strongSwan

h1. = libstrongswan

=
libstrongswan is the foundation library of the IKEv2 keying daemon. It is the base of all newer strongSwan components.

h2.

== Plugins

==
libstrongswan itself also supports plugins to provide modular cryptographic algorithms, database support or transport protocol implementations. Each plugin implements the [browser:trunk/src/libstrongswan/plugins/plugin.h plugin_t] interface and registers itself at one of the factories:
||[browser:trunk/src/libstrongswan/credentials/credential_factory.h credentials]||Credential implementations, e.g. certificates or keys.||
||[browser:trunk/src/libstrongswan/crypto/crypto_factory.h crypto]||Crypto implementations, e.g. encryption algorithms or hashers.||
||[browser:trunk/src/libstrongswan/database/database_factory.h database]||Database wrappers to access different databases transparently.||
||[browser:trunk/src/libstrongswan/fetcher/fetcher_manager.h fetcher]||Transport helpers to fetch files, e.g. via HTTP/FTP.||
<pre>
{{{
+-------------------------------------+
| libstrongswan +---+ +-----+------+
| | | | aes |
| | | +-----+------+
| +-------------+ | | +-----+------+
| | credentials | ----> | p | | curl |
| +-------------+ | l | +-----+------+
| +-------------+ <---- | u | +-----+------+
| | crypto | | g | | des |
| +-------------+ ----> | i | +-----+------+
| +-------------+ | n | +-----+------+
| | database | <---- | | | fips_prf |
| +-------------+ | l | +-----+------+
| +-------------+ ----> | o | +-----+------+
| | fetcher | | a | | gmp |
| +-------------+ <---- | d | +-----+------+
| | e | +-----+------+
| | r | | hmac |
| | | +-----+------+
| | | +-----+------+
| | | | ... |
| +---+ +-----+------+
+-------------------------------------+
</pre>
}}}
Currently libstrongswan ships with the following plugins:
||[browser:trunk/src/libstrongswan/plugins/aes aes]||AES-128/192/256 implementation in software, non-US code.||
||[browser:trunk/src/libstrongswan/plugins/des des]||Single- and Triple-DES implementation in software, non-US code.||
||[browser:trunk/src/libstrongswan/plugins/md5 md5]||MD5 hasher software implementation.||
||[browser:trunk/src/libstrongswan/plugins/sha1 sha1]||SHA1 hasher software implementation.||
||[browser:trunk/src/libstrongswan/plugins/sha2 sha2]||SHA-256/384/512 hasher software implementation.||
||[browser:trunk/src/libstrongswan/plugins/hmac hmac]||HMAC implementation to prived MAC/PRF functionality using hashers.||
||[browser:trunk/src/libstrongswan/plugins/xcbc xcbc]||XCBC implementation to prived MAC/PRF functionality using crypters.||
||[browser:trunk/src/libstrongswan/plugins/fips_prf fips_prf]||Pseudo random function implementing the FIPS PRF function.||
||[browser:trunk/src/libstrongswan/plugins/gmp gmp]||Implementation of RSA private/public keys using the GNU Multi Precision library libgmp.||
||[browser:trunk/src/libstrongswan/plugins/x509 x509]||Implementation of X509 certificates, CRLs, OCSP and attribute certificates.||
||[browser:trunk/src/libstrongswan/plugins/pubkey pubkey]||Generic public key loader plugin.||
||[browser:trunk/src/libstrongswan/plugins/openssl openssl]||Wrapper to use [[OpenSSL]] OpenSSL to provide crypto services.||
||[browser:trunk/src/libstrongswan/plugins/padlock padlock]||Experimental plugin to provide hardware accelerated AES/SHA1 on VIA padlock.||
||[browser:trunk/src/libstrongswan/plugins/random random]||Source of random data implemented on top of /dev/(u)random.||
||[browser:trunk/src/libstrongswan/plugins/mysql mysql]||Database wrapper to access [[MySQL]] MySQL databases, uses libmysqlcleint_r.||
||[browser:trunk/src/libstrongswan/plugins/sqlite sqlite]||Database wrapper to access SQLite databases, uses libsqlite3.||
||[browser:trunk/src/libstrongswan/plugins/curl curl]||Fetching of HTTP and other URLs using libcurl.||
||[browser:trunk/src/libstrongswan/plugins/ldap ldap]||Fetching from LDAP servers using [[OpenLDAP]].|| OpenLDAP.||