diff --git a/common/openpgpdefs.h b/common/openpgpdefs.h index 625747983..8553a889f 100644 --- a/common/openpgpdefs.h +++ b/common/openpgpdefs.h @@ -168,7 +168,12 @@ typedef enum PUBKEY_ALGO_ECDSA = 19, /* RFC-6637 */ PUBKEY_ALGO_ELGAMAL = 20, /* Elgamal encrypt+sign (legacy). */ /* 21 reserved by OpenPGP. */ - PUBKEY_ALGO_EDDSA = 22, /* EdDSA (not yet assigned). */ + PUBKEY_ALGO_EDDSA = 22, /* EdDSA. */ + PUBKEY_ALGO_KY768_25519 = 29, /* Kyber768 + X25519 */ + PUBKEY_ALGO_KY1024_448 = 30, /* Kyber1024 + X448 */ + PUBKEY_ALGO_DIL3_25519 = 35, /* Dilithium3 + Ed25519 */ + PUBKEY_ALGO_DIL5_448 = 36, /* Dilithium5 + Ed448 */ + PUBKEY_ALGO_SPHINX_SHA2 = 41, /* SPHINX+-simple-SHA2 */ PUBKEY_ALGO_PRIVATE10 = 110 } pubkey_algo_t; diff --git a/g10/keygen.c b/g10/keygen.c index d5099dbb9..3cafc476d 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -3278,6 +3278,7 @@ parse_key_parameter_part (ctrl_t ctrl, char *keygrip = NULL; u32 keytime = 0; int is_448 = 0; + int is_pqc = 0; if (!string || !*string) return 0; /* Success. */ @@ -3312,6 +3313,32 @@ parse_key_parameter_part (ctrl_t ctrl, return gpg_error (GPG_ERR_INV_VALUE); } } + else if (!ascii_strcasecmp (string, "ky768")) + { + algo = PUBKEY_ALGO_KY768_25519; + is_pqc = 1; + } + else if (!ascii_strcasecmp (string, "ky1024")) + { + algo = PUBKEY_ALGO_KY1024_448; + is_pqc = 1; + } + else if (!ascii_strcasecmp (string, "dil3")) + { + algo = PUBKEY_ALGO_DIL3_25519; + is_pqc = 1; + } + else if (!ascii_strcasecmp (string, "dil5")) + { + algo = PUBKEY_ALGO_DIL5_448; + is_pqc = 1; + } + else if (!ascii_strcasecmp (string, "sphinx") + || !ascii_strcasecmp (string, "sphinx_sha2")) + { + algo = PUBKEY_ALGO_SPHINX_SHA2; + is_pqc = 1; + } else if ((curve = openpgp_is_curve_supported (string, &algo, &size))) { if (!algo) @@ -3560,8 +3587,8 @@ parse_key_parameter_part (ctrl_t ctrl, return gpg_error (GPG_ERR_WRONG_KEY_USAGE); } - /* Ed448 and X448 must only be used as v5 keys. */ - if (is_448) + /* Ed448, X448 and the PQC algos must only be used as v5 keys. */ + if (is_448 || is_pqc) { if (keyversion == 4) log_info (_("WARNING: v4 is specified, but overridden by v5.\n")); diff --git a/g10/keyid.c b/g10/keyid.c index 9191fec92..7cf9803e2 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -115,6 +115,11 @@ pubkey_string (PKT_public_key *pk, char *buffer, size_t bufsize) case PUBKEY_ALGO_ECDH: case PUBKEY_ALGO_ECDSA: case PUBKEY_ALGO_EDDSA: prefix = ""; break; + case PUBKEY_ALGO_KY768_25519: prefix = "ky768"; break; + case PUBKEY_ALGO_KY1024_448: prefix = "ky1024"; break; + case PUBKEY_ALGO_DIL3_25519: prefix = "dil3"; break; + case PUBKEY_ALGO_DIL5_448: prefix = "dil5"; break; + case PUBKEY_ALGO_SPHINX_SHA2: prefix = "sphinx_sha2"; break; } if (prefix && *prefix) diff --git a/g10/misc.c b/g10/misc.c index 2f4b452dd..d1f0efc6e 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -799,6 +799,19 @@ openpgp_pk_algo_usage ( int algo ) case PUBKEY_ALGO_ECDSA: case PUBKEY_ALGO_EDDSA: use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH; + break; + + case PUBKEY_ALGO_KY768_25519: + case PUBKEY_ALGO_KY1024_448: + use = PUBKEY_USAGE_ENC | PUBKEY_USAGE_RENC; + break; + + case PUBKEY_ALGO_DIL3_25519: + case PUBKEY_ALGO_DIL5_448: + case PUBKEY_ALGO_SPHINX_SHA2: + use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG; + break; + default: break; }