hatter/swift-secure-enclave-tool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: ecsign support sha256 digest

Browse Source
This commit is contained in:
Hatter Jiang
2025-07-19 10:32:54 +08:00
parent 86da1a5093
commit cd68188eb5
1 changed files with 24 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
swift-secure-enclave-tool-v2.swift
View File

@@ -40,11 +40,13 @@ func parseGenerateSecureEnclaveP256KeyPairRequest() -> GenerateSecureEnclaveP256
struct ComputeP256EcSignRequest { struct ComputeP256EcSignRequest {
var dataRepresentationBase64: String var dataRepresentationBase64: String
var messageBase64: String var messageBase64: String
var messageType: String
} }
func parseComputeP256EcSignRequest() -> ComputeP256EcSignRequest? { func parseComputeP256EcSignRequest() -> ComputeP256EcSignRequest? {
var dataRepresentationBase64Opt: String? var dataRepresentationBase64Opt: String?
var messageBase64Opt: String? var messageBase64Opt: String?
var messageTypeOpt: String?
let len = CommandLine.arguments.count; let len = CommandLine.arguments.count;
if CommandLine.arguments.count > 2 { if CommandLine.arguments.count > 2 {
var i = 2 var i = 2
@@ -56,6 +58,9 @@ func parseComputeP256EcSignRequest() -> ComputeP256EcSignRequest? {
} else if (k == "--message-base64") { } else if (k == "--message-base64") {
messageBase64Opt = CommandLine.arguments[i + 1] messageBase64Opt = CommandLine.arguments[i + 1]
i += 2 i += 2
} else if (k == "--message-type") {
messageTypeOpt = CommandLine.arguments[i + 1]
i += 2;
} else { } else {
i += 1 i += 1
} }
@@ -71,7 +76,8 @@ func parseComputeP256EcSignRequest() -> ComputeP256EcSignRequest? {
} }
return ComputeP256EcSignRequest( return ComputeP256EcSignRequest(
dataRepresentationBase64: dataRepresentationBase64, dataRepresentationBase64: dataRepresentationBase64,
messageBase64: messageBase64 messageBase64: messageBase64,
messageType: messageTypeOpt ?? "raw"
) )
} }
@@ -79,6 +85,7 @@ func parseExternalSignRequest() -> ComputeP256EcSignRequest? {
var algOpt: String? var algOpt: String?
var dataRepresentationBase64Opt: String? var dataRepresentationBase64Opt: String?
var messageBase64Opt: String? var messageBase64Opt: String?
var messageTypeOpt: String?
let len = CommandLine.arguments.count; let len = CommandLine.arguments.count;
if CommandLine.arguments.count > 2 { if CommandLine.arguments.count > 2 {
var i = 2 var i = 2
@@ -93,6 +100,9 @@ func parseExternalSignRequest() -> ComputeP256EcSignRequest? {
} else if (k == "--alg") { } else if (k == "--alg") {
algOpt = CommandLine.arguments[i + 1] algOpt = CommandLine.arguments[i + 1]
i += 2 i += 2
} else if (k == "--message-type") {
messageTypeOpt = CommandLine.arguments[i + 1]
i += 2;
} else { } else {
i += 1 i += 1
} }
@@ -116,7 +126,8 @@ func parseExternalSignRequest() -> ComputeP256EcSignRequest? {
} }
return ComputeP256EcSignRequest( return ComputeP256EcSignRequest(
dataRepresentationBase64: dataRepresentationBase64, dataRepresentationBase64: dataRepresentationBase64,
messageBase64: messageBase64 messageBase64: messageBase64,
messageType: messageTypeOpt ?? "raw"
) )
} }
@@ -400,8 +411,16 @@ func computeSecureEnclaveP256Ecsign(request: ComputeP256EcSignRequest) -> Comput
authenticationContext: context authenticationContext: context
) )
let digest = SHA256.hash(data: contentData) let signature: P256.Signing.ECDSASignature
let signature = try p.signature(for: digest) if (request.messageType == "raw") {
let digest = SHA256.hash(data: contentData)
signature = try p.signature(for: digest)
} else if (request.messageType == "sha256") {
signature = try p.signature(for: contentData)
} else {
exitError("not supported message type: \(request.messageType)")
return nil
}
return ComputeSecureEnclaveP256EcsignResponse( return ComputeSecureEnclaveP256EcsignResponse(
success: true, success: true,
@@ -539,7 +558,7 @@ if (command == "help" || command == "-h" || command == "--help") {
print("generate_p256_ecdh_keypair --control-flag <> - generate Secure Enclave P256 EC DH key pair") print("generate_p256_ecdh_keypair --control-flag <> - generate Secure Enclave P256 EC DH key pair")
print("recover_p256_ecsign_public_key --private-key <> - recover Secure Enclave P256 EC sign key pair") print("recover_p256_ecsign_public_key --private-key <> - recover Secure Enclave P256 EC sign key pair")
print("recover_p256_ecdh_public_key --private-key <> - recover Secure Enclave P256 EC DH key pair") print("recover_p256_ecdh_public_key --private-key <> - recover Secure Enclave P256 EC DH key pair")
print("compute_p256_ecsign --private-key <> --message-base64 <> - compure Secure Enclave P256 EC sign") print("compute_p256_ecsign --private-key <> --message-base64 <> [--message-type] - compure Secure Enclave P256 EC sign")
print("compute_p256_ecdh --private-key <> --ephemera-public-key <> - compure Secure Enclave P256 EC DH") print("compute_p256_ecdh --private-key <> --ephemera-public-key <> - compure Secure Enclave P256 EC DH")
print("external_spec - external specification") print("external_spec - external specification")
print("external_public_key --parameter <> - external public key") print("external_public_key --parameter <> - external public key")