Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #4911

Details

Module Name
Canonical Ltd. Ubuntu 22.04 Strongswan Cryptographic Module
Standard
FIPS 140-3
Status
Active
Sunset Date
12/2/2026
Overall Level
1
Caveat
Interim validation. When installed, initialized and configured as specified in Section 11.1 of the Security Policy with module Canonical Ltd. Ubuntu 22.04 OpenSSL Cryptographic Module validated to FIPS 140-3 under Cert. #4794, operating in the approved mode, and with module Canonical Ltd. Ubuntu 22.04 Kernel Crypto API Cryptographic Module validated to FIPS 140-3 under Cert. #4894, operating in the approved mode.
Security Level Exceptions
  • Physical security: N/A
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
Strongswan IKE daemon implementing the IKEv2 protocol to negotiate the key material for IPSec.
Tested Configuration(s)
  • Ubuntu 22.04 on IBM z15 with IBM z15 processor with PAI
  • Ubuntu 22.04 on IBM z15 with IBM z15 processor without PAI
  • Ubuntu 22.04 running on Amazon Web Services (AWS) c6g.metal with AWS Graviton2 processor with PAA
  • Ubuntu 22.04 running on Amazon Web Services (AWS) c6g.metal with AWS Graviton2 processor without PAA
  • Ubuntu 22.04 running on Supermicro SYS-1019P-WTR with Intel Xeon Gold 6226 processor with PAA
  • Ubuntu 22.04 running on Supermicro SYS-1019P-WTR with Intel Xeon Gold 6226 processor without PAA
Approved Algorithms
AES-CBC
AES-CBC
AES-CBC
AES-CBC
AES-CBC
AES-CBC
AES-CBC
AES-CCM
AES-CCM
AES-CCM
AES-CCM
AES-CCM
AES-CCM
AES-CCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
Counter DRBG
ECDSA KeyGen (FIPS186-4)
ECDSA KeyGen (FIPS186-4)
ECDSA KeyGen (FIPS186-4)
ECDSA KeyGen (FIPS186-4)
ECDSA KeyGen (FIPS186-4)
ECDSA KeyGen (FIPS186-4)
ECDSA KeyGen (FIPS186-4)
ECDSA KeyVer (FIPS186-4)
ECDSA KeyVer (FIPS186-4)
ECDSA KeyVer (FIPS186-4)
ECDSA KeyVer (FIPS186-4)
ECDSA KeyVer (FIPS186-4)
ECDSA KeyVer (FIPS186-4)
ECDSA KeyVer (FIPS186-4)
ECDSA SigGen (FIPS186-4)
ECDSA SigGen (FIPS186-4)
ECDSA SigGen (FIPS186-4)
ECDSA SigGen (FIPS186-4)
ECDSA SigGen (FIPS186-4)
ECDSA SigGen (FIPS186-4)
ECDSA SigGen (FIPS186-4)
ECDSA SigGen (FIPS186-4)
ECDSA SigGen (FIPS186-4)
ECDSA SigGen (FIPS186-4)
ECDSA SigVer (FIPS186-4)
ECDSA SigVer (FIPS186-4)
ECDSA SigVer (FIPS186-4)
ECDSA SigVer (FIPS186-4)
ECDSA SigVer (FIPS186-4)
ECDSA SigVer (FIPS186-4)
ECDSA SigVer (FIPS186-4)
ECDSA SigVer (FIPS186-4)
ECDSA SigVer (FIPS186-4)
ECDSA SigVer (FIPS186-4)
HMAC-SHA-1
HMAC-SHA-1
HMAC-SHA-1
HMAC-SHA-1
HMAC-SHA-1
HMAC-SHA-1
HMAC-SHA-1
HMAC-SHA-1
HMAC-SHA2-224
HMAC-SHA2-224
HMAC-SHA2-224
HMAC-SHA2-224
HMAC-SHA2-224
HMAC-SHA2-224
HMAC-SHA2-224
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-384
HMAC-SHA2-384
HMAC-SHA2-384
HMAC-SHA2-384
HMAC-SHA2-384
HMAC-SHA2-384
HMAC-SHA2-384
HMAC-SHA2-384
HMAC-SHA2-512
HMAC-SHA2-512
HMAC-SHA2-512
HMAC-SHA2-512
HMAC-SHA2-512
HMAC-SHA2-512
HMAC-SHA2-512
HMAC-SHA2-512
HMAC-SHA2-512/224
HMAC-SHA2-512/224
HMAC-SHA2-512/224
HMAC-SHA2-512/224
HMAC-SHA2-512/224
HMAC-SHA2-512/224
HMAC-SHA2-512/224
HMAC-SHA2-512/256
HMAC-SHA2-512/256
HMAC-SHA2-512/256
HMAC-SHA2-512/256
HMAC-SHA2-512/256
HMAC-SHA2-512/256
KAS-ECC-SSC Sp800-56Ar3
KAS-ECC-SSC Sp800-56Ar3
KAS-ECC-SSC Sp800-56Ar3
KAS-ECC-SSC Sp800-56Ar3
KAS-ECC-SSC Sp800-56Ar3
KAS-ECC-SSC Sp800-56Ar3
KAS-ECC-SSC Sp800-56Ar3
KAS-FFC-SSC Sp800-56Ar3
KDF IKEv2
RSA SigGen (FIPS186-4)
RSA SigGen (FIPS186-4)
RSA SigGen (FIPS186-4)
RSA SigGen (FIPS186-4)
RSA SigGen (FIPS186-4)
RSA SigGen (FIPS186-4)
RSA SigGen (FIPS186-4)
RSA SigVer (FIPS186-4)
RSA SigVer (FIPS186-4)
RSA SigVer (FIPS186-4)
RSA SigVer (FIPS186-4)
RSA SigVer (FIPS186-4)
RSA SigVer (FIPS186-4)
RSA SigVer (FIPS186-4)
Safe Primes Key Generation
Safe Primes Key Verification
SHA-1
SHA-1
SHA-1
SHA-1
SHA-1
SHA-1
SHA-1
SHA-1
SHA2-224
SHA2-224
SHA2-224
SHA2-224
SHA2-224
SHA2-224
SHA2-224
SHA2-256
SHA2-256
SHA2-256
SHA2-256
SHA2-256
SHA2-256
SHA2-256
SHA2-256
SHA2-256
SHA2-256
SHA2-256
SHA2-256
SHA2-256
SHA2-256
SHA2-256
SHA2-256
SHA2-256
SHA2-256
SHA2-256
SHA2-384
SHA2-384
SHA2-384
SHA2-384
SHA2-384
SHA2-384
SHA2-384
SHA2-384
SHA2-512
SHA2-512
SHA2-512
SHA2-512
SHA2-512
SHA2-512
SHA2-512
SHA2-512
SHA2-512/224
SHA2-512/224
SHA2-512/224
SHA2-512/224
SHA2-512/224
SHA2-512/224
SHA2-512/224
SHA2-512/256
SHA2-512/256
SHA2-512/256
SHA2-512/256
SHA2-512/256
SHA2-512/256
SHA2-512/256
Software Versions
5.9.5-2ubuntu2.1+Fips1

Vendor

Canonical Ltd.
110 Southwark Street, Blue Fin Building, 5th Floor
London SE1 0SU
United Kingdom

Canonical Security Certifications Team
security-certifications@lists.canonical.com
Phone: 000-000-0000

Related Files

Validation History

Date Type Lab
12/3/2024 Initial ATSEC INFORMATION SECURITY CORP