feat: secure enclave is on going

2023-12-09 11:43:21 +08:00
parent fa1cd80fc8
commit 2034db589a
6 changed files with 104 additions and 6 deletions
--- a/swift-lib/src/lib.swift
+++ b/swift-lib/src/lib.swift
@@ -1,5 +1,93 @@
 import SwiftRs
 import AppKit
+import CryptoKit
+import LocalAuthentication
+
+// reference:
+// https://zenn.dev/iceman/scraps/380f69137c7ea2
+// https://www.andyibanez.com/posts/cryptokit-secure-enclave/
+@_cdecl("is_support_secure_enclave")
+func isSupportSecureEnclave() -> Bool {
+    // TODO pending delete
+    let epub = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE76jmqKrSs8tIVcvYYLpCA2za9GG7VxLdaI8FqynT+G65QgakCjT/P2ey7plz4KEl6ffORfZtZXO+lq2qQaaBHw=="
+
+    guard let ephemeralPublicKeyRepresentation = Data(
+        base64Encoded: epub
+    ) else {
+        print("err:ephemeral public key base64 decode failed")
+        return false
+    }
+    do {
+        let a = try CryptoKit.P256.KeyAgreement.PublicKey.init(derRepresentation: ephemeralPublicKeyRepresentation)
+        print("\(a)")
+    } catch {
+        print("error: \(error)")
+    }
+    return SecureEnclave.isAvailable
+}
+
+// TODO delete print_greeting
+@_cdecl("print_greeting")
+func printGreeting(name: SRString) {
+    print("Hello \(name.toString())!")
+}
+
+@_cdecl("generate_secure_enclave_p256_keypair")
+func generateSecureEnclaveP256KeyPair() -> SRString {
+    var error: Unmanaged<CFError>? = nil;
+    guard let accessCtrl = SecAccessControlCreateWithFlags(
+       nil,
+       kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
+       [.privateKeyUsage, .biometryCurrentSet],
+       &error
+    ) else {
+        return SRString("err:\(error.debugDescription)")
+    }
+    do {
+        let privateKeyReference = try CryptoKit.SecureEnclave.P256.KeyAgreement.PrivateKey.init(
+           accessControl: accessCtrl
+        );
+        let dataRepresentation = privateKeyReference.dataRepresentation;
+        print("Private key reference: \(privateKeyReference)");
+        print("Private key reference - publicKey: \(privateKeyReference.publicKey)");
+        print("Private key reference - dataRepresentation: \(privateKeyReference.dataRepresentation)");
+        print("Private key reference - dataRepresentation: \(privateKeyReference.dataRepresentation.base64EncodedString())");
+        return SRString("")
+    } catch {
+        return SRString("err:\(error)")
+    }
+}
+
+func computeSecureEnclaveP256Ecdh(privateKeyDataRepresentation: SRString, ephemeraPublicKey: SRString) -> SRString {
+    guard let dataRepresentation = Data(
+        base64Encoded: privateKeyDataRepresentation.toString()
+    ) else {
+       return SRString("err:private key base64 decode failed")
+    }
+    guard let ephemeralPublicKeyRepresentation = Data(
+        base64Encoded: ephemeraPublicKey.toString()
+    ) else {
+       return SRString("err:ephemeral public key base64 decode failed")
+    }
+    do {
+        let context = LAContext();
+        let p =  try SecureEnclave.P256.KeyAgreement.PrivateKey(
+            dataRepresentation: dataRepresentation,
+            authenticationContext: context
+        )
+
+        let ephemeralPublicKey = try CryptoKit.P256.KeyAgreement.PublicKey.init(derRepresentation: ephemeralPublicKeyRepresentation)
+
+        let sharedSecret = try p.sharedSecretFromKeyAgreement(
+            with: ephemeralPublicKey)
+        print("Shared secret: \(sharedSecret)")
+
+        return SRString("ok:\(sharedSecret.description)")
+    } catch {
+        return SRString("err:\(error)")
+    }
+}
+

@_cdecl("get_file_thumbnail_base64")
 func getFileThumbnailBase64(path: SRString) -> SRString {
@@ -91,4 +179,4 @@ func returnNullable(null: Bool) -> Test? {
    if (null == true) { return nil }

    return Test(null)
-}
+}