feat: add secure_enclave_ml_kem.swift

2025-09-24 22:31:22 +08:00
parent 9c99ff6b9a
commit 89f6363a4d
1 changed files with 42 additions and 0 deletions
--- a/secure_enclave_ml_kem.swift
+++ b/secure_enclave_ml_kem.swift
@@ -0,0 +1,42 @@
+#!/usr/bin/env swift
+
+import Foundation 
+import CryptoKit 
+
+let se = SecureEnclave.isAvailable;
+print("Supports SE: \(se)");
+
+var error: Unmanaged<CFError>? = nil;
+guard
+let accessCtrl = SecAccessControlCreateWithFlags(
+    nil,
+    kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
+    [.privateKeyUsage, .biometryCurrentSet],
+    &error
+) else {
+        throw error!.takeRetainedValue() as Swift.Error;
+}
+
+var privateKeyReference = try CryptoKit.SecureEnclave.MLKEM768.PrivateKey.init(
+    accessControl: accessCtrl
+);
+
+print("Private key reference: \(privateKeyReference)");
+print();
+print("Private key reference - dataRepresentation: \(privateKeyReference.dataRepresentation.base64EncodedString())");
+print();
+print("Private key reference - publicKey: \(privateKeyReference.publicKey.rawRepresentation.base64EncodedString())");
+
+let encapsulationResult = try privateKeyReference.publicKey.encapsulate();
+print();
+print("Encapsulated: \(encapsulationResult.encapsulated.base64EncodedString())");
+print();
+let sharedSecretData = encapsulationResult.sharedSecret.withUnsafeBytes { Data($0) }
+
+print("SharedSecret: \(sharedSecretData.base64EncodedString())");
+
+
+let sharedSecret2 = try privateKeyReference.decapsulate(encapsulationResult.encapsulated);
+let sharedSecretData2 = sharedSecret2.withUnsafeBytes { Data($0) }
+
+print("SharedSecret2: \(sharedSecretData2.base64EncodedString())");