private static void EncodePoint(PointAccum p, byte[] r, int rOff)
{
int[] x = X25519Field.Create();
int[] y = X25519Field.Create();
X25519Field.Inv(p.z, y);
X25519Field.Mul(p.x, y, x);
X25519Field.Mul(p.y, y, y);
X25519Field.Normalize(x);
X25519Field.Normalize(y);
X25519Field.Encode(y, r, rOff);
r[rOff + PointBytes - 1] |= (byte)((x[0] & 1) << 7);
}
private byte[] ConvertEdPublicKeyToMontgomery(byte[] edPublicKey)
{
int[] x = X25519Field.Create();
int[] oneMinusY = X25519Field.Create();
int[] aY = new int[X25519Field.Size];
X25519Field.Decode(edPublicKey, 0, aY);
X25519Field.One(oneMinusY);
X25519Field.Sub(oneMinusY, aY, oneMinusY);
X25519Field.One(x);
X25519Field.Add(x, aY, x);
X25519Field.Inv(oneMinusY, oneMinusY);
X25519Field.Mul(x, oneMinusY, x);
byte[] xpublicKey = new byte[X25519PublicKeyParameters.KeySize];
X25519Field.Encode(x, xpublicKey, 0);
// UPDATE: the reality of the situation is that it's OK to check if it works, because the vast, vast majority work right off the bat, and it takes very little time to generate
// I have no idea, but it has always worked....: I am very unhappy with it (tested 1m times, didn't fail). But since I don't trust it, I check it too (when it is possible)
if (xpublicKey[X25519PublicKeyParameters.KeySize - 1] >= 128)
{
// Take off 128
xpublicKey[X25519PublicKeyParameters.KeySize - 1] -= 128;
// We need to add 19 as well...
xpublicKey[0] = (byte)((xpublicKey[0] + 19) % 256);
if (xpublicKey[0] < 19)
{
int index = 0;
while (true)
{
index++;
if (xpublicKey[index] != 255)
{
xpublicKey[index] += 1;
break;
}
xpublicKey[index] = 0;
}
}
}
return(xpublicKey);
}