strongSwan

h1. libstrongswan



libstrongswan is the foundation library of the IKEv2 keying daemon. It is the
base of all newer strongSwan components.



h2. Plugins



libstrongswan itself also supports plugins to provide modular cryptographic
algorithms, database support or transport protocol implementations. Each plugin
implements the _plugin_t_ [browser:trunk/src/libstrongswan/plugins/plugin.h plugin_t] interface and registers itself at one of the factories:

|credentials |Credential
||[browser:trunk/src/libstrongswan/credentials/credential_factory.h credentials]||Credential implementations, e.g. certificates or keys.| keys.||
|crypto |Crypto ||[browser:trunk/src/libstrongswan/crypto/crypto_factory.h crypto]||Crypto implementations, e.g. encryption algorithms or hashers.| hashers.||
|database |Database ||[browser:trunk/src/libstrongswan/database/database_factory.h database]||Database wrappers to access different databases transparently.| transparently.||
|fetcher |Transport ||[browser:trunk/src/libstrongswan/fetcher/fetcher_manager.h fetcher]||Transport helpers to fetch files, e.g. via HTTP/FTP.|

HTTP/FTP.||
<pre>

+-------------------------------------+
| libstrongswan +---+ +-----+------+
| | | | aes |
| | | +-----+------+
| +-------------+ | | +-----+------+
| | credentials | ----> | p | | curl |
| +-------------+ | l | +-----+------+
| +-------------+ <---- | u | +-----+------+
| | crypto | | g | | des |
| +-------------+ ----> | i | +-----+------+
| +-------------+ | n | +-----+------+
| | database | <---- | | | fips_prf |
| +-------------+ | l | +-----+------+
| +-------------+ ----> | o | +-----+------+
| | fetcher | | a | | gmp |
| +-------------+ <---- | d | +-----+------+
| | e | +-----+------+
| | r | | hmac |
| | | +-----+------+
| | | +-----+------+
| | | | ... |
| +---+ +-----+------+
+-------------------------------------+
</pre>


Currently libstrongswan ships with the following plugins (see source:src/libstrongswan/plugins):

|aes|AES-128/192/256 plugins:
||[browser:trunk/src/libstrongswan/plugins/aes aes]||AES-128/192/256 implementation in software, non-US code.| code.||
|des|Single- ||[browser:trunk/src/libstrongswan/plugins/des des]||Single- and Triple-DES implementation in software, non-US code.| code.||
|md5|MD5 ||[browser:trunk/src/libstrongswan/plugins/md5 md5]||MD5 hasher software implementation.| implementation.||
|sha1|SHA1 ||[browser:trunk/src/libstrongswan/plugins/sha1 sha1]||SHA1 hasher software implementation.| implementation.||
|sha2|SHA-256/384/512 ||[browser:trunk/src/libstrongswan/plugins/sha2 sha2]||SHA-256/384/512 hasher software implementation.| implementation.||
|hmac|HMAC ||[browser:trunk/src/libstrongswan/plugins/hmac hmac]||HMAC implementation to prived MAC/PRF functionality using hashers.| hashers.||
|xcbc|XCBC ||[browser:trunk/src/libstrongswan/plugins/xcbc xcbc]||XCBC implementation to prived MAC/PRF functionality using crypters.| crypters.||
|fips_prf|Pseudo ||[browser:trunk/src/libstrongswan/plugins/fips_prf fips_prf]||Pseudo random function implementing the FIPS PRF function.| function.||
|gmp|Implementation ||[browser:trunk/src/libstrongswan/plugins/gmp gmp]||Implementation of RSA private/public keys using the GNU Multi Precision library libgmp.| libgmp.||
|x509|Implementation ||[browser:trunk/src/libstrongswan/plugins/x509 x509]||Implementation of X509 certificates, CRLs, OCSP and attribute certificates.| certificates.||
|pubkey|Generic ||[browser:trunk/src/libstrongswan/plugins/pubkey pubkey]||Generic public key loader plugin.| plugin.||
|openssl|Wrapper ||[browser:trunk/src/libstrongswan/plugins/openssl openssl]||Wrapper to use OpenSSL [[OpenSSL]] to provide crypto services.| services.||
|padlock|Experimental ||[browser:trunk/src/libstrongswan/plugins/padlock padlock]||Experimental plugin to provide hardware accelerated AES/SHA1 on VIA padlock.| padlock.||
|random|Source ||[browser:trunk/src/libstrongswan/plugins/random random]||Source of random data implemented on top of _/dev/(u)random_.| /dev/(u)random.||
|mysql|Database ||[browser:trunk/src/libstrongswan/plugins/mysql mysql]||Database wrapper to access MySQL [[MySQL]] databases, uses libmysqlcleint_r.| libmysqlcleint_r.||
|sqlite|Database ||[browser:trunk/src/libstrongswan/plugins/sqlite sqlite]||Database wrapper to access SQLite databases, uses libsqlite3.| libsqlite3.||
|curl|Fetching ||[browser:trunk/src/libstrongswan/plugins/curl curl]||Fetching of HTTP and other URLs using libcurl.| libcurl.||
|ldap|Fetching ||[browser:trunk/src/libstrongswan/plugins/ldap ldap]||Fetching from LDAP servers using OpenLDAP.| [[OpenLDAP]].||