hatter/tiny-encrypt-rs
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v1.5.1, secure enclave key can store in keychain or not

Browse Source
This commit is contained in:
Hatter Jiang
2023-12-14 23:47:27 +08:00
parent 5bdc4c69e6
commit 9de9af0cde
4 changed files with 18 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.lock generated
View File

@@ -1700,7 +1700,7 @@ dependencies = [
[[package]] [[package]]
name = "tiny-encrypt" name = "tiny-encrypt"
version = "1.5.0" version = "1.5.1"
dependencies = [ dependencies = [
"aes-gcm-stream", "aes-gcm-stream",
"base64", "base64",

2
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package] [package]
name = "tiny-encrypt" name = "tiny-encrypt"
version = "1.5.0" version = "1.5.1"
edition = "2021" edition = "2021"
license = "MIT" license = "MIT"
description = "A simple and tiny file encrypt tool" description = "A simple and tiny file encrypt tool"

17
src/cmd_initkeychain.rs
View File

@@ -13,6 +13,9 @@ pub struct CmdInitKeychain {
/// Secure Enclave /// Secure Enclave
#[arg(long, short = 'S')] #[arg(long, short = 'S')]
pub secure_enclave: bool, pub secure_enclave: bool,
/// Expose secure enclave private key data
#[arg(long, short = 'E')]
pub expose_secure_enclave_private_key: bool,
// /// Keychain name, or default // /// Keychain name, or default
// #[arg(long, short = 'c')] // #[arg(long, short = 'c')]
// pub keychain_name: Option<String>, // pub keychain_name: Option<String>,
@@ -45,20 +48,24 @@ pub fn keychain_key_se(cmd_init_keychain: CmdInitKeychain) -> XResult<()> {
let service_name = cmd_init_keychain.server_name.as_deref().unwrap_or(DEFAULT_SERVICE_NAME); let service_name = cmd_init_keychain.server_name.as_deref().unwrap_or(DEFAULT_SERVICE_NAME);
let key_name = &cmd_init_keychain.key_name; let key_name = &cmd_init_keychain.key_name;
let keychain_key = KeychainKey::from("", service_name, key_name);
let (public_key_hex, private_key_base64) = util_keychainkey::generate_se_p256_keypair()?; let (public_key_hex, private_key_base64) = util_keychainkey::generate_se_p256_keypair()?;
let public_key_compressed_hex = public_key_hex.chars() let public_key_compressed_hex = public_key_hex.chars()
.skip(2).take(public_key_hex.len() / 2 - 1).collect::<String>(); .skip(2).take(public_key_hex.len() / 2 - 1).collect::<String>();
let saved_arg0 = if cmd_init_keychain.expose_secure_enclave_private_key {
keychain_key.set_password(private_key_base64.as_bytes())?; private_key_base64
} else {
let keychain_key = KeychainKey::from_default_keychain(service_name, key_name);
keychain_key.set_password(private_key_base64.as_bytes())?;
keychain_key.to_str()
};
let config_envelop = TinyEncryptConfigEnvelop { let config_envelop = TinyEncryptConfigEnvelop {
r#type: TinyEncryptEnvelopType::KeyP256, r#type: TinyEncryptEnvelopType::KeyP256,
sid: Some(cmd_init_keychain.key_name.clone()), sid: Some(cmd_init_keychain.key_name.clone()),
kid: format!("keychain:02{}", &public_key_compressed_hex), kid: format!("keychain:02{}", &public_key_compressed_hex),
desc: Some("Keychain Secure Enclave".to_string()), desc: Some("Keychain Secure Enclave".to_string()),
args: Some(vec![keychain_key.to_str()]), args: Some(vec![saved_arg0]),
public_part: public_key_hex, public_part: public_key_hex,
}; };
@@ -70,7 +77,7 @@ pub fn keychain_key_se(cmd_init_keychain: CmdInitKeychain) -> XResult<()> {
pub fn keychain_key_static(cmd_init_keychain: CmdInitKeychain) -> XResult<()> { pub fn keychain_key_static(cmd_init_keychain: CmdInitKeychain) -> XResult<()> {
let service_name = cmd_init_keychain.server_name.as_deref().unwrap_or(DEFAULT_SERVICE_NAME); let service_name = cmd_init_keychain.server_name.as_deref().unwrap_or(DEFAULT_SERVICE_NAME);
let key_name = &cmd_init_keychain.key_name; let key_name = &cmd_init_keychain.key_name;
let keychain_key = KeychainKey::from("", service_name, key_name); let keychain_key = KeychainKey::from_default_keychain(service_name, key_name);
let public_key = match keychain_key.get_password()? { let public_key = match keychain_key.get_password()? {
Some(static_x25519) => { Some(static_x25519) => {

4
src/util_keychainstatic.rs
View File

@@ -69,6 +69,10 @@ impl X25519StaticSecret {
} }
impl KeychainKey { impl KeychainKey {
pub fn from_default_keychain(service_name: &str, key_name: &str) -> Self {
Self::from("", service_name, key_name)
}
pub fn from(keychain_name: &str, service_name: &str, key_name: &str) -> Self { pub fn from(keychain_name: &str, service_name: &str, key_name: &str) -> Self {
Self { Self {
keychain_name: keychain_name.to_string(), keychain_name: keychain_name.to_string(),