sequoia_keystore_backend/
password_source.rs

1#[cfg(doc)]
2use crate::KeyHandle;
3
4/// How the password is obtained.
5#[derive(Debug)]
6pub enum PasswordSource {
7    // keystore_protocol.capnp PasswordSource:
8
9    /// The application must provide the password to unlock the key.
10    ///
11    /// This means that if a key is locked, then before executing a
12    /// private key operation, the key must be unlocked using
13    /// [`KeyHandle::unlock`].
14    Inline,
15
16    /// The application must provide the password to unlock the key,
17    /// but operations must be confirmed externally.
18    ///
19    /// This means that if a key is locked, then before executing a
20    /// private key operation, the key must be unlocked using
21    /// [`KeyHandle::unlock`].  These operations may require the user
22    /// externally confirm the operation.
23    InlineWithConfirmation,
24
25    /// The user must provide the password out of band.
26    ///
27    /// The user provides the password using an external pinpad, or
28    /// via a trusted user interface so as to not reveal the password
29    /// to the application or system.
30    ///
31    /// This means if the key is locked, the user will be prompted to
32    /// unlock it as a side effect of a private key operation.
33    ///
34    /// The application can use [`KeyHandle::unlock`] to proactively
35    /// cause the user to be prompted to unlock the key.
36    ExternalOnDemand,
37
38    /// The user must provide the password out of band as a side
39    /// effect of an operation.
40    ///
41    /// The user provides the password using an external pinpad, or
42    /// via a trusted user interface so as to not reveal the password
43    /// to the application or system.
44    ///
45    /// This means if the key is locked, the user will be prompted to
46    /// unlock it as a side effect of a private key operation.
47    ///
48    /// The application cannot proactively cause the user to be
49    /// prompted to unlock the key; the prompt is only a side effect
50    /// of a private key operation.  That is, the key cannot be
51    /// unlocked using [`KeyHandle::unlock`].
52    ExternalSideEffect,
53}
54
55impl PasswordSource {
56    /// Returns whether the password needs to be provided inline.
57    ///
58    /// Returns whether this is [`PasswordSource::Inline`] or
59    /// [`PasswordSource::InlineWithConfirmation`].
60    pub fn is_inline(&self) -> bool {
61        match self {
62            PasswordSource::Inline => true,
63            PasswordSource::InlineWithConfirmation => true,
64            PasswordSource::ExternalSideEffect => false,
65            PasswordSource::ExternalOnDemand => false,
66        }
67    }
68
69    /// Returns whether the password will be provided externally.
70    ///
71    /// Returns whether this is [`PasswordSource::ExternalSideEffect`]
72    /// or [`PasswordSource::ExternalOnDemand`].
73    pub fn is_external_source(&self) -> bool {
74        ! self.is_inline()
75    }
76}