Example of Running in FIPS 140-2 Mode on an Oracle Solaris 11.3 SRU 5.6 System

Language:

The example in this section configures an Oracle Solaris system to run Apache HTTP Server Version 2.4 in FIPS 140-2 mode. The system is a SPARC T5-2 server, which provides cryptographic acceleration in the SPARC5 processor.

The main steps are:

Create and boot into a BE that you will configure for FIPS 140-2 Level 1.
In the new BE, enable the FIPS 140-2 providers.
Enable two consumers, Secure Shell and Apache HTTP Server Version 2.4 in FIPS 140-2 mode.
Modify the policy.conf file to remove interoperability with systems that do not use FIPS 140-2 password hashes.
Reboot the BE.
Test.

The following example describes the detailed actions you would take to accomplish this configuration.

Create a BE based on your current configuration and boot it.
```
# beadm create S11.3-FIPS-140
# beadm activate S11.3-FIPS-140
# reboot
```
The preceding command gives a useful name to the BE. The BE is not yet running in FIPS 140-2 mode.
In the new BE, enable the two FIPS 140-2 providers.

First, enable the Cryptographic Framework provider.
```
# cryptoadm enable fips-140
```
If the crypto/fips-140 package is not yet installed, this command installs the package.
Install the OpenSSL FIPS 140-2 provider.
```
# pkg install openssl-fips-140
```
Oracle Solaris either installs the package, or indicates that it is already on your system: No updates necessary for this image.

(Optional) Verify that the two FIPS 140-2 provider packages are installed.

# pkg verify -v openssl-fips-140 fips-140
PACKAGE                                                            STATUS
pkg://solaris/library/security/openssl/openssl-fips-140            OK
pkg://solaris/crypto/fips-140                                      OK

Caution - Do not proceed if these packages are not installed. Install them before continuing.

Enable the second FIPS 140-2 provider, OpenSSL.

Verify that the OpenSSL FIPS 140-2 provider is on the system.

# pkg mediator -a openssl
MEDIATOR     VER. SRC. VERSION IMPL. SRC. IMPLEMENTATION
openssl      vendor            vendor     default
openssl      system            system     fips-140

The value fips-140 under IMPLEMENTATION indicates that the OpenSSL FIPS 140-2 provider is on the system.

Enable the FIPS 140-2 OpenSSL provider.

# pkg set-mediator -I fips-140 openssl

Caution - If the provider that you type as the argument to the pkg set-mediator command is unavailable, this BE will become unusable because critical operating system components require a working openssl module. For more information, see Specifying a Default Application Implementation in Adding and Updating Software in Oracle Solaris 11.3.

Troubleshooting – If the BE is unusable after this command, activate the original BE and boot into it, destroy the unusable BE, and reconfigure.

Enable the Secure Shell consumer to run in FIPS 140-2 mode.

You can run either the OpenSSH or the SunSSH implementation of Secure Shell in FIPS 140-2 mode. SunSSH is running by default.
- Enable the OpenSSH consumer in FIPS 140-2 mode.
  1. Verify that the OpenSSL provider is FIPS 140-2 capable.
```
# pkg mediator openssl
MEDIATOR     VER. SRC. VERSION IMPL. SRC. IMPLEMENTATION
openssl      vendor            vendor     fips-140
```
  2. Complete How to Use the OpenSSH Implementation of Secure Shell in Managing Secure Shell Access in Oracle Solaris 11.3.
    
    After you enable the OpenSSH implementation and the FIPS 140-2 OpenSSL provider, OpenSSH runs in FIPS 140-2 mode dynamically.
- Configure and enable the SunSSH consumer in FIPS 140-2 mode.
  1. Add the following information to the end of the sshd_config and ssh_config files to use FIPS 140-2 mode.
```
# pfedit /etc/ssh/sshd_config /etc/ssh/ssh_config
## This system operates in FIPS 140-2 mode. SSH in FIPS 140-2 mode
## cannot use the OpenSSL engine. UseOpenSSLEngine yes has no effect.
UseFIPS140 yes
UseOpenSSLEngine no
```
  2. Generate a private key in PKCS #8 format for use with SunSSH in FIPS 140-2 mode.
    
    Follow the instructions in How to Add a CA Cert to Oracle Solaris (https://blogs.oracle.com/solaris/how-to-add-a-ca-cert-to-solaris-v2).
    
    Then, create your private key with the ssh-keygen command.
    
    When you use the ssh-keygen command, the default key length is 1024, which is not a validated length. You must specify a valid key length by using the –b option.
Configure the Apache HTTP Server in FIPS 140-2 mode.
1. Generate the web server certificate by using a FIPS 140-2 algorithm at a validated key length.
  
  For example, use the pktool command, specify an RSA SHA-384 hash, and use the default 2048-bit key length.
```
# pktool gencert keystore=pkcs11 \
> label=fipskey \
> subject "/C=CTRY/ST=County area/L=City/CN=`hostname`" \
> keytype=rsa hash=sha384 keylen=2048 \
> serial 0xnnnnnnnn
```
2. Create the ssl.conf configuration file.
```
# cp /etc/apache2/2.4/samples-conf.d/ssl.conf /etc/apache2/2.4/conf.d/
```
3. For clarity, comment on the use of OpenSSL for FIPS 140-2 mode.
```
# pfedit /etc/apache2/2.4/conf.d/ssl.conf
## In Oracle Solaris 11.3, the OpenSSL
## module is FIPS 140-2 validated.
SSLCryptoDevice builtin
```
  Note - If you were configuring Apache HTTP Server Version 2.2, the value of SSLCryptoDevice would be pkcs11.
4. Ensure that other keying information is correctly configured for your site policy.
```
# grep ^SSLCipherSuite /etc/apache2/2.4/conf.d/ssl.conf
SSLCipherSuite AES256-SHA:AES128-SHA
# grep ^SSLHonorCipherOrder /etc/apache2/2.4/conf.d/ssl.conf
SSLHonorCipherOrder on
```
5. Complete your site configuration of the web server.
  
  For example, specify the SSL protocol versions.
```
# grep ^SSLProtocol /etc/apache2/2.4/conf.d/ssl.conf
SSLProtocol all -SSLv2 -SSLv3
```
Prevent the use of a non-FIPS 140-2 password hash by removing 2a as an allowable hash.
```
# pfedit /etc/security/policy.conf
CRYPT_ALGORITHMS_ALLOW=5,6
```
(Optional) Ensure that all logins use the correct hash.
1. List all users who can log in to the BE.
```
# logins -xo -S files | grep PS 
root:0:root:0:Super-User:/root:/usr/bin/bash:PS ...
testuser1:111:test:110:Tester1:/home/tester1:/usr/bin/bash:PS ...
testuser2:112:test:110:Tester2:/home/tester2:/usr/bin/bash:PS ...
admin:141:fipadm:140:FIPS 140-2 Administrator:/home/admin:/usr/bin/bash:PS ...
```
  Tip - Use the –S ldap option to find all users in the LDAP repository.
2. Force each user to create a new password at login.
```
# passwd -f [-r files | ldap ] username
```
  Tip - You can write a script that forces all users to change their password at login.
After the consumers are configured, reboot the BE.
```
# reboot
```

Test the configuration.

Verify that the providers are operating in FIPS 140-2 mode.

The following output indicates that the Cryptographic Framework is operating in FIPS 140-2 mode.

# cryptoadm list fips-140
User-level providers:
===================== 
/usr/lib/security/$ISA/pkcs11_softtoken: FIPS 140-2 mode is enabled.

Kernel providers:
================= 
des: FIPS 140-2 mode is enabled.
aes: FIPS 140-2 mode is enabled.
ecc: FIPS 140-2 mode is enabled.
sha1: FIPS 140-2 mode is enabled.
sha2: FIPS 140-2 mode is enabled.
rsa: FIPS 140-2 mode is enabled. 
swrand: FIPS 140-2 mode is enabled.

Kernel hardware providers:
=========================:
n2rng: FIPS 140-2 mode is enabled.

The following output indicates that OpenSSL is operating in FIPS 140-2 mode.

# pkg mediator openssl
MEDIATOR VER. SRC. VERSION IMPL. SRC. IMPLEMENTATION
openssl      system             system  fips-140

Trace the Apache HTTP Server's cryptographic use.
1. In a terminal window, trace the OpenSSL cryptographic calls on the Apache HTTP Server Version 2.4 process.
```
# truss -w \!all -t \!all -v \!all \
  -u libcrypto::FIPS_evp_\* \
  -f /usr/apache2/2.4/bin/httpd -k start
```
  Note - This command traces FIPS 140-2 envelope (evp) function calls to the /usr/lib/libcrypto.so.1 library.
2. Send a web server request and review the output for use of the FIPS 140-2 envelope.
```
# openssl s_client -connect localhost:443 -tls1
...
GET / HTTP/1.0
...
8358/1@1: -> libcrypto:FIPS_evp_sha1()
8358/1@1: <- libcrypto:FIPS_evp_sha1() = 0xf94984b8
8358/1@1: -> libcrypto:FIPS_evp_aes_128_cbc()
8358/1@1: <- libcrypto:FIPS_evp_aes_128_cbc() = 0xf94980d8
...
```
Test the Secure Shell login from a non-FIPS 140-2 system and a FIPS 140-2 system.
Review the log files for Secure Shell and the Apache HTTP Server.

Secure Shell returns errors when FIPS 140-2 algorithms are not being used.

(Optional) To prevent the use of non-FIPS 140-2 algorithms by all Cryptographic Framework consumers, disable the non-FIPS 140-2 mechanisms.

Tip - To implement a strict policy for Cryptographic Framework consumers, create a script that implements the policy, then create a second BE for the strict policy version of FIPS 140-2 mode.

The following set of commands prevents the use of kernel algorithms that are not validated for FIPS 140-2 mode. The list is truncated to highlight the non-FIPS 140-2 algorithm mechanisms.

# cryptoadm -vm
...
Kernel providers:
=================
des: CKM_DES_ECB,CKM_DES_CBC,CKM_DES3_ECB,CKM_DES3_CBC
arcfour: CKM_RC4
blowfish: CKM_BLOWFISH_ECB,CKM_BLOWFISH_CBC
camellia: CKM_CAMELLIA_ECB,CKM_CAMELLIA_CTR,CKM_CAMELLIA_CBC
md4: CKM_MD4
md5: CKM_MD5,CKM_MD5_HMAC,CKM_MD5_HMAC_GENERAL
# cryptoadm disable provider=des mechanism=CKM_DES_ECB,CKM_DES_CBC
# cryptoadm disable provider=arcfour mechanism=all
# cryptoadm disable provider=blowfish mechanism=all
# cryptoadm disable provider=camellia mechanism=all
# cryptoadm disable provider=md4 mechanism=all
# cryptoadm disable provider=md5 mechanism=all

The following command shows the policy for kernel Cryptographic Framework providers after you disable non-FIPS 140-2 mechanisms.

# cryptoadm list -p
...
des: all mechanisms are enabled, except CKM_DES_CBC,CKM_DES_ECB.
aes: all mechanisms are enabled.
arcfour: no mechanisms presented.
blowfish: all mechanisms are enabled, except CKM_BLOWFISH_ECB,CKM_BLOWFISH_CBC.
camellia: all mechanisms are enabled, except CKM_CAMELLIA_ECB,CKM_CAMELLIA_CTR,CKM_CAMELLIA_CBC.
ecc: all mechanisms are enabled.
sha1: all mechanisms are enabled.
sha2: all mechanisms are enabled.
md4: no mechanisms presented.
md5: all mechanisms are enabled, except CKM_MD5,CKM_MD5_HMAC,CKM_MD5_HMAC_GENERAL.
rsa: all mechanisms are enabled.
swrand: random is enabled.

To prevent the use of userland mechanisms, specify /usr/lib/security/$ISA/pkcs11_softtoken.so as the provider, then specify the mechanisms. To list the mechanisms in userland, use the following command:

# cryptoadm list -vm provider=/usr/lib/security/\$ISA/pkcs11_softtoken.so
Mechanism Name                 Minimum    Maximum  ...
----------------------------- -------- ----------  ...
CKM_CAMELLIA_CBC                    16         32  ...
CKM_CAMELLIA_CBC_PAD                16         32  ...
CKM_CAMELLIA_CTR                    16         32  ...
CKM_CAMELLIA_ECB                    16         32  ...
CKM_CAMELLIA_KEY_GEN                16         32  ...
...
CKM_ECDSA                          112        571  ...
CKM_ECDSA_SHA1                     112        571  ...
CKM_ECDH1_DERIVE                   112        571  ...

For example, the following command disables the Camellia mechanisms in userland:

# cryptoadm disable provider=/usr/lib/security/\$ISA/pkcs11_softtoken.so \
>mechanism=CKM_CAMELLIA_CBC,CKM_CAMELLIA_CBC_PAD,CKM_CAMELLIA_CTR,CKM_CAMELLIA_ECB,CKM_CAMELLIA_KEY_GEN
# cryptoadm list -p
User-level providers:
=====================
/usr/lib/security/$ISA/pkcs11_kernel.so: all mechanisms are enabled.
/usr/lib/security/$ISA/pkcs11_softtoken.so: all mechanisms are enabled, 
except CKM_CAMELLIA_KEY_GEN,CKM_CAMELLIA_ECB,CKM_CAMELLIA_CBC,CKM_CAMELLIA_CBC_PAD,CKM_CAMELLIA_CTR. random is enabled.

Caution - Test the strict policy BE thoroughly before using it in a production environment.

To stop using FIPS 140-2 mode, activate the original BE and reboot.
```
# beadm activate original-BE
# reboot
```