[Swan] FIPS mode

Paul Wouters paul at nohats.ca
Tue Apr 14 19:36:18 EEST 2015


On Tue, 14 Apr 2015, Lennart Sorensen wrote:

> On Tue, Apr 14, 2015 at 11:07:08AM -0400, Paul Wouters wrote:
>> Yes, the kernel crypto is also getting FIPS validated (and has in the
>> past as well) and that includes all combinations of supported
>> architectures and with/without acceleration drivers. It has even
>> resulted in blacklisting some acceleration modules that did not fully
>> comply (eg some could only use 128 bit keys and would error on 256)
>
> Like the Geode LX800 which only does 128bit AES in hardware, and the
> kernel has to switch to software to do anything else.  Such an odd
> design choice.

Worse, AESNI ghash only takes 128 and did not fall back to software
properly. Some IBM v8 and s390x also had similar issues :P

> Well the nss bit does seem like it probably is the best option, and the
> support for offloading to dedicated hardware and not even seeing the
> keys in libreswan is an interesting one (not that I have access to any
> hardware that can do that).

although we do see the SKEYSEED / KEYMAT :P

> ASN.1 parsers like xml parsers are evil horrible things that often have
> security problems it seems.  The less we have of them to maintain
> the better.

Yes :)

Paul


More information about the Swan mailing list