Module mariadb::plugin::encryption

Requirements to implement an encryption plugin

Usage

• Keep key storage context in globals. These need to be mutex-protected

Implementation

plugin_encryption.h defines st_mariadb_encryption, with the following members:

• interface_version: integer, set via macro
• get_latest_key_version: function, wrapped in Encryption::get_latest_key_version
• get_key: function, wrapped in Encryption::get_key
• crypt_ctx_size: function, wrapped in Encryption::size
• crypt_ctx_init: function, wrapped in Encryption::init
• crypt_ctx_update: function, wrapped in Encryption::update
• crypt_ctx_finish: function, wrapped in Encryption::finish
• encrypted_length: function, macro provides call to std::mem::size_of

Enums

• EncryptionError
  Errors returned by encryption operations
• KeyError
  Error types returned by key managers

Traits

• Decryption
  Decryption interface; implement this on decryption context
• Encryption
  Encryption interface; implement this on encryption context
• KeyManager
  A key maagment implementation with optional key rotation