diff options
| author | Werner Koch <[email protected]> | 2024-04-03 16:00:44 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2024-04-03 16:01:11 +0000 |
| commit | 97f5159495146ce29d2011a07d493adc7c1b4086 (patch) | |
| tree | 0a287f72cac848e9ddafa1870c68d4bdf1560fba /g10/misc.c | |
| parent | common: Extend openpgp_oid_to_curve to return an abbreviated name. (diff) | |
| download | gnupg-97f5159495146ce29d2011a07d493adc7c1b4086.tar.gz gnupg-97f5159495146ce29d2011a07d493adc7c1b4086.zip | |
gpg: Initial support for generating Kyber subkeys.
* common/openpgpdefs.h (PUBKEY_ALGO_KY768_25519): Remove.
(PUBKEY_ALGO_KY1024_448): Remove.
(PUBKEY_ALGO_KYBER): New. Use them everywhere instead of the removed.
* g10/build-packet.c (gpg_mpi_write_nohdr): Rename to
(gpg_mpi_write_opaque_nohdr): this. Change callers.
(gpg_mpi_write_opaque_32): New.
(do_key): Support Kyber keys using the revised format.
* g10/gpg.h (MAX_EXTERN_KEYPARM_BITS): New.
* g10/parse-packet.c (read_octet_string): Add arg nbytes so support
reading with a length prefix. Adjust callers.
(parse_key): Parse Kyber public keys.
* g10/misc.c (pubkey_get_npkey): Support Kyber.
(pubkey_get_nskey): Ditto.
* g10/keyid.c (pubkey_string): Support dual algorithms.
(do_hash_public_key): Support Kyber.
(nbits_from_pk): Ditto.
(keygrip_from_pk): Return the Kyber part for the ECC+Kyber dual algo.
* g10/keygen.c (struct common_gen_cb_parm_s): Add genkey_result2.
Note that this callback is not yet used.
(ecckey_from_sexp): Add optional arg sexp2 and use it for Kyber.
Change callers.
(ecckey_from_sexp): Do not leak LIST in case of an error.
(common_gen): Add arg keyparms2, change callers, and support Kyber.
(gen_kyber): New.
(get_keysize_range): Support Kyber.
(fixup_keysize): Simplify and support Kyber.
(do_create): Handle Kyber.
(parse_key_parameter_part): Remove algo strings "ky768" and "ky1024"
and add a generic "kyber" with default parameters.
--
This uses a revised format which is more aligned with the usual
OpenPGP structure. A lot of things are still missing. For example
support for handling two keygrips and checking both of them in a -K
listing. There is also only ky768_bp384 as fixed algorithm for now.
No passphrase for the Kyber part of the dual algorithm is on purpose.
A test was done using
gpg --quick-gen-key pqc1 nistp256
and then running
gpg -v --quick-add-key <fingerprint> kyber
which creates a v5 subkey on a v4 primary key. A second test using
gpg --quick-gen-key pqc2 Ed448
followed by a --quick-add-key created a v5 key with a v5 subkey.
GnuPG-bug-id: 6815
Diffstat (limited to 'g10/misc.c')
| -rw-r--r-- | g10/misc.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/g10/misc.c b/g10/misc.c index 24242cc30..432fe1760 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -801,8 +801,7 @@ openpgp_pk_algo_usage ( int algo ) use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH; break; - case PUBKEY_ALGO_KY768_25519: - case PUBKEY_ALGO_KY1024_448: + case PUBKEY_ALGO_KYBER: use = PUBKEY_USAGE_ENC | PUBKEY_USAGE_RENC; break; @@ -1724,6 +1723,7 @@ pubkey_get_npkey (pubkey_algo_t algo) case PUBKEY_ALGO_ECDSA: return 2; case PUBKEY_ALGO_ELGAMAL: return 3; case PUBKEY_ALGO_EDDSA: return 2; + case PUBKEY_ALGO_KYBER: return 3; default: return 0; } } @@ -1744,6 +1744,7 @@ pubkey_get_nskey (pubkey_algo_t algo) case PUBKEY_ALGO_ECDSA: return 3; case PUBKEY_ALGO_ELGAMAL: return 4; case PUBKEY_ALGO_EDDSA: return 3; + case PUBKEY_ALGO_KYBER: return 5; default: return 0; } } @@ -1783,8 +1784,7 @@ pubkey_get_nenc (pubkey_algo_t algo) case PUBKEY_ALGO_ECDSA: return 0; case PUBKEY_ALGO_ELGAMAL: return 2; case PUBKEY_ALGO_EDDSA: return 0; - case PUBKEY_ALGO_KY768_25519: return 4; - case PUBKEY_ALGO_KY1024_448: return 4; + case PUBKEY_ALGO_KYBER: return 4; default: return 0; } } |