Skip to main content

FileHeader

obj_core::pager::header

Struct FileHeader 

Source 
pub struct FileHeader {
    pub format_major: u16,
    pub format_minor: u16,
    pub page_size: u16,
    pub feature_flags: u32,
    pub page_count: u64,
    pub root_catalog: u64,
    pub freelist_head: u64,
    pub wal_salt: [u8; 16],
    pub file_uuid: [u8; 16],
    pub kdf_salt: [u8; 32],
}
Expand description

In-memory representation of the page-0 file header.

Constructed by decode_header or by the pager when initialising a new file. Field semantics are documented in docs/format.md.

Fields§

§format_major: u16

Format major version. Must equal FORMAT_MAJOR.

§format_minor: u16

Format minor version. Must satisfy <= FORMAT_MINOR for write access; readers tolerate higher minors.

§page_size: u16

On-disk page size. Must equal PAGE_SIZE at format major 0.

§feature_flags: u32

Phase 3 (issue #8): per-file feature-bit mask. Bit 0 = “uses LZ4 page compression”; other bits reserved (MUST be zero — readers reject unknown bits as Error::InvalidFormat).

§page_count: u64

Number of pages in the file, including page 0.

§root_catalog: u64

Root catalog page-id, or 0 if the catalog is empty.

§freelist_head: u64

First page on the freelist, or 0 if the freelist is empty.

§wal_salt: [u8; 16]

Salt for WAL frame hashes. Written by M3; zero in M2.

§file_uuid: [u8; 16]

Stable file UUID. Written by M3; zero in M2.

§kdf_salt: [u8; 32]

Phase 4 (issue #9): 32-byte salt for the HKDF-SHA256 per-file page-key derivation. Plaintext on disk (page 0 is never encrypted); the file’s actual page-encryption key is HKDF-SHA256(ikm=user_key, salt=kdf_salt, info=b"obj-page-encryption-v1"). Always zero on format_minor < 2 files; CSPRNG-generated on creation of format_minor = 2 files with feature_flags bit 1 set.

#60 (integrity posture): the kdf_salt lives in the plaintext page-0 header and is protected ONLY by the header’s own CRC. It is NOT bound into any page’s AEAD associated data (page AD is just page_id; see crypto.rs), so the AEAD tag does not authenticate it. Its integrity therefore rests on two independent layers: (1) the page-0 header CRC detects accidental corruption, and (2) any tampering that survives the CRC changes the derived page key, which surfaces as Error::EncryptionKeyInvalid (wrong-key detection) on the first page decrypt rather than as silent plaintext disclosure. Binding the salt into page AD is deliberately NOT done — it would be a format-affecting change.

Implementations§

Source§

impl FileHeader

Source

pub const fn new_empty() -> Self

Header for a freshly-initialised database: just page 0, no catalog, empty freelist, zero WAL salt and UUID (M3 fills the latter two).

Phase 8 (issue #17): every v1.0 writer stamps format_major = 1, format_minor = 2 — the feature-complete frozen baseline. feature_flags = 0 because this constructor produces a plain (no-compression, no-encryption) file; the other new_empty_* constructors set the corresponding feature_flags bits.

Source

pub const fn new_empty_with_compression() -> Self

Phase 3 (issue #8): header for a freshly-initialised compression-capable database. feature_flags bit 0 set; format_minor is the frozen v1.0 feature-complete value (FORMAT_MINOR = 2). Everything else matches FileHeader::new_empty.

Source

pub const fn new_empty_with_encryption(kdf_salt: [u8; 32]) -> Self

Phase 4 (issue #9): header for a freshly-initialised encryption-capable database. format_minor = 2, feature_flags bit 1 set, kdf_salt populated from the caller-supplied CSPRNG bytes. Compression (bit 0) is left OFF; the higher-level FileHeader::new_empty_with_encryption_and_compression constructor sets both bits.

Source

pub const fn new_empty_with_encryption_and_compression( kdf_salt: [u8; 32], ) -> Self

Phase 4 (issue #9): header for a freshly-initialised database that uses BOTH compression AND encryption. The layering order is compress-then-encrypt: the 4092-byte raw body is compressed (Phase 3 path), the resulting 4096-byte logical page is encrypted (Phase 4 path), and the encrypted ciphertext (+ nonce + tag) lands on disk as a 4136-byte physical page.

Trait Implementations§

Source§

impl Clone for FileHeader

Source§

fn clone(&self) -> FileHeader

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for FileHeader

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl PartialEq for FileHeader

Source§

fn eq(&self, other: &FileHeader) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Copy for FileHeader

Source§

impl Eq for FileHeader

Source§

impl StructuralPartialEq for FileHeader

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V