Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
knet_handle_crypto(3)	 Kronosnet Programmer's	Manual	 knet_handle_crypto(3)

NAME
       knet_handle_crypto - set	up packet cryptographic	signing	& encryption

SYNOPSIS
       #include	<libknet.h>

       int knet_handle_crypto(
	   knet_handle_t		    knet_h,
	   struct knet_handle_crypto_cfg   *knet_handle_crypto_cfg
       );

DESCRIPTION
       knet_handle_crypto

       knet_h -	pointer	to knet_handle_t

       knet_handle_crypto_cfg -	pointer	to a knet_handle_crypto_cfg structure

       crypto_model  should  contain  the model	name. Currently	only "openssl"
       and "nss" are supported.	Setting	to "none" will disable crypto.

       crypto_cipher_type should contain the cipher algo name. It can  be  set
       to  "none"  to  disable encryption. Currently supported by "nss"	model:
       "aes128", "aes192" and "aes256".	"openssl" model	 supports  more	 modes
       and it strictly depends on the openssl build. See: EVP_get_cipherbyname
       openssl API call	for details.

       crypto_hash_type	should contain the hashing algo	name. It can be	set to
       "none"  to  disable hashing. Currently supported	by "nss" model:	"md5",
       "sha1", "sha256", "sha384" and "sha512".	"openssl" model	supports  more
       modes  and  it  strictly	depends	on the openssl build. See: EVP_get_di-
       gestbyname openssl API call for details.

       private_key will	contain	the private shared key.	It has to be at	 least
       KNET_MIN_KEY_LEN	long.

       private_key_len length of the provided private_key.

       Implementation notes/current limitations:

       enabling	crypto,	will increase latency as packets have to processed.

       enabling	crypto might reduce the	overall	throughtput due	to crypto data
       overhead.

       re-keying is not	implemented yet.

       private/public key encryption/hashing is	not currently planned.

       crypto key must be the same for all hosts in the	same knet instance.

       it is safe to call knet_handle_crypto multiple times  at	 runtime.  The
       last  config  will be used. IMPORTANT: a	call to	knet_handle_crypto can
       fail due	to: 1) failure to obtain locking 2) errors to initializing the
       crypto  level.  This  can  happen even in subsequent calls to knet_han-
       dle_crypto. A failure in	crypto init will restore the  previous	crypto
       configuration.

STRUCTURES
       struct knet_handle_crypto_cfg {
	   char		  crypto_model[16];
	   char		  crypto_cipher_type[16];
	   char		  crypto_hash_type[16];
	   unsigned char  private_key[KNET_MAX_KEY_LEN];
	   unsigned int	  private_key_len;
       };

RETURN VALUE
       knet_handle_crypto returns: 0	      on success

       -1	  on error and errno is	set.

       -2	   on  crypto subsystem	initialization error. No errno is pro-
       vided at	the moment (yet).

SEE ALSO
       knet_handle_remove_datafd(3), knet_handle_get_stats(3),
       knet_host_add(3), knet_handle_pmtud_setfreq(3),
       knet_handle_pmtud_get(3), knet_host_get_id_by_host_name(3),
       knet_host_get_status(3),	knet_link_add_acl(3),
       knet_link_get_pong_count(3), knet_link_get_priority(3),
       knet_handle_free(3), knet_handle_enable_sock_notify(3),
       knet_handle_get_datafd(3), knet_recv(3),	knet_link_get_ping_timers(3),
       knet_log_get_subsystem_id(3), knet_host_remove(3),
       knet_host_enable_status_change_notify(3), knet_strtoaddr(3),
       knet_link_rm_acl(3), knet_send(3), knet_handle_enable_pmtud_notify(3),
       knet_handle_get_transport_reconnect_interval(3),
       knet_link_get_enable(3),	knet_link_set_priority(3),
       knet_log_set_loglevel(3), knet_handle_get_channel(3),
       knet_link_get_config(3),	knet_link_get_link_list(3),
       knet_get_transport_list(3), knet_get_transport_id_by_name(3),
       knet_log_get_loglevel_id(3), knet_handle_new_ex(3),
       knet_host_set_name(3), knet_addrtostr(3), knet_handle_setfwd(3),
       knet_get_compress_list(3), knet_host_set_policy(3),
       knet_get_transport_name_by_id(3), knet_handle_enable_filter(3),
       knet_handle_compress(3),	knet_link_get_status(3),
       knet_handle_add_datafd(3), knet_send_sync(3),
       knet_log_get_loglevel_name(3), knet_handle_enable_access_lists(3),
       knet_host_get_host_list(3), knet_host_get_policy(3),
       knet_link_set_enable(3),	knet_link_set_pong_count(3),
       knet_log_get_subsystem_name(3), knet_host_get_name_by_host_id(3),
       knet_link_clear_config(3), knet_log_get_loglevel(3),
       knet_handle_new(3), knet_handle_pmtud_getfreq(3),
       knet_handle_pmtud_set(3), knet_handle_clear_stats(3),
       knet_link_set_config(3),	knet_get_crypto_list(3),
       knet_handle_set_transport_reconnect_interval(3),
       knet_link_clear_acl(3), knet_link_set_ping_timers(3),
       knet_link_insert_acl(3)

COPYRIGHT
       Copyright (C) 2010-2020 Red Hat,	Inc. All rights	reserved.

kronosnet			  2020-04-23		 knet_handle_crypto(3)

NAME | SYNOPSIS | DESCRIPTION | STRUCTURES | RETURN VALUE | SEE ALSO | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=knet_handle_crypto&sektion=3&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help