From b48476bbefa70cf56ba48089b0dbdfd09cccc917 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 12 Apr 2024 11:31:01 +0200
Subject: [PATCH] gpg: Prepare to use the fingerprint as fixed-info for Kyber.

* g10/pubkey-enc.c (get_it): Use algo and fingerprint for the
fixed-info.  Keep a testing mode.
* g10/options.h (COMPAT_T7014_OLD): New.
* g10/gpg.c (compatibility_flags): Add "t71014-old" flag.
--

GnuPG-bug-id: 6815
---
 g10/gpg.c        |  1 +
 g10/options.h    |  5 ++---
 g10/pubkey-enc.c | 24 +++++++++++++++++++-----
 3 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/g10/gpg.c b/g10/gpg.c
index 2afcd91ad..0c80a558b 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -1034,6 +1034,7 @@ static struct debug_flags_s debug_flags [] =
 static struct compatibility_flags_s compatibility_flags [] =
   {
     { COMPAT_PARALLELIZED, "parallelized" },
+    { COMPAT_T7014_OLD,    "t7014-old" },
     { 0, NULL }
   };
 
diff --git a/g10/options.h b/g10/options.h
index ed8e122a3..e810adfb9 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -378,9 +378,8 @@ EXTERN_UNLESS_MAIN_MODULE int memory_debug_mode;
 EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
 
 /* Compatibility flags */
-#define COMPAT_PARALLELIZED   1
-
-/* #define COMPAT_FOO   2 */
+#define COMPAT_PARALLELIZED   1  /* Use threaded hashing for signatures.  */
+#define COMPAT_T7014_OLD      2  /* Use initial T7014 test data.  */
 
 
 /* Compliance test macors.  */
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index da32ebc7b..470525a95 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -240,15 +240,29 @@ get_it (ctrl_t ctrl,
     }
   else if (sk->pubkey_algo == PUBKEY_ALGO_KYBER)
     {
-      log_debug ("seskey_algo: %d\n", enc->seskey_algo);
+      char fixedinfo[1+MAX_FINGERPRINT_LEN];
+      int fixedlen;
+
+      if ((opt.compat_flags & COMPAT_T7014_OLD))
+        {
+          /* Temporary use for tests with original test vectors.  */
+          fixedinfo[0] = 0x69;
+          fixedlen = 1;
+        }
+      else
+        {
+          fixedinfo[0] = enc->seskey_algo;
+          v5_fingerprint_from_pk (sk, fixedinfo+1, NULL);
+          fixedlen = 33;
+        }
+
       if (!enc->data[0] || !enc->data[1] || !enc->data[2])
         err = gpg_error (GPG_ERR_BAD_MPI);
       else
         err = gcry_sexp_build (&s_data, NULL,
-                             "(enc-val(pqc(e%m)(k%m)(s%m)(c%d)(fixed-info%s)))",
-                              enc->data[0], enc->data[1], enc->data[2],
-                              enc->seskey_algo,
-                              "\x69");
+                           "(enc-val(pqc(e%m)(k%m)(s%m)(c%d)(fixed-info%b)))",
+                           enc->data[0], enc->data[1], enc->data[2],
+                           enc->seskey_algo, fixedlen, fixedinfo);
     }
   else
     err = gpg_error (GPG_ERR_BUG);