Developing for FIPS

Developing for FIPS

Applications can be developed either by using the FIPS validated packages, such as OpenSSL, directly, or by using a higher level language and software ecosystem. The following table shows the recommended packages to use to develop FIPS applications in high level software languages/environments.

Environment Recommended package FIPS package used
Python python3-cryptography OpenSSL
Ruby openssl module OpenSSL
Perl Net::SSLeay OpenSSL
Nodejs crypto and tls APIs OpenSSL

How do I use the FIPS validated components correctly?

In addition to its development documentation, each validated package comes with a security policy attached to its certificate which provides detailed guidance about using the module in the “User Guidance” section. You can find the security policy document after clicking on the certificate number on the table above, under the section ‘Related Files’. You can find all certificates and policies issued by Canonical by querying the NIST website.

For the libraries like OpenSSL and libgcrypt, these instructions contain guidance about particular algorithms, for example, where to apply the AES-XTS algorithm and details about initialization and other aspects relevant to the package.

How can I detect whether the system has FIPS enabled?

Τηε generic way to check whether the Ubuntu system runs in FIPS mode is to check the file /proc/sys/crypto/fips_enabled.

When the Ubuntu FIPS kernel is present and runs with FIPS enabled, the /proc/sys/crypto/fips_enabled file exists and contains the 0x31 byte (character ‘1’ in ASCII). This in Ubuntu indicates that FIPS is enabled.

Which random generator should I use?

When using a validated cryptographic library like OpenSSL we recommend using that’s library’s random generator. In other cases we recommend using one of the following generators.

Random generator interface Description Recommended
getrandom() getrandom() is NIST SP800-90B compliant unless the GRND_RANDOM flag is specified. This is the recommended interface to use in Ubuntu. Yes
/dev/urandom It is wired to the NIST SP800-90B compliant Kernel Crypto API hash-based DRBG but does not block before the random generator is fully seeded. No
/dev/random It uses the traditional random number generator from the Linux kernel and it is not SP800-90B compliant. Because it can block indefinitely we do not recommend using it for any operation. No

Developing with OpenSSL

For an example of developing for FIPS with OpenSSL, see this article.