This page was not yet optimized for use on mobile devices.
Canonical Ltd. Ubuntu 22.04 Strongswan Cryptographic Module
Certificate #4911
Webpage information ?
Security policy ?
Symmetric Algorithms
AES, AES-128, AES-192, AES-256, CAST, HMAC, HMAC-SHA-256Asymmetric Algorithms
ECDH, ECDSA, ECC, DH, Diffie-HellmanHash functions
SHA-1, SHA-256, SHA-512, SHA-384, SHA-224, SHA3-224, SHA3-256, SHA3-384, SHA3-512Schemes
Key Exchange, Key exchange, Key AgreementProtocols
SSH, TLS, IKEv2, IKERandomness
DRBG, RNGLibraries
OpenSSLElliptic Curves
P-224, P-256, P-384, P-521, B-233Block cipher modes
CBC, CTR, GCM, CCMTrusted Execution Environments
PSP, SSCSecurity level
Level 1Standards
FIPS 140-3, FIPS PUB 140-3, FIPS 197, FIPS 186-4, FIPS 180-4, FIPS 186-5, FIPS 198-1, SP 800-38A, SP 800-38F, SP 800-38D, NIST SP 800-135, SP 800-38C, SP 800-90B, SP 800-140B, PKCS#1, RFC5282, RFC7296, RFC 3526, ISO/IEC 24759File metadata
| Title | FIPS 140-3 Non-Proprietary Security Policy |
|---|---|
| Author | David Cornwell |
| Creation date | D:20241127183955+00'00' |
| Modification date | D:20241127183955+00'00' |
| Pages | 40 |
| Creator | Microsoft Word |
References
OutgoingHeuristics ?
No heuristics are available for this certificate.
References ?
Updates ?
-
09.12.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4911,
"dgst": "cfce868ee5f75c8b",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"SHA2-224A4005",
"SHA2-256A4017",
"HMAC-SHA2-224A4005",
"HMAC-SHA2-512A4017",
"HMAC-SHA2-384A4017",
"HMAC-SHA2-512/224A4005",
"ECDSA KeyGen (FIPS186-4)A4005",
"HMAC-SHA2-512/256A4004",
"RSA SigGen (FIPS186-4)A4005",
"ECDSA SigVer (FIPS186-4)A4005",
"SHA-1A4017",
"KAS-ECC-SSC Sp800-56Ar3A4005",
"HMAC-SHA2-256A4017",
"AES-CCMA3982",
"Safe Primes Key GenerationA3992",
"SHA2-384A4017",
"ECDSA SigGen (FIPS186-4)A4005",
"AES-GCMA4002",
"HMAC-SHA-1A4017",
"KDF IKEv2A4017",
"SHA2-512A4017",
"KAS-FFC-SSC Sp800-56Ar3A3992",
"SHA2-512/224A4005",
"Safe Primes Key VerificationA3992",
"SHA2-512/256A4005",
"ECDSA KeyVer (FIPS186-4)A4005",
"AES-CBCA3982",
"RSA SigVer (FIPS186-4)A4005",
"Counter DRBGA3970"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"22.04"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"4894",
"4794"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"4894",
"4794"
]
}
},
"module_prunned_references": {
"_type": "Set",
"elements": [
"4894",
"4794"
]
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"4894",
"4794"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"4894",
"4794"
]
}
},
"policy_prunned_references": {
"_type": "Set",
"elements": [
"4894",
"4794"
]
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 1
},
"ECDH": {
"ECDH": 9
},
"ECDSA": {
"ECDSA": 9
}
},
"FF": {
"DH": {
"DH": 25,
"Diffie-Hellman": 6
}
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 3
},
"CCM": {
"CCM": 3
},
"CTR": {
"CTR": 1
},
"GCM": {
"GCM": 8
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {
"OpenSSL": {
"OpenSSL": 61
}
},
"crypto_protocol": {
"IKE": {
"IKE": 23,
"IKEv2": 45
},
"SSH": {
"SSH": 1
},
"TLS": {
"TLS": {
"TLS": 1
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 1
},
"KEX": {
"Key Exchange": 3,
"Key exchange": 2
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"B-233": 1,
"P-224": 22,
"P-256": 28,
"P-384": 20,
"P-521": 20
}
},
"eval_facility": {
"atsec": {
"atsec": 42
}
},
"fips_cert_id": {
"Cert": {
"#4794": 1,
"#4894": 1
}
},
"fips_certlike": {
"Certlike": {
"AES-128": 1,
"AES-192": 1,
"AES-256": 1,
"HMAC SHA- 256": 2,
"HMAC SHA-256": 4,
"HMAC SHA-512": 2,
"HMAC- SHA-1": 1,
"HMAC-SHA-256": 6,
"PKCS#1": 11,
"RSA PKCS#1": 1,
"SHA- 224": 2,
"SHA- 256": 10,
"SHA- 384": 9,
"SHA- 512": 7,
"SHA-1": 16,
"SHA-224": 6,
"SHA-256": 18,
"SHA-384": 5,
"SHA-512": 9,
"SHA3- 224": 1,
"SHA3-224": 1,
"SHA3-256": 2,
"SHA3-384": 2,
"SHA3-512": 1,
"SHA3-512 1": 1
}
},
"fips_security_level": {
"Level": {
"Level 1": 2
}
},
"hash_function": {
"SHA": {
"SHA1": {
"SHA-1": 16
},
"SHA2": {
"SHA-224": 6,
"SHA-256": 18,
"SHA-384": 5,
"SHA-512": 9
},
"SHA3": {
"SHA3-224": 1,
"SHA3-256": 2,
"SHA3-384": 2,
"SHA3-512": 2
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 7
},
"RNG": {
"RNG": 6
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-3": 48,
"FIPS 180-4": 4,
"FIPS 186-4": 7,
"FIPS 186-5": 2,
"FIPS 197": 4,
"FIPS 198-1": 1,
"FIPS PUB 140-3": 2
},
"ISO": {
"ISO/IEC 24759": 2
},
"NIST": {
"NIST SP 800-135": 3,
"SP 800-140B": 1,
"SP 800-38A": 4,
"SP 800-38C": 1,
"SP 800-38D": 3,
"SP 800-38F": 2,
"SP 800-90B": 1
},
"PKCS": {
"PKCS#1": 6
},
"RFC": {
"RFC 3526": 1,
"RFC5282": 1,
"RFC7296": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 8,
"AES-128": 1,
"AES-192": 1,
"AES-256": 1
},
"CAST": {
"CAST": 12
}
},
"constructions": {
"MAC": {
"HMAC": 31,
"HMAC-SHA-256": 3
}
}
},
"tee_name": {
"AMD": {
"PSP": 8
},
"IBM": {
"SSC": 3
}
},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "David Cornwell",
"/CreationDate": "D:20241127183955+00\u002700\u0027",
"/Creator": "Microsoft Word",
"/ModDate": "D:20241127183955+00\u002700\u0027",
"/Title": "FIPS 140-3 Non-Proprietary Security Policy",
"pdf_file_size_bytes": 632165,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf",
"http://www.atsec.com/",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf",
"https://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf",
"http://www.canonical.com/",
"http://www.ietf.org/rfc/rfc3447.txt",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf",
"https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-ig-announcements",
"https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a-add.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf",
"https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf",
"https://www.ietf.org/rfc/rfc3526.txt",
"https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf",
"https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf",
"https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf",
"https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 40
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "5d7091d711f736c65db6638585bca7b32eb8e7d8538d2abb948631cf55aa9db8",
"policy_txt_hash": "7fd6b121bec520da3340d62f88ea522ea378ab53fed85bdcc2a42363228d93db"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "Interim validation. When installed, initialized and configured as specified in Section 11.1 of the Security Policy with module Canonical Ltd. Ubuntu 22.04 OpenSSL Cryptographic Module validated to FIPS 140-3 under Cert. #4794, operating in the approved mode, and with module Canonical Ltd. Ubuntu 22.04 Kernel Crypto API Cryptographic Module validated to FIPS 140-3 under Cert. #4894, operating in the approved mode.",
"certificate_pdf_url": null,
"date_sunset": "2026-12-02",
"description": "Strongswan IKE daemon implementing the IKEv2 protocol to negotiate the key material for IPSec.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical security: N/A",
"Non-invasive security: N/A",
"Mitigation of other attacks: N/A",
"Documentation requirements: N/A",
"Cryptographic module security policy: N/A"
],
"fw_versions": null,
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {
"4794": 1,
"4894": 1
},
"module_name": "Canonical Ltd. Ubuntu 22.04 Strongswan Cryptographic Module",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": "5.9.5-2ubuntu2.1+Fips1",
"tested_conf": [
"Ubuntu 22.04 on IBM z15 with IBM z15 processor with PAI",
"Ubuntu 22.04 on IBM z15 with IBM z15 processor without PAI",
"Ubuntu 22.04 running on Amazon Web Services (AWS) c6g.metal with AWS Graviton2 processor with PAA",
"Ubuntu 22.04 running on Amazon Web Services (AWS) c6g.metal with AWS Graviton2 processor without PAA",
"Ubuntu 22.04 running on Supermicro SYS-1019P-WTR with Intel Xeon Gold 6226 processor with PAA",
"Ubuntu 22.04 running on Supermicro SYS-1019P-WTR with Intel Xeon Gold 6226 processor without PAA"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-12-03",
"lab": "ATSEC INFORMATION SECURITY CORP",
"validation_type": "Initial"
}
],
"vendor": "Canonical Ltd.",
"vendor_url": "http://www.canonical.com"
}
}