pub struct EncryptionContext { /* private fields */ }Expand description
Encryption context — holds the 32-byte master key for an open database.
When the key is None the context operates in passthrough mode and pages
are read/written without any encryption.
Implementations§
Source§impl EncryptionContext
impl EncryptionContext
Sourcepub fn with_key(key: [u8; 32]) -> Self
pub fn with_key(key: [u8; 32]) -> Self
Create a context that encrypts all pages with the given 32-byte key.
Sourcepub fn is_encrypted(&self) -> bool
pub fn is_encrypted(&self) -> bool
Returns true if this context has an encryption key (non-passthrough).
Sourcepub fn encrypt_wal_payload(&self, lsn: u64, plaintext: &[u8]) -> Result<Vec<u8>>
pub fn encrypt_wal_payload(&self, lsn: u64, plaintext: &[u8]) -> Result<Vec<u8>>
Encrypt a WAL record payload.
lsn is used as the AEAD AAD, binding the ciphertext to its log position.
Output layout: [nonce: 24 bytes][ciphertext+tag: plaintext.len()+16 bytes]
In passthrough mode the plaintext is returned as-is.
§Errors
Returns Error::Corruption if the underlying AEAD encrypt fails.
Sourcepub fn decrypt_wal_payload(&self, lsn: u64, encrypted: &[u8]) -> Result<Vec<u8>>
pub fn decrypt_wal_payload(&self, lsn: u64, encrypted: &[u8]) -> Result<Vec<u8>>
Decrypt a WAL record payload encrypted with [encrypt_wal_payload].
lsn is used as AEAD AAD — must match the value used during encryption.
In passthrough mode the data is returned as-is.
§Errors
Error::EncryptionAuthFailed— wrong key or the LSN does not match.Error::InvalidArgument—encryptedis shorter than 40 bytes.
Sourcepub fn encrypt_page(&self, page_id: u64, plaintext: &[u8]) -> Result<Vec<u8>>
pub fn encrypt_page(&self, page_id: u64, plaintext: &[u8]) -> Result<Vec<u8>>
Encrypt a plaintext page and return the on-disk representation.
A fresh 24-byte nonce is generated from the OS CSPRNG on every call.
page_id is passed as AEAD AAD so the ciphertext is cryptographically
bound to its logical page location.
Output layout: [nonce: 24 bytes][ciphertext+tag: plaintext.len()+16 bytes]
Total length: plaintext.len() + 40.
In passthrough mode the plaintext is returned as-is (no overhead bytes).
§Errors
Returns Error::Corruption if the underlying AEAD encrypt fails
(extremely unlikely — only possible if plaintext is too large for the
AEAD to handle, which the chacha20poly1305 crate does not bound in
normal usage).
Sourcepub fn decrypt_page(&self, page_id: u64, encrypted: &[u8]) -> Result<Vec<u8>>
pub fn decrypt_page(&self, page_id: u64, encrypted: &[u8]) -> Result<Vec<u8>>
Decrypt an on-disk page back to plaintext.
Expects encrypted to be at least 40 bytes (24 nonce + 16 tag).
page_id is passed as AEAD AAD — the AEAD authentication tag will
reject ciphertexts encrypted under a different page_id, defeating
page-swap / relocation attacks.
In passthrough mode the data is returned as-is.
§Errors
Error::EncryptionAuthFailed— the AEAD authentication tag was rejected (wrong key, corrupted data, or page-swap attack detected).Error::InvalidArgument—encryptedis shorter than 40 bytes.