This page was not yet optimized for use on mobile devices.

Canonical Ltd. Ubuntu 22.04 Strongswan Cryptographic Module

Certificate #4911

Webpage information

Status	active
Validation dates	03.12.2024
Sunset date	02-12-2026
Standard	FIPS 140-3
Security level	1
Type	Software
Embodiment	Multi-Chip Stand Alone
Caveat	Interim validation. When installed, initialized and configured as specified in Section 11.1 of the Security Policy with module Canonical Ltd. Ubuntu 22.04 OpenSSL Cryptographic Module validated to FIPS 140-3 under Cert. #4794, operating in the approved mode, and with module Canonical Ltd. Ubuntu 22.04 Kernel Crypto API Cryptographic Module validated to FIPS 140-3 under Cert. #4894, operating in the approved mode.
Exceptions	Physical security: N/A Non-invasive security: N/A Mitigation of other attacks: N/A
Description	Strongswan IKE daemon implementing the IKEv2 protocol to negotiate the key material for IPSec.
Tested configurations	Ubuntu 22.04 on IBM z15 with IBM z15 processor with PAI Ubuntu 22.04 on IBM z15 with IBM z15 processor without PAI Ubuntu 22.04 running on Amazon Web Services (AWS) c6g.metal with AWS Graviton2 processor with PAA Ubuntu 22.04 running on Amazon Web Services (AWS) c6g.metal with AWS Graviton2 processor without PAA Ubuntu 22.04 running on Supermicro SYS-1019P-WTR with Intel Xeon Gold 6226 processor with PAA Ubuntu 22.04 running on Supermicro SYS-1019P-WTR with Intel Xeon Gold 6226 processor without PAA
Vendor	Canonical Ltd.
References	This certificate's webpage directly references 2 certificates, transitively this expands into 2 certificates.

Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms

AES, AES-128, AES-192, AES-256, CAST, HMAC, HMAC-SHA-256

Asymmetric Algorithms

ECDH, ECDSA, ECC, DH, Diffie-Hellman

Hash functions

SHA-1, SHA-256, SHA-512, SHA-384, SHA-224, SHA3-224, SHA3-256, SHA3-384, SHA3-512

Schemes

Key Exchange, Key exchange, Key Agreement

Protocols

SSH, TLS, IKEv2, IKE

Randomness

DRBG, RNG

Libraries

OpenSSL

Elliptic Curves

P-224, P-256, P-384, P-521, B-233

Block cipher modes

CBC, CTR, GCM, CCM

Trusted Execution Environments

PSP, SSC

Security level

Level 1

Standards

FIPS 140-3, FIPS PUB 140-3, FIPS 197, FIPS 186-4, FIPS 180-4, FIPS 186-5, FIPS 198-1, SP 800-38A, SP 800-38F, SP 800-38D, NIST SP 800-135, SP 800-38C, SP 800-90B, SP 800-140B, PKCS#1, RFC5282, RFC7296, RFC 3526, ISO/IEC 24759

File metadata

Title	FIPS 140-3 Non-Proprietary Security Policy
Author	David Cornwell
Creation date	D:20241127183955+00'00'
Modification date	D:20241127183955+00'00'
Pages	40
Creator	Microsoft Word

References

Outgoing

4894 - active - Canonical Ltd. Ubuntu 22.04 Kernel Crypto API Cryptographic Module
4794 - active - Canonical Ltd. Ubuntu 22.04 OpenSSL Cryptographic Module

Heuristics

No heuristics are available for this certificate.

References

Updates

08.09.2025 The certificate data changed.
Certificate changed

The web extraction data was updated.
- The validation_history property was updated.
24.02.2025 The certificate data changed.
Certificate changed

The web extraction data was updated.
- The exceptions property was updated.
09.12.2024 The certificate was first processed.

New certificate

A new FIPS 140 certificate with the product name Canonical Ltd. Ubuntu 22.04 Strongswan Cryptographic Module was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4911,
  "dgst": "cfce868ee5f75c8b",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "HMAC-SHA2-224A4005",
        "Safe Primes Key VerificationA3992",
        "RSA SigGen (FIPS186-4)A4005",
        "Counter DRBGA3970",
        "KAS-ECC-SSC Sp800-56Ar3A4005",
        "SHA2-512/224A4005",
        "Safe Primes Key GenerationA3992",
        "SHA2-512A4017",
        "HMAC-SHA2-512/224A4005",
        "HMAC-SHA-1A4017",
        "AES-CCMA3982",
        "ECDSA SigGen (FIPS186-4)A4005",
        "SHA2-256A4017",
        "RSA SigVer (FIPS186-4)A4005",
        "SHA2-224A4005",
        "ECDSA KeyVer (FIPS186-4)A4005",
        "KAS-FFC-SSC Sp800-56Ar3A3992",
        "SHA-1A4017",
        "AES-CBCA3982",
        "ECDSA KeyGen (FIPS186-4)A4005",
        "HMAC-SHA2-256A4017",
        "HMAC-SHA2-512A4017",
        "SHA2-384A4017",
        "ECDSA SigVer (FIPS186-4)A4005",
        "SHA2-512/256A4005",
        "HMAC-SHA2-512/256A4004",
        "HMAC-SHA2-384A4017",
        "KDF IKEv2A4017",
        "AES-GCMA4002"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "22.04"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": {
        "_type": "Set",
        "elements": [
          "4894",
          "4794"
        ]
      },
      "indirectly_referenced_by": null,
      "indirectly_referencing": {
        "_type": "Set",
        "elements": [
          "4894",
          "4794"
        ]
      }
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": [
        "4894",
        "4794"
      ]
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": {
        "_type": "Set",
        "elements": [
          "4894",
          "4794"
        ]
      },
      "indirectly_referenced_by": null,
      "indirectly_referencing": {
        "_type": "Set",
        "elements": [
          "4894",
          "4794"
        ]
      }
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": [
        "4894",
        "4794"
      ]
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 1
          },
          "ECDH": {
            "ECDH": 9
          },
          "ECDSA": {
            "ECDSA": 9
          }
        },
        "FF": {
          "DH": {
            "DH": 25,
            "Diffie-Hellman": 6
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 3
        },
        "CCM": {
          "CCM": 3
        },
        "CTR": {
          "CTR": 1
        },
        "GCM": {
          "GCM": 8
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 61
        }
      },
      "crypto_protocol": {
        "IKE": {
          "IKE": 23,
          "IKEv2": 45
        },
        "SSH": {
          "SSH": 1
        },
        "TLS": {
          "TLS": {
            "TLS": 1
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 1
        },
        "KEX": {
          "Key Exchange": 3,
          "Key exchange": 2
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "B-233": 1,
          "P-224": 22,
          "P-256": 28,
          "P-384": 20,
          "P-521": 20
        }
      },
      "eval_facility": {
        "atsec": {
          "atsec": 42
        }
      },
      "fips_cert_id": {
        "Cert": {
          "#4794": 1,
          "#4894": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES-128": 1,
          "AES-192": 1,
          "AES-256": 1,
          "HMAC SHA- 256": 2,
          "HMAC SHA-256": 4,
          "HMAC SHA-512": 2,
          "HMAC- SHA-1": 1,
          "HMAC-SHA-256": 6,
          "PKCS#1": 11,
          "RSA PKCS#1": 1,
          "SHA- 224": 2,
          "SHA- 256": 10,
          "SHA- 384": 9,
          "SHA- 512": 7,
          "SHA-1": 16,
          "SHA-224": 6,
          "SHA-256": 18,
          "SHA-384": 5,
          "SHA-512": 9,
          "SHA3- 224": 1,
          "SHA3-224": 1,
          "SHA3-256": 2,
          "SHA3-384": 2,
          "SHA3-512": 1,
          "SHA3-512 1": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 2
        }
      },
      "hash_function": {
        "SHA": {
          "SHA1": {
            "SHA-1": 16
          },
          "SHA2": {
            "SHA-224": 6,
            "SHA-256": 18,
            "SHA-384": 5,
            "SHA-512": 9
          },
          "SHA3": {
            "SHA3-224": 1,
            "SHA3-256": 2,
            "SHA3-384": 2,
            "SHA3-512": 2
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 7
        },
        "RNG": {
          "RNG": 6
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 48,
          "FIPS 180-4": 4,
          "FIPS 186-4": 7,
          "FIPS 186-5": 2,
          "FIPS 197": 4,
          "FIPS 198-1": 1,
          "FIPS PUB 140-3": 2
        },
        "ISO": {
          "ISO/IEC 24759": 2
        },
        "NIST": {
          "NIST SP 800-135": 3,
          "SP 800-140B": 1,
          "SP 800-38A": 4,
          "SP 800-38C": 1,
          "SP 800-38D": 3,
          "SP 800-38F": 2,
          "SP 800-90B": 1
        },
        "PKCS": {
          "PKCS#1": 6
        },
        "RFC": {
          "RFC 3526": 1,
          "RFC5282": 1,
          "RFC7296": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 8,
            "AES-128": 1,
            "AES-192": 1,
            "AES-256": 1
          },
          "CAST": {
            "CAST": 12
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 31,
            "HMAC-SHA-256": 3
          }
        }
      },
      "tee_name": {
        "AMD": {
          "PSP": 8
        },
        "IBM": {
          "SSC": 3
        }
      },
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "David Cornwell",
      "/CreationDate": "D:20241127183955+00\u002700\u0027",
      "/Creator": "Microsoft Word",
      "/ModDate": "D:20241127183955+00\u002700\u0027",
      "/Title": "FIPS 140-3 Non-Proprietary Security Policy",
      "pdf_file_size_bytes": 632165,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf",
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf",
          "http://www.canonical.com/",
          "https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf",
          "https://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf",
          "https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-ig-announcements",
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a-add.pdf",
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf",
          "http://www.ietf.org/rfc/rfc3447.txt",
          "https://www.ietf.org/rfc/rfc3526.txt",
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf",
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf",
          "http://www.atsec.com/",
          "https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf",
          "https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf",
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 40
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "5d7091d711f736c65db6638585bca7b32eb8e7d8538d2abb948631cf55aa9db8",
    "policy_txt_hash": "7fd6b121bec520da3340d62f88ea522ea378ab53fed85bdcc2a42363228d93db"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "Interim validation. When installed, initialized and configured as specified in Section 11.1 of the Security Policy with module Canonical Ltd. Ubuntu 22.04 OpenSSL Cryptographic Module validated to FIPS 140-3 under Cert. #4794, operating in the approved mode, and with module Canonical Ltd. Ubuntu 22.04 Kernel Crypto API Cryptographic Module validated to FIPS 140-3 under Cert. #4894, operating in the approved mode.",
    "certificate_pdf_url": null,
    "date_sunset": "2026-12-02",
    "description": "Strongswan IKE daemon implementing the IKEv2 protocol to negotiate the key material for IPSec.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical security: N/A",
      "Non-invasive security: N/A",
      "Mitigation of other attacks: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {
      "4794": 1,
      "4894": 1
    },
    "module_name": "Canonical Ltd. Ubuntu 22.04 Strongswan Cryptographic Module",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": "5.9.5-2ubuntu2.1+Fips1",
    "tested_conf": [
      "Ubuntu 22.04 on IBM z15 with IBM z15 processor with PAI",
      "Ubuntu 22.04 on IBM z15 with IBM z15 processor without PAI",
      "Ubuntu 22.04 running on Amazon Web Services (AWS) c6g.metal with AWS Graviton2 processor with PAA",
      "Ubuntu 22.04 running on Amazon Web Services (AWS) c6g.metal with AWS Graviton2 processor without PAA",
      "Ubuntu 22.04 running on Supermicro SYS-1019P-WTR with Intel Xeon Gold 6226 processor with PAA",
      "Ubuntu 22.04 running on Supermicro SYS-1019P-WTR with Intel Xeon Gold 6226 processor without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-12-03",
        "lab": "atsec information security corporation",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Canonical Ltd.",
    "vendor_url": "http://www.canonical.com"
  }
}

Sections

Canonical Ltd. Ubuntu 22.04 Strongswan Cryptographic Module

Certificate #4911

Webpage information

Security policy

Cryptography

Symmetric Algorithms

Asymmetric Algorithms

Hash functions

Schemes

Protocols

Randomness

Libraries

Elliptic Curves

Block cipher modes

Device

Trusted Execution Environments

Security

Security level

Other

Standards

File metadata

References

Heuristics

References

Updates

Certificate changed

Certificate changed

New certificate

Raw data

Toggle raw data