[Swan] NDcPP 1.0: FCS_IPSEC_EXT.1.12

Paul Wouters paul at nohats.ca
Sat Mar 5 11:53:56 UTC 2016


On Mon, 1 Feb 2016, jonetsu wrote:

(found a lost email I never replied to)

> FIPS and the NDcPP are not directly related although quite often both are required to make a complete security 'standard' package.
>
> The Collaborative Protection Profile for Network Devices (NDcPP 1.0) states:
>
>   "FCS_IPSEC_EXT.1.12 The unit shall be able to ensure by default
>   that the strength of the symmetric algorithm (in terms of the
>   number of bits in the key) negotiated to protect either the
>   IKEv1 Phase 1 or the IKEv2 IKE_SA connection is greater than or
>   equal to the strength of the symmetric algorithm (in terms of
>   the number of bits in the key) negotiated to protect either the
>   IKEv1 Phase 2 or IKEv2 CHILD_SA connection."
>
> Where does libreswan stands regarding, when running in FIPS mode ?

It does not enforce this restriction, although it strongly prefers 256
bit over 128 bit for its proposals, so in the default settings you will
get the same key sizes for IKE and IPsec SA's

> Also, another FIPS-loosely-related document, the Common Criteria states:
>
>   "The unit must implement the IPsec protocol ESP as defined by RFC 4303 AES-GCM-128, AES-GCM-256,
>    and optionally AES-CBC-128, AES-CBC-256 with HMAC-SHA."
>
> Does libreswan make use of RFC 4303 ?

Those are all implemented. I'm not sure what they mean with HMAC-SHA but
libreswan supports SHA1 and the SHA2 family.

Paul


More information about the Swan mailing list