[Swan] FIPS mode
Paul Wouters
paul at nohats.ca
Tue Apr 14 19:36:18 EEST 2015
On Tue, 14 Apr 2015, Lennart Sorensen wrote:
> On Tue, Apr 14, 2015 at 11:07:08AM -0400, Paul Wouters wrote:
>> Yes, the kernel crypto is also getting FIPS validated (and has in the
>> past as well) and that includes all combinations of supported
>> architectures and with/without acceleration drivers. It has even
>> resulted in blacklisting some acceleration modules that did not fully
>> comply (eg some could only use 128 bit keys and would error on 256)
>
> Like the Geode LX800 which only does 128bit AES in hardware, and the
> kernel has to switch to software to do anything else. Such an odd
> design choice.
Worse, AESNI ghash only takes 128 and did not fall back to software
properly. Some IBM v8 and s390x also had similar issues :P
> Well the nss bit does seem like it probably is the best option, and the
> support for offloading to dedicated hardware and not even seeing the
> keys in libreswan is an interesting one (not that I have access to any
> hardware that can do that).
although we do see the SKEYSEED / KEYMAT :P
> ASN.1 parsers like xml parsers are evil horrible things that often have
> security problems it seems. The less we have of them to maintain
> the better.
Yes :)
Paul
More information about the Swan
mailing list