On Tue, 14 Apr 2015, jonetsu wrote:
IKE is encrypted using the NSS library (which has been FIPS
certified in itself on some distributions such as RHEL)
NSS has 'native' FIPS mode that can be switched on using the
modutil utility. No need for an extra package (as in the case
with OpenSSL).
It is also turned out by the kernel parameter fips=1
For RHEL7, Libreswan is currently going through FIPS and Common
Criteria certification.
(Sorry I haven't looked yet) Is there any FIPS-related code
update available such as restriction of crypto used in FIPS mode
?
Restriction of algorithms will be done post RHEl-7.1 (and is not strictly
a requirement of FIPS, you can document that one should not use MD5
without blocking MD5)
However, current libreswan git head (which will become 3.13) does have
these restrictions enforced now. Which means, MD5, TWOFISH and SERPENT
are not available for IKE or ESP.
So far I can say that putting the kernel through FIPS validation
is not something that was ever mentioned with the consultants.
It's very expensive. It might be much better to pick a kernel that has
been FIPS certified when you can.
Considering that it would certainly be a huge effort from the
testing lab, they would have mentioned it early on. And, not all
of the kernel would be certified.
Red Hat 5.0 clearly excludes XFRM of their Security Policy.
Section 1.1.2 page 8:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1386.pdf
That's because the XFRM itself does not perform cryptographic
operations. The kernel crypto API does that, and it is FIPS certified on
its own:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1387.pdf
As you say, there are not that many IKE packets anyways. I'm
still wondering why Strongswan would say that using the OpenSSL
crypto plug-ins is the easiest way to get FIPS certification.
Page 12 (yes, it dates from 2008, things might have changed) :
Perhaps in 2008 they didn't have AF_KEY support yet? or their other
many modules. I'm pretty sure those different modules were paid for
by people who did not want to pay twice for a FIPS certification. So
depending on your other applications on your device, it might make
more sense to use openssl or nss or the kernel or gcrypt, etc etc.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
