hatter/swift-secure-enclave-tool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: support requireBio

Browse Source
This commit is contained in:
Hatter Jiang
2025-01-18 22:45:14 +08:00
parent d4d7e8c8bd
commit 828ff4e061
1 changed files with 26 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
swift-secure-enclave-tool.swift
View File

@@ -10,12 +10,18 @@ func isSupportSecureEnclave() -> Bool {
return SecureEnclave.isAvailable return SecureEnclave.isAvailable
} }
func generateSecureEnclaveP256KeyPair(sign: Bool) -> String { func generateSecureEnclaveP256KeyPair(sign: Bool, requireBio: Bool) -> String {
var error: Unmanaged<CFError>? = nil; var error: Unmanaged<CFError>? = nil;
let accessControlCreateFlags: SecAccessControlCreateFlags;
if (requireBio) {
accessControlCreateFlags = [.privateKeyUsage, .biometryCurrentSet]
} else {
accessControlCreateFlags = [.privateKeyUsage]
}
guard let accessCtrl = SecAccessControlCreateWithFlags( guard let accessCtrl = SecAccessControlCreateWithFlags(
nil, nil,
kSecAttrAccessibleWhenUnlockedThisDeviceOnly, kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
[.privateKeyUsage, .biometryCurrentSet], accessControlCreateFlags,
&error &error
) else { ) else {
return "err:\(error.debugDescription)" return "err:\(error.debugDescription)"
@@ -135,6 +141,17 @@ func computeSecureEnclaveP256Ecdh(privateKeyDataRepresentation: String, ephemera
} }
} }
func readArgumentAsBool(index: Int, defaultValue: Bool) -> Bool {
if CommandLine.arguments.count >= index + 1 {
let val = CommandLine.arguments[index];
if (val == "true" || val == "yes" || val == "on" || val == "1") {
return true
}
return false
}
return defaultValue
}
func exitWith(_ response: String) { func exitWith(_ response: String) {
print(response); print(response);
if (response.hasPrefix("ok:")) { if (response.hasPrefix("ok:")) {
@@ -156,11 +173,13 @@ if (command == "is_support_secure_enclave") {
} }
if (command == "generate_secure_enclave_p256_ecsign_keypair") { if (command == "generate_secure_enclave_p256_ecsign_keypair") {
exitWith(generateSecureEnclaveP256KeyPair(sign: true)) let requireBio = readArgumentAsBool(index: 2, defaultValue: true)
exitWith(generateSecureEnclaveP256KeyPair(sign: true, requireBio: requireBio))
} }
if (command == "generate_secure_enclave_p256_ecdh_keypair") { if (command == "generate_secure_enclave_p256_ecdh_keypair") {
exitWith(generateSecureEnclaveP256KeyPair(sign: false)) let requireBio = readArgumentAsBool(index: 2, defaultValue: true)
exitWith(generateSecureEnclaveP256KeyPair(sign: false, requireBio: requireBio))
} }
if (command == "recover_secure_enclave_p256_ecsign_public_key") { if (command == "recover_secure_enclave_p256_ecsign_public_key") {
@@ -168,7 +187,7 @@ if (command == "recover_secure_enclave_p256_ecsign_public_key") {
exitWith("err:require two arguments") exitWith("err:require two arguments")
} }
let response = recoverSecureEnclaveP256PublicKey( let response = recoverSecureEnclaveP256PublicKey(
privateKeyDataRepresentation: CommandLine.arguments[2], sign: true); privateKeyDataRepresentation: CommandLine.arguments[2], sign: true)
exitWith(response) exitWith(response)
} }
@@ -177,7 +196,7 @@ if (command == "recover_secure_enclave_p256_ecdh_public_key") {
exitWith("err:require two arguments") exitWith("err:require two arguments")
} }
let response = recoverSecureEnclaveP256PublicKey( let response = recoverSecureEnclaveP256PublicKey(
privateKeyDataRepresentation: CommandLine.arguments[2], sign: false); privateKeyDataRepresentation: CommandLine.arguments[2], sign: false)
exitWith(response) exitWith(response)
} }
@@ -188,7 +207,7 @@ if (command == "compute_secure_enclave_p256_ecsign") {
let response = computeSecureEnclaveP256Ecsign( let response = computeSecureEnclaveP256Ecsign(
privateKeyDataRepresentation: CommandLine.arguments[2], privateKeyDataRepresentation: CommandLine.arguments[2],
content: CommandLine.arguments[3] content: CommandLine.arguments[3]
); )
exitWith(response) exitWith(response)
} }