[Swan-dev] FIPS algorithms list
Andrew Cagney
andrew.cagney at gmail.com
Sat May 2 14:39:03 UTC 2020
I'm not sure about this, from algparse-02 FIPS - MD5?:
-FIPS Encryption algorithms:
+Encryption algorithms:
AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS
{256,192,*128} aes_ccm, aes_ccm_c
AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS
{256,192,*128} aes_ccm_b
AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS
{256,192,*128} aes_ccm_a
3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS
[*192] 3des
+ CAMELLIA_CTR IKEv1: ESP IKEv2: ESP
{256,192,*128}
+ CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP
{256,192,*128} camellia
AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS
{256,192,*128} aes_gcm, aes_gcm_c
AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS
{256,192,*128} aes_gcm_b
AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS
{256,192,*128} aes_gcm_a
AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS
{256,192,*128} aesctr
AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS
{256,192,*128} aes
NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS
{256,192,*128} aes_gmac
-FIPS Hash algorithms:
+ NULL IKEv1: ESP IKEv2: ESP []
+ CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP
[*256] chacha20poly1305
+Hash algorithms:
+ MD5 IKEv1: IKE IKEv2:
When in FIPS mode, the non-FIPS algorithms - either NSS supported but
not FIPS or locally implemented - get stripped from the lookup table.
By stripping the algorithms out searches (proposal parsing,
crypto-suite negotiation) can't find them. The algorithm's .fips bit
determines this (which is easier than code probing each algorithm and
key size to see if it is currently working ...).
Based on the above this isn't happening?
More information about the Swan-dev
mailing list