Refactored macOS-specific code into its own library

Author: Dr. Brandon Wiley

.gitignore

@@ -1,3 +1,6 @@
+.swiftpm
+.build
+
 # Xcode
 #
 # gitignore contributors: remember to update Global/Xcode.gitignore, Objective-C.gitignore & Swift.gitignore

.swiftpm/xcode/package.xcworkspace/contents.xcworkspacedata

@@ -1,6 +1,15 @@
 {
   "object": {
     "pins": [
+      {
+        "package": "KeychainMacOS",
+        "repositoryURL": "https://github.com/OperatorFoundation/KeychainMacOS.git",
+        "state": {
+          "branch": null,
+          "revision": "e6d545e3b8ebb4b3b6b3f58c6936ab708a8d7373",
+          "version": "1.0.1"
+        }
+      },
       {
         "package": "swift-crypto",
         "repositoryURL": "https://github.com/apple/swift-crypto.git",

.swiftpm/xcode/package.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist

@@ -1,4 +1,4 @@
-// swift-tools-version:5.3
+// swift-tools-version:5.5
 // The swift-tools-version declares the minimum version of Swift required to build this package.
 
 import PackageDescription
@@ -18,13 +18,14 @@ let package = Package(
         // .package(url: /* package url */, from: "1.0.0"),
         .package(url: "https://github.com/apple/swift-crypto.git",
                          from: "2.0.0"),
+        .package(url: "https://github.com/OperatorFoundation/KeychainMacOS.git", from: "1.0.1"),
     ],
     targets: [
         // Targets are the basic building blocks of a package. A target can define a module or a test suite.
         // Targets can depend on other targets in this package, and on products in packages this package depends on.
         .target(
             name: "Keychain",
-            dependencies: [
+            dependencies: ["KeychainMacOS",
                 .product(name: "Crypto", package: "swift-crypto"),
             ]),
         .testTarget(

Package.resolved

@@ -3,158 +3,9 @@ import Crypto
 import Foundation
 
 #if os(macOS)
-public class Keychain
-{
-    public init() {}
-    
-    public func retrieveOrGeneratePrivateKey(label: String) -> P256.KeyAgreement.PrivateKey?
-    {
-        // Do we already have a key?
-        if let key = retrievePrivateKey(label: label)
-        {
-            return key
-        }
-        
-        // We don't?
-        // Let's create some and return those
-        let privateKey = P256.KeyAgreement.PrivateKey()
-        
-        // Save the key we stored
-        let stored = storePrivateKey(privateKey, label: label)
-        if !stored
-        {
-            print("😱 Failed to store our new server key.")
-            return nil
-        }
-        return privateKey
-    }
-    
-    public func generateAndSavePrivateKey(label: String) -> P256.KeyAgreement.PrivateKey?
-    {
-        let privateKey = P256.KeyAgreement.PrivateKey()
-        
-        // Save the key we stored
-        let stored = storePrivateKey(privateKey, label: label)
-        if !stored
-        {
-            print("😱 Failed to store our new server key.")
-            return nil
-        }
-        
-        return privateKey
-    }
-    
-    public func storePrivateKey(_ key: P256.KeyAgreement.PrivateKey, label: String) -> Bool
-    {
-        let attributes = [kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom,
-                          kSecAttrKeyClass: kSecAttrKeyClassPrivate] as [String: Any]
 
-        // Get a SecKey representation.
-        var error: Unmanaged<CFError>?
-        let keyData = key.x963Representation as CFData
-        guard let secKey = SecKeyCreateWithData(keyData,
-                                                attributes as CFDictionary,
-                                                &error)
-            else
-        {
-            print("Unable to create SecKey representation.")
-            if let secKeyError = error
-            {
-                print(secKeyError)
-            }
-            return false
-        }
-        
-        // Describe the add operation.
-        let query = [kSecClass: kSecClassKey,
-                     kSecAttrApplicationLabel: label,
-                     kSecAttrAccessible: kSecAttrAccessibleWhenUnlocked,
-                     kSecUseDataProtectionKeychain: true,
-                     kSecValueRef: secKey] as [String: Any]
+@_exported import KeychainMacOS
 
-        // Add the key to the keychain.
-        let status = SecItemAdd(query as CFDictionary, nil)
-        
-        switch status {
-        case errSecSuccess:
-            return true
-        default:
-            if let statusString = SecCopyErrorMessageString(status, nil)
-            {
-                print("Unable to store item: \(statusString)")
-            }
-            
-            return false
-        }
-    }
-    
-    public func retrievePrivateKey(label: String) -> P256.KeyAgreement.PrivateKey?
-    {
-        let query: CFDictionary = generateKeySearchQuery(label: label)
-        
-        // Find and cast the result as a SecKey instance.
-        var item: CFTypeRef?
-        var secKey: SecKey
-        switch SecItemCopyMatching(query as CFDictionary, &item) {
-        case errSecSuccess: secKey = item as! SecKey
-        case errSecItemNotFound: return nil
-        case let status:
-            print("Keychain read failed: \(status)")
-            return nil
-        }
-        
-        // Convert the SecKey into a CryptoKit key.
-        var error: Unmanaged<CFError>?
-        guard let data = SecKeyCopyExternalRepresentation(secKey, &error) as Data?
-        else
-        {
-            print(error.debugDescription)
-            return nil
-        }
-        
-        do {
-            let key = try P256.KeyAgreement.PrivateKey(x963Representation: data)
-            return key
-        }
-        catch let keyError
-        {
-            print("Error decoding key: \(keyError)")
-            return nil
-        }
-    }
-    
-    public func generateKeySearchQuery(label: String) -> CFDictionary
-    {
-        let query: [String: Any] = [kSecClass as String: kSecClassKey,
-                                    kSecAttrApplicationLabel as String: label,
-                                    //kSecAttrApplicationTag as String: tag,
-                                    kSecMatchLimit as String: kSecMatchLimitOne,
-                                    kSecReturnRef as String: true,
-                                    kSecReturnAttributes as String: false,
-                                    kSecReturnData as String: false]
-        
-        return query as CFDictionary
-    }
-    
-    public func deleteKey(label: String)
-    {
-        print("\nAttempted to delete key.")
-        //Remove client keys from secure enclave
-        //let query: [String: Any] = [kSecClass as String: kSecClassKey, kSecAttrApplicationTag as String: tag]
-        let query = generateKeySearchQuery(label: label)
-        let deleteStatus = SecItemDelete(query as CFDictionary)
-        
-        switch deleteStatus
-        {
-        case errSecItemNotFound:
-            print("Could not find a key to delete.\n")
-        case noErr:
-            print("Deleted a key.\n")
-        default:
-            print("Unexpected status: \(deleteStatus.description)\n")
-        }
-    }
-}
 #else
 
 @_exported import KeychainLinux