[Openswan dev] Openswan + FIPS thoughts
Ken Bantoft
ken at xelerance.com
Tue Oct 30 12:02:02 EDT 2007
On Tue, 30 Oct 2007, David McCullough wrote:
>
> Jivin Paul Wouters lays it down ...
> > On Tue, 30 Oct 2007, David McCullough wrote:
> >
> > > We are just starting out on a FIPS certification for some of our
> > > products, and they will include Openswan. So far we can see no
> > > problems with getting the certification, but we are interested in some
> > > feedback on the changes we need to make to get this through.
> >
> > We have had inquieries in the past. Usually couped with "openssl is
> > already paid for with FIPS, and so is NETKEY, can we change pluto to
> > only use openssl with NETKEY".
>
> It's not paid for, everyone needs to certify their version ...
>
> The difference is that is has been certified and is using FIPS approved
> algs etc.
I think (hope) Paul meant 'openssl is already certifiable for FIPS'.. so
no arguments there.
> > > We are considering two possible approaches:
> > >
> > > 1) Replace all the libgmp/crypto code in Openswan user space to use
> > > libssl/openssl exclusively. This will mean we have a single
> > > point of testing/implementation for FIPS. It also means that
> > > OpenSwan will continue to use OCF for user space as appropriate,
> > > but can also take advantage of the many other openssl engines and
> > > accelerators.
> >
> > We found that hw accelerators for userland was hardly worth it (and at
> > times slower then using hardware)
>
> Yes, know all about that, but you don't need to use them.
>
> The thing is that on platforms like Via/Geode and so on, the openssl
> engine doesn't have to call into the kernel. A lot of CPU manufacturers
> also accelerate openssl first which can be useful (depending on the
> platform).
>
> Seemed like a nice side affect, and since I though you guys had already
> included the OCF accelerations into pluto, this actually seems cleaner
> IMO.
These patches would be welcome, I think. I'm hoping you are working
around 2.5/#testing/etc.. and not based around 2.4.x.
> > > 2) The second, perhaps not so pretty solution, is to hook
> > > everything in openswan userspace as has been done already for
> > > OCF, but to do it for everything that FIPS cares about.
> > >
> > > I am not sure of the history here, so perhaps there is a reason why it
> > > should or shouldn't be done this way or that.
> >
> > Part is probably history (openssl didnt have the functionality needed).
> > Part is bloat (openssl is huge)
>
> No arguments on that one, though it is also hard to produce a useful
> platform without it in some form.
>
> > Part of it was security (openssl is vulnerable on a weekly basis to something)
>
> Which is also a good thing right ? More eye's and faster fixes and all
> that ?
>
> > While it may satisy FIPS, it might not actually be more secure.
>
> No one who knows there stuff will ever say that FIPS is more secure.
> It's more about expected behaviour and being able to test that the
> system is indeed producing the expected behaviour.
And part of it was politics - OpenSSL had US-based developers, and during
the FreeS/WAN era, there was the rule against accepting patches from US
developers. We're long since that, so I don't see any reason why not.
> > > Would switching from libgmp/ouwn crypto to a completely libssl solution
> > > for the big num and user space crypto code be attractive to the openswan
> > > community ?
> >
> > I guess ideally, we could allow either one.
>
> It may not be too much work to allow a compile time switch to select.
> I just remember Michael complaining that the OCF changes didn't rip out
> all the old crufty crypto. I figured I would see if this was desired
> this time around ;-)
Yes, patches to remove cruft are always welcome.. and tend to get
integrated a bit quicker these days (provided they are against #testing)
since we're back to running daily regression builds (so we know in a day
if they broke stuff)
> > Michael has more intimate knowledge about the aceleration issues.
>
> The acceleration (if you get it) is only a side benefit at best. It
> seemed like a possible plus to switching to OpenSSL.
>
> Our primary goal is to create a system that will pass FIPS with the minimum
> of overheads (boot/runtime tests). To us this means having one of
> everything. One 3DES implementation, one key gen, one big num lib and
> so on. Since the system will have Openswan, OpenSSL amd other systems,
> we are looking to reduce duplication of algs and so on.
Sounds good to me.
Ken
More information about the Dev
mailing list