.\" Automatically generated man page, do not edit .TH knet_handle_crypto 3 2020-04-23 "kronosnet" "Kronosnet Programmer's Manual" .SH NAME knet_handle_crypto \- set up packet cryptographic signing & encryption .SH SYNOPSIS .nf .B #include .sp \fBint knet_handle_crypto\fP( \fBknet_handle_t \fP\fIknet_h\fP, \fBstruct knet_handle_crypto_cfg *\fP\fIknet_handle_crypto_cfg\fP ); .fi .SH DESCRIPTION .PP knet_handle_crypto .PP knet_h - pointer to knet_handle_t .PP knet_handle_crypto_cfg - pointer to a knet_handle_crypto_cfg structure .PP crypto_model should contain the model name. Currently only "openssl" and "nss" are supported. Setting to "none" will disable crypto. .PP crypto_cipher_type should contain the cipher algo name. It can be set to "none" to disable encryption. Currently supported by "nss" model: "aes128", "aes192" and "aes256". "openssl" model supports more modes and it strictly depends on the openssl build. See: EVP_get_cipherbyname openssl API call for details. .PP crypto_hash_type should contain the hashing algo name. It can be set to "none" to disable hashing. Currently supported by "nss" model: "md5", "sha1", "sha256", "sha384" and "sha512". "openssl" model supports more modes and it strictly depends on the openssl build. See: EVP_get_digestbyname openssl API call for details. .PP private_key will contain the private shared key. It has to be at least KNET_MIN_KEY_LEN long. .PP private_key_len length of the provided private_key. .PP Implementation notes/current limitations: .PP enabling crypto, will increase latency as packets have to processed. .PP enabling crypto might reduce the overall throughtput due to crypto data overhead. .PP re-keying is not implemented yet. .PP private/public key encryption/hashing is not currently planned. .PP crypto key must be the same for all hosts in the same knet instance. .PP it is safe to call knet_handle_crypto multiple times at runtime. The last config will be used. IMPORTANT: a call to knet_handle_crypto can fail due to: 1) failure to obtain locking 2) errors to initializing the crypto level. This can happen even in subsequent calls to knet_handle_crypto. A failure in crypto init will restore the previous crypto configuration. .SH STRUCTURES .nf \fB struct knet_handle_crypto_cfg { char \fIcrypto_model[16]\fP; char \fIcrypto_cipher_type[16]\fP; char \fIcrypto_hash_type[16]\fP; unsigned char \fIprivate_key[KNET_MAX_KEY_LEN]\fP; unsigned int \fIprivate_key_len\fP; }; \fP .fi .RE .SH RETURN VALUE .PP knet_handle_crypto returns: \fB0 \fP\fIon success \fP .PP \fB-1 \fP\fIon error and errno is set. \fP .PP \fB-2 \fP\fIon crypto subsystem initialization error. No errno is provided at the moment (yet). \fP .PP .SH SEE ALSO .PP .nh .ad l \fIknet_handle_remove_datafd(3), \fIknet_handle_get_stats(3), \fIknet_host_add(3), \fIknet_handle_pmtud_setfreq(3), \fIknet_handle_pmtud_get(3), \fIknet_host_get_id_by_host_name(3), \fIknet_host_get_status(3), \fIknet_link_add_acl(3), \fIknet_link_get_pong_count(3), \fIknet_link_get_priority(3), \fIknet_handle_free(3), \fIknet_handle_enable_sock_notify(3), \fIknet_handle_get_datafd(3), \fIknet_recv(3), \fIknet_link_get_ping_timers(3), \fIknet_log_get_subsystem_id(3), \fIknet_host_remove(3), \fIknet_host_enable_status_change_notify(3), \fIknet_strtoaddr(3), \fIknet_link_rm_acl(3), \fIknet_send(3), \fIknet_handle_enable_pmtud_notify(3), \fIknet_handle_get_transport_reconnect_interval(3), \fIknet_link_get_enable(3), \fIknet_link_set_priority(3), \fIknet_log_set_loglevel(3), \fIknet_handle_get_channel(3), \fIknet_link_get_config(3), \fIknet_link_get_link_list(3), \fIknet_get_transport_list(3), \fIknet_get_transport_id_by_name(3), \fIknet_log_get_loglevel_id(3), \fIknet_handle_new_ex(3), \fIknet_host_set_name(3), \fIknet_addrtostr(3), \fIknet_handle_setfwd(3), \fIknet_get_compress_list(3), \fIknet_host_set_policy(3), \fIknet_get_transport_name_by_id(3), \fIknet_handle_enable_filter(3), \fIknet_handle_compress(3), \fIknet_link_get_status(3), \fIknet_handle_add_datafd(3), \fIknet_send_sync(3), \fIknet_log_get_loglevel_name(3), \fIknet_handle_enable_access_lists(3), \fIknet_host_get_host_list(3), \fIknet_host_get_policy(3), \fIknet_link_set_enable(3), \fIknet_link_set_pong_count(3), \fIknet_log_get_subsystem_name(3), \fIknet_host_get_name_by_host_id(3), \fIknet_link_clear_config(3), \fIknet_log_get_loglevel(3), \fIknet_handle_new(3), \fIknet_handle_pmtud_getfreq(3), \fIknet_handle_pmtud_set(3), \fIknet_handle_clear_stats(3), \fIknet_link_set_config(3), \fIknet_get_crypto_list(3), \fIknet_handle_set_transport_reconnect_interval(3), \fIknet_link_clear_acl(3), \fIknet_link_set_ping_timers(3), \fIknet_link_insert_acl(3) .ad .hy .SH "COPYRIGHT" .PP Copyright (C) 2010-2020 Red Hat, Inc. All rights reserved.