enigma_storage/
storage.rs

1use crate::backends::SledBackend;
2use crate::crypto::{decrypt_value, encrypt_value};
3use crate::error::{EnigmaStorageError, Result};
4use crate::key_provider::{KeyProvider, MasterKey};
5
6pub struct EncryptedStore {
7    backend: SledBackend,
8    key: MasterKey,
9    namespace: String,
10}
11
12impl EncryptedStore {
13    pub fn open(path: &str, namespace: &str, provider: &dyn KeyProvider) -> Result<EncryptedStore> {
14        let backend = SledBackend::open(path)?;
15        let key = provider.get_or_create_master_key()?;
16        Ok(EncryptedStore {
17            backend,
18            key,
19            namespace: namespace.to_owned(),
20        })
21    }
22
23    pub fn put(&self, key: &str, value: &[u8]) -> Result<()> {
24        Self::validate_key(key)?;
25        let ciphertext = encrypt_value(&self.key, &self.namespace, key, value)?;
26        self.backend.insert(key, &ciphertext)
27    }
28
29    pub fn get(&self, key: &str) -> Result<Option<Vec<u8>>> {
30        Self::validate_key(key)?;
31        let stored = self.backend.get(key)?;
32        match stored {
33            Some(data) => {
34                let value = decrypt_value(&self.key, &self.namespace, key, &data)?;
35                Ok(Some(value))
36            }
37            None => Ok(None),
38        }
39    }
40
41    pub fn delete(&self, key: &str) -> Result<bool> {
42        Self::validate_key(key)?;
43        self.backend.remove(key)
44    }
45
46    pub fn flush(&self) -> Result<()> {
47        self.backend.flush()
48    }
49
50    fn validate_key(key: &str) -> Result<()> {
51        if key.is_empty() || key.len() > 256 || key.chars().any(|c| c.is_control()) {
52            return Err(EnigmaStorageError::InvalidKey);
53        }
54        Ok(())
55    }
56}
enigma_storage/storage.rs

enigma_storage/
storage.rs
