[Swan] FIPS mode

jonetsu jonetsu at teksavvy.com
Tue Apr 14 17:53:53 EEST 2015

> From: "Paul Wouters" <paul at nohats.ca> 
> Date: 04/14/15 10:18 

> Just to clarify, XFRM is only used for the IPsec packet
> encryption, not the IKE packet encryption.


> IKE is encrypted using the NSS library (which has been FIPS
> certified in itself on some distributions such as RHEL)

NSS has 'native' FIPS mode that can be switched on using the
modutil utility.  No need for an extra package (as in the case
with OpenSSL).

> For RHEL7, Libreswan is currently going through FIPS and Common
> Criteria certification.

(Sorry I haven't looked yet) Is there any FIPS-related code
update available such as restriction of crypto used in FIPS mode

> How can your system be FIPS certified when your kernel is not
> FIPS certified?

In many cases the OS is not part of the FIPS validation.

> Running FIPS ceritified applications on a "rogue kernel" will
> not get your system FIPS certification :P

So far I can say that putting the kernel through FIPS validation
is not something that was ever mentioned with the consultants.
Considering that it would certainly be a huge effort from the
testing lab, they would have mentioned it early on.  And, not all
of the kernel would be certified.

Red Hat 5.0 clearly excludes XFRM of their Security Policy.
Section 1.1.2 page 8:


They went for Level 1 certification.  As Steve Marquess of
OpenSSL replied to me this morning, at FIPS Level 1 the
underlying OS is not part of the validation domain.

> Actually, one thing I do like of strongswan is their support
> for AF_KEY, outsourcing all IKE crypto to the (FIPS) kernel,...

As you say, there are not that many IKE packets anyways.  I'm
still wondering why Strongswan would say that using the OpenSSL
crypto plug-ins is the easiest way to get FIPS certification.

Page 12 (yes, it dates from 2008, things might have changed) :



More information about the Swan mailing list