[Swan] FIPS mode

Lennart Sorensen lsorense at csclub.uwaterloo.ca
Tue Apr 14 17:42:04 EEST 2015

On Tue, Apr 14, 2015 at 10:17:51AM -0400, Paul Wouters wrote:
> Just to clarify, XFRM is only used for the IPsec packet encryption, not
> the IKE packet encryption. IKE is encrypted using the NSS library (which
> has been FIPS certified in itself on some distributions such as RHEL)

Of course.  But one would hope the majority of the heavy work is
encrypting data packets, not managing the key exchanges.  I think the
key exchange overhead is low enough that no one is even bothering to
try to get it to use hardware accaleration.  Just not worth the bother.

> For RHEL7, Libreswan is currently going through FIPS and Common Criteria
> certification. In addition, it is going through USGv6 certification and the
> IKEv2 TAHI test suite.

Which must mean Redhat is also getting at least some of the kernel
crypto certified.

> How can your system be FIPS certified when your kernel is not FIPS certified?
> Running FIPS ceritified applications on a "rogue kernel" will not get
> your system FIPS certification :P

That certainly makes sense.

> Actually, one thing I do like of strongswan is their support for AF_KEY,
> outsourcing all IKE crypto to the (FIPS) kernel, so you don't need any
> certified userland crypto library. And the overhead for doing IKE crypto
> in the kernel is high on a per-packet level, but since you do about 8
> IKE packets per hour, speed doesn't matter at all for that part.

Yeah you don't do it for performance reasons.  But I suppose that means
they have no need for openssl/gnutls/nss in strongswan if you use the
AF_KEY mode.

Len Sorensen

More information about the Swan mailing list