q not derived from d in gcry_pk_sign
Christian Grothoff
grothoff at in.tum.de
Fri Mar 22 10:19:31 CET 2013
Hi!
I have a private ECC key 'd' for a given curve (NIST P-256) and would
like to use 'gcry_pk_sign' given this information. So I use
gcry_sexp_build (&spriv, &erroff,
"(private-key(ecc(curve \"NIST P-256\")(d %m)))",
d);
gcry_pk_sign (&result, data, spriv);
to create a signature; this fails, as in 'sexp_elements_extract_ecc' the
'q' value is not found (as it is neither in the curve nor explicitly in
the S-expression); however, q can of course be calculated as q = dg from
the private key and the curve.
Fixing this inside 'sexp_elements_extract_ecc' is not trivial, as no
context for the point multiplication exists (after all, we're just
building that one). Similarly, having me calculate q first is ugly, as
I'd have to first create another ECC context, do the multiplication,
and then find a way to print the point correctly into the s-expression,
just to create the context that could have done it internally with ease.
The nicest fix I can think of right now would be a change to how
'sexp_elements_extract_ecc' works (i.e. reporting "got all" even
if q was not found and forcing the caller to manually check &
recompute); this might be done by marking some variables as
'optional'. Then the caller can check for q==NULL once the context
has been initialized 'enough' to make the ECC multiplication to
calculate q.
Happy hacking!
Christian
p.s.: Werner, I had send you a related patch to do this 'q' calculation
on-the-fly before, but this is a different path through the code.
More information about the Gcrypt-devel
mailing list