feat: v1.9.3
This commit is contained in:
@@ -1,7 +1,7 @@
|
||||
use clap::Args;
|
||||
use pqcrypto_traits::kem::PublicKey;
|
||||
use rust_util::{debugging, information, opt_result, simple_error, success, warning, XResult};
|
||||
|
||||
use swift_secure_enclave_tool_rs::ControlFlag;
|
||||
use crate::config::TinyEncryptConfigEnvelop;
|
||||
use crate::spec::TinyEncryptEnvelopType;
|
||||
use crate::util_keychainkey;
|
||||
@@ -14,6 +14,10 @@ pub struct CmdInitKeychain {
|
||||
#[arg(long, short = 'S')]
|
||||
pub secure_enclave: bool,
|
||||
|
||||
/// Secure Enclave control flag, e.g. none, user-presence, device-passcode, biometry-any, biometry-current-set
|
||||
#[arg(long, short = 'C')]
|
||||
pub secure_enclave_control_flag: Option<String>,
|
||||
|
||||
/// Expose secure enclave private key data
|
||||
#[arg(long, short = 'E')]
|
||||
pub expose_secure_enclave_private_key: bool,
|
||||
@@ -54,7 +58,19 @@ pub fn keychain_key_se(cmd_init_keychain: CmdInitKeychain) -> XResult<()> {
|
||||
let service_name = cmd_init_keychain.server_name.as_deref().unwrap_or(DEFAULT_SERVICE_NAME);
|
||||
let key_name = &cmd_init_keychain.key_name;
|
||||
|
||||
let (public_key_hex, private_key_base64) = util_keychainkey::generate_se_p256_keypair()?;
|
||||
let control_flag = match &cmd_init_keychain.secure_enclave_control_flag {
|
||||
None => return simple_error!("Parameter --secure-enclave-control-flag required"),
|
||||
Some(control_flag) => match control_flag.as_str() {
|
||||
"none" => ControlFlag::None,
|
||||
"user-presence" | "up" => ControlFlag::UserPresence,
|
||||
"device-passcode" | "passcode" | "pass" => ControlFlag::DevicePasscode,
|
||||
"biometry-any" | "bio-any" => ControlFlag::BiometryAny,
|
||||
"biometry-current-set" | "bio-current" => ControlFlag::BiometryCurrentSet,
|
||||
_ => return simple_error!("Invalid control flag: {}", control_flag),
|
||||
}
|
||||
};
|
||||
|
||||
let (public_key_hex, private_key_base64) = util_keychainkey::generate_se_p256_keypair(control_flag)?;
|
||||
let public_key_compressed_hex = public_key_hex.chars()
|
||||
.skip(2).take(public_key_hex.len() / 2 - 1).collect::<String>();
|
||||
let saved_arg0 = if cmd_init_keychain.expose_secure_enclave_private_key {
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
use base64::engine::general_purpose::STANDARD;
|
||||
use base64::Engine;
|
||||
use rust_util::{simple_error, XResult};
|
||||
use swift_secure_enclave_tool_rs::KeyPurpose;
|
||||
use swift_secure_enclave_tool_rs::{ControlFlag, KeyPurpose};
|
||||
|
||||
pub fn is_support_se() -> bool {
|
||||
swift_secure_enclave_tool_rs::is_secure_enclave_supported().unwrap_or(false)
|
||||
@@ -19,12 +19,12 @@ pub fn decrypt_data(
|
||||
Ok(shared_secret)
|
||||
}
|
||||
|
||||
pub fn generate_se_p256_keypair() -> XResult<(String, String)> {
|
||||
pub fn generate_se_p256_keypair(control_flag: ControlFlag) -> XResult<(String, String)> {
|
||||
if !is_support_se() {
|
||||
return simple_error!("Secure enclave is not supported.");
|
||||
}
|
||||
let key_material =
|
||||
swift_secure_enclave_tool_rs::generate_keypair(KeyPurpose::KeyAgreement, true)?;
|
||||
swift_secure_enclave_tool_rs::generate_keypair(KeyPurpose::KeyAgreement, control_flag)?;
|
||||
Ok((
|
||||
hex::encode(&key_material.public_key_point),
|
||||
STANDARD.encode(&key_material.private_key_representation),
|
||||
|
||||
Reference in New Issue
Block a user