gpg: Print a warning if the (draft) Kyber algorithm is used.

* g10/keygen.c (do_generate_keypair): Check for draf Kyber stuff.

3 files changed, 73 insertions, 3 deletions

diff --git a/NEWS b/NEWS
index 0be4ef8f1..d1ad356a9 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,25 @@
 Noteworthy changes in version 2.5.0 (unreleased)
 ------------------------------------------------
 
+  * gpg: Support composite Kyber+ECC public key algorithms.  This is
+    experimental due to the yet outstanding FIPS-203 specification.
+    [T6815]
+
+  * gpg: Allow algo string "pqc" for --quick-gen-key.  [rG12ac129a70]
+
+  * gpg: New option --show-only-session-key.  [rG1695cf267e]
+
+  * gpg: Print designated revokers also in non-colon listing mode.
+    [rG9d618d1273]
+
+  * gpg: Make --with-sig-check work with --show-key in non-colon
+    listing mode.  [rG0c34edc443]
+
+  * tpm: Rework error handling and fix key import [T7129, T7186]
+
+  * Varous fixes to improve robustness on 64 bit Windows.  [T7139]
+
+
   Changes also found in 2.4.6:
 
   * gpg: New command --quick-set-ownertrust.  [rG967678d972]
@@ -13,12 +32,43 @@ Noteworthy changes in version 2.5.0 (unreleased)
 
   * gpg: Do not allow to accidently set the RENC usage.  [T7072]
 
+  * gpg: Accept armored files without CRC24 checksum.  [T7071]
+
+  * gpg: New --import-option "only-pubkeys".  [T7146]
+
+  * gpg: Repurpose the AKL mechanism "ldap" to work like the keyserver
+    mechnism but only for LDAP keyservers.  [rG068ebb6f1e]
+
+  * gpg: ADSKs are now configurable for new keys.  [T6882]
+
+  * gpgsm: Emit user IDs with an empty Subject also in colon mode.
+    [T7171]
+
   * agent: Consider an empty pattern file as valid.  [rGc27534de95]
 
   * agent: Fix error handling of READKEY.  [T6012]
 
+  * agent: Avoid random errors when storing key in ephemeral mode.
+    [T7129, rGfdc5003956]
+
+  * agent: Make "SCD DEVINFO --watch" more robust.  [T7151]
+
+  * scd: Improve KDF data object handling for OpenPGP cards.  [T7058]
+
+  * scd: Avoid buffer overrun with more than 16 PC/SC readers.
+    [T7129, rG4c1b007035]
+
+  * scd: Fix how the scdaemon on its pipe connection finishes.
+    [T7160]
+
   * gpgconf: Check readability of some files with -X and change its
-    output format.  [rG759adb2493]
+    output format.  [rG98e287ba6d]
+
+  * gpg-mail-tube: New tool to apply PGP/MIME encryption to a mail.
+    [rG28a080bc9f]
+
+  * Fix some uninitialized variables and double frees in error code
+    paths.  [T7129]
 
 
   Changes also found in 2.4.5:
@@ -240,6 +290,7 @@ Noteworthy changes in version 2.5.0 (unreleased)
 Release dates of 2.4 versions
 -----------------------------
 
+Version 2.4.6 (unreleased) https://dev.gnupg.org/T7030
 Version 2.4.5 (2024-03-07) https://dev.gnupg.org/T6960
 Version 2.4.4 (2024-01-25) https://dev.gnupg.org/T6578
 Version 2.4.3 (2023-07-04) https://dev.gnupg.org/T6509
diff --git a/common/openpgpdefs.h b/common/openpgpdefs.h
index bf11d597f..f05f83014 100644
--- a/common/openpgpdefs.h
+++ b/common/openpgpdefs.h
@@ -165,6 +165,7 @@ typedef enum
     PUBKEY_ALGO_RSA         =  1,
     PUBKEY_ALGO_RSA_E       =  2, /* RSA encrypt only (legacy). */
     PUBKEY_ALGO_RSA_S       =  3, /* RSA sign only (legacy).    */
+    /*PUBKEY_ALGO_KYBER     =  8,    Kyber (FIPS-203 final)     */
     PUBKEY_ALGO_ELGAMAL_E   = 16, /* Elgamal encrypt only.      */
     PUBKEY_ALGO_DSA         = 17,
     PUBKEY_ALGO_ECDH        = 18, /* RFC-6637  */
diff --git a/g10/keygen.c b/g10/keygen.c
index ff14032c0..9b7212f0e 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1400,8 +1400,13 @@ write_keybinding (ctrl_t ctrl, kbnode_t root,
       && gnupg_rng_is_compliant (CO_DE_VS))
     oduap.cpl_notation = "de-vs";
   else if ((use & PUBKEY_USAGE_ENC)
-           && sub_pk->pubkey_algo == PUBKEY_ALGO_KYBER)
-    oduap.cpl_notation = "fips203.ipd.2023-08-24";
+           && sub_pk->pubkey_algo == PUBKEY_ALGO_KYBER
+           && PUBKEY_ALGO_KYBER == 29)
+    {
+      /* FIXME: This can be removed as soon as we have implemented the
+       * final fips-203 specification.  */
+      oduap.cpl_notation = "fips203.ipd.2023-08-24";
+    }
   else
     oduap.cpl_notation = NULL;
   oduap.pk = sub_pk;
@@ -6488,6 +6493,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
     }
   else
     {
+      kbnode_t node;
       PKT_public_key *pk = find_kbnode (pub_root,
                                         PKT_PUBLIC_KEY)->pkt->pkt.public_key;
       print_status_key_created (did_sub? 'B':'P', pk,
@@ -6495,6 +6501,18 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
       es_fflush (es_stdout);
       if (any_adsk)
         log_info (_("Note: The key has been created with one or more ADSK!\n"));
+
+      for (node=pub_root; node; node = node->next)
+        if ((node->pkt->pkttype == PKT_PUBLIC_KEY
+             || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+            && node->pkt->pkt.public_key->pubkey_algo == PUBKEY_ALGO_KYBER)
+          {
+            log_info ("Note: The key uses the Kyber algorithm from"
+                      " a draft specification\n");
+            log_info ("      This is EXPERIMENTAL only;"
+                      " the final version will not be compatible!\n");
+            break;
+          }
     }
 
   release_kbnode (pub_root);