I would like to have a public wrapper to the ex_mul_point function which needs
to extract the private value and the context from the given private key, get the
other point from the s-expression, run gcry_mpi_ex_mul_point and then return the
result in some new s-expression (or mpi-value). Given such a function, it would
be possible to implement ECDH or ECDHE with the libgcrypt API --- without having
to rewrite the critical EC multiplication operations...

I've committed a testcase and a clean version of the GNUnet wrapper
around the ECC function I would like to see in libgcrypt. If you look at
https://gnunet.org/svn/util/crypto_ecc.c at the bottom,
there is now a 'FIXME-WK' in a function which gives the full context of
what I want to do. There is also a "test_crypto_ecc.c" which runs a
minimal test for the ECDH key exchange (non-ephemeral variant) that I
want to have. It currently passes as the #if 0-code's #else branch sets
all ECDH-generated keys to a fixed constant, which is of course not
secure at all / totally broken.