diff --git a/swift/se.swift b/swift/se.swift index 299fc3c..da0b37b 100644 --- a/swift/se.swift +++ b/swift/se.swift @@ -1,64 +1,55 @@ // import Swift -import Foundation +// import Foundation // import Security import CryptoKit import LocalAuthentication -func is_support_secure_enclave() -> Bool { - let se = SecureEnclave.isAvailable - print("Supports SE: \(se)") - return se +// reference: +// https://zenn.dev/iceman/scraps/380f69137c7ea2 +// https://www.andyibanez.com/posts/cryptokit-secure-enclave/ +@_cdecl("is_support_secure_enclave") +func isSupportSecureEnclave() -> Bool { + return SecureEnclave.isAvailable } enum StringError: Error { case base64error } +func generateKeyPair() throws { + var error: Unmanaged? = nil; + guard + let accessCtrl = SecAccessControlCreateWithFlags( + nil, + kSecAttrAccessibleWhenUnlockedThisDeviceOnly, + [.privateKeyUsage, .biometryCurrentSet], + &error + ) else { + throw error!.takeRetainedValue() as Swift.Error + } + var privateKeyReference = try CryptoKit.SecureEnclave.P256.KeyAgreement.PrivateKey.init( + accessControl: accessCtrl + ); + var dataRepresentation = privateKeyReference.dataRepresentation; + print("Private key reference: \(privateKeyReference)"); + print("Private key reference - publicKey: \(privateKeyReference.publicKey)"); + print("Private key reference - dataRepresentation: \(privateKeyReference.dataRepresentation)"); + print("Private key reference - dataRepresentation: \(privateKeyReference.dataRepresentation.base64EncodedString())"); +} -// // var error: Unmanaged? = nil; -// // guard -// // let accessCtrl = SecAccessControlCreateWithFlags( -// // nil, -// // kSecAttrAccessibleWhenUnlockedThisDeviceOnly, -// // [.privateKeyUsage, .biometryCurrentSet], -// // &error -// // ) else { -// // throw error!.takeRetainedValue() as Swift.Error -// // } -// // var privateKeyReference = try CryptoKit.SecureEnclave.P256.KeyAgreement.PrivateKey.init( -// // accessControl: accessCtrl -// // ); -// // var dataRepresentation = privateKeyReference.dataRepresentation; -// -// guard let dataRepresentation = Data(base64Encoded: "BIIB2DGCAdQwgfUMAnJrMYHuMAsMA2JpZAQElxyY8jBIDANwdWIEQQQOrOKfvtBWnEquk6+92hH5yxO6SN5TSIA7/kP0DMdzRlojtNQJ3RUs7uJfG/stjJ/Cza+1i+hISbAGaL0BasDPMAgMA3JrbwIBADAHD-----") else { -// throw StringError.base64error -// } -// -// -// let context = LAContext(); -// let p = try SecureEnclave.P256.KeyAgreement.PrivateKey( -// dataRepresentation: dataRepresentation, authenticationContext: context) -// -// let ephemeralSecretKey = P256.KeyAgreement.PrivateKey() -// let sharedSecret = try ephemeralSecretKey.sharedSecretFromKeyAgreement(with: p.publicKey) -// -// -// let sharedSecret2 = try p.sharedSecretFromKeyAgreement(with: ephemeralSecretKey.publicKey) -// -// -// -// // print("Private key reference: \(privateKeyReference)"); -// -// // print("Private key reference - publicKey: \(privateKeyReference.publicKey)"); -// -// // // print("Private key reference - publicKey - ageRecipient: \(privateKeyReference.publicKey.ageRecipient)"); -// -// // print("Private key reference - dataRepresentation: \(privateKeyReference.dataRepresentation)"); -// // print("Private key reference - dataRepresentation: \(privateKeyReference.dataRepresentation.base64EncodedString())"); -// -// // https://www.andyibanez.com/posts/cryptokit-secure-enclave/ -// -// -// -// print("Shared secret: \(sharedSecret)") -// print("Shared secret: \(sharedSecret2)") \ No newline at end of file +func computeEcdh() throws { + guard let dataRepresentation = Data(base64Encoded: "BIIB2DGCAdQwgfUMAnJrMYHuMAsMA2JpZAQElx-----" + ) else { + throw StringError.base64error + } + + let context = LAContext(); + let p = try SecureEnclave.P256.KeyAgreement.PrivateKey( + dataRepresentation: dataRepresentation, authenticationContext: context) + + let ephemeralSecretKey = P256.KeyAgreement.PrivateKey() + let sharedSecret = try ephemeralSecretKey.sharedSecretFromKeyAgreement(with: p.publicKey) + let sharedSecret2 = try p.sharedSecretFromKeyAgreement(with: ephemeralSecretKey.publicKey) + print("Shared secret: \(sharedSecret)") + print("Shared secret: \(sharedSecret2)") +}