libike
Internet Key Exchange management library
Libike is a cross-platform C library for managing IKE negotiations as per RFC 2407, 2408 and 2409. The project is from 2003 and it is no longer maintained.What it does
The library implements ISAKMP packet processing, IKE state management and various miscellaneous functions such as handling of packet retransmissions and SA lifetime tracking. In other words...
Libike handles protocol details of the IKE exchange
leaving the application to make high-level decisions of the
negotiation.
The library parses packets passed to it by an application,
steps through IKE states based on packets' content, queries
the application via callbacks for any information it is missing,
formats responses and passes them back to the application for
actual transmission.
What it does not
Libike does not include any networking code and makes very few assumptions about the actual packet transfer medium. It is an application that does all sending and receiving. This arrangement allows runing IKE exchanges over not just UDP, but virtually any protocol including raw IP, TCP, HTTP or IPC channels.In the same vein libike does not provide means for creating, managing or querying security policies. When it arrives at point of making a security policy decision - for example, needing to validate peer's credentials or to select one of SA offers - it issues a callback and expects the application to tell it what to do.
Callbacks and portability
Callbacks are absolutely essential to libike's architecture. This is what keeps the library light and its OS dependencies remarkably small. The API defines 19 callbacks as opposed to just 8 entry points. The CALLBACKS section in the manual.txt has the details.The library is written in portable C with a tiny "glue" layer that includes a small number of compiler- and platform-specific typedefs, macros and functions. Therefore adapting libike to a new platform translates into just making a new glue layer.