Improves retrieval of keys

Author: dm-zharov

Sources/SwiftSecurity/CryptoKit/SecKeyConvertible.swift

@@ -29,58 +29,58 @@ public protocol SecKeyConvertible: SecKeyRepresentable {
 /// NIST P-256 (also known as `secp256r1` /  `prime256r1` / `prime256v1`).
 
 extension P256.Signing.PrivateKey: SecKeyConvertible {
-    public var secKeyDescriptor: SecKeyDescriptor { .ecPrivateKey }
+    public static var keyDescriptor: SecKeyDescriptor { .ecPrivateKey }
 }
 extension P256.Signing.PublicKey: SecKeyConvertible {
-    public var secKeyDescriptor: SecKeyDescriptor { .ecPublicKey }
+    public static var keyDescriptor: SecKeyDescriptor { .ecPublicKey }
 }
 
 extension P256.KeyAgreement.PrivateKey: SecKeyConvertible {
-    public var secKeyDescriptor: SecKeyDescriptor { .ecPrivateKey }
+    public static var keyDescriptor: SecKeyDescriptor { .ecPrivateKey }
 }
 extension P256.KeyAgreement.PublicKey: SecKeyConvertible {
-    public var secKeyDescriptor: SecKeyDescriptor { .ecPublicKey }
+    public static var keyDescriptor: SecKeyDescriptor { .ecPublicKey }
 }
 
 /// NIST P-384 (also known as `secp384r1` ).
 
 extension P384.Signing.PrivateKey: SecKeyConvertible {
-    public var secKeyDescriptor: SecKeyDescriptor { .ecPrivateKey }
+    public static var keyDescriptor: SecKeyDescriptor { .ecPrivateKey }
 }
 
 extension P384.Signing.PublicKey: SecKeyConvertible {
-    public var secKeyDescriptor: SecKeyDescriptor { .ecPublicKey }
+    public static var keyDescriptor: SecKeyDescriptor { .ecPublicKey }
 }
 
 extension P384.KeyAgreement.PrivateKey: SecKeyConvertible {
-    public var secKeyDescriptor: SecKeyDescriptor { .ecPrivateKey }
+    public static var keyDescriptor: SecKeyDescriptor { .ecPrivateKey }
 }
 
 extension P384.KeyAgreement.PublicKey: SecKeyConvertible {
-    public var secKeyDescriptor: SecKeyDescriptor { .ecPublicKey }
+    public static var keyDescriptor: SecKeyDescriptor { .ecPublicKey }
 }
 
 /// NIST P-521 (also known as `secp521r1` ).
 
 extension P521.Signing.PrivateKey: SecKeyConvertible {
-    public var secKeyDescriptor: SecKeyDescriptor { .ecPrivateKey }
+    public static var keyDescriptor: SecKeyDescriptor { .ecPrivateKey }
 }
 extension P521.Signing.PublicKey: SecKeyConvertible {
-    public var secKeyDescriptor: SecKeyDescriptor { .ecPublicKey }
+    public static var keyDescriptor: SecKeyDescriptor { .ecPublicKey }
 }
 
 extension P521.KeyAgreement.PrivateKey: SecKeyConvertible {
-    public var secKeyDescriptor: SecKeyDescriptor { .ecPrivateKey }
+    public static var keyDescriptor: SecKeyDescriptor { .ecPrivateKey }
 }
 extension P521.KeyAgreement.PublicKey: SecKeyConvertible {
-    public var secKeyDescriptor: SecKeyDescriptor { .ecPublicKey }
+    public static var keyDescriptor: SecKeyDescriptor { .ecPublicKey }
 }
 
 // MARK: - SecKey
 
 public protocol SecKeyRepresentable {
     /// A key descriptor for storage.
-    var secKeyDescriptor: SecKeyDescriptor { get }
+    static var keyDescriptor: SecKeyDescriptor { get }
 
     /// A key reference.
     var secKey: SecKey { get throws }
@@ -90,7 +90,7 @@ extension SecKeyConvertible {
     public var secKey: SecKey {
         get throws {
             let keyData: Data
-            switch secKeyDescriptor.keyType {
+            switch keyType {
             case .ecsecPrimeRandom:
                 // X9.63
                 keyData = x963Representation
@@ -101,8 +101,8 @@ extension SecKeyConvertible {
 
             var error: Unmanaged<CFError>?
             guard let secKey: SecKey = SecKeyCreateWithData(keyData as CFData, [
-                kSecAttrKeyType: secKeyDescriptor.keyType.rawValue,
-                kSecAttrKeyClass: secKeyDescriptor.keyClass.rawValue
+                kSecAttrKeyType: keyType.rawValue,
+                kSecAttrKeyClass: keyClass.rawValue
             ] as CFDictionary, &error) else {
                 if let error = error?.takeRetainedValue() {
                     throw SwiftSecurityError(error: error)
@@ -112,6 +112,16 @@ extension SecKeyConvertible {
             return secKey
         }
     }
+    
+    /// The type of the key.
+    public var keyType: KeyType {
+        Self.keyDescriptor.keyType
+    }
+    
+    /// The role of the key.
+    public var keyClass: KeyClass {
+        Self.keyDescriptor.keyClass
+    }
 }
 
 public struct SecKeyDescriptor: Sendable {

Sources/SwiftSecurity/Keychain/Keychain.swift

@@ -324,9 +324,9 @@ extension Keychain: SecKeyStore {
     ) throws -> SecValue<SecKey>? {
         guard
             /// If key type specified in query, it should match with type from key's descriptor.  Refer to `.key(for:descriptor:)`
-            query.keyType == nil || query.keyType == key.secKeyDescriptor.keyType,
+            query.keyType == nil || query.keyType == key.keyType,
             /// If key class specified in query, it should match with class from key's descriptor.
-            query.keyClass == nil || query.keyClass == key.secKeyDescriptor.keyClass
+            query.keyClass == nil || query.keyClass == key.keyClass
         else {
             /// You most likely tried to store a public key as a private key. While it might be accepted by the keychain, it could lead to confusion.
             throw SwiftSecurityError.invalidParameter
@@ -350,12 +350,11 @@ extension Keychain: SecKeyStore {
             throw SwiftSecurityError.invalidParameter
         }
 
-        if let ecKey = try? T(x963Representation: data) {
-            return ecKey
-        } else if let rsaKey = try? T(derRepresentation: data) {
-            return rsaKey
-        } else {
-            throw SwiftSecurityError.invalidParameter
+        switch T.keyDescriptor.keyType {
+        case .ecsecPrimeRandom:
+            return try T(x963Representation: data)
+        case .rsa:
+            return try T(derRepresentation: data)
         }
     }
 }