Module Name
Ubuntu Strongswan Cryptographic Module
Validation Dates
07/31/2017;08/27/2019
Caveat
When operated in FIPS mode with module Ubuntu OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #2888 operating in FIPS mode and with module Ubuntu Kernel Crypto API Cryptographic Module validated to FIPS140-2 under Cert. #2962 operating in FIPS mode
Security Level Exceptions
- Physical Security: N/A
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
Ubuntu Strongswan Cryptographic Module provides cryptographic services for the Internet Key Exchange (IKE) protocol in the Ubuntu Operating System user space.
Tested Configuration(s)
- Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C with PAA
- Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C without PAA
- Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L with PAA
- Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L without PAA
- Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB with PAA
- Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB without PAA
- Ubuntu 16.04 LTS 64-bit running on IBM z13 with PAI
- Ubuntu 16.04 LTS 64-bit running on IBM z13 without PAI (single-user mode)
- Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR with PAA
- Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR without PAA
FIPS Algorithms
AES |
Certs. #4354, #4355, #4356, #4357, #4358, #4359, #4360, #4361, #4370, #4371, #4372, #4373, #4374 and #4375 |
CVL |
Cert. #1053, #1054, #1056, #1057, #1059, #1060, #1062, #1063, #1065, #1067, #1068, #1069, #1154, #1155, #1156, #1157, #1158, #1159 and #1160 |
DRBG |
Certs. #1390, #1391, #1392, #1393, #1394, #1395, #1396 and #1397 |
ECDSA |
Certs. #1031, #1032, #1033, #1034, #1035, #1036 and #1037 |
HMAC |
Certs. #2895, #2896, #2897, #2898, #2899, #2900, #2901, #2970, #2971, #2972, #2973, #2974, #2976 and #2977 |
RSA |
Certs. #2351, #2352, #2353, #2354, #2355, #2356 and #2357 |
SHS |
Certs. #3593, #3594, #3595, #3596, #3597, #3598, #3599, #3687, #3688, #3689, #3690, #3691, #3693 and #3694 |
Triple-DES |
Certs. #2355, #2356 and #2357 |
Allowed Algorithms
Diffie-Hellman (CVL Certs. #1053, #1056, #1059, #1062, #1065, #1067 and #1069; key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1053, #1054, #1056, #1057, #1059, #1060, #1063, #1065, #1067, #1068 and #1069; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG
Software Versions
1.0 and 1.1