pub trait PageCodec: Send + Sync {
// Required methods
fn block_size(&self) -> usize;
fn seal(
&self,
page_id: u64,
plaintext: &[u8; 16384],
out: &mut [u8],
) -> Result<(), CoreError>;
fn open(
&self,
page_id: u64,
block: &[u8],
out: &mut [u8; 16384],
) -> Result<(), CoreError>;
fn clone_box(&self) -> Box<dyn PageCodec>;
// Provided methods
fn seal_record(&self, plaintext: &[u8]) -> Result<Vec<u8>, CoreError> { ... }
fn open_record(&self, sealed: &[u8]) -> Result<Vec<u8>, CoreError> { ... }
}Expand description
Transforms Quiver’s durable bytes — fixed-size pages and variable-length records — to and from their on-disk representation.
The plaintext codec (PlainCodec) is the identity transform; integrity
then comes from the page’s inner CRC (and, for records, the WAL frame CRC).
The encryption-at-rest codec (added with quiver-crypto) seals each page with
an AEAD into a [nonce][ciphertext][tag] block of PageCodec::block_size
bytes, deriving a unique nonce per page so reuse is impossible by
construction; the inner CRC still protects the plaintext.
The WAL is record-framed rather than paged, so the AEAD codec must also seal
each WAL record via PageCodec::seal_record; otherwise an
encrypted-at-rest store would still leak its log in plaintext. The default
record methods are the identity transform, so PlainCodec needs no change
and a non-encrypting codec writes records verbatim.
Required Methods§
Sourcefn block_size(&self) -> usize
fn block_size(&self) -> usize
On-disk size, in bytes, of one sealed page.
Sourcefn seal(
&self,
page_id: u64,
plaintext: &[u8; 16384],
out: &mut [u8],
) -> Result<(), CoreError>
fn seal( &self, page_id: u64, plaintext: &[u8; 16384], out: &mut [u8], ) -> Result<(), CoreError>
Seal a plaintext page into its on-disk block. out must be exactly
PageCodec::block_size bytes. page_id lets an AEAD codec bind the
page to its position (nonce derivation).
Sourcefn open(
&self,
page_id: u64,
block: &[u8],
out: &mut [u8; 16384],
) -> Result<(), CoreError>
fn open( &self, page_id: u64, block: &[u8], out: &mut [u8; 16384], ) -> Result<(), CoreError>
Open an on-disk block back into a plaintext page. block must be exactly
PageCodec::block_size bytes.
Sourcefn clone_box(&self) -> Box<dyn PageCodec>
fn clone_box(&self) -> Box<dyn PageCodec>
Clone this codec into a new boxed instance. A codec holds only key material (or nothing), so a clone shares the same keys — this lets a component that needs its own handle, such as a disk-resident index sealing its own files, reuse the store’s codec (ADR-0019).
Provided Methods§
Sourcefn seal_record(&self, plaintext: &[u8]) -> Result<Vec<u8>, CoreError>
fn seal_record(&self, plaintext: &[u8]) -> Result<Vec<u8>, CoreError>
Seal a variable-length record — a WAL frame payload — into a
self-describing on-disk blob. The default is the identity transform used
by PlainCodec; an AEAD codec overrides it to return
[nonce][ciphertext+tag], so no plaintext record ever reaches the disk.
Sourcefn open_record(&self, sealed: &[u8]) -> Result<Vec<u8>, CoreError>
fn open_record(&self, sealed: &[u8]) -> Result<Vec<u8>, CoreError>
Open a record produced by PageCodec::seal_record. The default is the
identity transform; an AEAD codec authenticates and decrypts, returning an
error on a wrong key or any tampering.
Dyn Compatibility§
This trait is dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".