From 9de9af0cde382a9c44cb41ca99ec5c27fd862f28 Mon Sep 17 00:00:00 2001 From: Hatter Jiang Date: Thu, 14 Dec 2023 23:47:27 +0800 Subject: [PATCH] feat: v1.5.1, secure enclave key can store in keychain or not --- Cargo.lock | 2 +- Cargo.toml | 2 +- src/cmd_initkeychain.rs | 17 ++++++++++++----- src/util_keychainstatic.rs | 4 ++++ 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 64ad760..ca22c7c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1700,7 +1700,7 @@ dependencies = [ [[package]] name = "tiny-encrypt" -version = "1.5.0" +version = "1.5.1" dependencies = [ "aes-gcm-stream", "base64", diff --git a/Cargo.toml b/Cargo.toml index fa8457d..d8db155 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "tiny-encrypt" -version = "1.5.0" +version = "1.5.1" edition = "2021" license = "MIT" description = "A simple and tiny file encrypt tool" diff --git a/src/cmd_initkeychain.rs b/src/cmd_initkeychain.rs index 581ffb1..11e1bc4 100644 --- a/src/cmd_initkeychain.rs +++ b/src/cmd_initkeychain.rs @@ -13,6 +13,9 @@ pub struct CmdInitKeychain { /// Secure Enclave #[arg(long, short = 'S')] pub secure_enclave: bool, + /// Expose secure enclave private key data + #[arg(long, short = 'E')] + pub expose_secure_enclave_private_key: bool, // /// Keychain name, or default // #[arg(long, short = 'c')] // pub keychain_name: Option, @@ -45,20 +48,24 @@ pub fn keychain_key_se(cmd_init_keychain: CmdInitKeychain) -> XResult<()> { let service_name = cmd_init_keychain.server_name.as_deref().unwrap_or(DEFAULT_SERVICE_NAME); let key_name = &cmd_init_keychain.key_name; - let keychain_key = KeychainKey::from("", service_name, key_name); let (public_key_hex, private_key_base64) = util_keychainkey::generate_se_p256_keypair()?; let public_key_compressed_hex = public_key_hex.chars() .skip(2).take(public_key_hex.len() / 2 - 1).collect::(); - - keychain_key.set_password(private_key_base64.as_bytes())?; + let saved_arg0 = if cmd_init_keychain.expose_secure_enclave_private_key { + private_key_base64 + } else { + let keychain_key = KeychainKey::from_default_keychain(service_name, key_name); + keychain_key.set_password(private_key_base64.as_bytes())?; + keychain_key.to_str() + }; let config_envelop = TinyEncryptConfigEnvelop { r#type: TinyEncryptEnvelopType::KeyP256, sid: Some(cmd_init_keychain.key_name.clone()), kid: format!("keychain:02{}", &public_key_compressed_hex), desc: Some("Keychain Secure Enclave".to_string()), - args: Some(vec![keychain_key.to_str()]), + args: Some(vec![saved_arg0]), public_part: public_key_hex, }; @@ -70,7 +77,7 @@ pub fn keychain_key_se(cmd_init_keychain: CmdInitKeychain) -> XResult<()> { pub fn keychain_key_static(cmd_init_keychain: CmdInitKeychain) -> XResult<()> { let service_name = cmd_init_keychain.server_name.as_deref().unwrap_or(DEFAULT_SERVICE_NAME); let key_name = &cmd_init_keychain.key_name; - let keychain_key = KeychainKey::from("", service_name, key_name); + let keychain_key = KeychainKey::from_default_keychain(service_name, key_name); let public_key = match keychain_key.get_password()? { Some(static_x25519) => { diff --git a/src/util_keychainstatic.rs b/src/util_keychainstatic.rs index e1ae334..c161046 100644 --- a/src/util_keychainstatic.rs +++ b/src/util_keychainstatic.rs @@ -69,6 +69,10 @@ impl X25519StaticSecret { } impl KeychainKey { + pub fn from_default_keychain(service_name: &str, key_name: &str) -> Self { + Self::from("", service_name, key_name) + } + pub fn from(keychain_name: &str, service_name: &str, key_name: &str) -> Self { Self { keychain_name: keychain_name.to_string(),