Page MenuHome GnuPG

Use the FIPS-compatible digest&sign API
Open, NormalPublic

Description

The T4894 introduced functions gcry_pk_hash_sign() and gcry_pk_hash_verify() functions that are implemented according to the FIPS specification. But they are now hardly usable in the gnupg because the digest for signatures is calculated in tools, while the signature itself in the gpg-agent process.

We already discussed some ideas how this could be done from passing fd (limited to having gpg running on the same machine as gpg-agent), passing the all bytes to agent (slow), passing the whole md structure somehow (this would require some new APIs in libgcrypt and some assurance it was made by FIPS module) or ensuring in some other way that the digest accepted by the API was created by the FIPS module. It does not have to be bulletproof and it can be enabled only in FIPS mode.

I do not think we will figure out what to do right now and what assurance will be enough for the lab and nist, but I would like to have this tracked somewhere, collecting ideas, suggestions and comments in the meantime.

Event Timeline

werner triaged this task as Normal priority.Apr 14 2022, 1:42 PM
werner added a subscriber: werner.

Passing fds etc adds complex extra code to gpg-agent. This was not the original design goal, although we violated this anyway by have some OpenPGP specific code there. This needs more thinking. Due to our internal use of OCB we can't make it FIPS compliant without large changes.