gpg: Switch Kyber to the final algo id and add it to the menu.

* common/openpgpdefs.h (pubkey_algo_t): Switch algo id for Kyber to 8. * g10/keygen.c (do_generate_keypair): Remove the experimental algo note ... (write_keybinding): and the experimental notation data. (ask_algo): Add a mode 16 for a Kyber subkey. (generate_subkeypair): Set parameters for mode 16. -- GnuPG-bug-id: 6815
author: Werner Koch <[email protected]> 2024-08-27 08:42:53 +0000
committer: Werner Koch <[email protected]> 2024-08-27 08:44:17 +0000
commit: 8896bbd0f99c09f34ff44c62a48bdf5023da8a98 (patch)
tree: 312a4926773bb1a72dddce9bd51e2b6f18da12c9 /g10/keygen.c
parent: gpg: New option --proc-all-sigs (diff)
download: gnupg-8896bbd0f99c09f34ff44c62a48bdf5023da8a98.tar.gz
gnupg-8896bbd0f99c09f34ff44c62a48bdf5023da8a98.zip
1 files changed, 21 insertions, 24 deletions
diff --git a/g10/keygen.c b/g10/keygen.c
index 9b7212f0e..98608ad96 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -48,9 +48,10 @@
 
 
 /* The default algorithms.  If you change them, you should ensure the
-   value is inside the bounds enforced by ask_keysize and gen_xxx.
-   See also get_keysize_range which encodes the allowed ranges.  The
-   default answer in ask_algo also needs to be adjusted.  */
+ * value is inside the bounds enforced by ask_keysize and gen_xxx.
+ * See also get_keysize_range which encodes the allowed ranges.  The
+ * default answer in ask_algo also needs to be adjusted.  For Kyber
+ * keep the values set in generate_subkeypair in sync.  */
 #define DEFAULT_STD_KEY_PARAM  "ed25519/cert,sign+cv25519/encr"
 #define FUTURE_STD_KEY_PARAM   "ed25519/cert,sign+cv25519/encr"
 #define PQC_STD_KEY_PARAM      "bp384/cert,sign+kyber768_bp256/encr"
@@ -1399,14 +1400,6 @@ write_keybinding (ctrl_t ctrl, kbnode_t root,
       /* The required libgcrypt 1.11 won't yet claim a compliant RNG.  */
       && gnupg_rng_is_compliant (CO_DE_VS))
     oduap.cpl_notation = "de-vs";
-  else if ((use & PUBKEY_USAGE_ENC)
-           && sub_pk->pubkey_algo == PUBKEY_ALGO_KYBER
-           && PUBKEY_ALGO_KYBER == 29)
-    {
-      /* FIXME: This can be removed as soon as we have implemented the
-       * final fips-203 specification.  */
-      oduap.cpl_notation = "fips203.ipd.2023-08-24";
-    }
   else
     oduap.cpl_notation = NULL;
   oduap.pk = sub_pk;
@@ -2601,6 +2594,12 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
   if (r_keygrip)
     tty_printf (_("  (%d) Existing key from card%s\n"), 14, "");
 
+  /* Reserve 15 for ECC or Dilithium primary + Kyber subkey.  */
+  if (addmode)
+    {
+      tty_printf (_("  (%d) Kyber (encrypt only)%s\n"), 16, "");
+    }
+
   for (;;)
     {
       *r_usage = 0;
@@ -2884,6 +2883,12 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
           free_keypair_info (keypairlist);
           break;
 	}
+      else if ((algo == 16 || !strcmp (answer, "kyber")) && addmode)
+        {
+          algo = PUBKEY_ALGO_KYBER;
+          *r_usage = PUBKEY_USAGE_ENC;
+          break;
+	}
       else
         tty_printf (_("Invalid selection.\n"));
 
@@ -6493,7 +6498,6 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
     }
   else
     {
-      kbnode_t node;
       PKT_public_key *pk = find_kbnode (pub_root,
                                         PKT_PUBLIC_KEY)->pkt->pkt.public_key;
       print_status_key_created (did_sub? 'B':'P', pk,
@@ -6501,18 +6505,6 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
       es_fflush (es_stdout);
       if (any_adsk)
         log_info (_("Note: The key has been created with one or more ADSK!\n"));
-
-      for (node=pub_root; node; node = node->next)
-        if ((node->pkt->pkttype == PKT_PUBLIC_KEY
-             || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
-            && node->pkt->pkt.public_key->pubkey_algo == PUBKEY_ALGO_KYBER)
-          {
-            log_info ("Note: The key uses the Kyber algorithm from"
-                      " a draft specification\n");
-            log_info ("      This is EXPERIMENTAL only;"
-                      " the final version will not be compatible!\n");
-            break;
-          }
     }
 
   release_kbnode (pub_root);
@@ -6730,6 +6722,11 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr,
           if (curve && (!strcmp (curve, "X448") || !strcmp (curve, "Ed448")))
             keygen_flags |= KEYGEN_FLAG_CREATE_V5_KEY;
         }
+      else if (algo == PUBKEY_ALGO_KYBER)
+        {
+          nbits = 768;
+          curve = "brainpoolP256r1";
+        }
       else
         nbits = ask_keysize (algo, 0);
author	Werner Koch <[email protected]>	2024-08-27 08:42:53 +0000
committer	Werner Koch <[email protected]>	2024-08-27 08:44:17 +0000
commit	8896bbd0f99c09f34ff44c62a48bdf5023da8a98 (patch)
tree	312a4926773bb1a72dddce9bd51e2b6f18da12c9 /g10/keygen.c
parent	gpg: New option --proc-all-sigs (diff)
download	gnupg-8896bbd0f99c09f34ff44c62a48bdf5023da8a98.tar.gz gnupg-8896bbd0f99c09f34ff44c62a48bdf5023da8a98.zip