1knet_handle_crypto(3) Kronosnet Programmer's Manual knet_handle_crypto(3)
2
3
4
6 knet_handle_crypto - set up packet cryptographic signing & encryption
7
9 #include <libknet.h>
10
11 int knet_handle_crypto(
12 knet_handle_t knet_h,
13 struct knet_handle_crypto_cfg *knet_handle_crypto_cfg
14 );
15
17 knet_handle_crypto
18
19 knet_h - pointer to knet_handle_t
20
21 knet_handle_crypto_cfg - pointer to a knet_handle_crypto_cfg structure
22
23 crypto_model should contain the model name. Currently only "openssl"
24 and "nss" are supported. Setting to "none" will disable crypto.
25
26 crypto_cipher_type should contain the cipher algo name. It can be set
27 to "none" to disable encryption. Currently supported by "nss" model:
28 "aes128", "aes192" and "aes256". "openssl" model supports more modes
29 and it strictly depends on the openssl build. See: EVP_get_cipherbyname
30 openssl API call for details.
31
32 crypto_hash_type should contain the hashing algo name. It can be set to
33 "none" to disable hashing. Currently supported by "nss" model: "md5",
34 "sha1", "sha256", "sha384" and "sha512". "openssl" model supports more
35 modes and it strictly depends on the openssl build. See:
36 EVP_get_digestbyname openssl API call for details.
37
38 private_key will contain the private shared key. It has to be at least
39 KNET_MIN_KEY_LEN long.
40
41 private_key_len length of the provided private_key.
42
43 Implementation notes/current limitations:
44
45 enabling crypto, will increase latency as packets have to processed.
46
47 enabling crypto might reduce the overall throughtput due to crypto data
48 overhead.
49
50 re-keying is not implemented yet.
51
52 private/public key encryption/hashing is not currently planned.
53
54 crypto key must be the same for all hosts in the same knet instance.
55
56 it is safe to call knet_handle_crypto multiple times at runtime. The
57 last config will be used. IMPORTANT: a call to knet_handle_crypto can
58 fail due to: 1) failure to obtain locking 2) errors to initializing the
59 crypto level. This can happen even in subsequent calls to knet_han‐
60 dle_crypto. A failure in crypto init will restore the previous crypto
61 configuration.
62
64 struct knet_handle_crypto_cfg {
65 char crypto_model[16];
66 char crypto_cipher_type[16];
67 char crypto_hash_type[16];
68 unsigned char private_key[KNET_MAX_KEY_LEN];
69 unsigned int private_key_len;
70 };
71
73 knet_handle_crypto returns: 0 on success
74
75 -1 on error and errno is set.
76
77 -2 on crypto subsystem initialization error. No errno is pro‐
78 vided at the moment (yet).
79
81 knet_handle_remove_datafd(3), knet_handle_get_stats(3),
82 knet_host_add(3), knet_handle_pmtud_setfreq(3),
83 knet_handle_pmtud_get(3), knet_host_get_id_by_host_name(3),
84 knet_host_get_status(3), knet_link_add_acl(3),
85 knet_link_get_pong_count(3), knet_link_get_priority(3),
86 knet_handle_free(3), knet_handle_enable_sock_notify(3),
87 knet_handle_get_datafd(3), knet_recv(3), knet_link_get_ping_timers(3),
88 knet_log_get_subsystem_id(3), knet_host_remove(3),
89 knet_host_enable_status_change_notify(3), knet_strtoaddr(3),
90 knet_link_rm_acl(3), knet_send(3), knet_handle_enable_pmtud_notify(3),
91 knet_handle_get_transport_reconnect_interval(3),
92 knet_link_get_enable(3), knet_link_set_priority(3),
93 knet_log_set_loglevel(3), knet_handle_get_channel(3),
94 knet_link_get_config(3), knet_link_get_link_list(3),
95 knet_get_transport_list(3), knet_get_transport_id_by_name(3),
96 knet_log_get_loglevel_id(3), knet_handle_new_ex(3),
97 knet_host_set_name(3), knet_addrtostr(3), knet_handle_setfwd(3),
98 knet_get_compress_list(3), knet_host_set_policy(3),
99 knet_get_transport_name_by_id(3), knet_handle_enable_filter(3),
100 knet_handle_compress(3), knet_link_get_status(3),
101 knet_handle_add_datafd(3), knet_send_sync(3),
102 knet_log_get_loglevel_name(3), knet_handle_enable_access_lists(3),
103 knet_host_get_host_list(3), knet_host_get_policy(3),
104 knet_link_set_enable(3), knet_link_set_pong_count(3),
105 knet_log_get_subsystem_name(3), knet_host_get_name_by_host_id(3),
106 knet_link_clear_config(3), knet_log_get_loglevel(3),
107 knet_handle_new(3), knet_handle_pmtud_getfreq(3),
108 knet_handle_pmtud_set(3), knet_handle_clear_stats(3),
109 knet_link_set_config(3), knet_get_crypto_list(3),
110 knet_handle_set_transport_reconnect_interval(3),
111 knet_link_clear_acl(3), knet_link_set_ping_timers(3),
112 knet_link_insert_acl(3)
113
115 Copyright (C) 2010-2020 Red Hat, Inc. All rights reserved.
116
117
118
119kronosnet 2020-04-23 knet_handle_crypto(3)