sequoia_keystore_backend/password_source.rs
1#[cfg(doc)]
2use crate::KeyHandle;
3
4/// How the password is obtained.
5#[derive(Debug)]
6pub enum PasswordSource {
7 // keystore_protocol.capnp PasswordSource:
8
9 /// The application must provide the password to unlock the key.
10 ///
11 /// This means that if a key is locked, then before executing a
12 /// private key operation, the key must be unlocked using
13 /// [`KeyHandle::unlock`].
14 Inline,
15
16 /// The application must provide the password to unlock the key,
17 /// but operations must be confirmed externally.
18 ///
19 /// This means that if a key is locked, then before executing a
20 /// private key operation, the key must be unlocked using
21 /// [`KeyHandle::unlock`]. These operations may require the user
22 /// externally confirm the operation.
23 InlineWithConfirmation,
24
25 /// The user must provide the password out of band.
26 ///
27 /// The user provides the password using an external pinpad, or
28 /// via a trusted user interface so as to not reveal the password
29 /// to the application or system.
30 ///
31 /// This means if the key is locked, the user will be prompted to
32 /// unlock it as a side effect of a private key operation.
33 ///
34 /// The application can use [`KeyHandle::unlock`] to proactively
35 /// cause the user to be prompted to unlock the key.
36 ExternalOnDemand,
37
38 /// The user must provide the password out of band as a side
39 /// effect of an operation.
40 ///
41 /// The user provides the password using an external pinpad, or
42 /// via a trusted user interface so as to not reveal the password
43 /// to the application or system.
44 ///
45 /// This means if the key is locked, the user will be prompted to
46 /// unlock it as a side effect of a private key operation.
47 ///
48 /// The application cannot proactively cause the user to be
49 /// prompted to unlock the key; the prompt is only a side effect
50 /// of a private key operation. That is, the key cannot be
51 /// unlocked using [`KeyHandle::unlock`].
52 ExternalSideEffect,
53}
54
55impl PasswordSource {
56 /// Returns whether the password needs to be provided inline.
57 ///
58 /// Returns whether this is [`PasswordSource::Inline`] or
59 /// [`PasswordSource::InlineWithConfirmation`].
60 pub fn is_inline(&self) -> bool {
61 match self {
62 PasswordSource::Inline => true,
63 PasswordSource::InlineWithConfirmation => true,
64 PasswordSource::ExternalSideEffect => false,
65 PasswordSource::ExternalOnDemand => false,
66 }
67 }
68
69 /// Returns whether the password will be provided externally.
70 ///
71 /// Returns whether this is [`PasswordSource::ExternalSideEffect`]
72 /// or [`PasswordSource::ExternalOnDemand`].
73 pub fn is_external_source(&self) -> bool {
74 ! self.is_inline()
75 }
76}