feat: v1.9.0, remove swiftc dependency

src/cmd_decrypt.rs

@@ -37,7 +37,6 @@ use crate::crypto_cryptor::{Cryptor, KeyNonce};
 use crate::spec::{EncEncryptedMeta, TinyEncryptEnvelop, TinyEncryptEnvelopType, TinyEncryptMeta};
 use crate::util::SecVec;
 use crate::util_digest::DigestWrite;
-#[cfg(feature = "secure-enclave")]
 use crate::util_keychainkey;
 #[cfg(feature = "macos")]
 use crate::util_keychainstatic;
@@ -466,7 +465,6 @@ pub fn try_decrypt_key(config: &Option<TinyEncryptConfig>,
         #[cfg(feature = "macos")]
         TinyEncryptEnvelopType::StaticX25519 => try_decrypt_key_ecdh_static_x25519(config, envelop),
         TinyEncryptEnvelopType::PivP256 | TinyEncryptEnvelopType::PivP384 => try_decrypt_piv_key_ecdh(config, envelop, pin, slot, silent),
-        #[cfg(feature = "secure-enclave")]
         TinyEncryptEnvelopType::KeyP256 => try_decrypt_se_key_ecdh(config, envelop),
         TinyEncryptEnvelopType::PivRsa => try_decrypt_piv_key_rsa(config, envelop, pin, slot, silent),
         #[cfg(feature = "macos")]
@@ -553,7 +551,6 @@ fn try_decrypt_piv_key_rsa(config: &Option<TinyEncryptConfig>,
     Ok(after_2nd_0_bytes)
 }
 
-#[cfg(feature = "secure-enclave")]
 fn try_decrypt_se_key_ecdh(config: &Option<TinyEncryptConfig>,
                            envelop: &TinyEncryptEnvelop) -> XResult<Vec<u8>> {
     let wrap_key = WrapKey::parse(&envelop.encrypted_key)?;

src/cmd_initkeychain.rs

@@ -4,7 +4,6 @@ use rust_util::{debugging, information, opt_result, simple_error, success, warni
 
 use crate::config::TinyEncryptConfigEnvelop;
 use crate::spec::TinyEncryptEnvelopType;
-#[cfg(feature = "secure-enclave")]
 use crate::util_keychainkey;
 use crate::util_keychainstatic;
 use crate::util_keychainstatic::{KeychainKey, KeychainStaticSecret, KeychainStaticSecretAlgorithm};
@@ -40,16 +39,12 @@ const DEFAULT_SERVICE_NAME: &str = "tiny-encrypt";
 
 pub fn init_keychain(cmd_init_keychain: CmdInitKeychain) -> XResult<()> {
     if cmd_init_keychain.secure_enclave {
-        #[cfg(feature = "secure-enclave")]
-        return keychain_key_se(cmd_init_keychain);
-        #[cfg(not(feature = "secure-enclave"))]
-        return simple_error!("Feature secure-enclave is not built");
+        keychain_key_se(cmd_init_keychain)
     } else {
         keychain_key_static(cmd_init_keychain)
     }
 }
 
-#[cfg(feature = "secure-enclave")]
 pub fn keychain_key_se(cmd_init_keychain: CmdInitKeychain) -> XResult<()> {
     if !util_keychainkey::is_support_se() {
         return simple_error!("Secure enclave is not supported.");

src/cmd_version.rs

@@ -1,8 +1,7 @@
 use clap::Args;
-use rust_util::XResult;
+use rust_util::{iff, XResult};
 
 use crate::util;
-#[cfg(feature = "secure-enclave")]
 use crate::util_keychainkey;
 
 #[derive(Debug, Args)]
@@ -16,13 +15,12 @@ pub fn version(_cmd_version: CmdVersion) -> XResult<()> {
     features.push("macos".to_string());
     #[cfg(feature = "smartcard")]
     features.push("smartcard".to_string());
-    #[cfg(feature = "secure-enclave")]
-    features.push(format!("secure-enclave{}", rust_util::iff!(util_keychainkey::is_support_se(), "*", "")));
     if features.is_empty() { features.push("-".to_string()); }
     println!(
-        "User-Agent: {} [with features: {}]\n{}",
+        "User-Agent: {} [with features: {}]{}\n{}",
         util::get_user_agent(),
         features.join(", "),
+        iff!(util_keychainkey::is_support_se(), " with Secure Enclave Supported", ""),
         env!("CARGO_PKG_DESCRIPTION")
     );
     Ok(())

src/lib.rs

@@ -73,7 +73,6 @@ mod cmd_initpiv;
 mod util_keychainstatic;
 #[cfg(feature = "decrypt")]
 mod cmd_execenv;
-#[cfg(feature = "secure-enclave")]
 mod util_keychainkey;
 mod util_simple_pbe;
 

src/util_keychainkey.rs

@@ -1,53 +1,32 @@
-use rust_util::{opt_result, simple_error, XResult};
-use swift_rs::{Bool, SRString};
-use swift_rs::swift;
-
-use crate::util;
-
-swift!(fn is_support_secure_enclave() -> Bool);
-swift!(fn generate_secure_enclave_p256_keypair() -> SRString);
-swift!(fn compute_secure_enclave_p256_ecdh(private_key_base64: SRString, ephemera_public_key_base64: SRString) -> SRString);
+use base64::engine::general_purpose::STANDARD;
+use base64::Engine;
+use rust_util::{simple_error, XResult};
+use swift_secure_enclave_tool_rs::KeyPurpose;
 
 pub fn is_support_se() -> bool {
-    unsafe { is_support_secure_enclave() }
+    swift_secure_enclave_tool_rs::is_secure_enclave_supported().unwrap_or(false)
 }
 
-
-pub fn decrypt_data(private_key_base64: &str, ephemeral_public_key_bytes: &[u8]) -> XResult<Vec<u8>> {
-    let ephemera_public_key_base64 = util::encode_base64(ephemeral_public_key_bytes);
-    let result = unsafe {
-        compute_secure_enclave_p256_ecdh(
-            SRString::from(private_key_base64), SRString::from(ephemera_public_key_base64.as_str()),
-        )
-    };
-    let result = result.as_str();
-    if !result.starts_with("ok:SharedSecret:") {
-        return simple_error!("ECDH P256 in secure enclave failed: {}", result);
-    }
-
-    let shared_secret_hex = result.chars().skip("ok:SharedSecret:".len()).collect::<String>();
-    let shared_secret_hex = shared_secret_hex.trim();
-
-    Ok(opt_result!(hex::decode(shared_secret_hex), "Decrypt shared secret hex: {}, failed: {}", shared_secret_hex))
+pub fn decrypt_data(
+    private_key_base64: &str,
+    ephemeral_public_key_bytes: &[u8],
+) -> XResult<Vec<u8>> {
+    let private_key_representation = STANDARD.decode(private_key_base64)?;
+    let shared_secret = swift_secure_enclave_tool_rs::private_key_ecdh(
+        &private_key_representation,
+        ephemeral_public_key_bytes,
+    )?;
+    Ok(shared_secret)
 }
 
 pub fn generate_se_p256_keypair() -> XResult<(String, String)> {
     if !is_support_se() {
         return simple_error!("Secure enclave is not supported.");
     }
-    let result = unsafe { generate_secure_enclave_p256_keypair() };
-    let result = result.as_str();
-    if !result.starts_with("ok:") {
-        return simple_error!("Generate P256 in secure enclave failed: {}", result);
-    }
-    let public_key_and_private_key = result.chars().skip(3).collect::<String>();
-    let public_key_and_private_keys = public_key_and_private_key.split(',').collect::<Vec<_>>();
-    if public_key_and_private_keys.len() != 2 {
-        return simple_error!("Generate P256 in secure enclave result is bad: {}", public_key_and_private_key);
-    }
-    let public_key = hex::encode(
-        opt_result!(util::decode_base64(public_key_and_private_keys[0]), "Public key is not base64 encoded: {}"));
-    let private_key = public_key_and_private_keys[1].to_string();
-
-    Ok((public_key, private_key))
+    let key_material =
+        swift_secure_enclave_tool_rs::generate_ecdsa_keypair(KeyPurpose::KeyAgreement, true)?;
+    Ok((
+        hex::encode(&key_material.public_key_point),
+        STANDARD.encode(&key_material.private_key_representation),
+    ))
 }