requesting another ECC function...

Thu Apr 11 21:27:50 CEST 2013

On 04/11/2013 08:41 PM, Werner Koch wrote:
> On Thu, 21 Mar 2013 13:39, grothoff at in.tum.de said:
> 
>> I can manipulate 'Q' freely) to an S-expression.  So what I need is
>> something like a function "gcry_sexp_from_ec_context", to be used as
>> follows:
> 
> Here we go:  Instead of
> 
>>   if (0 != (rc = gcry_sexp_from_ec_context (&pk_sexpr, ctx)))
>>   {
>>     LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_from_context", rc);
>>     gcry_ctx_release (ctx);
>>     gcry_sexp_release (data);
>>     gcry_sexp_release (sig_sexpr);
>>     return GNUNET_SYSERR;
>>   }
> 
> use this:
> 
>    if (0 != (rc = gcry_pubkey_get_sexp (&pk_sexpr, GCRY_PK_GET_PUBKEY, ctx)))
>    {
>      LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pubkey_get_sexp", rc);
>      gcry_ctx_release (ctx);
>      gcry_sexp_release (data);
>      gcry_sexp_release (sig_sexpr);
>      return GNUNET_SYSERR;
>    }

Almost there.  This gives me an sexp of the form "(public-key(ecc(...))",
but for gcry_pk_verify that corresponds to ECDH as a "(public-key(ecdsa(...))"
is needed (I get a "not implemented" for gcry_pk_sign if I put 'ecc' instead of 'ecdsa';
the ECC code internally picks between ECDSA and ECDH depending on the form of
the s-expression).

So instead of just "GCRY_PK_GET_PUBKEY", we'll need "GCRY_PK_GET_ECDSA_PUBKEY" or
 "GCRY_PK_GET_ECDH_PUBKEY", as otherwise the "wrong" ECC module is selected.

Happy hacking!

Christian