action #100554
closed[sle][security][backlog][feature][ECO] SLE-21227 - QA: FIPS: implement the IPSEC KDF for strongswan in openssl
100%
Description
https://jira.suse.com/browse/SLE-21227
OpenSSL in its master branch as a KDF (Key Derivation Function) framework.
As our FIPS strongswan certificate is only for the key derivation function we could save a lot of trouble and effort to move this functionality into openssl.
A similar thing openssl has done with the SSH KDF already, and we could do it for IPSEC too.
Upstream so far does not have it there.
Updated by bchou almost 2 years ago
- Subject changed from [sle][security][sle15sp4][feature][manual] SLE-21227 - QA: FIPS: implement the IPSEC KDF for strongswan in openssl to [sle][security][sle15sp4][feature][ECO] SLE-21227 - QA: FIPS: implement the IPSEC KDF for strongswan in openssl
- Status changed from New to Blocked
- Estimated time set to 40.00 h
This case will be released after SLE15 SP4 GMC. Set this poo as ECO.
Updated by llzhao almost 2 years ago
- Subject changed from [sle][security][sle15sp4][feature][ECO] SLE-21227 - QA: FIPS: implement the IPSEC KDF for strongswan in openssl to [sle][security][backlog][feature][ECO] SLE-21227 - QA: FIPS: implement the IPSEC KDF for strongswan in openssl
Updated by rcai almost 2 years ago
- Status changed from Blocked to In Progress
The latest build 151.1 includes bug(1195919) fix as below:
rpm -q strongswan-5.8.2-150400.17.24.x86_64 --changelog | more
Thu Mar 24 2022 meissner@suse.com
0001-Modularize-the-IKEv2-key-derivation-so-it-can-be-pro.patch:
Outsource the IKE key deriviation to openssl for FIPS certification.
(bsc#1195919)
Completed strongswan related test as below:
Test all passed.
x86_64 platform OpenQa automation test, please refer test result.
https://openqa.suse.de/tests/8825402
Function test for HKDF, already integrated into openqa.
please refer test result:
https://openqa.suse.de/tests/8825402#step/strongswan_server/30
More strongswan on different platforms, please refer page: https://confluence.suse.com/pages/viewpage.action?pageId=968033193#SLES15SP4SecurityFIPSRegressionTest(RCphase)-RCphaseTestRuns
Updated by rcai almost 2 years ago
Updated by rcai almost 2 years ago
- Status changed from In Progress to Resolved
- % Done changed from 0 to 100