add crypto backend

author: Markus Teich <markus.teich@stusta.mhn.de> 2016-06-12 01:14:56 +0200
committer: Markus Teich <markus.teich@stusta.mhn.de> 2016-06-12 01:14:56 +0200
commit: 381d21c602b70afb8a3f8b07d7872b26fc4e2d7d (patch)
tree: fcb0090b58e0bad065eaa826253c75410f5e45f1 /crypto.c
parent: 1d3b927c3743f626f0ffb3f49c8167c4efb34a67 (diff)
download: libbrandt-381d21c602b70afb8a3f8b07d7872b26fc4e2d7d.tar.gz
libbrandt-381d21c602b70afb8a3f8b07d7872b26fc4e2d7d.zip
1 files changed, 343 insertions, 0 deletions
diff --git a/crypto.c b/crypto.c
new file mode 100644
index 0000000..399cd21
--- /dev/null
+++ b/crypto.c
@@ -0,0 +1,343 @@
+/* This file is part of libbrandt.
+ * Copyright (C) 2016 GNUnet e.V.
+ *
+ * libbrandt is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later
+ * version.
+ *
+ * libbrandt is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ * A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * libbrandt.  If not, see <http://www.gnu.org/licenses/>.
+ */
+/**
+ * @file crypto.c
+ * @brief Implementation of the crypto primitives.
+ */
+#include <arpa/inet.h>
+#include "crypto.h"
+#include "util.h"
+#define CURVE "Ed25519"
+/* --- RANDOM --- */
+void
+brandt_rand_poll ()
+{
+        static unsigned char rand_amount = 255;
+        if (!(rand_amount--))
+                gcry_fast_random_poll ();
+}
+/* --- HASHING --- */
+/**
+ * Hash block of given size.
+ *
+ * @param block the data to #brandt_hash, length is given as a second argument
+ * @param size the length of the data to #brandt_hash in @a block
+ * @param ret pointer to where to write the hashcode
+ */
+void
+brandt_hash (const void *block, size_t size, struct brandt_hash_code *ret)
+{
+        gcry_md_hash_buffer (GCRY_MD_SHA512, ret, block, size);
+}
+/* --- MPI --- */
+/**
+ * If target != size, move @a target bytes to the end of the size-sized
+ * buffer and zero out the first @a target - @a size bytes.
+ *
+ * @param buf original buffer
+ * @param size number of bytes in @a buf
+ * @param target target size of the buffer
+ */
+static void
+adjust (void *buf, size_t size, size_t target)
+{
+        char *p = buf;
+        if (size < target)
+        {
+                memmove (&p[target - size], buf, size);
+                memset (buf, 0, target - size);
+        }
+}
+/**
+ * Output the given MPI value to the given buffer in
+ * network byte order.
+ * The MPI @a val may not be negative.
+ *
+ * @param buf where to output to
+ * @param size number of bytes in @a buf
+ * @param val value to write to @a buf
+ */
+void
+brandt_mpi_print_unsigned (void *buf, size_t size, gcry_mpi_t val)
+{
+        size_t       rsize;
+        gcry_error_t rc;
+        if (gcry_mpi_get_flag (val, GCRYMPI_FLAG_OPAQUE))
+        {
+                /* Store opaque MPIs left aligned into the buffer.  */
+                unsigned int nbits;
+                const void   *p;
+                p = gcry_mpi_get_opaque (val, &nbits);
+                brandt_assert (NULL != p);
+                rsize = (nbits + 7) / 8;
+                if (rsize > size)
+                        rsize = size;
+                memcpy (buf, p, rsize);
+                if (rsize < size)
+                        memset (((char *)buf) + rsize, 0, size - rsize);
+        }
+        else
+        {
+                /* Store regular MPIs as unsigned integers right aligned into the buffer. */
+                rsize = size;
+                rc = gcry_mpi_print (GCRYMPI_FMT_USG, buf, rsize, &rsize, val);
+                brandt_assert_gpgerr (rc);
+                adjust (buf, rsize, size);
+        }
+}
+/**
+ * Convert data buffer into MPI value.
+ * The buffer is interpreted as network
+ * byte order, unsigned integer.
+ *
+ * @param result where to store MPI value (allocated)
+ * @param data raw data (GCRYMPI_FMT_USG)
+ * @param size number of bytes in @a data
+ */
+void
+brandt_mpi_scan_unsigned (gcry_mpi_t *result, const void *data, size_t size)
+{
+        gcry_error_t rc;
+        rc = gcry_mpi_scan (result, GCRYMPI_FMT_USG, data, size, &size);
+        brandt_assert_gpgerr (rc);
+}
+/* --- ECDHE --- */
+/**
+ * Convert the given private key from the network format to the
+ * S-expression that can be used by libgcrypt.
+ *
+ * @param priv private key to decode
+ * @return NULL on error
+ */
+static gcry_sexp_t
+decode_private_ecdhe_key (const struct brandt_dhe_skey *priv)
+{
+        gcry_sexp_t  result;
+        gcry_error_t rc;
+        rc = gcry_sexp_build (&result, NULL,
+                              "(private-key(ecc(curve \"" CURVE "\")"
+                              "(d %b)))",
+                              (int)sizeof (priv->d), priv->d);
+        brandt_assert_gpgerr (rc);
+        return result;
+}
+/**
+ * Extract values from an S-expression.
+ *
+ * @param array where to store the result(s)
+ * @param sexp S-expression to parse
+ * @param topname top-level name in the S-expression that is of interest
+ * @param elems names of the elements to extract
+ * @return 0 on success
+ */
+static int
+key_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname,
+               const char *elems)
+{
+        gcry_sexp_t  list;
+        gcry_sexp_t  l2;
+        const char   *s;
+        unsigned int i;
+        unsigned int idx;
+        list = gcry_sexp_find_token (sexp, topname, 0);
+        if (!list)
+                return 1;
+        l2 = gcry_sexp_cadr (list);
+        gcry_sexp_release (list);
+        list = l2;
+        if (!list)
+                return 2;
+        idx = 0;
+        for (s = elems; *s; s++, idx++)
+        {
+                l2 = gcry_sexp_find_token (list, s, 1);
+                if (!l2)
+                {
+                        for (i = 0; i < idx; i++)
+                        {
+                                gcry_free (array[i]);
+                                array[i] = NULL;
+                        }
+                        gcry_sexp_release (list);
+                        return 3;                 /* required parameter not found */
+                }
+                array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
+                gcry_sexp_release (l2);
+                if (!array[idx])
+                {
+                        for (i = 0; i < idx; i++)
+                        {
+                                gcry_free (array[i]);
+                                array[i] = NULL;
+                        }
+                        gcry_sexp_release (list);
+                        return 4;                 /* required parameter is invalid */
+                }
+        }
+        gcry_sexp_release (list);
+        return 0;
+}
+/**
+ * Create a new private key.
+ *
+ * @param priv where to write the private key
+ */
+void
+brandt_ecdhe_key_create (struct brandt_dhe_skey *priv)
+{
+        gcry_sexp_t  priv_sexp;
+        gcry_sexp_t  s_keyparam;
+        gcry_mpi_t   d;
+        gcry_error_t rc;
+        rc = gcry_sexp_build (&s_keyparam, NULL, "(genkey(ecc(curve \"" CURVE "\")"
+                              "(flags)))")
+             brandt_assert_gpgerr (rc);
+        rc = gcry_pk_genkey (&priv_sexp, s_keyparam)
+             brandt_assert_gpgerr (rc);
+        gcry_sexp_release (s_keyparam);
+        rc = key_from_sexp (&d, priv_sexp, "private-key", "d")
+             brandt_assert_gpgerr (rc);
+        gcry_sexp_release (priv_sexp);
+        brandt_mpi_print_unsigned (priv->d, sizeof (priv->d), d);
+        gcry_mpi_release (d);
+}
+/**
+ * Extract the public key for the given private key.
+ *
+ * @param priv the private key
+ * @param pub where to write the public key
+ */
+void
+brandt_ecdhe_key_get_public (const struct brandt_dhe_skey *priv,
+                             struct brandt_dhe_pkey       *pub)
+{
+        gcry_sexp_t  sexp;
+        gcry_ctx_t   ctx;
+        gcry_mpi_t   q;
+        gcry_error_t rc;
+        sexp = decode_private_ecdhe_key (priv);
+        brandt_assert (NULL != sexp);
+        rc = gcry_mpi_ec_new (&ctx, sexp, NULL);
+        brandt_assert_gpgerr (rc);
+        gcry_sexp_release (sexp);
+        q = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
+        brandt_assert (NULL != q);
+        brandt_mpi_print_unsigned (pub->q_y, sizeof (pub->q_y), q);
+        gcry_mpi_release (q);
+        gcry_ctx_release (ctx);
+}
+/**
+ * Derive key material from a public and a private ECDHE key.
+ *
+ * @param priv private key to use for the ECDH (x)
+ * @param pub public key to use for the ECDH (yG)
+ * @param key_material where to write the key material (xyG)
+ * @return 0 on error, 1 on success
+ */
+int
+brandt_ecdhe (const struct brandt_dhe_skey *priv,
+              const struct brandt_dhe_pkey *pub,
+              struct brandt_hash_code      *key_material)
+{
+        gcry_error_t     rc;
+        int              rc2;
+        gcry_mpi_point_t result;
+        gcry_mpi_point_t q;
+        gcry_mpi_t       d;
+        gcry_ctx_t       ctx;
+        gcry_sexp_t      pub_sexpr;
+        gcry_mpi_t       result_x;
+        unsigned char    xbuf[256 / 8];
+        size_t           rsize;
+        /* first, extract the q = dP value from the public key */
+        if (0 != gcry_sexp_build (&pub_sexpr, NULL,
+                                  "(public-key(ecc(curve " CURVE ")(q %b)))",
+                                  (int)sizeof (pub->q_y), pub->q_y))
+                return 0;
+        rc = gcry_mpi_ec_new (&ctx, pub_sexpr, NULL);
+        brandt_assert_gpgerr (rc);
+        gcry_sexp_release (pub_sexpr);
+        q = gcry_mpi_ec_get_point ("q", ctx, 0);
+        /* second, extract the d value from our private key */
+        brandt_mpi_scan_unsigned (&d, priv->d, sizeof (priv->d));
+        /* then call the 'multiply' function, to compute the product */
+        result = gcry_mpi_point_new (0);
+        gcry_mpi_ec_mul (result, d, q, ctx);
+        gcry_mpi_point_release (q);
+        gcry_mpi_release (d);
+        /* finally, convert point to string for hashing */
+        result_x = gcry_mpi_new (256);
+        rc = gcry_mpi_ec_get_affine (result_x, NULL, result, ctx);
+        brandt_assert (0 == rc);
+        gcry_mpi_point_release (result);
+        gcry_ctx_release (ctx);
+        rsize = sizeof (xbuf);
+        rc2 = gcry_mpi_get_flag (result_x, GCRYMPI_FLAG_OPAQUE);
+        brandt_assert (0 == rc2);
+        /* result_x can be negative here, so we do not use 'brandt_mpi_print_unsigned'
+         * as that does not include the sign bit; x should be a 255-bit
+         * value, so with the sign it should fit snugly into the 256-bit
+         * xbuf */
+        rc = gcry_mpi_print (GCRYMPI_FMT_STD, xbuf, rsize, &rsize, result_x);
+        brandt_assert_gpgerr (rc);
+        brandt_hash (xbuf, rsize, key_material);
+        gcry_mpi_release (result_x);
+        return 1;
+}
+/**
+ * @ingroup crypto
+ * Clear memory that was used to store a private key.
+ *
+ * @param pk location of the key
+ */
+void
+brandt_ecdhe_key_clear (struct brandt_dhe_skey *pk)
+{
+        memset (pk, 0, sizeof (struct brandt_dhe_skey));
+}
author	Markus Teich <markus.teich@stusta.mhn.de>	2016-06-12 01:14:56 +0200
committer	Markus Teich <markus.teich@stusta.mhn.de>	2016-06-12 01:14:56 +0200
commit	381d21c602b70afb8a3f8b07d7872b26fc4e2d7d (patch)
tree	fcb0090b58e0bad065eaa826253c75410f5e45f1 /crypto.c
parent	1d3b927c3743f626f0ffb3f49c8167c4efb34a67 (diff)
download	libbrandt-381d21c602b70afb8a3f8b07d7872b26fc4e2d7d.tar.gz libbrandt-381d21c602b70afb8a3f8b07d7872b26fc4e2d7d.zip

diff --git a/crypto.c b/crypto.c new file mode 100644 index 0000000..399cd21 --- /dev/null +++ b/crypto.c
@@ -0,0 +1,343 @@
	1	/* This file is part of libbrandt.
	2	* Copyright (C) 2016 GNUnet e.V.
	3	*
	4	* libbrandt is free software: you can redistribute it and/or modify it under
	5	* the terms of the GNU General Public License as published by the Free Software
	6	* Foundation, either version 3 of the License, or (at your option) any later
	7	* version.
	8	*
	9	* libbrandt is distributed in the hope that it will be useful, but WITHOUT ANY
	10	* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
	11	* A PARTICULAR PURPOSE. See the GNU General Public License for more details.
	12	*
	13	* You should have received a copy of the GNU General Public License along with
	14	* libbrandt. If not, see <http://www.gnu.org/licenses/>.
	15	*/
	16
	17	/**
	18	* @file crypto.c
	19	* @brief Implementation of the crypto primitives.
	20	*/
	21
	22	#include <arpa/inet.h>
	23
	24	#include "crypto.h"
	25	#include "util.h"
	26
	27	#define CURVE "Ed25519"
	28
	29	/* --- RANDOM --- */
	30
	31	void
	32	brandt_rand_poll ()
	33	{
	34	static unsigned char rand_amount = 255;
	35
	36	if (!(rand_amount--))
	37	gcry_fast_random_poll ();
	38	}
	39
	40	/* --- HASHING --- */
	41
	42	/**
	43	* Hash block of given size.
	44	*
	45	* @param block the data to #brandt_hash, length is given as a second argument
	46	* @param size the length of the data to #brandt_hash in @a block
	47	* @param ret pointer to where to write the hashcode
	48	*/
	49	void
	50	brandt_hash (const void block, size_t size, struct brandt_hash_code ret)
	51	{
	52	gcry_md_hash_buffer (GCRY_MD_SHA512, ret, block, size);
	53	}
	54
	55	/* --- MPI --- */
	56
	57	/**
	58	* If target != size, move @a target bytes to the end of the size-sized
	59	* buffer and zero out the first @a target - @a size bytes.
	60	*
	61	* @param buf original buffer
	62	* @param size number of bytes in @a buf
	63	* @param target target size of the buffer
	64	*/
	65	static void
	66	adjust (void *buf, size_t size, size_t target)
	67	{
	68	char *p = buf;
	69
	70	if (size < target)
	71	{
	72	memmove (&p[target - size], buf, size);
	73	memset (buf, 0, target - size);
	74	}
	75	}
	76
	77	/**
	78	* Output the given MPI value to the given buffer in
	79	* network byte order.
	80	* The MPI @a val may not be negative.
	81	*
	82	* @param buf where to output to
	83	* @param size number of bytes in @a buf
	84	* @param val value to write to @a buf
	85	*/
	86	void
	87	brandt_mpi_print_unsigned (void *buf, size_t size, gcry_mpi_t val)
	88	{
	89	size_t rsize;
	90	gcry_error_t rc;
	91
	92	if (gcry_mpi_get_flag (val, GCRYMPI_FLAG_OPAQUE))
	93	{
	94	/* Store opaque MPIs left aligned into the buffer. */
	95	unsigned int nbits;
	96	const void *p;
	97
	98	p = gcry_mpi_get_opaque (val, &nbits);
	99	brandt_assert (NULL != p);
	100	rsize = (nbits + 7) / 8;
	101	if (rsize > size)
	102	rsize = size;
	103	memcpy (buf, p, rsize);
	104	if (rsize < size)
	105	memset (((char *)buf) + rsize, 0, size - rsize);
	106	}
	107	else
	108	{
	109	/* Store regular MPIs as unsigned integers right aligned into the buffer. */
	110	rsize = size;
	111	rc = gcry_mpi_print (GCRYMPI_FMT_USG, buf, rsize, &rsize, val);
	112	brandt_assert_gpgerr (rc);
	113	adjust (buf, rsize, size);
	114	}
	115	}
	116
	117	/**
	118	* Convert data buffer into MPI value.
	119	* The buffer is interpreted as network
	120	* byte order, unsigned integer.
	121	*
	122	* @param result where to store MPI value (allocated)
	123	* @param data raw data (GCRYMPI_FMT_USG)
	124	* @param size number of bytes in @a data
	125	*/
	126	void
	127	brandt_mpi_scan_unsigned (gcry_mpi_t result, const void data, size_t size)
	128	{
	129	gcry_error_t rc;
	130
	131	rc = gcry_mpi_scan (result, GCRYMPI_FMT_USG, data, size, &size);
	132	brandt_assert_gpgerr (rc);
	133	}
	134
	135	/* --- ECDHE --- */
	136
	137	/**
	138	* Convert the given private key from the network format to the
	139	* S-expression that can be used by libgcrypt.
	140	*
	141	* @param priv private key to decode
	142	* @return NULL on error
	143	*/
	144	static gcry_sexp_t
	145	decode_private_ecdhe_key (const struct brandt_dhe_skey *priv)
	146	{
	147	gcry_sexp_t result;
	148	gcry_error_t rc;
	149
	150	rc = gcry_sexp_build (&result, NULL,
	151	"(private-key(ecc(curve \"" CURVE "\")"
	152	"(d %b)))",
	153	(int)sizeof (priv->d), priv->d);
	154	brandt_assert_gpgerr (rc);
	155	return result;
	156	}
	157
	158	/**
	159	* Extract values from an S-expression.
	160	*
	161	* @param array where to store the result(s)
	162	* @param sexp S-expression to parse
	163	* @param topname top-level name in the S-expression that is of interest
	164	* @param elems names of the elements to extract
	165	* @return 0 on success
	166	*/
	167	static int
	168	key_from_sexp (gcry_mpi_t array, gcry_sexp_t sexp, const char topname,
	169	const char *elems)
	170	{
	171	gcry_sexp_t list;
	172	gcry_sexp_t l2;
	173	const char *s;
	174	unsigned int i;
	175	unsigned int idx;
	176
	177	list = gcry_sexp_find_token (sexp, topname, 0);
	178	if (!list)
	179	return 1;
	180	l2 = gcry_sexp_cadr (list);
	181	gcry_sexp_release (list);
	182	list = l2;
	183	if (!list)
	184	return 2;
	185	idx = 0;
	186	for (s = elems; *s; s++, idx++)
	187	{
	188	l2 = gcry_sexp_find_token (list, s, 1);
	189	if (!l2)
	190	{
	191	for (i = 0; i < idx; i++)
	192	{
	193	gcry_free (array[i]);
	194	array[i] = NULL;
	195	}
	196	gcry_sexp_release (list);
	197	return 3; /* required parameter not found */
	198	}
	199	array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
	200	gcry_sexp_release (l2);
	201	if (!array[idx])
	202	{
	203	for (i = 0; i < idx; i++)
	204	{
	205	gcry_free (array[i]);
	206	array[i] = NULL;
	207	}
	208	gcry_sexp_release (list);
	209	return 4; /* required parameter is invalid */
	210	}
	211	}
	212	gcry_sexp_release (list);
	213	return 0;
	214	}
	215
	216	/**
	217	* Create a new private key.
	218	*
	219	* @param priv where to write the private key
	220	*/
	221	void
	222	brandt_ecdhe_key_create (struct brandt_dhe_skey *priv)
	223	{
	224	gcry_sexp_t priv_sexp;
	225	gcry_sexp_t s_keyparam;
	226	gcry_mpi_t d;
	227	gcry_error_t rc;
	228
	229	rc = gcry_sexp_build (&s_keyparam, NULL, "(genkey(ecc(curve \"" CURVE "\")"
	230	"(flags)))")
	231	brandt_assert_gpgerr (rc);
	232	rc = gcry_pk_genkey (&priv_sexp, s_keyparam)
	233	brandt_assert_gpgerr (rc);
	234	gcry_sexp_release (s_keyparam);
	235	rc = key_from_sexp (&d, priv_sexp, "private-key", "d")
	236	brandt_assert_gpgerr (rc);
	237	gcry_sexp_release (priv_sexp);
	238	brandt_mpi_print_unsigned (priv->d, sizeof (priv->d), d);
	239	gcry_mpi_release (d);
	240	}
	241
	242	/**
	243	* Extract the public key for the given private key.
	244	*
	245	* @param priv the private key
	246	* @param pub where to write the public key
	247	*/
	248	void
	249	brandt_ecdhe_key_get_public (const struct brandt_dhe_skey *priv,
	250	struct brandt_dhe_pkey *pub)
	251	{
	252	gcry_sexp_t sexp;
	253	gcry_ctx_t ctx;
	254	gcry_mpi_t q;
	255	gcry_error_t rc;
	256
	257	sexp = decode_private_ecdhe_key (priv);
	258	brandt_assert (NULL != sexp);
	259	rc = gcry_mpi_ec_new (&ctx, sexp, NULL);
	260	brandt_assert_gpgerr (rc);
	261	gcry_sexp_release (sexp);
	262	q = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
	263	brandt_assert (NULL != q);
	264	brandt_mpi_print_unsigned (pub->q_y, sizeof (pub->q_y), q);
	265	gcry_mpi_release (q);
	266	gcry_ctx_release (ctx);
	267	}
	268
	269	/**
	270	* Derive key material from a public and a private ECDHE key.
	271	*
	272	* @param priv private key to use for the ECDH (x)
	273	* @param pub public key to use for the ECDH (yG)
	274	* @param key_material where to write the key material (xyG)
	275	* @return 0 on error, 1 on success
	276	*/
	277	int
	278	brandt_ecdhe (const struct brandt_dhe_skey *priv,
	279	const struct brandt_dhe_pkey *pub,
	280	struct brandt_hash_code *key_material)
	281	{
	282	gcry_error_t rc;
	283	int rc2;
	284	gcry_mpi_point_t result;
	285	gcry_mpi_point_t q;
	286	gcry_mpi_t d;
	287	gcry_ctx_t ctx;
	288	gcry_sexp_t pub_sexpr;
	289	gcry_mpi_t result_x;
	290	unsigned char xbuf[256 / 8];
	291	size_t rsize;
	292
	293	/* first, extract the q = dP value from the public key */
	294	if (0 != gcry_sexp_build (&pub_sexpr, NULL,
	295	"(public-key(ecc(curve " CURVE ")(q %b)))",
	296	(int)sizeof (pub->q_y), pub->q_y))
	297	return 0;
	298	rc = gcry_mpi_ec_new (&ctx, pub_sexpr, NULL);
	299	brandt_assert_gpgerr (rc);
	300	gcry_sexp_release (pub_sexpr);
	301	q = gcry_mpi_ec_get_point ("q", ctx, 0);
	302
	303	/* second, extract the d value from our private key */
	304	brandt_mpi_scan_unsigned (&d, priv->d, sizeof (priv->d));
	305
	306	/* then call the 'multiply' function, to compute the product */
	307	result = gcry_mpi_point_new (0);
	308	gcry_mpi_ec_mul (result, d, q, ctx);
	309	gcry_mpi_point_release (q);
	310	gcry_mpi_release (d);
	311
	312	/* finally, convert point to string for hashing */
	313	result_x = gcry_mpi_new (256);
	314	rc = gcry_mpi_ec_get_affine (result_x, NULL, result, ctx);
	315	brandt_assert (0 == rc);
	316	gcry_mpi_point_release (result);
	317	gcry_ctx_release (ctx);
	318
	319	rsize = sizeof (xbuf);
	320	rc2 = gcry_mpi_get_flag (result_x, GCRYMPI_FLAG_OPAQUE);
	321	brandt_assert (0 == rc2);
	322	/* result_x can be negative here, so we do not use 'brandt_mpi_print_unsigned'
	323	* as that does not include the sign bit; x should be a 255-bit
	324	* value, so with the sign it should fit snugly into the 256-bit
	325	* xbuf */
	326	rc = gcry_mpi_print (GCRYMPI_FMT_STD, xbuf, rsize, &rsize, result_x);
	327	brandt_assert_gpgerr (rc);
	328	brandt_hash (xbuf, rsize, key_material);
	329	gcry_mpi_release (result_x);
	330	return 1;
	331	}
	332
	333	/**
	334	* @ingroup crypto
	335	* Clear memory that was used to store a private key.
	336	*
	337	* @param pk location of the key
	338	*/
	339	void
	340	brandt_ecdhe_key_clear (struct brandt_dhe_skey *pk)
	341	{
	342	memset (pk, 0, sizeof (struct brandt_dhe_skey));
	343	}