[strongSwan] strongswan and FIPS

kaleb himes kaleb at wolfssl.com
Mon Apr 19 18:53:44 CEST 2021

In response to sk post regarding FIPS and strongswan, Please find responses inline below:

>> Hello,
>> I had a few questions about strongswan and FIPs mode. Some of the earlier discussions and threads on the subject have been great help, but I need help with some clarifications. Your help would be greatly appreciated.
>> 1. We use version 5.1.3 of strongswan with a few patches from later. Would there be any advantages (related to FIPs compliance) by moving to a more recent version? I understand moving to higher versions is better for general sense, but for FIPs - would it matter?

Upgrading to wolfCrypt FIPS certificate 3389 is another option. See this blog post for more info: https://www.wolfssl.com/strongswan-wolfssl-fips/

>> 2. I was able to get our version to compile with FIPS mode 2, and was able to replace the ALG usage in ike (as seen in ipsec listalgs) to use openssl plugin. This plugin would use the underlying openssl library on the system and that openssl library is fips compatible and has the fips object module for openssl installed. Would that be sufficient to say we are running strongswan in fips mode? The strongswan libraries that implement crypto and hmac are not compiled and packaged. We want to get everything from openssl. 

Your FIPS lab should make the decision on this question, this is not something the mailing list could likely address.  Oh, by the way, just be aware OpenSSL FIPS certificates are both expired (links provided below) and according to OpenSSL’s FIPS page (https://www.openssl.org/docs/fips.html <https://www.openssl.org/docs/fips.html>) OpenSSL is no longer planning on doing FIPS so you’ll need to validate OpenSSL on your own or use an alternate crypto library that has an up-to-date certificate!

https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/1747 <https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/1747> - Historical List
https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/2398 <https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/2398> - Historical List

>> 3. Are there any other crypto implementations in strongswan that cannot be turned off by autoconf compile flags?
>> 4. Even when compiled in FIPS mode, I noticed that MD4, MD5, modp768 and  such are listed in ipsec stroke listalgs. To disable them, I had to pass in the appropriate OPENSSL #ifdef compile flags via CFLAGS during compilation. Is there a better way to do this, if I want to turn off the non-fips compliant weaker algs?

Your FIPS lab will probably ask you to prove through profiling that these algos are not being called during operational testing and code-review phase of a FIPS validation effort.

>> 5. Is there a difference between IKEv1 and IKEv2 compliance when it comes to FIPS? Canonical's FIPs document for strongswan at NIST only mentions IKEv2. I read that FIPS needs 128 bit keys and such, and since IKEv1 can support 8 bytes (64 bits) nonces, would IKEv1 be considered incompatible? Since strongswan uses 32 byte nonces, would that be considered compliant for FIPS?

FIPS is clear about banned algos.  They are banned for good reasons.

>> Thank you for reading this. Any help with the answers would be greatly appreciated.
>> regards,
>> sk

If you have any other questions wolfSSL employs a few FIPS experts and would be happy to address any questions if you email "fips [at] wolfssl [dot] com”.

Warmest Regards,

Kaleb Himes
Software Engineer

If you appreciate your experience with wolfSSL
please leave us a star at https://github.com/wolfSSL/wolfssl!


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210419/f0bd7320/attachment.html>

More information about the Users mailing list