4 void ed25519_key_exchange(unsigned char *shared_secret, const unsigned char *public_key, const unsigned char *private_key) {
20 /* copy the private key and make sure it's valid */
21 for (i = 0; i < 32; ++i) {
22 e[i] = private_key[i];
29 /* unpack the public key and convert edwards to montgomery */
30 /* due to CodesInChaos: montgomeryX = (edwardsY + 1)*inverse(1 - edwardsY) mod p */
31 fe_frombytes(x1, public_key);
33 fe_add(tmp0, x1, tmp1);
34 fe_sub(tmp1, tmp1, x1);
35 fe_invert(tmp1, tmp1);
36 fe_mul(x1, tmp0, tmp1);
44 for (pos = 254; pos >= 0; --pos) {
45 b = e[pos / 8] >> (pos & 7);
48 fe_cswap(x2, x3, swap);
49 fe_cswap(z2, z3, swap);
52 /* from montgomery.h */
63 fe_mul(x2, tmp1, tmp0);
64 fe_sub(tmp1, tmp1, tmp0);
66 fe_mul121666(z3, tmp1);
68 fe_add(tmp0, tmp0, z3);
70 fe_mul(z2, tmp1, tmp0);
73 fe_cswap(x2, x3, swap);
74 fe_cswap(z2, z3, swap);
78 fe_tobytes(shared_secret, x2);