-#else
- gcry_mpi_point_t result;
- gcry_mpi_point_t q;
- gcry_mpi_t d;
- gcry_ctx_t ctx;
- gcry_sexp_t pub_sexpr;
- gcry_mpi_t result_x;
- unsigned char xbuf[256 / 8];
- size_t rsize;
-
- BENCHMARK_START (ecc_ecdh);
-
- /* first, extract the q = dP value from the public key */
- if (0 != gcry_sexp_build (&pub_sexpr,
- NULL,
- "(public-key(ecc(curve " CURVE ")(q %b)))",
- (int) sizeof(pub->q_y),
- pub->q_y))
- return GNUNET_SYSERR;
- GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL));
- gcry_sexp_release (pub_sexpr);
- q = gcry_mpi_ec_get_point ("q", ctx, 0);
-
- /* second, extract the d value from our private key */
- GNUNET_CRYPTO_mpi_scan_unsigned (&d, priv->d, sizeof(priv->d));
-
- /* then call the 'multiply' function, to compute the product */
- result = gcry_mpi_point_new (0);
- gcry_mpi_ec_mul (result, d, q, ctx);
- gcry_mpi_point_release (q);
- gcry_mpi_release (d);
-
- /* finally, convert point to string for hashing */
- result_x = gcry_mpi_new (256);
- if (gcry_mpi_ec_get_affine (result_x, NULL, result, ctx))
- {
- LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "get_affine failed", 0);
- gcry_mpi_point_release (result);
- gcry_ctx_release (ctx);
- return GNUNET_SYSERR;
- }
- gcry_mpi_point_release (result);
- gcry_ctx_release (ctx);
-
- rsize = sizeof(xbuf);
- GNUNET_assert (! gcry_mpi_get_flag (result_x, GCRYMPI_FLAG_OPAQUE));
- /* result_x can be negative here, so we do not use 'GNUNET_CRYPTO_mpi_print_unsigned'
- as that does not include the sign bit; x should be a 255-bit
- value, so with the sign it should fit snugly into the 256-bit
- xbuf */
- GNUNET_assert (
- 0 == gcry_mpi_print (GCRYMPI_FMT_STD, xbuf, rsize, &rsize, result_x));
- GNUNET_CRYPTO_hash (xbuf, rsize, key_material);
- gcry_mpi_release (result_x);
- BENCHMARK_END (ecc_ecdh);
- return GNUNET_OK;
-#endif