strongSwan

h1. libstrongswan

libstrongswan is the foundation library of the IKEv2 keying daemon. It is the

base of all newer strongSwan components. 

h2. Plugins

libstrongswan itself also supports plugins to provide modular cryptographic 

algorithms, database support or transport protocol implementations. Each plugin 

implements the _plugin_t_ interface and registers itself at one of the factories:

|credentials |Credential implementations, e.g. certificates or keys.|

|crypto      |Crypto implementations, e.g. encryption algorithms or hashers.|

|database    |Database wrappers to access different databases transparently.|

|fetcher     |Transport helpers to fetch files, e.g. via HTTP/FTP.|

<pre>

  +-------------------------------------+

  | libstrongswan           +---+ +-----+------+

  |                         |   | |    aes     |

  |                         |   | +-----+------+

  | +-------------+         |   | +-----+------+

  | | credentials |  ---->  | p | |    curl    |

  | +-------------+         | l | +-----+------+

  | +-------------+  <----  | u | +-----+------+

  | | crypto      |         | g | |    des     |

  | +-------------+  ---->  | i | +-----+------+

  | +-------------+         | n | +-----+------+

  | | database    |  <----  |   | |  fips_prf  |

  | +-------------+         | l | +-----+------+

  | +-------------+  ---->  | o | +-----+------+

  | | fetcher     |         | a | |    gmp     |

  | +-------------+  <----  | d | +-----+------+

  |                         | e | +-----+------+

  |                         | r | |    hmac    |

  |                         |   | +-----+------+

  |                         |   | +-----+------+

  |                         |   | |    ...     |

  |                         +---+ +-----+------+

  +-------------------------------------+

</pre>

Currently libstrongswan ships with the following plugins (see source:src/libstrongswan/plugins):

|aes|AES-128/192/256 implementation in software, non-US code.|

|des|Single- and Triple-DES implementation in software, non-US code.|

|md5|MD5 hasher software implementation.|

|sha1|SHA1 hasher software implementation.|

|sha2|SHA-256/384/512 hasher software implementation.|

|hmac|HMAC implementation to prived MAC/PRF functionality using hashers.|

|xcbc|XCBC implementation to prived MAC/PRF functionality using crypters.|

|fips_prf|Pseudo random function implementing the FIPS PRF function.|

|gmp|Implementation of RSA private/public keys using the GNU Multi Precision library libgmp.|

|x509|Implementation of X509 certificates, CRLs, OCSP and attribute certificates.|

|pubkey|Generic public key loader plugin.|

|openssl|Wrapper to use OpenSSL to provide crypto services.|

|padlock|Experimental plugin to provide hardware accelerated AES/SHA1 on VIA padlock.|

|random|Source of random data implemented on top of _/dev/(u)random_.|

|mysql|Database wrapper to access MySQL databases, uses libmysqlcleint_r.|

|sqlite|Database wrapper to access SQLite databases, uses libsqlite3.|

|curl|Fetching of HTTP and other URLs using libcurl.|

|ldap|Fetching from LDAP servers using OpenLDAP.|