LocalData/Sources/LocalData/Models/SecurityPolicy.swift
Matt Bruce e40205ef89 documentation v1
Signed-off-by: Matt Bruce <mbrucedogs@gmail.com>
2026-01-17 10:22:07 -06:00

42 lines
1.8 KiB
Swift

import Foundation
import CryptoKit
import Security
/// Security policy for a ``StorageKey``.
public enum SecurityPolicy: Equatable, Sendable {
/// Stores data without additional security.
case none
/// Encrypts data before storage using the specified policy.
case encrypted(EncryptionPolicy)
/// Stores data directly in the Keychain with accessibility and access control options.
case keychain(accessibility: KeychainAccessibility, accessControl: KeychainAccessControl?)
/// Recommended security policy for most sensitive data.
public static let recommended: SecurityPolicy = .encrypted(.recommended)
/// Encryption algorithm and key derivation settings.
public enum EncryptionPolicy: Equatable, Sendable {
/// AES-256-GCM encryption.
case aes256(keyDerivation: KeyDerivation)
/// ChaCha20-Poly1305 encryption.
case chacha20Poly1305(keyDerivation: KeyDerivation)
/// External key material with key derivation.
case external(source: KeyMaterialSource, keyDerivation: KeyDerivation)
/// Recommended encryption policy for most cases.
public static let recommended: EncryptionPolicy = .chacha20Poly1305(keyDerivation: .hkdf())
/// Convenience for external key material with default HKDF.
public static func external(source: KeyMaterialSource) -> EncryptionPolicy {
.external(source: source, keyDerivation: .hkdf())
}
}
/// Key derivation algorithms for encryption keys.
public enum KeyDerivation: Equatable, Sendable {
/// PBKDF2 with optional iterations and salt.
case pbkdf2(iterations: Int? = nil, salt: Data? = nil)
/// HKDF with optional salt and info.
case hkdf(salt: Data? = nil, info: Data? = nil)
}
}