gpg: Add algo constants for PQC.

* common/openpgpdefs.h (PUBKEY_ALGO_KY768_25519): New. (PUBKEY_ALGO_KY1024_448): New. (PUBKEY_ALGO_DIL3_25519): New. (PUBKEY_ALGO_DIL5_448): New. (PUBKEY_ALGO_SPHINX_SHA2): New. * g10/keygen.c (parse_key_parameter_part): Force v5 keys for these algos. * g10/keyid.c (pubkey_string): Add mapping. * g10/misc.c (openpgp_pk_algo_usage): Add standard key usage. -- See draft-wussler-openpgp-pqc-01.txt for the code points. To limit the number of algorithms, only MUST and SHOULD algorithms are considered.
author: Werner Koch <[email protected]> 2023-07-07 08:21:39 +0000
committer: Werner Koch <[email protected]> 2023-07-07 08:21:39 +0000
commit: 9f39e4da29feba854fbbe4ab6b9f3c68d34c2058 (patch)
tree: bc591fa670dfc9d38dfcaf180079f78a5c82eee2
parent: kbx: Fix memory leak at spawning a thread for data pipe. (diff)
download: gnupg-9f39e4da29feba854fbbe4ab6b9f3c68d34c2058.tar.gz
gnupg-9f39e4da29feba854fbbe4ab6b9f3c68d34c2058.zip
4 files changed, 53 insertions, 3 deletions
diff --git a/common/openpgpdefs.h b/common/openpgpdefs.h
index 625747983..8553a889f 100644
--- a/common/openpgpdefs.h
+++ b/common/openpgpdefs.h
@@ -168,7 +168,12 @@ typedef enum
     PUBKEY_ALGO_ECDSA       = 19, /* RFC-6637  */
     PUBKEY_ALGO_ELGAMAL     = 20, /* Elgamal encrypt+sign (legacy).  */
     /*                        21     reserved by OpenPGP.            */
-    PUBKEY_ALGO_EDDSA       = 22, /* EdDSA (not yet assigned).       */
+    PUBKEY_ALGO_EDDSA       = 22, /* EdDSA.                          */
+    PUBKEY_ALGO_KY768_25519 = 29, /* Kyber768 + X25519               */
+    PUBKEY_ALGO_KY1024_448  = 30, /* Kyber1024 + X448                */
+    PUBKEY_ALGO_DIL3_25519  = 35, /* Dilithium3 + Ed25519            */
+    PUBKEY_ALGO_DIL5_448    = 36, /* Dilithium5 + Ed448              */
+    PUBKEY_ALGO_SPHINX_SHA2 = 41, /* SPHINX+-simple-SHA2             */
     PUBKEY_ALGO_PRIVATE10   = 110
   }
 pubkey_algo_t;
diff --git a/g10/keygen.c b/g10/keygen.c
index d5099dbb9..3cafc476d 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -3278,6 +3278,7 @@ parse_key_parameter_part (ctrl_t ctrl,
   char *keygrip = NULL;
   u32 keytime = 0;
   int is_448 = 0;
+  int is_pqc = 0;
 
   if (!string || !*string)
     return 0; /* Success.  */
@@ -3312,6 +3313,32 @@ parse_key_parameter_part (ctrl_t ctrl,
             return gpg_error (GPG_ERR_INV_VALUE);
         }
     }
+  else if (!ascii_strcasecmp (string, "ky768"))
+    {
+      algo = PUBKEY_ALGO_KY768_25519;
+      is_pqc = 1;
+    }
+  else if (!ascii_strcasecmp (string, "ky1024"))
+    {
+      algo = PUBKEY_ALGO_KY1024_448;
+      is_pqc = 1;
+    }
+  else if (!ascii_strcasecmp (string, "dil3"))
+    {
+      algo = PUBKEY_ALGO_DIL3_25519;
+      is_pqc = 1;
+    }
+  else if (!ascii_strcasecmp (string, "dil5"))
+    {
+      algo = PUBKEY_ALGO_DIL5_448;
+      is_pqc = 1;
+    }
+  else if (!ascii_strcasecmp (string, "sphinx")
+           || !ascii_strcasecmp (string, "sphinx_sha2"))
+    {
+      algo = PUBKEY_ALGO_SPHINX_SHA2;
+      is_pqc = 1;
+    }
   else if ((curve = openpgp_is_curve_supported (string, &algo, &size)))
     {
       if (!algo)
@@ -3560,8 +3587,8 @@ parse_key_parameter_part (ctrl_t ctrl,
       return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
     }
 
-  /* Ed448 and X448 must only be used as v5 keys.  */
-  if (is_448)
+  /* Ed448, X448 and the PQC algos must only be used as v5 keys.  */
+  if (is_448 || is_pqc)
     {
       if (keyversion == 4)
         log_info (_("WARNING: v4 is specified, but overridden by v5.\n"));
diff --git a/g10/keyid.c b/g10/keyid.c
index 9191fec92..7cf9803e2 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -115,6 +115,11 @@ pubkey_string (PKT_public_key *pk, char *buffer, size_t bufsize)
     case PUBKEY_ALGO_ECDH:
     case PUBKEY_ALGO_ECDSA:
     case PUBKEY_ALGO_EDDSA:     prefix = "";    break;
+    case PUBKEY_ALGO_KY768_25519: prefix = "ky768";       break;
+    case PUBKEY_ALGO_KY1024_448:  prefix = "ky1024";      break;
+    case PUBKEY_ALGO_DIL3_25519:  prefix = "dil3";        break;
+    case PUBKEY_ALGO_DIL5_448:    prefix = "dil5";        break;
+    case PUBKEY_ALGO_SPHINX_SHA2: prefix = "sphinx_sha2"; break;
     }
 
   if (prefix && *prefix)
diff --git a/g10/misc.c b/g10/misc.c
index 2f4b452dd..d1f0efc6e 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -799,6 +799,19 @@ openpgp_pk_algo_usage ( int algo )
       case PUBKEY_ALGO_ECDSA:
       case PUBKEY_ALGO_EDDSA:
           use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
+          break;
+
+      case PUBKEY_ALGO_KY768_25519:
+      case PUBKEY_ALGO_KY1024_448:
+          use = PUBKEY_USAGE_ENC | PUBKEY_USAGE_RENC;
+          break;
+
+      case PUBKEY_ALGO_DIL3_25519:
+      case PUBKEY_ALGO_DIL5_448:
+      case PUBKEY_ALGO_SPHINX_SHA2:
+          use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG;
+          break;
+
       default:
           break;
     }
author	Werner Koch <[email protected]>	2023-07-07 08:21:39 +0000
committer	Werner Koch <[email protected]>	2023-07-07 08:21:39 +0000
commit	9f39e4da29feba854fbbe4ab6b9f3c68d34c2058 (patch)
tree	bc591fa670dfc9d38dfcaf180079f78a5c82eee2
parent	kbx: Fix memory leak at spawning a thread for data pipe. (diff)
download	gnupg-9f39e4da29feba854fbbe4ab6b9f3c68d34c2058.tar.gz gnupg-9f39e4da29feba854fbbe4ab6b9f3c68d34c2058.zip