From bac39e90981080f092f3c982dacba3f8b123161b Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Thu, 24 Jul 2025 22:20:40 +0800
Subject: [PATCH] feat: v2.0.1-20250724

---
 swift-secure-enclave-tool-v2.swift | 64 +++++++++++++++++++++++++++++-
 1 file changed, 62 insertions(+), 2 deletions(-)

diff --git a/swift-secure-enclave-tool-v2.swift b/swift-secure-enclave-tool-v2.swift
index b26691d..8887e72 100644
--- a/swift-secure-enclave-tool-v2.swift
+++ b/swift-secure-enclave-tool-v2.swift
@@ -265,6 +265,59 @@ struct ExternalSpecResponse: Codable {
     var commands: Array<String>
 }
 
+// https://developer.apple.com/forums/thread/696715
+// https://github.com/apple/swift-crypto/blob/main/Sources/Crypto/Digests/Digests.swift
+public struct MySHA256Digest: Digest {
+    let bytes: (UInt64, UInt64, UInt64, UInt64)
+
+    init?(bufferPointer: UnsafeRawBufferPointer) {
+        guard bufferPointer.count == 32 else {
+            return nil
+        }
+
+        var bytes = (UInt64(0), UInt64(0), UInt64(0), UInt64(0))
+        withUnsafeMutableBytes(of: &bytes) { targetPtr in
+            targetPtr.copyMemory(from: bufferPointer)
+        }
+        self.bytes = bytes
+    }
+
+    public static var byteCount: Int {
+        return 32
+    }
+
+    public func withUnsafeBytes<R>(_ body: (UnsafeRawBufferPointer) throws -> R) rethrows -> R {
+        return try Swift.withUnsafeBytes(of: bytes) {
+            let boundsCheckedPtr = UnsafeRawBufferPointer(start: $0.baseAddress,
+                                                          count: Self.byteCount)
+            return try body(boundsCheckedPtr)
+        }
+    }
+
+    private func toArray() -> ArraySlice<UInt8> {
+        var array = [UInt8]()
+        array.appendByte(bytes.0)
+        array.appendByte(bytes.1)
+        array.appendByte(bytes.2)
+        array.appendByte(bytes.3)
+        return array.prefix(upTo: SHA256Digest.byteCount)
+    }
+
+    public var description: String {
+        return "\("SHA256") digest: \(toArray().map { String(format: "%02x", $0) }.joined())"
+    }
+
+    public func hash(into hasher: inout Hasher) {
+        self.withUnsafeBytes { hasher.combine(bytes: $0) }
+    }
+}
+
+extension MutableDataProtocol {
+  mutating func appendByte(_ byte: UInt64) {
+    withUnsafePointer(to: byte.littleEndian, { self.append(contentsOf: UnsafeRawBufferPointer(start: $0, count: 8)) })
+  }
+}
+
 func stringify<T: Encodable>(_ value: T) -> String? {
     guard let jsonData = try? JSONEncoder().encode(value) else { return nil }
     let result = String(data: jsonData, encoding: .utf8)
@@ -416,7 +469,14 @@ func computeSecureEnclaveP256Ecsign(request: ComputeP256EcSignRequest) -> Comput
             let digest = SHA256.hash(data: contentData)
             signature = try p.signature(for: digest)
         } else if (request.messageType == "sha256") {
-            signature = try p.signature(for: contentData)
+            let dataAsBufferPointer : UnsafeRawBufferPointer = contentData.withUnsafeBytes {
+                return $0
+            }
+            guard let dataAsDigest = MySHA256Digest(bufferPointer: dataAsBufferPointer) else {
+                exitError("invalid SHA256 digest")
+                return nil
+            }
+            signature = try p.signature(for: dataAsDigest)
         } else {
             exitError("not supported message type: \(request.messageType)")
             return nil
@@ -546,7 +606,7 @@ if (command == "external_sign") {
 }
 
 if (command == "version") {
-    exitOkWithJson(VersionResponse(success: true, version: "2.0.0-20250428"))
+    exitOkWithJson(VersionResponse(success: true, version: "2.0.1-20250724"))
 }
 
 if (command == "help" || command == "-h" || command == "--help") {