hatter/tiny-encrypt-rs
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v1.9.3

Browse Source
This commit is contained in:
Hatter Jiang
2025-05-12 23:58:14 +08:00
parent 4ad735d840
commit f0f505bde3
4 changed files with 34 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
Cargo.lock generated
View File

@@ -1596,18 +1596,18 @@ checksum = "f79dfe2d285b0488816f30e700a7438c5a73d816b5b7d3ac72fbc48b0d185e03"
[[package]]
name = "serde"
version = "1.0.217"
version = "1.0.219"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "02fc4265df13d6fa1d00ecff087228cc0a2b5f3c0e87e258d8b94a156e984c70"
checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6"
dependencies = [
"serde_derive",
]
[[package]]
name = "serde_derive"
version = "1.0.217"
version = "1.0.219"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5a9bf7cf98d04a2b28aead066b7496853d4779c9cc183c440dbac457641e19a0"
checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00"
dependencies = [
"proc-macro2",
"quote",
@@ -1616,9 +1616,9 @@ dependencies = [
[[package]]
name = "serde_json"
version = "1.0.138"
version = "1.0.140"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d434192e7da787e94a6ea7e9670b26a036d0ca41e0b7efb2676dd32bae872949"
checksum = "20068b6e96dc6c9bd23e01df8827e6c7e1f2fddd43c21810382803c136b99373"
dependencies = [
"itoa",
"memchr",
@@ -1716,13 +1716,15 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
[[package]]
name = "swift-secure-enclave-tool-rs"
version = "0.1.1"
version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1de60ab30b0f344a083df555373a2f419a0682f1a5d76c9f845abe696230caba"
checksum = "781e2858f6440fba7a8979be69cad4dfbfd6488052f782f84d66141ec3af56a8"
dependencies = [
"base64 0.22.1",
"hex",
"rust_util",
"serde",
"serde_json",
]
[[package]]
@@ -1880,7 +1882,7 @@ dependencies = [
[[package]]
name = "tiny-encrypt"
version = "1.9.2"
version = "1.9.3"
dependencies = [
"aes-gcm-stream",
"base64 0.22.1",

4
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package]
name = "tiny-encrypt"
version = "1.9.2"
version = "1.9.3"
edition = "2021"
license = "MIT"
description = "A simple and tiny file encrypt tool"
@@ -51,7 +51,7 @@ pinentry = "0.6"
secrecy = "0.10"
dialoguer = "0.11"
ctrlc = "3.4"
swift-secure-enclave-tool-rs = "0.1"
swift-secure-enclave-tool-rs = "1.0"
[profile.release]
codegen-units = 1

20
src/cmd_initkeychain.rs
View File

@@ -1,7 +1,7 @@
use clap::Args;
use pqcrypto_traits::kem::PublicKey;
use rust_util::{debugging, information, opt_result, simple_error, success, warning, XResult};
use swift_secure_enclave_tool_rs::ControlFlag;
use crate::config::TinyEncryptConfigEnvelop;
use crate::spec::TinyEncryptEnvelopType;
use crate::util_keychainkey;
@@ -14,6 +14,10 @@ pub struct CmdInitKeychain {
#[arg(long, short = 'S')]
pub secure_enclave: bool,
/// Secure Enclave control flag, e.g. none, user-presence, device-passcode, biometry-any, biometry-current-set
#[arg(long, short = 'C')]
pub secure_enclave_control_flag: Option<String>,
/// Expose secure enclave private key data
#[arg(long, short = 'E')]
pub expose_secure_enclave_private_key: bool,
@@ -54,7 +58,19 @@ pub fn keychain_key_se(cmd_init_keychain: CmdInitKeychain) -> XResult<()> {
let service_name = cmd_init_keychain.server_name.as_deref().unwrap_or(DEFAULT_SERVICE_NAME);
let key_name = &cmd_init_keychain.key_name;
let (public_key_hex, private_key_base64) = util_keychainkey::generate_se_p256_keypair()?;
let control_flag = match &cmd_init_keychain.secure_enclave_control_flag {
None => return simple_error!("Parameter --secure-enclave-control-flag required"),
Some(control_flag) => match control_flag.as_str() {
"none" => ControlFlag::None,
"user-presence" | "up" => ControlFlag::UserPresence,
"device-passcode" | "passcode" | "pass" => ControlFlag::DevicePasscode,
"biometry-any" | "bio-any" => ControlFlag::BiometryAny,
"biometry-current-set" | "bio-current" => ControlFlag::BiometryCurrentSet,
_ => return simple_error!("Invalid control flag: {}", control_flag),
}
};
let (public_key_hex, private_key_base64) = util_keychainkey::generate_se_p256_keypair(control_flag)?;
let public_key_compressed_hex = public_key_hex.chars()
.skip(2).take(public_key_hex.len() / 2 - 1).collect::<String>();
let saved_arg0 = if cmd_init_keychain.expose_secure_enclave_private_key {

6
src/util_keychainkey.rs
View File

@@ -1,7 +1,7 @@
use base64::engine::general_purpose::STANDARD;
use base64::Engine;
use rust_util::{simple_error, XResult};
use swift_secure_enclave_tool_rs::KeyPurpose;
use swift_secure_enclave_tool_rs::{ControlFlag, KeyPurpose};
pub fn is_support_se() -> bool {
swift_secure_enclave_tool_rs::is_secure_enclave_supported().unwrap_or(false)
@@ -19,12 +19,12 @@ pub fn decrypt_data(
Ok(shared_secret)
}
pub fn generate_se_p256_keypair() -> XResult<(String, String)> {
pub fn generate_se_p256_keypair(control_flag: ControlFlag) -> XResult<(String, String)> {
if !is_support_se() {
return simple_error!("Secure enclave is not supported.");
}
let key_material =
swift_secure_enclave_tool_rs::generate_keypair(KeyPurpose::KeyAgreement, true)?;
swift_secure_enclave_tool_rs::generate_keypair(KeyPurpose::KeyAgreement, control_flag)?;
Ok((
hex::encode(&key_material.public_key_point),
STANDARD.encode(&key_material.private_key_representation),