From b86a68b549d433b57e04ebaa4127b6b173ca102b Mon Sep 17 00:00:00 2001 From: Hatter Jiang Date: Tue, 29 Apr 2025 00:48:01 +0800 Subject: [PATCH] feat: udpates --- swift-secure-enclave-tool-v2.swift | 110 +++++++++++++++++++++++++---- 1 file changed, 97 insertions(+), 13 deletions(-) diff --git a/swift-secure-enclave-tool-v2.swift b/swift-secure-enclave-tool-v2.swift index f429c70..859c647 100644 --- a/swift-secure-enclave-tool-v2.swift +++ b/swift-secure-enclave-tool-v2.swift @@ -75,6 +75,56 @@ func parseComputeP256EcSignRequest() -> ComputeP256EcSignRequest? { ) } +struct ExternalSignRequest { + var dataRepresentationBase64: String + var messageBase64: String +} + +func parseExternalSignRequest() -> ExternalSignRequest? { + var algOpt: String? + var dataRepresentationBase64Opt: String? + var messageBase64Opt: String? + let len = CommandLine.arguments.count; + if CommandLine.arguments.count > 2 { + var i = 2 + while i < len { + let k = CommandLine.arguments[i]; + if (k == "--parameter") { + dataRepresentationBase64Opt = CommandLine.arguments[i + 1] + i += 2 + } else if (k == "--message-base64") { + messageBase64Opt = CommandLine.arguments[i + 1] + i += 2 + } else if (k == "--alg") { + algOpt = CommandLine.arguments[i + 1] + i += 2 + } else { + i += 1 + } + } + } + guard let alg = algOpt else { + exitError("parameter --alg required.") + return nil + } + if alg != "ES256" { + exitError("parameter --alg MUST be ES256.") + return nil + } + guard let dataRepresentationBase64 = dataRepresentationBase64Opt else { + exitError("parameter --parameter required.") + return nil + } + guard let messageBase64 = messageBase64Opt else { + exitError("parameter --message-base64 required.") + return nil + } + return ExternalSignRequest( + dataRepresentationBase64: dataRepresentationBase64, + messageBase64: messageBase64 + ) +} + struct ComputeP256EcdhRequest { var dataRepresentationBase64: String var ephemeraPublicKeyBase64: String @@ -141,6 +191,30 @@ func parseRecoverSecureEnclaveP256PublicKeyRequest() -> RecoverSecureEnclaveP256 ) } +func parseExternalPublicKeyRequest() -> RecoverSecureEnclaveP256PublicKeyRequest? { + var dataRepresentationBase64Opt: String? + let len = CommandLine.arguments.count; + if CommandLine.arguments.count > 2 { + var i = 2 + while i < len { + let k = CommandLine.arguments[i]; + if (k == "--parameter") { + dataRepresentationBase64Opt = CommandLine.arguments[i + 1] + i += 2 + } else { + i += 1 + } + } + } + guard let dataRepresentationBase64 = dataRepresentationBase64Opt else { + exitError("parameter --parameter required.") + return nil + } + return RecoverSecureEnclaveP256PublicKeyRequest( + dataRepresentationBase64: dataRepresentationBase64 + ) +} + struct ErrorResponse: Codable { var success: Bool var error: String @@ -163,6 +237,11 @@ struct GenerateSecureEnclaveP256KeyPairResponse: Codable { var data_representation_base64: String } +struct ExternalPublicKeyResponse: Codable { + var success: Bool + var public_key_base64: String +} + struct ComputeSecureEnclaveP256EcsignResponse: Codable { var success: Bool var signature_base64: String @@ -429,25 +508,30 @@ if (command == "external_spec") { exitOkWithJson(externalSpec()) } +if (command == "external_public_key") { + let request = parseExternalPublicKeyRequest()! + let response = recoverSecureEnclaveP256PublicKey(request: request, sign: true)! + exitOkWithJson(ExternalPublicKeyResponse(success: true, public_key_base64: response.public_key_base64)) +} + if (command == "version") { exitOkWithJson(VersionResponse(success: true, version: "2.0.0-20250428")) } if (command == "help" || command == "-h" || command == "--help") { print("swift-secure-enclave-tool-v2 [parameters]") - print("help - print help") - print("version - print version") - print("is_support_secure_enclave - is Secure Enclave supported") - print("generate_p256_ecsign_keypair --control-flag <> - generate Secure Enclave P256 EC sign key pair") - print("generate_p256_ecdh_keypair --control-flag <> - generate Secure Enclave P256 EC DH key pair") - print("recover_p256_ecsign_public_key --private-key <> - recover Secure Enclave P256 EC sign key pair") - print("recover_p256_ecdh_public_key --private-key <> - recover Secure Enclave P256 EC DH key pair") - print("compute_p256_ecsign --private-key <> --message-base64 <> - compure Secure Enclave P256 EC sign") - print("compute_p256_ecdh --private-key <> --ephemera-public-key <> - compure Secure Enclave P256 EC DH") - print("external_spec - external specification") - print("external_public_key --parameter <> - external public key") - print("external_sign --parameter <> ... - external sign") - // print("external_sign --parameter --alg --message-base64 - external sign") + print("help - print help") + print("version - print version") + print("is_support_secure_enclave - is Secure Enclave supported") + print("generate_p256_ecsign_keypair --control-flag <> - generate Secure Enclave P256 EC sign key pair") + print("generate_p256_ecdh_keypair --control-flag <> - generate Secure Enclave P256 EC DH key pair") + print("recover_p256_ecsign_public_key --private-key <> - recover Secure Enclave P256 EC sign key pair") + print("recover_p256_ecdh_public_key --private-key <> - recover Secure Enclave P256 EC DH key pair") + print("compute_p256_ecsign --private-key <> --message-base64 <> - compure Secure Enclave P256 EC sign") + print("compute_p256_ecdh --private-key <> --ephemera-public-key <> - compure Secure Enclave P256 EC DH") + print("external_spec - external specification") + print("external_public_key --parameter <> - external public key") + print("external_sign --parameter <> --alg ES256 --message-base64 <> - external sign") print() print("options:") print("> --control-flag - none, userPresence, devicePasscode, biometryAny, biometryCurrentSet")