crypto_sign_ed25519_pk_to_x25519_pk static method
Converts Ed25519 public/verifying key to Curve25519 public key. Xmont = (1 + Yed)/(1 - Yed) mod p
Implementation
static int crypto_sign_ed25519_pk_to_x25519_pk(
Uint8List x25519_pk, Uint8List ed25519_pk) {
final z = Uint8List(32);
final q = List<Int32List>.generate(4, (_) => Int32List(16));
final a = Int32List(16);
final b = Int32List(16);
if (TweetNaCl._unpackneg(q, ed25519_pk) != 0) return -1;
final y = q[1];
// b = 1 + Yed
TweetNaCl._A(a, TweetNaCl._gf1, y);
// b = 1 - Yed
TweetNaCl._Z(b, TweetNaCl._gf1, y);
// b = inv(b)
TweetNaCl._inv25519(b, 0, b, 0);
// a = a * inv(b) i.e. a / b
TweetNaCl._M(a, a, b);
TweetNaCl._pack25519(z, a, 0);
for (var i = 0; i < 32; i++) {
x25519_pk[i] = z[i];
}
return 0;
}