1knet_handle_crypto(3)    Kronosnet Programmer's Manual   knet_handle_crypto(3)
2
3
4

NAME

6       knet_handle_crypto - set up packet cryptographic signing & encryption
7

SYNOPSIS

9       #include <libknet.h>
10
11       int knet_handle_crypto(
12           knet_handle_t                    knet_h,
13           struct knet_handle_crypto_cfg   *knet_handle_crypto_cfg
14       );
15

DESCRIPTION

17       knet_handle_crypto
18
19       knet_h - pointer to knet_handle_t
20
21       knet_handle_crypto_cfg - pointer to a knet_handle_crypto_cfg structure
22
23       crypto_model  should  contain  the model name. Currently only "openssl"
24       and "nss" are supported. Setting to "none" will disable crypto.
25
26       crypto_cipher_type should contain the cipher algo name. It can  be  set
27       to  "none"  to  disable encryption. Currently supported by "nss" model:
28       "aes128", "aes192" and "aes256". "openssl" model  supports  more  modes
29       and it strictly depends on the openssl build. See: EVP_get_cipherbyname
30       openssl API call for details.
31
32       crypto_hash_type should contain the hashing algo name. It can be set to
33       "none"  to  disable hashing. Currently supported by "nss" model: "md5",
34       "sha1", "sha256", "sha384" and "sha512". "openssl" model supports  more
35       modes   and   it   strictly   depends   on   the  openssl  build.  See:
36       EVP_get_digestbyname openssl API call for details.
37
38       private_key will contain the private shared key. It has to be at  least
39       KNET_MIN_KEY_LEN long.
40
41       private_key_len length of the provided private_key.
42
43       Implementation notes/current limitations:
44
45       enabling crypto, will increase latency as packets have to processed.
46
47       enabling crypto might reduce the overall throughtput due to crypto data
48       overhead.
49
50       re-keying is not implemented yet.
51
52       private/public key encryption/hashing is not currently planned.
53
54       crypto key must be the same for all hosts in the same knet instance.
55
56       it is safe to call knet_handle_crypto multiple times  at  runtime.  The
57       last  config  will be used. IMPORTANT: a call to knet_handle_crypto can
58       fail due to: 1) failure to obtain locking 2) errors to initializing the
59       crypto  level.  This  can  happen even in subsequent calls to knet_han‐
60       dle_crypto. A failure in crypto init, might leave  your  traffic  unen‐
61       crypted! It's best to stop data forwarding (see knet_handle_setfwd(3)),
62       change crypto config, start forward again.
63

STRUCTURES

65       struct knet_handle_crypto_cfg {
66           char           crypto_model[16];
67           char           crypto_cipher_type[16];
68           char           crypto_hash_type[16];
69           unsigned char  private_key[KNET_MAX_KEY_LEN];
70           unsigned int   private_key_len;
71       };
72

RETURN VALUE

74       knet_handle_crypto returns: 0          on success
75
76       -1         on error and errno is set.
77
78       -2         on crypto subsystem initialization error. No errno  is  pro‐
79       vided at the moment (yet).
80

SEE ALSO

82       knet_handle_remove_datafd(3), knet_handle_get_stats(3),
83       knet_host_add(3), knet_handle_pmtud_setfreq(3),
84       knet_handle_pmtud_get(3), knet_host_get_id_by_host_name(3),
85       knet_host_get_status(3), knet_link_get_pong_count(3),
86       knet_link_get_priority(3), knet_handle_free(3),
87       knet_handle_enable_sock_notify(3), knet_handle_get_datafd(3),
88       knet_recv(3), knet_link_get_ping_timers(3),
89       knet_log_get_subsystem_id(3), knet_host_remove(3),
90       knet_host_enable_status_change_notify(3), knet_strtoaddr(3),
91       knet_send(3), knet_handle_enable_pmtud_notify(3),
92       knet_handle_get_transport_reconnect_interval(3),
93       knet_link_get_enable(3), knet_link_set_priority(3),
94       knet_log_set_loglevel(3), knet_handle_get_channel(3),
95       knet_link_get_config(3), knet_link_get_link_list(3),
96       knet_get_transport_list(3), knet_get_transport_id_by_name(3),
97       knet_log_get_loglevel_id(3), knet_handle_new_ex(3),
98       knet_host_set_name(3), knet_addrtostr(3), knet_handle_setfwd(3),
99       knet_get_compress_list(3), knet_host_set_policy(3),
100       knet_get_transport_name_by_id(3), knet_handle_enable_filter(3),
101       knet_handle_compress(3), knet_link_get_status(3),
102       knet_handle_add_datafd(3), knet_send_sync(3),
103       knet_log_get_loglevel_name(3), knet_host_get_host_list(3),
104       knet_host_get_policy(3), knet_link_set_enable(3),
105       knet_link_set_pong_count(3), knet_log_get_subsystem_name(3),
106       knet_host_get_name_by_host_id(3), knet_link_clear_config(3),
107       knet_log_get_loglevel(3), knet_handle_new(3),
108       knet_handle_pmtud_getfreq(3), knet_handle_clear_stats(3),
109       knet_link_set_config(3), knet_get_crypto_list(3),
110       knet_handle_set_transport_reconnect_interval(3),
111       knet_link_set_ping_timers(3)
112

COPYRIGHT

114       Copyright (C) 2010-2019 Red Hat, Inc. All rights reserved.
115
116
117
118kronosnet                         2019-05-09             knet_handle_crypto(3)