Cross-platform C library for managing ISAKMP/IKE negotiations.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
x4.win32 Further license-related changes and a minor README update Aug 24, 2011
x4 Jan 25, 2012


  libike 0.9.6


  Libike (aka charon) is an IKE exchange management library.


  Copyright (c) 2003-2011 Alex Pankratov. All rights reserved.

  The library is distributed under terms of BSD license. 
  You can obtain the copy of the license by visiting:


  Libike allows its users to engage in IKE exchanges (subject to 
  limitations listed below) as per RFC 2407, 2408, 2409.

  The library implements ISAKMP packet processing code, IKE 
  state management code and various miscellaneous functionality 
  such as handling of packet retransmissions, SA lifetime 
  tracking, etc.

  The library does NOT provide means for defining, maintaining 
  and querying security policies; it delegates this functionality 
  to the external code via the callback mechanism instead.


  -- Phase 1 --

  * Initiator side
  * Main and Aggressive Modes
  * Preshared Key and Signature-based authentication (X.509 certs only)
  * DES, IDEA, BlowFish, RC5, 3DES, CAST, AES encryption
  * MD5, SHA1, Tiger, SHA2 hashing
  * 768-8192 MODP Oakley groups
  * Support for NAT-T drafts 1/3/5

  -- Phase 2 --

  * Initiator and Responder sides
  * PFS with groups as above
  * ESP IPsec SA (no IPCOMP or AH)

  The library implements ISAKMP packet processing, IKE exchange state 
  management and various miscellaneous functions including support for
  packet retransmissions and SA lifetime tracking.

  The code concerned with the cryptography is decoupled from the library 
  and is accessed via generic interface. The implementation defaults to 
  the use of OpenSSL library, yet a custom and/or hardware implementations 
  are as easily accommodated.

  The library does not include any networking code and makes minimal 
  assumptions about the actual packet transfer medium. This allows to
  run IKE negotiation over non-trivial carriers including raw IP, TCP, 
  custom tunneling protocols or even IPC channels. The retransmission
  logic is easily custom-tailored via the set of optional callbacks.

  The code is a portable C with a tiny 'glue' layer, which includes number 
  of compiler- and platform-specific definitions and methods.

  Currently supported platforms include Linux and Windows.  



   Building libike requires gcc 2.95.3 or higher;
   to build - issue the following in the root folder of the package:

     make -f x4.unix/Makefile


   Building libike requires MSVC 6.0 or higher;
   to build - load x4.win32/x4.dsw and follow regular build process


  Refer to contents of /docs directory for usage and design guides.



  * Refactored crypto/cipher API to extract key initialization into
    a separate step. Previously the key was expanded/instantiated once
    per every encryption/decryption call; now the initialization is
    done once per key, and its instance is then used with encryption 
    and/or decryption routines.
  * Added IDEA, CAST, RC5 and BlowFish ciphers.
  * Added Tiger, SHA2-256/384/512 hashes.
  * Modified Phase 1 code to support newly added ciphers and hashes.


  * Added support for Aggressive Mode in Phase 1
  * Added 'quick code walkthrough' document, which is a bare bones guide 
    to libike's sources.
  * Refactored inbound processing code - added generalized payloads'
    sanity and consistency checks, extended generic exchange with 
    masks of expected/allowed payload types and moved some of NAT-T code 
    to a new location.

  * Resolved a number of portability issues including the use of
    anonymous fields in structures and non-standard enum typedefs.
  * Renamed few types for a consistency

  * Added code to run tests with RSA SIG authentication. Verified to 
    interoperate with and
  * Fixed bug in IDii formating code, which caused garbage to be
    written instead of IP address


  * Added support for IKE NAT traversal drafts:
      draft-ietf-ipsec-nat-t-ike-03 and 
  * Changed test code to run against 'official' SSH interop site
  * Some minor changes to the rest of the code

  * Fixed 'exchange' context being passed instead of 'callback'
    context in few places. An artifact of a recent callback code


  * added manual.txt (subject to further udpates)
  * modified license.txt to refer to 'Cipherica Labs software' instead 
    of 'x4 software'.


  * updated IDs of DH MODP groups as per changes made in


  * an initial public release


  * Documentation (half way there)
  * Responder mode for Phase 1
  * Ports to other platforms
  * Support for IPCOMP SAs in Phase 2
  * More interop testing


  $Id: readme.txt,v 1.9 2003/04/28 04:29:22 alex Exp $