../../guestbin/swan-prep --fips
Password changed successfully.
FIPS mode enabled.
west #
 # run the parser tests
west #
 ../bin/algparse.sh PATH/libexec/ipsec/algparse algparse*.txt
PATH/libexec/ipsec/algparse -v1 -pfs -t # algparse.v1.pfs.txt
PATH/libexec/ipsec/algparse -v1 -t # algparse.v1.txt
PATH/libexec/ipsec/algparse -v1 -v2 -pfs -t # algparse.v1.v2.pfs.txt
PATH/libexec/ipsec/algparse -v1 -v2 -t # algparse.v1.v2.txt
PATH/libexec/ipsec/algparse -v2 -pfs -t # algparse.v2.pfs.txt
PATH/libexec/ipsec/algparse -v2 -t # algparse.v2.txt
PATH/libexec/ipsec/algparse -v # algparse.v.txt
west #
 # run the algorithm tests
west #
 PATH/libexec/ipsec/algparse -ta
west #
 # check pluto is starting in the correct mode
west #
 ipsec start
Redirecting to: systemctl start ipsec.service
west #
 /testing/pluto/bin/wait-until-pluto-started
west #
 grep ^FIPS /tmp/pluto.log
FIPS Product: YES
FIPS Kernel: YES
FIPS Mode: YES
FIPS HMAC integrity support [enabled]
FIPS mode enabled for pluto daemon
FIPS HMAC integrity verification self-test passed
FIPS Encryption algorithms:
FIPS Hash algorithms:
FIPS PRF algorithms:
FIPS Integrity algorithms:
FIPS DH algorithms:
west #
 # check pluto algorithm list
west #
 sed -n -e '/^|/d' -e ':algs / algorithms:/ { :alg ; p ; n ; /^  / b alg ; b algs }' /tmp/pluto.log
FIPS Encryption algorithms:
  AES_CCM_16              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm, aes_ccm_c
  AES_CCM_12              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_b
  AES_CCM_8               IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_a
  3DES_CBC                IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  3des
  AES_GCM_16              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm, aes_gcm_c
  AES_GCM_12              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_b
  AES_GCM_8               IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_a
  AES_CTR                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aesctr
  AES_CBC                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes
FIPS Hash algorithms:
  SHA1                    IKEv1: IKE         IKEv2:             FIPS  sha
  SHA2_256                IKEv1: IKE         IKEv2:             FIPS  sha2, sha256
  SHA2_384                IKEv1: IKE         IKEv2:             FIPS  sha384
  SHA2_512                IKEv1: IKE         IKEv2:             FIPS  sha512
FIPS PRF algorithms:
  HMAC_SHA1               IKEv1: IKE         IKEv2: IKE         FIPS  sha, sha1
  HMAC_SHA2_256           IKEv1: IKE         IKEv2: IKE         FIPS  sha2, sha256, sha2_256
  HMAC_SHA2_384           IKEv1: IKE         IKEv2: IKE         FIPS  sha384, sha2_384
  HMAC_SHA2_512           IKEv1: IKE         IKEv2: IKE         FIPS  sha512, sha2_512
  AES_XCBC                IKEv1:             IKEv2: IKE         FIPS  aes128_xcbc
FIPS Integrity algorithms:
  HMAC_SHA1_96            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha, sha1, sha1_96, hmac_sha1
  HMAC_SHA2_512_256       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha512, sha2_512, hmac_sha2_512
  HMAC_SHA2_384_192       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha384, sha2_384, hmac_sha2_384
  HMAC_SHA2_256_128       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha2, sha256, sha2_256, hmac_sha2_256
  AES_XCBC_96             IKEv1:     ESP AH  IKEv2: IKE ESP AH  FIPS  aes_xcbc, aes128_xcbc, aes128_xcbc_96
  AES_CMAC_96             IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  aes_cmac
  NONE                    IKEv1:     ESP     IKEv2:     ESP     FIPS  null
FIPS DH algorithms:
  NONE                    IKEv1:             IKEv2: IKE ESP AH  FIPS  null, dh0
  MODP2048                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh14
  MODP3072                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh15
  MODP4096                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh16
  MODP6144                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh17
  MODP8192                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh18
  DH19                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_256
  DH20                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_384
  DH21                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_521
west #
 
