hatter/tiny-encrypt-rs
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v1.9.3

Browse Source
This commit is contained in:
Hatter Jiang
2025-05-12 23:58:14 +08:00
parent 4ad735d840
commit f0f505bde3
4 changed files with 34 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
Cargo.lock generated
View File

@@ -1596,18 +1596,18 @@ checksum = "f79dfe2d285b0488816f30e700a7438c5a73d816b5b7d3ac72fbc48b0d185e03"
[[package]] [[package]]
name = "serde" name = "serde"
version = "1.0.217" version = "1.0.219"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "02fc4265df13d6fa1d00ecff087228cc0a2b5f3c0e87e258d8b94a156e984c70" checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6"
dependencies = [ dependencies = [
"serde_derive", "serde_derive",
] ]
[[package]] [[package]]
name = "serde_derive" name = "serde_derive"
version = "1.0.217" version = "1.0.219"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5a9bf7cf98d04a2b28aead066b7496853d4779c9cc183c440dbac457641e19a0" checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
@@ -1616,9 +1616,9 @@ dependencies = [
[[package]] [[package]]
name = "serde_json" name = "serde_json"
version = "1.0.138" version = "1.0.140"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d434192e7da787e94a6ea7e9670b26a036d0ca41e0b7efb2676dd32bae872949" checksum = "20068b6e96dc6c9bd23e01df8827e6c7e1f2fddd43c21810382803c136b99373"
dependencies = [ dependencies = [
"itoa", "itoa",
"memchr", "memchr",
@@ -1716,13 +1716,15 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
[[package]] [[package]]
name = "swift-secure-enclave-tool-rs" name = "swift-secure-enclave-tool-rs"
version = "0.1.1" version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1de60ab30b0f344a083df555373a2f419a0682f1a5d76c9f845abe696230caba" checksum = "781e2858f6440fba7a8979be69cad4dfbfd6488052f782f84d66141ec3af56a8"
dependencies = [ dependencies = [
"base64 0.22.1", "base64 0.22.1",
"hex", "hex",
"rust_util", "rust_util",
"serde",
"serde_json",
] ]
[[package]] [[package]]
@@ -1880,7 +1882,7 @@ dependencies = [
[[package]] [[package]]
name = "tiny-encrypt" name = "tiny-encrypt"
version = "1.9.2" version = "1.9.3"
dependencies = [ dependencies = [
"aes-gcm-stream", "aes-gcm-stream",
"base64 0.22.1", "base64 0.22.1",

4
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package] [package]
name = "tiny-encrypt" name = "tiny-encrypt"
version = "1.9.2" version = "1.9.3"
edition = "2021" edition = "2021"
license = "MIT" license = "MIT"
description = "A simple and tiny file encrypt tool" description = "A simple and tiny file encrypt tool"
@@ -51,7 +51,7 @@ pinentry = "0.6"
secrecy = "0.10" secrecy = "0.10"
dialoguer = "0.11" dialoguer = "0.11"
ctrlc = "3.4" ctrlc = "3.4"
swift-secure-enclave-tool-rs = "0.1" swift-secure-enclave-tool-rs = "1.0"
[profile.release] [profile.release]
codegen-units = 1 codegen-units = 1

20
src/cmd_initkeychain.rs
View File

@@ -1,7 +1,7 @@
use clap::Args; use clap::Args;
use pqcrypto_traits::kem::PublicKey; use pqcrypto_traits::kem::PublicKey;
use rust_util::{debugging, information, opt_result, simple_error, success, warning, XResult}; use rust_util::{debugging, information, opt_result, simple_error, success, warning, XResult};
use swift_secure_enclave_tool_rs::ControlFlag;
use crate::config::TinyEncryptConfigEnvelop; use crate::config::TinyEncryptConfigEnvelop;
use crate::spec::TinyEncryptEnvelopType; use crate::spec::TinyEncryptEnvelopType;
use crate::util_keychainkey; use crate::util_keychainkey;
@@ -14,6 +14,10 @@ pub struct CmdInitKeychain {
#[arg(long, short = 'S')] #[arg(long, short = 'S')]
pub secure_enclave: bool, pub secure_enclave: bool,
/// Secure Enclave control flag, e.g. none, user-presence, device-passcode, biometry-any, biometry-current-set
#[arg(long, short = 'C')]
pub secure_enclave_control_flag: Option<String>,
/// Expose secure enclave private key data /// Expose secure enclave private key data
#[arg(long, short = 'E')] #[arg(long, short = 'E')]
pub expose_secure_enclave_private_key: bool, pub expose_secure_enclave_private_key: bool,
@@ -54,7 +58,19 @@ pub fn keychain_key_se(cmd_init_keychain: CmdInitKeychain) -> XResult<()> {
let service_name = cmd_init_keychain.server_name.as_deref().unwrap_or(DEFAULT_SERVICE_NAME); let service_name = cmd_init_keychain.server_name.as_deref().unwrap_or(DEFAULT_SERVICE_NAME);
let key_name = &cmd_init_keychain.key_name; let key_name = &cmd_init_keychain.key_name;
let (public_key_hex, private_key_base64) = util_keychainkey::generate_se_p256_keypair()?; let control_flag = match &cmd_init_keychain.secure_enclave_control_flag {
None => return simple_error!("Parameter --secure-enclave-control-flag required"),
Some(control_flag) => match control_flag.as_str() {
"none" => ControlFlag::None,
"user-presence" | "up" => ControlFlag::UserPresence,
"device-passcode" | "passcode" | "pass" => ControlFlag::DevicePasscode,
"biometry-any" | "bio-any" => ControlFlag::BiometryAny,
"biometry-current-set" | "bio-current" => ControlFlag::BiometryCurrentSet,
_ => return simple_error!("Invalid control flag: {}", control_flag),
}
};
let (public_key_hex, private_key_base64) = util_keychainkey::generate_se_p256_keypair(control_flag)?;
let public_key_compressed_hex = public_key_hex.chars() let public_key_compressed_hex = public_key_hex.chars()
.skip(2).take(public_key_hex.len() / 2 - 1).collect::<String>(); .skip(2).take(public_key_hex.len() / 2 - 1).collect::<String>();
let saved_arg0 = if cmd_init_keychain.expose_secure_enclave_private_key { let saved_arg0 = if cmd_init_keychain.expose_secure_enclave_private_key {

6
src/util_keychainkey.rs
View File

@@ -1,7 +1,7 @@
use base64::engine::general_purpose::STANDARD; use base64::engine::general_purpose::STANDARD;
use base64::Engine; use base64::Engine;
use rust_util::{simple_error, XResult}; use rust_util::{simple_error, XResult};
use swift_secure_enclave_tool_rs::KeyPurpose; use swift_secure_enclave_tool_rs::{ControlFlag, KeyPurpose};
pub fn is_support_se() -> bool { pub fn is_support_se() -> bool {
swift_secure_enclave_tool_rs::is_secure_enclave_supported().unwrap_or(false) swift_secure_enclave_tool_rs::is_secure_enclave_supported().unwrap_or(false)
@@ -19,12 +19,12 @@ pub fn decrypt_data(
Ok(shared_secret) Ok(shared_secret)
} }
pub fn generate_se_p256_keypair() -> XResult<(String, String)> { pub fn generate_se_p256_keypair(control_flag: ControlFlag) -> XResult<(String, String)> {
if !is_support_se() { if !is_support_se() {
return simple_error!("Secure enclave is not supported."); return simple_error!("Secure enclave is not supported.");
} }
let key_material = let key_material =
swift_secure_enclave_tool_rs::generate_keypair(KeyPurpose::KeyAgreement, true)?; swift_secure_enclave_tool_rs::generate_keypair(KeyPurpose::KeyAgreement, control_flag)?;
Ok(( Ok((
hex::encode(&key_material.public_key_point), hex::encode(&key_material.public_key_point),
STANDARD.encode(&key_material.private_key_representation), STANDARD.encode(&key_material.private_key_representation),