From 828ff4e0611991b05685994dc49cb83d8499fd40 Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Sat, 18 Jan 2025 22:45:14 +0800
Subject: [PATCH] feat: support requireBio

---
 swift-secure-enclave-tool.swift | 33 ++++++++++++++++++++++++++-------
 1 file changed, 26 insertions(+), 7 deletions(-)

diff --git a/swift-secure-enclave-tool.swift b/swift-secure-enclave-tool.swift
index 80f37d9..7e8f4e5 100644
--- a/swift-secure-enclave-tool.swift
+++ b/swift-secure-enclave-tool.swift
@@ -10,12 +10,18 @@ func isSupportSecureEnclave() -> Bool {
     return SecureEnclave.isAvailable
 }
 
-func generateSecureEnclaveP256KeyPair(sign: Bool) -> String {
+func generateSecureEnclaveP256KeyPair(sign: Bool, requireBio: Bool) -> String {
     var error: Unmanaged<CFError>? = nil;
+    let accessControlCreateFlags: SecAccessControlCreateFlags;
+    if (requireBio) {
+        accessControlCreateFlags = [.privateKeyUsage, .biometryCurrentSet]
+    } else {
+        accessControlCreateFlags = [.privateKeyUsage]
+    }
     guard let accessCtrl = SecAccessControlCreateWithFlags(
        nil,
        kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
-       [.privateKeyUsage, .biometryCurrentSet],
+       accessControlCreateFlags,
        &error
     ) else {
         return "err:\(error.debugDescription)"
@@ -135,6 +141,17 @@ func computeSecureEnclaveP256Ecdh(privateKeyDataRepresentation: String, ephemera
     }
 }
 
+func readArgumentAsBool(index: Int, defaultValue: Bool) -> Bool {
+    if CommandLine.arguments.count >= index + 1 {
+        let val = CommandLine.arguments[index];
+        if (val == "true" || val == "yes" || val == "on" || val == "1") {
+            return true
+        }
+        return false
+    }
+    return defaultValue
+}
+
 func exitWith(_ response: String) {
     print(response);
     if (response.hasPrefix("ok:")) {
@@ -156,11 +173,13 @@ if (command == "is_support_secure_enclave") {
 }
 
 if (command == "generate_secure_enclave_p256_ecsign_keypair") {
-    exitWith(generateSecureEnclaveP256KeyPair(sign: true))
+    let requireBio = readArgumentAsBool(index: 2, defaultValue: true)
+    exitWith(generateSecureEnclaveP256KeyPair(sign: true, requireBio: requireBio))
 }
 
 if (command == "generate_secure_enclave_p256_ecdh_keypair") {
-    exitWith(generateSecureEnclaveP256KeyPair(sign: false))
+    let requireBio = readArgumentAsBool(index: 2, defaultValue: true)
+    exitWith(generateSecureEnclaveP256KeyPair(sign: false, requireBio: requireBio))
 }
 
 if (command == "recover_secure_enclave_p256_ecsign_public_key") {
@@ -168,7 +187,7 @@ if (command == "recover_secure_enclave_p256_ecsign_public_key") {
         exitWith("err:require two arguments")
     }
     let response =  recoverSecureEnclaveP256PublicKey(
-        privateKeyDataRepresentation: CommandLine.arguments[2], sign: true);
+        privateKeyDataRepresentation: CommandLine.arguments[2], sign: true)
     exitWith(response)
 }
 
@@ -177,7 +196,7 @@ if (command == "recover_secure_enclave_p256_ecdh_public_key") {
         exitWith("err:require two arguments")
     }
     let response =  recoverSecureEnclaveP256PublicKey(
-        privateKeyDataRepresentation: CommandLine.arguments[2], sign: false);
+        privateKeyDataRepresentation: CommandLine.arguments[2], sign: false)
     exitWith(response)
 }
 
@@ -188,7 +207,7 @@ if (command == "compute_secure_enclave_p256_ecsign") {
     let response =  computeSecureEnclaveP256Ecsign(
         privateKeyDataRepresentation: CommandLine.arguments[2],
         content: CommandLine.arguments[3]
-    );
+    )
     exitWith(response)
 }