Trait EncryptionService 

pub trait EncryptionService: StageService {
    // Required methods
    fn encrypt_chunk(
        &self,
        chunk: FileChunk,
        config: &EncryptionConfig,
        key_material: &KeyMaterial,
        context: &mut ProcessingContext,
    ) -> Result<FileChunk, PipelineError>;
    fn decrypt_chunk(
        &self,
        chunk: FileChunk,
        config: &EncryptionConfig,
        key_material: &KeyMaterial,
        context: &mut ProcessingContext,
    ) -> Result<FileChunk, PipelineError>;
    fn derive_key_material(
        &self,
        password: &str,
        config: &EncryptionConfig,
        security_context: &SecurityContext,
    ) -> Result<KeyMaterial, PipelineError>;
    fn generate_key_material(
        &self,
        config: &EncryptionConfig,
        security_context: &SecurityContext,
    ) -> Result<KeyMaterial, PipelineError>;
    fn validate_config(
        &self,
        config: &EncryptionConfig,
    ) -> Result<(), PipelineError>;
    fn supported_algorithms(&self) -> Vec<EncryptionAlgorithm>;
    fn benchmark_algorithm(
        &self,
        algorithm: &EncryptionAlgorithm,
        test_data: &[u8],
    ) -> Result<EncryptionBenchmark, PipelineError>;
    fn wipe_key_material(
        &self,
        key_material: &mut KeyMaterial,
    ) -> Result<(), PipelineError>;
    fn store_key_material(
        &self,
        key_material: &KeyMaterial,
        key_id: &str,
        security_context: &SecurityContext,
    ) -> Result<(), PipelineError>;
    fn retrieve_key_material(
        &self,
        key_id: &str,
        security_context: &SecurityContext,
    ) -> Result<KeyMaterial, PipelineError>;
    fn rotate_keys(
        &self,
        old_key_id: &str,
        new_config: &EncryptionConfig,
        security_context: &SecurityContext,
    ) -> Result<String, PipelineError>;
}

Domain service interface for encryption operations

This trait is synchronous following DDD principles. The domain layer defines what operations exist, not how they execute. Async execution is an infrastructure concern. Infrastructure adapters can wrap this trait to provide async interfaces when needed.

Note on Async

For async contexts, use AsyncEncryptionAdapter from the infrastructure layer.

Note on Parallel Processing

Parallel processing of chunks (encrypt_chunks_parallel, decrypt_chunks_parallel) is an infrastructure concern and has been removed from the domain trait. Use infrastructure adapters for batch/parallel operations.

Unified Stage Interface

This trait extends StageService, providing the unified process_chunk() method that all stages implement. The specialized encrypt_chunk() and decrypt_chunk() methods are maintained for backward compatibility and internal use, but process_chunk() is the primary interface used by the pipeline system.

Required Methods

fn encrypt_chunk( &self, chunk: FileChunk, config: &EncryptionConfig, key_material: &KeyMaterial, context: &mut ProcessingContext, ) -> Result<FileChunk, PipelineError>

Encrypts a file chunk using the specified configuration and key material

Note on Async

This method is synchronous in the domain. For async contexts, use AsyncEncryptionAdapter from the infrastructure layer.

fn decrypt_chunk( &self, chunk: FileChunk, config: &EncryptionConfig, key_material: &KeyMaterial, context: &mut ProcessingContext, ) -> Result<FileChunk, PipelineError>

Decrypts a file chunk using the specified configuration and key material

Note on Async

This method is synchronous in the domain. For async contexts, use AsyncEncryptionAdapter from the infrastructure layer.

fn derive_key_material( &self, password: &str, config: &EncryptionConfig, security_context: &SecurityContext, ) -> Result<KeyMaterial, PipelineError>

Derives key material from password using the specified KDF

Note

This is a CPU-intensive operation. Use infrastructure adapters to execute in blocking thread pool when called from async contexts.

fn generate_key_material( &self, config: &EncryptionConfig, security_context: &SecurityContext, ) -> Result<KeyMaterial, PipelineError>

Generates random key material for encryption operations

Note

This operation uses cryptographically secure random number generation. Execution is synchronous in domain, wrap with adapter for async contexts.

fn validate_config( &self, config: &EncryptionConfig, ) -> Result<(), PipelineError>

Validates encryption configuration parameters

Checks if the configuration is valid and supported by this implementation.

fn supported_algorithms(&self) -> Vec<EncryptionAlgorithm>

Gets list of supported encryption algorithms

Returns the algorithms that this implementation can handle.

fn benchmark_algorithm( &self, algorithm: &EncryptionAlgorithm, test_data: &[u8], ) -> Result<EncryptionBenchmark, PipelineError>

Benchmarks encryption performance with sample data

Note

This is a CPU-intensive operation. Use infrastructure adapters for async execution in blocking thread pool.

fn wipe_key_material( &self, key_material: &mut KeyMaterial, ) -> Result<(), PipelineError>

Securely wipes key material from memory

Ensures sensitive key data is properly zeroized before deallocation.

fn store_key_material( &self, key_material: &KeyMaterial, key_id: &str, security_context: &SecurityContext, ) -> Result<(), PipelineError>

Stores key material securely (e.g., HSM integration)

Note

This may involve I/O operations. Infrastructure implementations should use appropriate async adapters when needed.

fn retrieve_key_material( &self, key_id: &str, security_context: &SecurityContext, ) -> Result<KeyMaterial, PipelineError>

Retrieves key material securely (e.g., from HSM)

Note

This may involve I/O operations. Infrastructure implementations should use appropriate async adapters when needed.

fn rotate_keys( &self, old_key_id: &str, new_config: &EncryptionConfig, security_context: &SecurityContext, ) -> Result<String, PipelineError>

Rotates encryption keys to new configuration

Returns the new key ID for the rotated keys.

Note

This may involve I/O operations. Infrastructure implementations should use appropriate async adapters when needed.

Implementors