Wiki Navigation

libstrongswan

libstrongswan is the foundation library of the IKEv2 keying daemon. It is the base of all newer strongSwan components.

Plugins

libstrongswan itself also supports plugins to provide modular cryptographic algorithms, database support or transport protocol implementations. Each plugin implements the plugin_t interface and registers itself at one of the factories:

credentials	Credential implementations, e.g. certificates or keys.
crypto	Crypto implementations, e.g. encryption algorithms or hashers.
database	Database wrappers to access different databases transparently.
fetcher	Transport helpers to fetch files, e.g. via HTTP/FTP.

  +-------------------------------------+
  | libstrongswan           +---+ +-----+------+
  |                         |   | |    aes     |
  |                         |   | +-----+------+
  | +-------------+         |   | +-----+------+
  | | credentials |  ---->  | p | |    curl    |
  | +-------------+         | l | +-----+------+
  | +-------------+  <----  | u | +-----+------+
  | | crypto      |         | g | |    des     |
  | +-------------+  ---->  | i | +-----+------+
  | +-------------+         | n | +-----+------+
  | | database    |  <----  |   | |  fips_prf  |
  | +-------------+         | l | +-----+------+
  | +-------------+  ---->  | o | +-----+------+
  | | fetcher     |         | a | |    gmp     |
  | +-------------+  <----  | d | +-----+------+
  |                         | e | +-----+------+
  |                         | r | |    hmac    |
  |                         |   | +-----+------+
  |                         |   | +-----+------+
  |                         |   | |    ...     |
  |                         +---+ +-----+------+
  +-------------------------------------+

Currently libstrongswan ships with the following plugins:

aes	AES-128/192/256 implementation in software, non-US code.
des	Single- and Triple-DES implementation in software, non-US code.
md5	MD5 hasher software implementation.
sha1	SHA1 hasher software implementation.
sha2	SHA-256/384/512 hasher software implementation.
hmac	HMAC implementation to prived MAC/PRF functionality using hashers.
xcbc	XCBC implementation to prived MAC/PRF functionality using crypters.
fips_prf	Pseudo random function implementing the FIPS PRF function.
gmp	Implementation of RSA private/public keys using the GNU Multi Precision library libgmp.
x509	Implementation of X509 certificates, CRLs, OCSP and attribute certificates.
pubkey	Generic public key loader plugin.
openssl	Wrapper to use OpenSSL to provide crypto services.
padlock	Experimental plugin to provide hardware accelerated AES/SHA1 on VIA padlock.
random	Source of random data implemented on top of /dev/(u)random.
mysql	Database wrapper to access MySQL databases, uses libmysqlcleint_r.
sqlite	Database wrapper to access SQLite databases, uses libsqlite3.
curl	Fetching of HTTP and other URLs using libcurl.
ldap	Fetching from LDAP servers using OpenLDAP.

Download in other formats:

Plain Text