q not derived from d in gcry_pk_sign

Christian Grothoff grothoff at in.tum.de
Fri Mar 22 10:19:31 CET 2013


I have a private ECC key 'd' for a given curve (NIST P-256) and would
like to use 'gcry_pk_sign' given this information.  So I use

gcry_sexp_build (&spriv, &erroff,
	  "(private-key(ecc(curve \"NIST P-256\")(d %m)))",
gcry_pk_sign (&result, data, spriv);

to create a signature; this fails, as in 'sexp_elements_extract_ecc' the
'q' value is not found (as it is neither in the curve nor explicitly in
the S-expression); however, q can of course be calculated as q = dg from 
the private key and the curve.

Fixing this inside 'sexp_elements_extract_ecc' is not trivial, as no
context for the point multiplication exists (after all, we're just
building that one).  Similarly, having me calculate q first is ugly, as
I'd have to first create another ECC context, do the multiplication,
and then find a way to print the point correctly into the s-expression,
just to create the context that could have done it internally with ease.

The nicest fix I can think of right now would be a change to how 
'sexp_elements_extract_ecc' works (i.e. reporting "got all" even
if q was not found and forcing the caller to manually check & 
recompute); this might be done by marking some variables as
'optional'.  Then the caller can check for q==NULL once the context
has been initialized 'enough' to make the ECC multiplication to
calculate q.

Happy hacking!


p.s.: Werner, I had send you a related patch to do this 'q' calculation
on-the-fly before, but this is a different path through the code.

More information about the Gcrypt-devel mailing list