1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpg: Switch Kyber to the final algo id and add it to the menu.

* common/openpgpdefs.h (pubkey_algo_t): Switch algo id for Kyber to 8.
* g10/keygen.c (do_generate_keypair): Remove the experimental algo
note ...
(write_keybinding): and the experimental notation data.
(ask_algo): Add a mode 16 for a Kyber subkey.
(generate_subkeypair): Set parameters for mode 16.
--

GnuPG-bug-id: 6815
This commit is contained in:
Werner Koch 2024-08-27 10:42:53 +02:00
parent 1eb382fb1f
commit 8896bbd0f9
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 23 additions and 26 deletions

View File

@ -165,7 +165,7 @@ typedef enum
PUBKEY_ALGO_RSA = 1, PUBKEY_ALGO_RSA = 1,
PUBKEY_ALGO_RSA_E = 2, /* RSA encrypt only (legacy). */ PUBKEY_ALGO_RSA_E = 2, /* RSA encrypt only (legacy). */
PUBKEY_ALGO_RSA_S = 3, /* RSA sign only (legacy). */ PUBKEY_ALGO_RSA_S = 3, /* RSA sign only (legacy). */
/*PUBKEY_ALGO_KYBER = 8, Kyber (FIPS-203 final) */ PUBKEY_ALGO_KYBER = 8, /* Kyber (FIPS-203 final) */
PUBKEY_ALGO_ELGAMAL_E = 16, /* Elgamal encrypt only. */ PUBKEY_ALGO_ELGAMAL_E = 16, /* Elgamal encrypt only. */
PUBKEY_ALGO_DSA = 17, PUBKEY_ALGO_DSA = 17,
PUBKEY_ALGO_ECDH = 18, /* RFC-6637 */ PUBKEY_ALGO_ECDH = 18, /* RFC-6637 */
@ -173,7 +173,7 @@ typedef enum
PUBKEY_ALGO_ELGAMAL = 20, /* Elgamal encrypt+sign (legacy). */ PUBKEY_ALGO_ELGAMAL = 20, /* Elgamal encrypt+sign (legacy). */
/* 21 reserved by OpenPGP. */ /* 21 reserved by OpenPGP. */
PUBKEY_ALGO_EDDSA = 22, /* EdDSA. */ PUBKEY_ALGO_EDDSA = 22, /* EdDSA. */
PUBKEY_ALGO_KYBER = 29, /* Kyber */ /* 29 (was fips203.ipd.2023-08-24 in 1.5.0) */
PUBKEY_ALGO_DIL3_25519 = 35, /* Dilithium3 + Ed25519 (aka ML-DSA-65) */ PUBKEY_ALGO_DIL3_25519 = 35, /* Dilithium3 + Ed25519 (aka ML-DSA-65) */
PUBKEY_ALGO_DIL5_448 = 36, /* Dilithium5 + Ed448 (aka ML-DSA-87) */ PUBKEY_ALGO_DIL5_448 = 36, /* Dilithium5 + Ed448 (aka ML-DSA-87) */
PUBKEY_ALGO_SPHINX_SHA2 = 41, /* SPHINX+-simple-SHA2 (aka SLH-DSA-SHA2) */ PUBKEY_ALGO_SPHINX_SHA2 = 41, /* SPHINX+-simple-SHA2 (aka SLH-DSA-SHA2) */

View File

@ -48,9 +48,10 @@
/* The default algorithms. If you change them, you should ensure the /* The default algorithms. If you change them, you should ensure the
value is inside the bounds enforced by ask_keysize and gen_xxx. * value is inside the bounds enforced by ask_keysize and gen_xxx.
See also get_keysize_range which encodes the allowed ranges. The * See also get_keysize_range which encodes the allowed ranges. The
default answer in ask_algo also needs to be adjusted. */ * default answer in ask_algo also needs to be adjusted. For Kyber
* keep the values set in generate_subkeypair in sync. */
#define DEFAULT_STD_KEY_PARAM "ed25519/cert,sign+cv25519/encr" #define DEFAULT_STD_KEY_PARAM "ed25519/cert,sign+cv25519/encr"
#define FUTURE_STD_KEY_PARAM "ed25519/cert,sign+cv25519/encr" #define FUTURE_STD_KEY_PARAM "ed25519/cert,sign+cv25519/encr"
#define PQC_STD_KEY_PARAM "bp384/cert,sign+kyber768_bp256/encr" #define PQC_STD_KEY_PARAM "bp384/cert,sign+kyber768_bp256/encr"
@ -1399,14 +1400,6 @@ write_keybinding (ctrl_t ctrl, kbnode_t root,
/* The required libgcrypt 1.11 won't yet claim a compliant RNG. */ /* The required libgcrypt 1.11 won't yet claim a compliant RNG. */
&& gnupg_rng_is_compliant (CO_DE_VS)) && gnupg_rng_is_compliant (CO_DE_VS))
oduap.cpl_notation = "de-vs"; oduap.cpl_notation = "de-vs";
else if ((use & PUBKEY_USAGE_ENC)
&& sub_pk->pubkey_algo == PUBKEY_ALGO_KYBER
&& PUBKEY_ALGO_KYBER == 29)
{
/* FIXME: This can be removed as soon as we have implemented the
* final fips-203 specification. */
oduap.cpl_notation = "fips203.ipd.2023-08-24";
}
else else
oduap.cpl_notation = NULL; oduap.cpl_notation = NULL;
oduap.pk = sub_pk; oduap.pk = sub_pk;
@ -2601,6 +2594,12 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
if (r_keygrip) if (r_keygrip)
tty_printf (_(" (%d) Existing key from card%s\n"), 14, ""); tty_printf (_(" (%d) Existing key from card%s\n"), 14, "");
/* Reserve 15 for ECC or Dilithium primary + Kyber subkey. */
if (addmode)
{
tty_printf (_(" (%d) Kyber (encrypt only)%s\n"), 16, "");
}
for (;;) for (;;)
{ {
*r_usage = 0; *r_usage = 0;
@ -2884,6 +2883,12 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
free_keypair_info (keypairlist); free_keypair_info (keypairlist);
break; break;
} }
else if ((algo == 16 || !strcmp (answer, "kyber")) && addmode)
{
algo = PUBKEY_ALGO_KYBER;
*r_usage = PUBKEY_USAGE_ENC;
break;
}
else else
tty_printf (_("Invalid selection.\n")); tty_printf (_("Invalid selection.\n"));
@ -6493,7 +6498,6 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
} }
else else
{ {
kbnode_t node;
PKT_public_key *pk = find_kbnode (pub_root, PKT_public_key *pk = find_kbnode (pub_root,
PKT_PUBLIC_KEY)->pkt->pkt.public_key; PKT_PUBLIC_KEY)->pkt->pkt.public_key;
print_status_key_created (did_sub? 'B':'P', pk, print_status_key_created (did_sub? 'B':'P', pk,
@ -6501,18 +6505,6 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
es_fflush (es_stdout); es_fflush (es_stdout);
if (any_adsk) if (any_adsk)
log_info (_("Note: The key has been created with one or more ADSK!\n")); log_info (_("Note: The key has been created with one or more ADSK!\n"));
for (node=pub_root; node; node = node->next)
if ((node->pkt->pkttype == PKT_PUBLIC_KEY
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
&& node->pkt->pkt.public_key->pubkey_algo == PUBKEY_ALGO_KYBER)
{
log_info ("Note: The key uses the Kyber algorithm from"
" a draft specification\n");
log_info (" This is EXPERIMENTAL only;"
" the final version will not be compatible!\n");
break;
}
} }
release_kbnode (pub_root); release_kbnode (pub_root);
@ -6730,6 +6722,11 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr,
if (curve && (!strcmp (curve, "X448") || !strcmp (curve, "Ed448"))) if (curve && (!strcmp (curve, "X448") || !strcmp (curve, "Ed448")))
keygen_flags |= KEYGEN_FLAG_CREATE_V5_KEY; keygen_flags |= KEYGEN_FLAG_CREATE_V5_KEY;
} }
else if (algo == PUBKEY_ALGO_KYBER)
{
nbits = 768;
curve = "brainpoolP256r1";
}
else else
nbits = ask_keysize (algo, 0); nbits = ask_keysize (algo, 0);