Initial commit

Author: consuelita

.gitattributes

@@ -0,0 +1,2 @@
+# Auto detect text files and perform LF normalization
+* text=auto

.gitignore

@@ -0,0 +1,90 @@
+# Xcode
+#
+# gitignore contributors: remember to update Global/Xcode.gitignore, Objective-C.gitignore & Swift.gitignore
+
+## User settings
+xcuserdata/
+
+## compatibility with Xcode 8 and earlier (ignoring not required starting Xcode 9)
+*.xcscmblueprint
+*.xccheckout
+
+## compatibility with Xcode 3 and earlier (ignoring not required starting Xcode 4)
+build/
+DerivedData/
+*.moved-aside
+*.pbxuser
+!default.pbxuser
+*.mode1v3
+!default.mode1v3
+*.mode2v3
+!default.mode2v3
+*.perspectivev3
+!default.perspectivev3
+
+## Obj-C/Swift specific
+*.hmap
+
+## App packaging
+*.ipa
+*.dSYM.zip
+*.dSYM
+
+## Playgrounds
+timeline.xctimeline
+playground.xcworkspace
+
+# Swift Package Manager
+#
+# Add this line if you want to avoid checking in source code from Swift Package Manager dependencies.
+# Packages/
+# Package.pins
+# Package.resolved
+# *.xcodeproj
+#
+# Xcode automatically generates this directory with a .xcworkspacedata file and xcuserdata
+# hence it is not needed unless you have added a package configuration file to your project
+# .swiftpm
+
+.build/
+
+# CocoaPods
+#
+# We recommend against adding the Pods directory to your .gitignore. However
+# you should judge for yourself, the pros and cons are mentioned at:
+# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
+#
+# Pods/
+#
+# Add this line if you want to avoid checking in source code from the Xcode workspace
+# *.xcworkspace
+
+# Carthage
+#
+# Add this line if you want to avoid checking in source code from Carthage dependencies.
+# Carthage/Checkouts
+
+Carthage/Build/
+
+# Accio dependency management
+Dependencies/
+.accio/
+
+# fastlane
+#
+# It is recommended to not store the screenshots in the git repo.
+# Instead, use fastlane to re-generate the screenshots whenever they are needed.
+# For more information about the recommended setup visit:
+# https://docs.fastlane.tools/best-practices/source-control/#source-control
+
+fastlane/report.xml
+fastlane/Preview.html
+fastlane/screenshots/**/*.png
+fastlane/test_output
+
+# Code Injection
+#
+# After new code Injection tools there's a generated folder /iOSInjectionProject
+# https://github.com/johnno1962/injectionforxcode
+
+iOSInjectionProject/

.swiftpm/xcode/package.xcworkspace/contents.xcworkspacedata

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>IDEDidComputeMac32BitWarning</key>
+	<true/>
+</dict>
+</plist>

.swiftpm/xcode/package.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 consuelita
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

LICENSE

@@ -0,0 +1,30 @@
+// swift-tools-version:5.3
+// The swift-tools-version declares the minimum version of Swift required to build this package.
+
+import PackageDescription
+
+let package = Package(
+    name: "Keychain",
+    platforms: [.macOS(.v10_15)],
+    products: [
+        // Products define the executables and libraries a package produces, and make them visible to other packages.
+        .library(
+            name: "Keychain",
+            targets: ["Keychain"]),
+    ],
+    dependencies: [
+        // Dependencies declare other packages that this package depends on.
+        // .package(url: /* package url */, from: "1.0.0"),
+    ],
+    targets: [
+        // Targets are the basic building blocks of a package. A target can define a module or a test suite.
+        // Targets can depend on other targets in this package, and on products in packages this package depends on.
+        .target(
+            name: "Keychain",
+            dependencies: []),
+        .testTarget(
+            name: "KeychainTests",
+            dependencies: ["Keychain"]),
+    ],
+    swiftLanguageVersions: [.v5]
+)

Package.swift

@@ -0,0 +1,2 @@
+# Keychain
+  Simple keychain wrapper for P256 keys for macOS and iOS.

README.md

@@ -0,0 +1,198 @@
+
+import CryptoKit
+import Foundation
+
+
+class Keychain
+{
+    func retrieveOrGeneratePrivateKey(label: String, tag: String) -> P256.KeyAgreement.PrivateKey?
+    {
+        // Do we already have a key?
+        let searchQuery = generateKeySearchQuery(label: label, tag: tag)
+        if let key = retrievePrivateKey(query: searchQuery)
+        {
+            return key
+        }
+        
+        // We don't?
+        // Let's create some and return those
+        let privateKey = P256.KeyAgreement.PrivateKey()
+        
+        // Save the key we stored
+        let stored = storePrivateKey(privateKey, label: label)
+        if !stored
+        {
+            print("😱 Failed to store our new server key.")
+            return nil
+        }
+        return privateKey
+    }
+    
+    func generateAndSavePrivateKey(label: String) -> P256.KeyAgreement.PrivateKey?
+    {
+        let privateKey = P256.KeyAgreement.PrivateKey()
+        
+        // Save the key we stored
+        let stored = storePrivateKey(privateKey, label: label)
+        if !stored
+        {
+            print("😱 Failed to store our new server key.")
+            return nil
+        }
+        
+        return privateKey
+    }
+    
+    func storePrivateKey(_ key: P256.KeyAgreement.PrivateKey, label: String) -> Bool
+    {
+        let attributes = [kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom,
+                          kSecAttrKeyClass: kSecAttrKeyClassPrivate] as [String: Any]
+
+        // Get a SecKey representation.
+        var error: Unmanaged<CFError>?
+        let keyData = key.x963Representation as CFData
+        guard let secKey = SecKeyCreateWithData(keyData,
+                                                attributes as CFDictionary,
+                                                &error)
+            else
+        {
+            print("Unable to create SecKey representation.")
+            if let secKeyError = error
+            {
+                print(secKeyError)
+            }
+            return false
+        }
+        
+        // Describe the add operation.
+        let query = [kSecClass: kSecClassKey,
+                     kSecAttrApplicationLabel: label,
+                     kSecAttrAccessible: kSecAttrAccessibleWhenUnlocked,
+                     kSecUseDataProtectionKeychain: true,
+                     kSecValueRef: secKey] as [String: Any]
+
+        // Add the key to the keychain.
+        let status = SecItemAdd(query as CFDictionary, nil)
+        
+        switch status {
+        case errSecSuccess:
+            return true
+        default:
+            if let statusString = SecCopyErrorMessageString(status, nil)
+            {
+                print("Unable to store item: \(statusString)")
+            }
+            
+            return false
+        }
+    }
+    
+    func retrievePrivateKey(query: CFDictionary) -> P256.KeyAgreement.PrivateKey?
+    {
+        // Find and cast the result as a SecKey instance.
+        var item: CFTypeRef?
+        var secKey: SecKey
+        switch SecItemCopyMatching(query as CFDictionary, &item) {
+        case errSecSuccess: secKey = item as! SecKey
+        case errSecItemNotFound: return nil
+        case let status:
+            print("Keychain read failed: \(status)")
+            return nil
+        }
+        
+        // Convert the SecKey into a CryptoKit key.
+        var error: Unmanaged<CFError>?
+        guard let data = SecKeyCopyExternalRepresentation(secKey, &error) as Data?
+        else
+        {
+            print(error.debugDescription)
+            return nil
+        }
+        
+        do {
+            let key = try P256.KeyAgreement.PrivateKey(x963Representation: data)
+            return key
+        }
+        catch let keyError
+        {
+            print("Error decoding key: \(keyError)")
+            return nil
+        }
+    }
+    
+    func generateKeySearchQuery(label: String, tag: String) -> CFDictionary
+    {
+        let query: [String: Any] = [kSecClass as String: kSecClassKey,
+                                    kSecAttrApplicationLabel as String: label,
+                                    kSecAttrApplicationTag as String: tag,
+                                    kSecMatchLimit as String: kSecMatchLimitOne,
+                                    kSecReturnRef as String: true,
+                                    kSecReturnAttributes as String: false,
+                                    kSecReturnData as String: false]
+        
+        return query as CFDictionary
+    }
+    
+//    func generateKeyAttributesDictionary(tag: String) -> CFDictionary
+//    {
+//        //FIXME: Secure Enclave
+//        // let access = SecAccessControlCreateWithFlags(kCFAllocatorDefault, kSecAttrAccessibleAlwaysThisDeviceOnly, .privateKeyUsage, nil)!
+//        
+//        let privateKeyAttributes: [String: Any] = [
+//            kSecAttrIsPermanent as String: true,
+//            kSecAttrApplicationTag as String: tag
+//            //kSecAttrAccessControl as String: access
+//        ]
+//        
+//        let publicKeyAttributes: [String: Any] = [
+//            kSecAttrIsPermanent as String: true,
+//            kSecAttrApplicationTag as String: tag
+//        ]
+//        
+//        let attributes: [String: Any] = [
+//            kSecClass as String: kSecClassKey,
+//            kSecAttrKeyType as String: kSecAttrKeyTypeECSECPrimeRandom,
+//            kSecAttrKeySizeInBits as String: 256,
+//            //kSecAttrTokenID as String: kSecAttrTokenIDSecureEnclave,
+//            kSecPrivateKeyAttrs as String: privateKeyAttributes,
+//            kSecPublicKeyAttrs as String: publicKeyAttributes
+//        ]
+//        
+//        return attributes as CFDictionary
+//    }
+    
+    public func deriveSymmetricKey(receiverPublicKey: P256.KeyAgreement.PublicKey, senderPrivateKey:P256.KeyAgreement.PrivateKey) -> SymmetricKey?
+    {
+        do
+        {
+            let sharedSecret = try senderPrivateKey.sharedSecretFromKeyAgreement(with: receiverPublicKey)
+            let symmetricKey = sharedSecret.x963DerivedSymmetricKey(using: SHA256.self, sharedInfo: Data(), outputByteCount: 32)
+            
+            return symmetricKey
+        }
+        catch let sharedSecretError
+        {
+            print("Unable to encrypt payload. Failed to generate a shared secret: \(sharedSecretError)")
+            return nil
+        }
+    }
+    
+    func deleteKeys(tag: String)
+    {
+        print("\nAttempted to delete key from secure enclave.")
+        //Remove client keys from secure enclave
+        let query: [String: Any] = [kSecClass as String: kSecClassKey,
+                                    kSecAttrApplicationTag as String: tag]
+        let deleteStatus = SecItemDelete(query as CFDictionary)
+        
+        switch deleteStatus
+        {
+        case errSecItemNotFound:
+            print("Could not find a client key to delete.\n")
+        case noErr:
+            print("Deleted client keys.\n")
+        default:
+            print("Unexpected status: \(deleteStatus.description)\n")
+        }
+    }
+}

Sources/Keychain/Keychain.swift

@@ -0,0 +1,14 @@
+import XCTest
+@testable import Keychain
+
+final class KeychainTests: XCTestCase {
+    func testExample() {
+        // This is an example of a functional test case.
+        // Use XCTAssert and related functions to verify your tests produce the correct
+        // results.
+    }
+
+    static var allTests = [
+        ("testExample", testExample),
+    ]
+}

Tests/KeychainTests/KeychainTests.swift

@@ -0,0 +1,9 @@
+import XCTest
+
+#if !canImport(ObjectiveC)
+public func allTests() -> [XCTestCaseEntry] {
+    return [
+        testCase(KeychainTests.allTests),
+    ]
+}
+#endif

Tests/KeychainTests/XCTestManifests.swift

@@ -0,0 +1,7 @@
+import XCTest
+
+import KeychainTests
+
+var tests = [XCTestCaseEntry]()
+tests += KeychainTests.allTests()
+XCTMain(tests)