Skip to main content

hardware_enclave/
types.rs

1// Copyright 2026 Jay Gowdy
2// SPDX-License-Identifier: MIT
3
4pub use crate::internal::app_storage::BackendKind;
5pub use crate::internal::core::types::{AccessPolicy, KeyType, PresenceMode};
6
7/// Public projection of key metadata. Does not expose serde_json::Value.
8#[derive(Debug, Clone)]
9pub struct KeyInfo {
10    /// The key's label as passed to `generate_key()`.
11    pub label: String,
12    /// Whether this is a signing or encryption key.
13    pub key_type: KeyType,
14    /// The key's access policy, if determinable. `None` when metadata is unavailable.
15    ///
16    /// `None` means the policy was not available (e.g., metadata read failed or
17    /// the backend does not expose policy metadata via `list_keys()`). Callers
18    /// must check for `None` and not assume a default policy.
19    pub access_policy: Option<AccessPolicy>,
20    /// Uncompressed SEC1 P-256 public key: `0x04 || X (32 bytes) || Y (32 bytes)`.
21    pub public_key: Vec<u8>,
22}
23
24/// Options controlling the user-presence prompt for [`SignerHandle::sign_with_presence`][crate::signing::SignerHandle::sign_with_presence].
25///
26/// The `mode` field determines whether a prompt fires; `cache_ttl_secs` controls
27/// how long a successful authentication suppresses subsequent prompts (macOS only);
28/// `reason` is the human-readable string shown in the biometric dialog.
29#[derive(Debug, Clone)]
30pub struct PresenceOptions {
31    /// Controls when the biometric/PIN prompt fires.
32    pub mode: PresenceMode,
33    /// How long a successful authentication suppresses subsequent prompts.
34    /// Effective only on macOS (LAContext TTL); ignored on other platforms.
35    /// `0` means prompt on every call.
36    pub cache_ttl_secs: u64,
37    /// Human-readable reason shown in the Touch ID / Windows Hello dialog.
38    pub reason: String,
39}
40
41impl PresenceOptions {
42    /// Create options that always prompt (no caching). Equivalent to `PresenceMode::Strict`
43    /// with `cache_ttl_secs = 0`.
44    pub fn strict(reason: impl Into<String>) -> Self {
45        Self {
46            mode: PresenceMode::Strict,
47            cache_ttl_secs: 0,
48            reason: reason.into(),
49        }
50    }
51
52    /// Create options that cache a successful authentication for `ttl_secs` seconds
53    /// before prompting again. Uses `PresenceMode::Cached`.
54    pub fn cached(reason: impl Into<String>, ttl_secs: u64) -> Self {
55        Self {
56            mode: PresenceMode::Cached,
57            cache_ttl_secs: ttl_secs,
58            reason: reason.into(),
59        }
60    }
61}