decode failed") exitError("ephemeral public key base64 decode failed")
return nil return nil
@@ -302,42 +402,26 @@ if (command == "generate_p256_ecdh_keypair") {
} }
if (command == "recover_p256_ecsign_public_key") { if (command == "recover_p256_ecsign_public_key") {
if (CommandLine.arguments.count != 3) { let request = parseRecoverSecureEnclaveP256PublicKeyRequest()!
exitError("require two arguments") let response = recoverSecureEnclaveP256PublicKey(request: request, sign: true)
}
let response = recoverSecureEnclaveP256PublicKey(
privateKeyDataRepresentation: CommandLine.arguments[2], sign: true)
exitOkWithJson(response) exitOkWithJson(response)
} }
if (command == "recover_p256_ecdh_public_key") { if (command == "recover_p256_ecdh_public_key") {
if (CommandLine.arguments.count != 3) { let request = parseRecoverSecureEnclaveP256PublicKeyRequest()!
exitError("require two arguments") let response = recoverSecureEnclaveP256PublicKey(request: request, sign: false)
}
let response = recoverSecureEnclaveP256PublicKey(
privateKeyDataRepresentation: CommandLine.arguments[2], sign: false)
exitOkWithJson(response) exitOkWithJson(response)
} }
if (command == "compute_p256_ecsign") { if (command == "compute_p256_ecsign") {
if (CommandLine.arguments.count != 4) { let request = parseComputeP256EcSignRequest()!;
exitError("require three arguments") let response = computeSecureEnclaveP256Ecsign(request: request)
}
let response = computeSecureEnclaveP256Ecsign(
privateKeyDataRepresentation: CommandLine.arguments[2],
content: CommandLine.arguments[3]
)
exitOkWithJson(response) exitOkWithJson(response)
} }
if (command == "compute_p256_ecdh") { if (command == "compute_p256_ecdh") {
if (CommandLine.arguments.count != 4) { let request = parseComputeP256EcdhRequest()!;
exitError("require three arguments") let response = computeSecureEnclaveP256Ecdh(request: request)
}
let response = computeSecureEnclaveP256Ecdh(
privateKeyDataRepresentation: CommandLine.arguments[2],
ephemeraPublicKey: CommandLine.arguments[3]
)
exitOkWithJson(response) exitOkWithJson(response)
} }
@@ -349,65 +433,27 @@ if (command == "version") {
exitOkWithJson(VersionResponse(success: true, version: "2.0.0-20250428")) exitOkWithJson(VersionResponse(success: true, version: "2.0.0-20250428"))
} }
struct ComputeP256EcSignRequest { if (command == "help" || command == "-h" || command == "--help") {
var dataRepresentationBase64: String
var messageBase64: String
}
func parseComputeP256EcSignRequest() -> ComputeP256EcSignRequest? {
var dataRepresentationBase64Opt: String?
var messageBase64Opt: String?
let len = CommandLine.arguments.count;
if CommandLine.arguments.count > 2 {
var i = 2
while i < len {
let k = CommandLine.arguments[i];
if (k == "--data-representation-base64" || k == "--private-key") {
dataRepresentationBase64Opt = CommandLine.arguments[i + 1]
i += 2
} else if (k == "--message-base64") {
messageBase64Opt = CommandLine.arguments[i + 1]
i += 2
} else {
i += 1
}
}
}
guard let dataRepresentationBase64 = dataRepresentationBase64Opt else {
exitError("parameter --data-representation-base64 or --private-key required.")
return nil
}
guard let messageBase64 = messageBase64Opt else {
exitError("parameter --message-base64 required.")
return nil
}
return ComputeP256EcSignRequest(
dataRepresentationBase64: dataRepresentationBase64,
messageBase64: messageBase64
)
}
if (command == "help") {
print("swift-secure-enclave-tool-v2 <command> [parameters]") print("swift-secure-enclave-tool-v2 <command> [parameters]")
print("help - print help") print("help - print help")
print("version - print version") print("version - print version")
print("is_support_secure_enclave - is Secure Enclave supported") print("is_support_secure_enclave - is Secure Enclave supported")
print("generate_p256_ecsign_keypair --control-flag <> - generate Secure Enclave P256 EC sign key pair") print("generate_p256_ecsign_keypair --control-flag <> - generate Secure Enclave P256 EC sign key pair")
print("generate_p256_ecdh_keypair --control-flag <> - generate Secure Enclave P256 EC DH key pair") print("generate_p256_ecdh_keypair --control-flag <> - generate Secure Enclave P256 EC DH key pair")
print("recover_p256_ecsign_public_key <privateKey> - recover Secure Enclave P256 EC sign key pair") print("recover_p256_ecsign_public_key --private-key <> - recover Secure Enclave P256 EC sign key pair")
print("recover_p256_ecdh_public_key <privateKey> - recover Secure Enclave P256 EC DH key pair") print("recover_p256_ecdh_public_key --private-key <> - recover Secure Enclave P256 EC DH key pair")
print("compute_p256_ecsign <privateKey> <content> - compure Secure Enclave P256 EC sign") print("compute_p256_ecsign --private-key <> --message-base64 <> - compure Secure Enclave P256 EC sign")
print("compute_p256_ecdh <privateKey> <ephemeraPublicKey> - compure Secure Enclave P256 EC DH") print("compute_p256_ecdh --private-key <> --ephemera-public-key <> - compure Secure Enclave P256 EC DH")
print("external_spec - external specification") print("external_spec - external specification")
print("external_public_key --parameter <parameter> - external public key") print("external_public_key --parameter <> - external public key")
print("external_sign - external sign") print("external_sign --parameter <> ... - external sign")
// print("external_sign --parameter <parameter> --alg <alg> --message-base64 <message-in-base64> - external sign") // print("external_sign --parameter <parameter> --alg <alg> --message-base64 <message-in-base64> - external sign")
print() print()
print("options:") print("options:")
print("> --control-flag - none, userPresence, devicePasscode, biometryAny, biometryCurrentSet") print("> --control-flag - none, userPresence, devicePasscode, biometryAny, biometryCurrentSet")
print("> privateKey - private key representation (dataRepresentationBase64)") print("> --private-key - private key representation (dataRepresentationBase64)")
print("> content - content in base64") print("> --message-base64 - content in base64")
print("> ephemeraPublicKey - public key der in base64") print("> --ephemera-public-key - public key der in base64")
exit(0) exit(0)
} }