4 void ed25519_key_exchange(unsigned char *shared_secret
, const unsigned char *public_key
, const unsigned char *private_key
) {
20 /* copy the private key and make sure it's valid */
21 for (i
= 0; i
< 32; ++i
) {
22 e
[i
] = private_key
[i
];
29 /* unpack the public key and convert edwards to montgomery */
30 /* due to CodesInChaos: montgomeryX = (edwardsY + 1)*inverse(1 - edwardsY) mod p */
31 fe_frombytes(x1
, public_key
);
33 fe_add(tmp0
, x1
, tmp1
);
34 fe_sub(tmp1
, tmp1
, x1
);
35 fe_invert(tmp1
, tmp1
);
36 fe_mul(x1
, tmp0
, tmp1
);
44 for (pos
= 254; pos
>= 0; --pos
) {
45 b
= e
[pos
/ 8] >> (pos
& 7);
48 fe_cswap(x2
, x3
, swap
);
49 fe_cswap(z2
, z3
, swap
);
52 /* from montgomery.h */
63 fe_mul(x2
, tmp1
, tmp0
);
64 fe_sub(tmp1
, tmp1
, tmp0
);
66 fe_mul121666(z3
, tmp1
);
68 fe_add(tmp0
, tmp0
, z3
);
70 fe_mul(z2
, tmp1
, tmp0
);
73 fe_cswap(x2
, x3
, swap
);
74 fe_cswap(z2
, z3
, swap
);
78 fe_tobytes(shared_secret
, x2
);