gpg: Switch Kyber to the final algo id and add it to the menu.

* common/openpgpdefs.h (pubkey_algo_t): Switch algo id for Kyber to 8. * g10/keygen.c (do_generate_keypair): Remove the experimental algo note ... (write_keybinding): and the experimental notation data. (ask_algo): Add a mode 16 for a Kyber subkey. (generate_subkeypair): Set parameters for mode 16. -- GnuPG-bug-id: 6815
2024-09-20 14:51:42 +02:00 · 2024-08-27 10:42:53 +02:00 · 2024-08-27 10:42:53 +02:00 · 8896bbd0f9
commit 8896bbd0f9
parent 1eb382fb1f
2 changed files with 23 additions and 26 deletions
--- a/common/openpgpdefs.h
+++ b/common/openpgpdefs.h
@ -165,7 +165,7 @@ typedef enum
    PUBKEY_ALGO_RSA         =  1,
    PUBKEY_ALGO_RSA_E       =  2, /* RSA encrypt only (legacy). */
    PUBKEY_ALGO_RSA_S       =  3, /* RSA sign only (legacy).    */
-    /*PUBKEY_ALGO_KYBER     =  8,    Kyber (FIPS-203 final)     */
+    PUBKEY_ALGO_KYBER       =  8, /* Kyber (FIPS-203 final)     */
    PUBKEY_ALGO_ELGAMAL_E   = 16, /* Elgamal encrypt only.      */
    PUBKEY_ALGO_DSA         = 17,
    PUBKEY_ALGO_ECDH        = 18, /* RFC-6637  */
@ -173,7 +173,7 @@ typedef enum
    PUBKEY_ALGO_ELGAMAL     = 20, /* Elgamal encrypt+sign (legacy).  */
    /*                        21     reserved by OpenPGP.            */
    PUBKEY_ALGO_EDDSA       = 22, /* EdDSA.                          */
-    PUBKEY_ALGO_KYBER       = 29, /* Kyber                           */
+    /*                        29     (was fips203.ipd.2023-08-24 in 1.5.0)   */
    PUBKEY_ALGO_DIL3_25519  = 35, /* Dilithium3 + Ed25519 (aka ML-DSA-65)    */
    PUBKEY_ALGO_DIL5_448    = 36, /* Dilithium5 + Ed448   (aka ML-DSA-87)    */
    PUBKEY_ALGO_SPHINX_SHA2 = 41, /* SPHINX+-simple-SHA2  (aka SLH-DSA-SHA2) */
--- a/g10/keygen.c
+++ b/g10/keygen.c
@ -48,9 +48,10 @@
 /* The default algorithms.  If you change them, you should ensure the
-   value is inside the bounds enforced by ask_keysize and gen_xxx.
+ * value is inside the bounds enforced by ask_keysize and gen_xxx.
-   See also get_keysize_range which encodes the allowed ranges.  The
+ * See also get_keysize_range which encodes the allowed ranges.  The
-   default answer in ask_algo also needs to be adjusted.  */
+ * default answer in ask_algo also needs to be adjusted.  For Kyber
 * keep the values set in generate_subkeypair in sync.  */
 #define DEFAULT_STD_KEY_PARAM  "ed25519/cert,sign+cv25519/encr"
 #define FUTURE_STD_KEY_PARAM   "ed25519/cert,sign+cv25519/encr"
 #define PQC_STD_KEY_PARAM      "bp384/cert,sign+kyber768_bp256/encr"
@ -1399,14 +1400,6 @@ write_keybinding (ctrl_t ctrl, kbnode_t root,
      /* The required libgcrypt 1.11 won't yet claim a compliant RNG.  */
      && gnupg_rng_is_compliant (CO_DE_VS))
    oduap.cpl_notation = "de-vs";
  else if ((use & PUBKEY_USAGE_ENC)
           && sub_pk->pubkey_algo == PUBKEY_ALGO_KYBER
           && PUBKEY_ALGO_KYBER == 29)
    {
      /* FIXME: This can be removed as soon as we have implemented the
       * final fips-203 specification.  */
      oduap.cpl_notation = "fips203.ipd.2023-08-24";
    }
  else
    oduap.cpl_notation = NULL;
  oduap.pk = sub_pk;
@ -2601,6 +2594,12 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
  if (r_keygrip)
    tty_printf (_("  (%d) Existing key from card%s\n"), 14, "");
  /* Reserve 15 for ECC or Dilithium primary + Kyber subkey.  */
  if (addmode)
    {
      tty_printf (_("  (%d) Kyber (encrypt only)%s\n"), 16, "");
    }
  for (;;)
    {
      *r_usage = 0;
@ -2884,6 +2883,12 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
          free_keypair_info (keypairlist);
          break;
 	}
      else if ((algo == 16 || !strcmp (answer, "kyber")) && addmode)
        {
          algo = PUBKEY_ALGO_KYBER;
          *r_usage = PUBKEY_USAGE_ENC;
          break;
 	}
      else
        tty_printf (_("Invalid selection.\n"));
@ -6493,7 +6498,6 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
    }
  else
    {
      kbnode_t node;
      PKT_public_key *pk = find_kbnode (pub_root,
                                        PKT_PUBLIC_KEY)->pkt->pkt.public_key;
      print_status_key_created (did_sub? 'B':'P', pk,
@ -6501,18 +6505,6 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
      es_fflush (es_stdout);
      if (any_adsk)
        log_info (_("Note: The key has been created with one or more ADSK!\n"));
      for (node=pub_root; node; node = node->next)
        if ((node->pkt->pkttype == PKT_PUBLIC_KEY
             || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
            && node->pkt->pkt.public_key->pubkey_algo == PUBKEY_ALGO_KYBER)
          {
            log_info ("Note: The key uses the Kyber algorithm from"
                      " a draft specification\n");
            log_info ("      This is EXPERIMENTAL only;"
                      " the final version will not be compatible!\n");
            break;
          }
    }
  release_kbnode (pub_root);
@ -6730,6 +6722,11 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr,
          if (curve && (!strcmp (curve, "X448") || !strcmp (curve, "Ed448")))
            keygen_flags |= KEYGEN_FLAG_CREATE_V5_KEY;
        }
      else if (algo == PUBKEY_ALGO_KYBER)
        {
          nbits = 768;
          curve = "brainpoolP256r1";
        }
      else
        nbits = ask_keysize (algo, 0);