Merge PR #111: Save the private key to the iOS keychain and not user defaults

Closes: #111
Changelog-Changed: Save privkey in keychain instead of user defaults

damus/Util/Keys.swift

@@ -7,6 +7,7 @@
 
 import Foundation
 import secp256k1
+import Vault
 
 let PUBKEY_HRP = "npub"
 let PRIVKEY_HRP = "nsec"
@@ -29,6 +30,12 @@ enum Bech32Key {
     case sec(String)
 }
 
+struct DamusKeychainConfiguration: KeychainConfiguration {
+    var serviceName = "damus"
+    var accessGroup: String? = nil
+    var accountName = "privkey"
+}
+
 func decode_bech32_key(_ key: String) -> Bech32Key? {
     guard let decoded = try? bech32_decode(key) else {
         return nil
@@ -86,32 +93,38 @@ func save_pubkey(pubkey: String) {
     UserDefaults.standard.set(pubkey, forKey: "pubkey")
 }
 
-func save_privkey(privkey: String) {
-    UserDefaults.standard.set(privkey, forKey: "privkey")
+func save_privkey(privkey: String) throws {
+    try Vault.savePrivateKey(privkey, keychainConfiguration: DamusKeychainConfiguration())
 }
 
-func clear_saved_privkey() {
-    UserDefaults.standard.removeObject(forKey: "privkey")
+func clear_saved_privkey() throws {
+    try Vault.deletePrivateKey(keychainConfiguration: DamusKeychainConfiguration())
 }
 
 func clear_saved_pubkey() {
     UserDefaults.standard.removeObject(forKey: "pubkey")
 }
 
-func save_keypair(pubkey: String, privkey: String) {
+func save_keypair(pubkey: String, privkey: String) throws {
     save_pubkey(pubkey: pubkey)
-    save_privkey(privkey: privkey)
+    try save_privkey(privkey: privkey)
 }
 
-func clear_keypair() {
-    clear_saved_privkey()
+func clear_keypair() throws {
+    try clear_saved_privkey()
     clear_saved_pubkey()
 }
 
 func get_saved_keypair() -> Keypair? {
-    get_saved_pubkey().flatMap { pubkey in
-        let privkey = get_saved_privkey()
-        return Keypair(pubkey: pubkey, privkey: privkey)
+    do {
+        try removePrivateKeyFromUserDefaults()
+        
+        return get_saved_pubkey().flatMap { pubkey in
+            let privkey = get_saved_privkey()
+            return Keypair(pubkey: pubkey, privkey: privkey)
+        }
+    } catch {
+        return nil
     }
 }
 
@@ -120,5 +133,11 @@ func get_saved_pubkey() -> String? {
 }
 
 func get_saved_privkey() -> String? {
-    return UserDefaults.standard.string(forKey: "privkey")
+    try? Vault.getPrivateKey(keychainConfiguration: DamusKeychainConfiguration())
+}
+
+fileprivate func removePrivateKeyFromUserDefaults() throws {
+    guard let privKey = UserDefaults.standard.string(forKey: "privkey") else { return }
+    try save_privkey(privkey: privKey)
+    UserDefaults.standard.removeObject(forKey: "privkey")
 }

damus/Views/LoginView.swift

@@ -52,14 +52,24 @@ struct LoginView: View {
     func process_login(_ key: ParsedKey, is_pubkey: Bool) -> Bool {
         switch key {
         case .priv(let priv):
-            save_privkey(privkey: priv)
+            do {
+                try save_privkey(privkey: priv)
+            } catch {
+                return false
+            }
+            
             guard let pk = privkey_to_pubkey(privkey: priv) else {
                 return false
             }
             save_pubkey(pubkey: pk)
 
         case .pub(let pub):
-            clear_saved_privkey()
+            do {
+                try clear_saved_privkey()
+            } catch {
+                return false
+            }
+            
             save_pubkey(pubkey: pub)
 
         case .nip05(let id):
@@ -82,10 +92,20 @@ struct LoginView: View {
 
         case .hex(let hexstr):
             if is_pubkey {
-                clear_saved_privkey()
+                do {
+                    try clear_saved_privkey()
+                } catch {
+                    return false
+                }
+                
                 save_pubkey(pubkey: hexstr)
             } else {
-                save_privkey(privkey: hexstr)
+                do {
+                    try save_privkey(privkey: hexstr)
+                } catch {
+                    return false
+                }
+                
                 guard let pk = privkey_to_pubkey(privkey: hexstr) else {
                     return false
                 }

damus/Views/SaveKeysView.swift

@@ -107,8 +107,13 @@ struct SaveKeysView: View {
                     self.pool.send(.event(contacts_ev))
                 }
                 
-                save_keypair(pubkey: account.pubkey, privkey: account.privkey)
-                notify(.login, account.keypair)
+                do {
+                    try save_keypair(pubkey: account.pubkey, privkey: account.privkey)
+                    notify(.login, account.keypair)
+                } catch {
+                    self.error = "Failed to save keys"
+                }
+                
             case .error(let err):
                 self.loading = false
                 self.error = "\(err.debugDescription)"

damus/damus.entitlements

@@ -4,5 +4,9 @@
 <dict>
 	<key>aps-environment</key>
 	<string>development</string>
+	<key>keychain-access-groups</key>
+	<array>
+		<string>$(AppIdentifierPrefix)com.jb55.damus2</string>
+	</array>
 </dict>
 </plist>

damus/damusApp.swift

@@ -36,7 +36,7 @@ struct MainView: View {
             }
         }
         .onReceive(handle_notify(.logout)) { _ in
-            clear_keypair()
+            try? clear_keypair()
             keypair = nil
         }
         .onAppear {