blob: d7ab42a58b2a2f78b64037e85cd5a1f01e33fd1a [file] [log] [blame]
// Copyright 2020 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "cryptohome/crypto_error.h"
#include "cryptohome/key_objects.h"
#include "cryptohome/vault_keyset.h"
#include <base/optional.h>
namespace cryptohome {
struct AuthBlockState {
base::Optional<SerializedVaultKeyset> vault_keyset;
// This is a pure virtual interface designed to be implemented by the different
// authentication methods - U2F, PinWeaver, TPM backed passwords, etc. - so that
// they take some arbitrary user input and give out a key.
class AuthBlock {
virtual ~AuthBlock() = default;
// This is implemented by concrete auth methods to create a fresh key from
// user input. The key will then be used to wrap the keyset.
// On success, it returns a constructed object, such as a
// SerializedVaultKeyset, in the optional object, or base::nullopt on failure.
virtual base::Optional<AuthBlockState> Create(const AuthInput& user_input,
KeyBlobs* key_blobs,
CryptoError* error) = 0;
// This is implemented by concrete auth methods to map the user secret
// input into a key. This method should successfully authenticate the user.
virtual bool Derive(const AuthInput& auth_input,
const AuthBlockState& state,
KeyBlobs* key_blobs,
CryptoError* error) = 0;
// This is a virtual interface that should not be directly constructed.
AuthBlock() = default;
} // namespace cryptohome