42 lines
1.8 KiB
Swift
42 lines
1.8 KiB
Swift
import Foundation
|
|
import CryptoKit
|
|
import Security
|
|
|
|
/// Security policy for a ``StorageKey``.
|
|
public enum SecurityPolicy: Equatable, Sendable {
|
|
/// Stores data without additional security.
|
|
case none
|
|
/// Encrypts data before storage using the specified policy.
|
|
case encrypted(EncryptionPolicy)
|
|
/// Stores data directly in the Keychain with accessibility and access control options.
|
|
case keychain(accessibility: KeychainAccessibility, accessControl: KeychainAccessControl?)
|
|
|
|
/// Recommended security policy for most sensitive data.
|
|
public static let recommended: SecurityPolicy = .encrypted(.recommended)
|
|
|
|
/// Encryption algorithm and key derivation settings.
|
|
public enum EncryptionPolicy: Equatable, Sendable {
|
|
/// AES-256-GCM encryption.
|
|
case aes256(keyDerivation: KeyDerivation)
|
|
/// ChaCha20-Poly1305 encryption.
|
|
case chacha20Poly1305(keyDerivation: KeyDerivation)
|
|
/// External key material with key derivation.
|
|
case external(source: KeyMaterialSource, keyDerivation: KeyDerivation)
|
|
|
|
/// Recommended encryption policy for most cases.
|
|
public static let recommended: EncryptionPolicy = .chacha20Poly1305(keyDerivation: .hkdf())
|
|
/// Convenience for external key material with default HKDF.
|
|
public static func external(source: KeyMaterialSource) -> EncryptionPolicy {
|
|
.external(source: source, keyDerivation: .hkdf())
|
|
}
|
|
}
|
|
|
|
/// Key derivation algorithms for encryption keys.
|
|
public enum KeyDerivation: Equatable, Sendable {
|
|
/// PBKDF2 with optional iterations and salt.
|
|
case pbkdf2(iterations: Int? = nil, salt: Data? = nil)
|
|
/// HKDF with optional salt and info.
|
|
case hkdf(salt: Data? = nil, info: Data? = nil)
|
|
}
|
|
}
|