Provided by: libknet-doc_1.15-1ubuntu1_all bug

NAME
       knet_handle_crypto - set up packet cryptographic signing & encryption


SYNOPSIS
       #include <libknet.h>

       int knet_handle_crypto(
           knet_handle_t                    knet_h,
           struct knet_handle_crypto_cfg   *knet_handle_crypto_cfg
       );


DESCRIPTION
       knet_handle_crypto

       knet_h - pointer to knet_handle_t

       knet_handle_crypto_cfg - pointer to a knet_handle_crypto_cfg structure

       crypto_model  should  contain  the  model  name.  Currently  only  "openssl" and "nss" are
       supported. Setting to "none" will disable crypto.

       crypto_cipher_type should contain the cipher algo name. It can be set to "none" to disable
       encryption. Currently supported by "nss" model: "aes128", "aes192" and "aes256". "openssl"
       model  supports  more  modes  and  it  strictly  depends  on  the  openssl   build.   See:
       EVP_get_cipherbyname openssl API call for details.

       crypto_hash_type  should contain the hashing algo name. It can be set to "none" to disable
       hashing. Currently supported  by  "nss"  model:  "md5",  "sha1",  "sha256",  "sha384"  and
       "sha512".  "openssl"  model  supports  more  modes  and it strictly depends on the openssl
       build. See: EVP_get_digestbyname openssl API call for details.

       private_key will contain the private shared key. It has to be  at  least  KNET_MIN_KEY_LEN
       long.

       private_key_len length of the provided private_key.

       Implementation notes/current limitations:

       enabling crypto, will increase latency as packets have to processed.

       enabling crypto might reduce the overall throughtput due to crypto data overhead.

       re-keying is not implemented yet.

       private/public key encryption/hashing is not currently planned.

       crypto key must be the same for all hosts in the same knet instance.

       it  is  safe to call knet_handle_crypto multiple times at runtime. The last config will be
       used. IMPORTANT: a call to knet_handle_crypto can  fail  due  to:  1)  failure  to  obtain
       locking  2)  errors  to  initializing the crypto level. This can happen even in subsequent
       calls to knet_handle_crypto. A failure in crypto init will  restore  the  previous  crypto
       configuration.


STRUCTURES
       struct knet_handle_crypto_cfg {
           char           crypto_model[16];
           char           crypto_cipher_type[16];
           char           crypto_hash_type[16];
           unsigned char  private_key[KNET_MAX_KEY_LEN];
           unsigned int   private_key_len;
       };


RETURN VALUE
       knet_handle_crypto returns: 0          on success

       -1         on error and errno is set.

       -2          on  crypto  subsystem initialization error. No errno is provided at the moment
       (yet).


SEE ALSO
       knet_handle_remove_datafd(3), knet_handle_get_stats(3), knet_host_add(3),
       knet_handle_pmtud_setfreq(3), knet_handle_pmtud_get(3), knet_host_get_id_by_host_name(3),
       knet_host_get_status(3), knet_link_add_acl(3), knet_link_get_pong_count(3),
       knet_link_get_priority(3), knet_handle_free(3), knet_handle_enable_sock_notify(3),
       knet_handle_get_datafd(3), knet_recv(3), knet_link_get_ping_timers(3),
       knet_log_get_subsystem_id(3), knet_host_remove(3),
       knet_host_enable_status_change_notify(3), knet_strtoaddr(3), knet_link_rm_acl(3),
       knet_send(3), knet_handle_enable_pmtud_notify(3),
       knet_handle_get_transport_reconnect_interval(3), knet_link_get_enable(3),
       knet_link_set_priority(3), knet_log_set_loglevel(3), knet_handle_get_channel(3),
       knet_link_get_config(3), knet_link_get_link_list(3), knet_get_transport_list(3),
       knet_get_transport_id_by_name(3), knet_log_get_loglevel_id(3), knet_handle_new_ex(3),
       knet_host_set_name(3), knet_addrtostr(3), knet_handle_setfwd(3),
       knet_get_compress_list(3), knet_host_set_policy(3), knet_get_transport_name_by_id(3),
       knet_handle_enable_filter(3), knet_handle_compress(3), knet_link_get_status(3),
       knet_handle_add_datafd(3), knet_send_sync(3), knet_log_get_loglevel_name(3),
       knet_handle_enable_access_lists(3), knet_host_get_host_list(3), knet_host_get_policy(3),
       knet_link_set_enable(3), knet_link_set_pong_count(3), knet_log_get_subsystem_name(3),
       knet_host_get_name_by_host_id(3), knet_link_clear_config(3), knet_log_get_loglevel(3),
       knet_handle_new(3), knet_handle_pmtud_getfreq(3), knet_handle_pmtud_set(3),
       knet_handle_clear_stats(3), knet_link_set_config(3), knet_get_crypto_list(3),
       knet_handle_set_transport_reconnect_interval(3), knet_link_clear_acl(3),
       knet_link_set_ping_timers(3), knet_link_insert_acl(3)


COPYRIGHT
       Copyright (C) 2010-2020 Red Hat, Inc. All rights reserved.