From ae9d05be046a0d60ca779f695086428e048617af Mon Sep 17 00:00:00 2001
From: Orson Peters <orsonpeters@gmail.com>
Date: Sun, 24 Mar 2013 22:37:43 +0100
Subject: [PATCH] added key exchange

---
 ed25519.dll        | Bin 98816 -> 102400 bytes
 readme.md          |  53 +++++++++++++++++++++---------
 src/ed25519.h      |   1 +
 src/key_exchange.c |  79 +++++++++++++++++++++++++++++++++++++++++++++
 test.c             |  32 ++++++++++++++++++
 5 files changed, 150 insertions(+), 15 deletions(-)
 create mode 100644 src/key_exchange.c

diff --git a/ed25519.dll b/ed25519.dll
index 3b953f63b5de46bbb610d263711410e1502501fc..2dd29d53796188a55119aa8673bdc792b19d7ad0 100644
GIT binary patch
delta 7293
zcmZu$3tUr2x}P%yjT8keV8FBucoa~IKzM`%5ENe#HLXBdq#^=70THmP){1V>dJMGK
z>E7)2x~+D5yY1H9YO%aTC8+qSueEkp>+aQ7Yp~v}-g;ZBZF2uJ3F<!h{k}8b_s#d7
zZ)Q#o>l+8H-#(~ib9i6X>}QDg?=l%S>M@CilAB;OZGAh1_U3QB7)jGrTU}#li?lUj
zB+Hg2_-+3h^MQbyY>PBby2aY0D5;YDO$r~@;tzI<M946VwQLZbI4oTSbQf5IFs^3>
zG)mgU*5SE@y^CiPJ4K;~d2$O6it&}!?`XE9*?5DHBfeyNMk#pYh)U*z^XE6%Y*j4%
z_$qrzl}a@?Seq(o<S(va=J0hwl(n+@NRF)H=9DDa`Sexh>#L(5_OmG8IQnuwd(L-E
zY)L;M#}2mSE7z<yHQes{j8f+oFrVGnQ(wW=9|uQK$<CMh+55h+Bc^)i#`3vT@0_up
z-SkZy;c^o44D?3xxf$NM+fJ4|=w^w14Ivx93uv_QXzFEE^ER0$sAy%U(}=NHR&jiL
z7$MD#@+v+BBiwN_SbVy9r@WoBV`XPo7RI$;70WuVbupW*9~=^4P4h}_ljkFAKC?N~
z!{P<dWw*8sUQ8QuY<Y5_Ek`c4<;wGI8ras_3RM_%wn8-q*;eR}A=*|Lh#}Ti7>ps_
zR>&ojY=v4323w&HL%OX{#*p>>1zV-8)sKxhX<IAn^lMZRr)~AJtglr^oU*}^zQ{k~
z1i}Fxt8XX@1c8J=#p{cL1)&C!q%YD4!XJb|U!)a8Ac%B*kxmf7AhPsDvLG}zzl46p
z&t_I7{GgasHnTe6wqjP>%>H_RSuy(~J(b=ZsF(wRsrBYy#T*Q*!C!CIC}s`NK)qS3
zn6<!y^=6%7*4fN*!Ue@F>yeHUtw%D-DwQ6oC^c%ER@NgIrO+SsQ|a^MSj7?uR1Gv<
zu>=G42b!c<G(ZD^8Wf8bXfV)p#i9eM0qUQnSY+#=oVoK#o<G<+!Y^QWL%nT}ycvyQ
zYm%EV?49_zL~PRcU!w)$6_~VTs|2A2;cv@U3&H>*-Inbyh(Hj*w(LMbWP!-BWd{pF
z143)d)(B!6h+JE?RuDQ6vMpQp{dDfg0xHjzEsLpW5V49wIk&-qcqHpN60q|^nB#uf
zvipyBJPy|PSEPFqq6^{)A5|^}ywe-zxE#iIj~~JA3?0GjLjzd&uyO30hzNF~+K>G>
z^vNI%7Ec@F2s@|b%A)JoOGCri#}NVS-J!!%bJ1ex0pXB(9ELmYhohkkXs+}PN8puO
z&m)j;!W}<_qkpqd&>Yr1EWBYFuv}ju@FxhI33uEJM@sXNML7g5n9lpx>BX3?^ada9
zxEzkn2962}@#BCFlF&6l#V9z|SSe5`ca<ARlS`su3^5L6mRedX2L@F(p!CIZpfb-N
zx`hxgekhm4<pKxzD47N&<6WUq3WC9&548ND_%trA8Q?=)2XPrPI;B7h_F|xw55+B9
zT*r$cCLkXT`B(@=D+Oq>`c{p0mwNcE>uxs=9ko)4BL(Nj<?HOC98M2iXWz+Yy6QTc
zIC>Mk^%XllI+=EU#iTKtXu?-a852jPuUIFBv)5QZh8@>fSX2^Sc8$%BDhds_2CJ2_
zx;Y2Adk?GoSJ{E6Nc!ii?8_)KwOwW7qc>5XtE@fRK#zUNZiCAHlC6%3qd{M?_c2`g
zf?dF{`wKQ?Y(6deqILe*^FuYGPPpC8^P&};U>c6Dvnc7Z({Y^5G-T6LCs>OijJBR&
zA7J>^3D##wr6nF_j)xg@f+eS=(p$%c<oV-5vg<f|2h0r~=0Xp1#&PzzF_jMYFuy-0
zBrhFfzX0>M$AtQ353}kRyA5WNhZ*K!x{k8>rt$RTQMT0-lHGRH?M83JqQTYH!xm9)
z#Qhf7{J?9@lcy=cyvcOV!AMKo137Yyf^N%^wa#ykv+Jg~xTzj1I&K9ks};3HCB{F(
zA22=gD4Uc%j;0)8HR<tTnltd9Bd@adL_<l<?el|QI>S2CN5)@0JuqwGv(_UPeuwZH
zAIA&=<cGhic`bSeLBHL{R2gGJ*YtT7nTv{Ga3d}3V_6wfhaNkIm3dLDOy6Pldd66K
z?-c9Fc#?v;jG^n)YnkE0-#jG}6}GvrS5C25uxtN`z2Fop%#5HDPO%p=6X@MT?2nmG
z(wisQDNvm!nKWTCop*>$n-CwCb#fpLPm+k4+l@KNwoVus=8suVW@>Rmdb7E5kR6^d
zCbaY5zh?7a2bq+WMwcFB=~?>F>7RJ4i~4y@Cx0SLYcTb1O#e?W>&zNM5BIVwS&?){
zFZ0cgp<7O{`0NoOEBGp7i||maeHOkL^G>kh?6}Esysej6nqQ0_m~SqKMsqkrFyUQw
zv0s~~SQOOUbsU!PM#GoL+P8{Z`uaFKogMas?0}_7(OjqksP&))GCJ!a&D{Qc2lJiy
zeB?y1MKLO|wAlVB7eVvo=KX=Cj&!ibiMi3~Jr4}MBv9eF7O3^$ss}bhd)VEHPenUW
zN$wT<9{WFwd;cR?9`BsBn6v)#Ae%5LlScKhhDoEeDG<P`k$OE|jXWj?Qu*;H+dt{4
z;QPHWI>lqulTm*!yFDpXbrut>AwQbwbArQG@a=?BSo@;I4yuPQl%oh+G3TxEL-)hR
zWNt&0#LUTje!0oKx+YG}T!pO_tN7y}+{fZ3SJ2T%*zKvIp+k?rFh3@-TG+-im-wNN
zIVOkFD}C(3<k9qE&uddc!VaP&IAX<Z(fqos;csQIy|ahKO&OhD!FLS8Lk;GO@-)hX
zzm17au5nJ`(_SY~j^<P1Owc;V^|4o{L{q7c1t6OK!w&^*xHGtm^M~0rNPKWuNU(n+
z(QufVrbf`>!))HvP(#k65;=$%YZ4D0P9lCeif$4I7Bba<pU{JD)G3FVWpXg<nL3^x
zJ0vQz`_Ln?cq{XpL!vSp53%HFX*6XotC^+`4S}EyCy>}a1IN!H&+&uR=Tp|6e>r|I
zBl;1&{owfNVyfw5=$bATJ3W#XbTP~H0_y5y?@b>~AKS-HPuH4GqA8%JYThQRhoFi$
z1TJ=qI91J!ay(}t-6NcZ1qG|n%i7b;#+b*`vR?L_c~oj9H{;!-5b98S^rCn#Hp-U4
zAiZZP$jjc@A-!z3Ifnkt!7iD#QV$E76-wWCu%H=QYICshGot9M4mLk`B&(YdNhj@P
zZ{=#(hcnbva<I-BG4!(@u17n1n3NwvcR(MC)*dL19JcsDvjjV*w8KaSHFd#&j{b0f
zIdWs@sRP34E*4=4rN2HPbYDEcCd`bYnQg+Ub!H^hcM7KmW~%A!{p{Gx7}~dAIDK!w
zaJqHBP^{Z8oW93<SafKxGv#AeGb@9R>tG+w($W5X?Ch)<x__Tg-o8&LEBl1<vVCm!
z>?j(yM|fqkBk8Di;q~-vHNDc!F3gUhZQVlgSKUH!L$^>Y>lR*}J`cT)X=Upz8FXYD
zJ7Ce#3wzlWOAP(vUZLEwS17OEE0pK%WhKvyqLCkQ8|<xTBI$^a;WczBHX7dYkcRVo
z7kaHx-tJxS@ZBI^7o@e9zuRi~X0mXuN66EYTCQr`&2-OBrO$M6&yxPN{7|ax5`NKr
z-Ov7v{<f2i&(nr&?EHte(Rdr9x|8M3(Naq%TRJBfSC?o$H9E)JNGfb);r)8YLwy^+
z<>C8W2fIFJ3bl0z4^@vyz`%fqf)3%q(7}F@S3>{XE-KX7E-LhPyNI;0ou%Y&4Ew3g
z<Ncow%CFkkr}^;>`Og*1*>JNG-G<U^#_(OQPr$|!EQyUOjdB*Bn5Y7lBQQ0vX#(>H
zmMgG8U>1P|1IrVb23VoMw7`mit$#-tySt@PE&*x1Ji&T2YjcB#g6~E!u_pZWh~I#l
zbL3#>u3gxDdt?otN|K%L??fgzG@ElFf}eHGJLOw=-RGCtMNA1zew=wvoO_=Oaq;p~
zjdvn(-s0U?sN<;X`q=GmfRcr`!7Of|7)KV)kMBMJKHvil!+k*HgAc*(mXC50_oWsZ
zxW}|0NtX+cEeLtDLpk$xP>bSl{NS^t$)A@GNofPx&MFS;mBHukS-+5Q)M^vXA_1+E
z+kkAEJRW#Lxd;ZoT49K{r}OuJKyL~;&vnFu`w#HM#qv;%7a)Kqi`!h7fGJ+D``#P=
z0S`&HBDY7>8+aYL*=?SjEucL=5Rl=vJ>H_>c;zxp9$Nf(sKF8cz%G2v=XV4Ai$m5M
z8r)6h?!0VnVhIn4AG25^uHJxjoypv;m&xOv?1@|W9OAii#2ZR7e;;`yZK&Shm&RIe
z$g#5Xv)_CC!M11-zEGdFK4Km*^nu1+3!Y}Z>u%s1F<_&`1rf9kHrRHoq`0uXYr)rH
zG?tnRauJ>&&m;&ue(!KRgulk};^S8)*X6so6kbGgp{H@atmmBob|iA!aER|W@ylP6
z(9^QTpKfka@m9&Q-qo$V)&G|t@tz|UObyv}!{Y<`Jv=Pvhuvs>zTnMG!+$ChNqBx1
zAju_VZ0KJ<qgUp#YkzGHd3F&Ld5N)uJ!iVJtgiLtzrEs{)^tC;)Oz1tAGz`KdjEwj
z?%>~W&Wx4c;k#G*-SkrDn;N{p9SWX%>|ny@UsL5^^CZa@ys_zi>#VEC=;$G#=z5hL
zI2@9@L)>nBHfw2d<F5u*5F_C@3-T%d$l3FvY8#j!(%Z_V9v`~%PJ8bn=_4Qeu4R(S
zuN%VK8eQ&JCHwwmQkbgH$12$aYo*}FhyhbS0&Z@!uUjUi3^JfL(VOgD%OvBFRlqGa
zmwUAR_6jN7KB7_zv)|(OIxu0dyWD9$+@6*`?IWz&<0~cAkh_>ndc)<m**9R${<BJH
zgkKUW(+J)tgY7N^U}u%m6ZZHjN#z^(w#$9hp0E=3&w=T;2a<c<ak+zhJd%%Bfq4ha
z&A)TGE7cz6959C@;o#i!q08OQ{e;_Dl@vCl2E6!PF866}QDZ+@B|Y`zF7SFja=CXP
zOEPI#Ed9+eRWQ(_;ODm5{i>xn->g=b`;y1bbJbD=z0_)7Q!QoEtL^r#YRNcgPlwBW
zLh?qmTpI10-sN(C>s44TJ>h%jALy_lucHV%_qyB#9+}gSp-1=H|Gr!@QqpZ7TO&Q`
z>)-8icX{R))nLA<+r9~W`cAj~-5O~uz0__0Q;n2J1NYentpFXp&mLDRr3_0)@OcQn
za-Yk+-&>|vS0L(}Jv`b(vF3x$K%(1W|N9E0vHc|1oHZ;9n*0#`<fO~J)uZXV-p6OD
zkNuscQoP+#C#k9GtbJ20QjR_Aa^H^hr2OBtQpBLk-@4pmCVCi8)k$e|SF*jR4wC8=
zxBDB7XQH)EiU{qP<#xXTH~cRTPy@)CZNE_`6%1Nyal7ZL?0>J5M%qj3rBu2;&;CX|
ztjPIp_tV}Ie_IdpKjz!xR!Y_M?mYXOE2V|)>laJ1)G+YP+_hUGs4*Gug=l=`z6#h5
ze%^3G%9j#y^)w-8783F)t}fO85^@P2(xS2S^?=wALf#ueh$fT}od$etgioiUdjOlC
zz(?~K?1@-Ha*_#I^)w;rCdf}B4P<@}YB&=LMSxj^+?kEf-xe6hr~IU6Aq4mo&@u-t
z28cxkUI+XIP@E6lpP}s#RChDx5#*h32>BI0>M!m`kofBE_mM=N03-pX0iFje1*`_F
z`=~)8Rv=pduL0fw{1&ha&;>XOI1ji4=m*>a{0N|}5*Y#r1dIek0ww_F0?Gi(0ILBn
z16~FE8n6TK0bnoS2;e-x*?`A4fO`Pd9*GPCga9G|aR7X~B$W6N6<!Pnk-<bwh7dpU
z81W}V@o$L${O2Nw3@4A1U=l(?$q1q$VI-W4L{~mRo+M8Z9f=^3WE7FfXflRGk!TV_
z#*%R)mOM@3NJY85_yx(*u&iQrNyVzN#iiAYD!@!kPEJTGsavwB`T_AmMeUM>tI5KO
zl6d||;E&Ssaz2z*Eq_6b%WH%{S>4Y|YdB+J?eeMxtLrQ3II*M}Ch7%NS6#8Fw0_A8
z6<%t2L-m@9+U1<8T3P8G5)u<qQc^epX+G2}|9N6!a-yE&bt^p2L@}&fz=!(f9$$+*
zfng|LzH&h&gv&}ROKV}dzT}0{+WI9`6$FzHf`k1Agj4b8WED>hLREFJjj<-7CIJpg
zY7+l}(hDjPCE+rOCFKh$1*Z3M^p9|$T~=DQxI);i(LZ8MUsC-@?2kmdptMee>J4H*
zsIH8ciAM;mwxWDxSp}(ET$-Ga=p9NHE~zf993YldFR35ESJspx)ApdX(qXA>m84Rs
zciu@aT?J?lS|{C-w#KX4)=BBKfgfsVY44?tFm5vbpRwF@&NMN7O=i;sf{lsIPF_gb
zVO)~FB4c&th6!Z8ho{7EP55PEUXm^a0%ttD2Gb^!Z-#%yj?DKm$z{)BSr}guKQb{g
z@vQzY`o?5ivN1I~mEc6#1+|VON79v~>kUaiCCyA;mb@rsP0A}N_LOZY@22cd*_+ar
zax&$13Qc`1H7+$RH7B(?wK??<sTWi4qz*SE8YUU$7>W%m4KEwE8g?3b45tj&4Bs1k
z(hO;NX-#SNwC!oXOFNSGdD`_fKjYKJ3}dbFMWpvj<6Fj7W3TbJ@lVE!#xIOFjQ?wl
uyl12)KhtnixGB;!)|6;6nkJgere{q>rUj;@rgf$klf8U{v~6p=`u_pq1a*%9

delta 4658
zcmZ`-30PBC7Jl!VU_`|YkiCEp1dK661kog*vMC@z7O6Ta9k;RWq9UTAfE6)Q@K~Q?
z)mmGpt#xTdfwD+s5m8xe>$F<6Y89hJ>*rQK+vd%=?*;2vhVQ%Fd;fFJf0ldhO(18V
zO-`Oo(Po#SOy5Mt`g5JJ8`P5}j?66t))ns$CX1trFMAUcQ*7}iJK16{R~W;F*@pjw
z^1e83!4`H1Ylc#GFgpvbu`YJUdm>!KGE6U==YtIyYiGh0^94c#=arC32D6#44u5CE
zzw!4vXdy0kJ5kO&v?}G4JR@URC!d=P(<o>5>C!1fql}}IdEiY*kSR&Z6<8|^A>}uq
zR2JmweHA6Me`J_~Y);V_!O19HK@ewd{sH82Pm*v02Fq1s@C}$O_f-nl8K$YOD5c<b
zZif@)&C#Ws18y+Pq<mAxY-&CLkpdZKcE16i$&~}|paGQyP+5pocKJGV$Tb7^qAU?*
zK2#QKl@(uy5jGt&LY6U1{<A)Lg$zcM!O4ufIa-ARH_q%9jPo>3M%UlkGmJ5h%cLSC
zp^i@>M8(EK+&&5`IrD?jIA<d?jq{{db~?!E?%-7xWYyfw&BUy!q$*T`XaSP7C8gcx
zk&+`l75z&ddG1%Jls^js2BRogfUc0&jqa`M`d`Jhf(A=v%+FBkKY<*-2X+CQi1Hrn
z2pB=0-i2n|ExZdULsUd}7xHoHeHTvPbkz*EhXj#N%;2h=;uvd|=!_9u-_FcJ%uuNG
zCIifHR5^h(-htngn@HFl$Q?S8$nQY)&`o4*J4C8fB)%P1;N;#82XMN78!oC+$d213
z%3&9KJN?os2*&AtG~HWtxz13a<;=!baMq0>yV_uy&Y7%lgMQ)8WL6t&(}j>B64+M)
zpSA+44<S{pqUMLKqUNSnSb|`@1ZpI3U@QEH;I$S}v#v$d{ImrohJ}#D5|}K3p)F92
zAR~ddn?=pD&7ce)miDh^K`4yilvoCZG15=02FAXT!f^=4af;jqgLn>@$J+>t$Dho_
z6xeeG$(*NoTnl2fi6Xcq*doZ_W**i8CE+U70ExwuvY->UPWIo<i|iuaNqy%$^cgdR
zkn^A&qn?%gjTlyDu8D>uojZ1o4q@Zlna1c$iXtT{(52WEo-b_-RGQmpplwM{!UiQ6
zwn7X&oAaYbvgjPNjq!DiIw!RPRTV?TCfA&UUSp$s%Q1T68u9$LorRfW14!`Kuyw2l
z!QCO8o?U?RV_o!@FNpbz<kZ<&y2mR**ZOu`<JIrnA9+o8?*-t-d66|2AbMONsc(X;
zaUR6)0_?)w(>7=x7fAw|z&=9loZa@n1+hAq-3Ez~uFf$imGV`HSJ9f|;WJPi;p>=x
z=C3&}Jp;`Vp(OYWC?bbD=3}eUYKpbCQZH>4sgqIE1@%{rkRRzwiW}i@q&HdE2p1y#
zRj08PXvHw&+&Vw8+EIQ5Skc3@M;2fmu*$io4fFxn)dGG|D%bhc<ZXj-jbEqSnCgeE
zWln5?rBMzJqo}2|g1M(Nspa4nct6V7{b2)IjuYtvPh*UA26X6|TkkaWuGeX}5cM}=
zcN)~u9^^p-7^36WEB@3UFD?x<GCeMH>oQ-O-mDjdIYp^S8#=b*<5;+x`<T9wSQ29f
z=S02#fxf6)Y&z`taLRG-rF#m^qtJH<(MwU7$L*s8G7em0ROE3z#KsIF%TB|R7$-9F
zJZy=1Llr_9u}+jx%EyNiVwo~H?qyo`Q>WkUjX1<k@dF{o-uW=?Tw3YVe&Y4ZK+hQ8
zj&q<K|G}_JwMZICNyQ2|*5NkAfESjd#qCbF@tJrpl?A;x^PyUJF@82lKMUy-9984b
zim{7_g>L{yHAWzYxy|fskiulNL?ZXIaA1Ou+7YXUs(wf)Gj8YT2PTyY=ms_EJ3(P5
z`iX(Cxei`T@F5>Ifmf_M+1Lc(vCd>}6HJZuQ|X$dtc-E!4A}}Ju<Te+ABxjY2kaoE
zbfY}|n&3+`xkK9<3-P*1E5%<ksXPPS<GiAFcA6xk7Yt5}9n;Kt)g%G~N6!loGfH~m
zJw{!zXvt?_QCvKcpAn08zws4k)}mcPtgE7(Y6Lbuln@hW<A<jwq84T;-92m>dWbq|
z`G4Ozt3j^mFYg>muvf(}jh*jY4YbAklBgPZ9`8-OYrt({Dmi-+GA8<vXcN3Y(QR}O
z+N`w2cXNs!ctrScIhw?DWX3#BO(Cp9Hwt0(5lXW{4{PAj#9`!v1{jnu$T<tI(#uPn
z$CWE2yT3QUj086l*#K)3{E15gd|_~N{v8|Ur7m^`)x{INT@P1Lx3L}!sjhZsq??01
zXK!|?24$ivgc-ca`jhZ(s$;M1T)4H(boG#L@F)H2Md~NmbX`zitrMwh>L@jMB=#cx
ztB_JhR#jW+u3PCw)PXV4pV-!kbRBq+x}dvQE7FzKijgX4XUphkpS{_(Qj9cVk~djg
zWu?xscK*;>cyE$FA+?m+>DH+(shi<Sf;%~SN(@w$)QgY`&?f1~+)68(XE&)@KBr($
zl0W+bjvCyZuh8SMKC#9>E81WZ<NU-V#u-B`t#Q667vr3f>`i7=SeZ>$W_J@DNcJa>
zYQz$JThk?Vb&W{<L5&!wKBX6VR0eS=Ix_hyE8R?)6sSWD98U2k_fCp*=TCM?cjBZ-
z$DgEhwwtLbcHM(g-0DbDIZ}G|>xZWFNwxN0`w1|m+B><GzC@)v;YKZON}(e)ni#7^
zr;Dq*bedKzIvrIFn<u|XeyoDu(%i_YDqzzb$iXU5zv)J{RzYxDT%f)R3Fs@6#~Hd~
zZ1`H^JLE*Wb`TX=OJ7L8=AidJRZx-^MH(wb#?LB6#%+}%V@4%Rd~*gFP$@?CwBk?e
zR}Su4g&3Ks0?3qn=TNGI-d}s{y(?hf6gAA69^nx205$LuV|h%{y)hrYUs64N@2396
zbHx`%`uc@meg2pO3vd62te63j?M8?8`Dlpm4ki{ZwXylvl_huD|0xeuKGvq^{w8F2
z=l_t=Yfh11zlS2RE1uyWCs%&arkgFE_(4@~KeeeY@Q0sCL7j0NTWFuJd|Yy*qlx(Z
z!$S~Ivu}UY?1yXo+oq^Uz@NUzf-y354gI>+AA4w8Bhw;?8*S+V*3^x}b(GaEW{-8V
z9f^8XICkgpCzrFqHqUYWeIEZ}IXkMyNW8Jk7K`A+FU?|I_{kZpGyg>fE9;So0`q$o
zp^!hdoOR<bWv~Nnk0Um6hebHwo!3*v0V`N{+b0Ot@39EChy*54FbK;qZ=Xfz*G&Qe
zL0-LrmDy-NvIq+l68a6IJ&se=&n-e3b>zYiSjjruK1A#mVy%R?EJsHPD_M6BHQua@
zBNpL9jF=f`rzCsqWcarfLvJK=l;5(FRmq>A{E9^M-AdL=UUbwV#PD8gSts6M6+1}2
zv&16U@*Ak5ge=y9U$BZ*$mbom2<Is1#22q(2g@Ixun3Q>B&%3=`KP6??wxyV$Bbu|
zS%g$cCn1w{C)s8EqD*!aIbOye%w#>}CX`o5@;g)>Ue4RBW<5w+Iq$og4IoA3{G`>a
zhSZnyo9O;ZIe#RJ4Yt!_F3FgX=T{ctq_uc`vM`f<Rj)?wPL@>ji?UcfNp7Ns6M1De
zs~|Z|{99`<icg#Py=zc7t%JX|hD{|(6(5|<j<U&93BoT<Qt{u-X1$z)q6J|Wx}-nJ
zIF{h3LabP-(NEcID0v>kd#pv0-{bg|YuQoqeer@YR4P~VT6Q$aoXFd*V;7N($$Zv2
zc1}v?{~e~_e+IBpjNCf>aIeK-z>(aaVPtPHOkN|NshMFuzRNIk5MPa>2*<}bzQn;G
z17W%`GX9SZY!W|vBWqu_YzZ6AmTqEYGDTd6Hr)wFS--99L$+8gE8WU!$$C$;TNrdD
zD0W1}2>;-n!QDevh8zhsjXD^H0t3Ui;dF7to{$404~L!@RXw^v+oan}WizG!ZX^fd
zx{YD{aC&37@9+abhl0ig#{@qQ5ke|MYeScg&K%9@hUhNqZ|Irp3=@ZXY1(w{2JJiA
zJ=**0wLNv+^)7mqK18q8N9hywQ}uK73-!hN{rb=KE&5CPTY9^&p<(f1Sz+75j)i?4
z_EXs7u-|C_52Yh;P!CoIs^io%)r-{mYF_=3`g`>gwK6ayFg!3iaBkq5z;^-<1~vy?
z4eYOR)%a>gXu>o}nzuCbHOn+vnt+X(Et+kbU7G!xgPLQS3Qeu%tmbRYWz9{^J<TJ{
V3k?}=JKSTqdN{-I)81uw{}(`)0O|k$

diff --git a/readme.md b/readme.md
index 37c80f2..80cc48b 100644
--- a/readme.md
+++ b/readme.md
@@ -2,24 +2,29 @@ Ed25519
 =======
 
 This is a portable implementation of [Ed25519](http://ed25519.cr.yp.to/) based
-on the SUPERCOP "ref10" implementation. All code is in the public domain.
+on the SUPERCOP "ref10" implementation. Additionally there is key exchanging
+and scalar addition included to further aid building a PKI using Ed25519. All
+code is in the public domain.
 
 All code is pure ANSI C without any dependencies, except for the random seed
-generation which uses standard OS cryptography APIs (`CryptGenRandom` on Windows, `/dev/urandom` on *nix). If you wish to be entirely
-portable define `ED25519_NO_SEED`. This disables the `ed25519_create_seed`
-function, so if your application requires key generation you must supply your
-own seeding function (which is simply a 32 byte cryptographic random number generator).
+generation which uses standard OS cryptography APIs (`CryptGenRandom` on
+Windows, `/dev/urandom` on nix). If you wish to be entirely portable define
+`ED25519_NO_SEED`. This disables the `ed25519_create_seed` function, so if your
+application requires key generation you must supply your own seeding function
+(which is simply a 256 byte cryptographic random number generator).
 
 
 Performance
 -----------
 
-On a machine with an Intel Pentium B970 @ 2.3GHz I got the following speeds (running
-on only one a single core):
+On a Windows machine with an Intel Pentium B970 @ 2.3GHz I got the following
+speeds (running on only one a single core):
 
-    Seed + key generation:             345us
-    Message signing (short message):   256us
-    Message verifying (short message): 777us
+Seed + key generation: 489us
+Message signing (short message): 251us
+Message verifying (short message): 772us
+Scalar addition: 358us
+Key exchange: 724us 
 
 The speeds on other machines may vary. Sign/verify times will be higher with
 longer messages.
@@ -33,8 +38,9 @@ Simply add all .c and .h files in the `src/` folder to your project and include
 library, only copy `ed25519.h` and define `ED25519_DLL` before importing. A
 windows DLL is pre-built.
 
-There are no defined types for seeds, private keys, public keys or signatures.
-Instead simple `unsigned char` buffers are used with the following sizes:
+There are no defined types for seeds, private keys, public keys, shared secrets
+or signatures. Instead simple `unsigned char` buffers are used with the
+following sizes:
 
 ```c
 unsigned char seed[32];
@@ -42,6 +48,7 @@ unsigned char signature[64];
 unsigned char public_key[32];
 unsigned char private_key[64];
 unsigned char scalar[32];
+unsigned char shared_secret[32];
 ```
 
 API
@@ -91,12 +98,24 @@ Adds `scalar` to the given key pair where scalar is a 32 byte buffer (possibly
 generated with `ed25519_create_seed`), generating a new key pair. You can
 calculate the public key sum without knowing the private key and vice versa by
 passing in `NULL` for the key you don't know. This is useful for enforcing
-randomness on a key pair while only knowing the public key, among other things.
-Warning: the last bit of the scalar is ignored - if comparing scalars make sure
-to clear it with `scalar[31] &= 127`.
+randomness on a key pair by a third party while only knowing the public key,
+among other things.  Warning: the last bit of the scalar is ignored - if
+comparing scalars make sure to clear it with `scalar[31] &= 127`.
+
+
+```c
+void ed25519_key_exchange(unsigned char *shared_secret,
+                          const unsigned char *public_key, const unsigned char *private_key);
+```
+
+Performs a key exchange on the given public key and private key, producing a
+shared secret. It is recommended to hash the shared secret before using it.
+`shared_secret` must be a 32 byte writable buffer where the shared secret will
+be stored.
 
 Example
 -------
+
 ```c
 unsigned char seed[32], public_key[32], private_key[64], signature[64];
 const unsigned char message[] = "TEST MESSAGE";
@@ -119,3 +138,7 @@ if (ed25519_verify(signature, message, strlen(message), public_key)) {
     printf("invalid signature\n");
 }
 ```
+
+License
+-------
+All code is in the public domain.
diff --git a/src/ed25519.h b/src/ed25519.h
index c1dc0d3..09804f7 100644
--- a/src/ed25519.h
+++ b/src/ed25519.h
@@ -28,6 +28,7 @@ void ED25519_DECLSPEC ed25519_create_keypair(unsigned char *public_key, unsigned
 void ED25519_DECLSPEC ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key, const unsigned char *private_key);
 int ED25519_DECLSPEC ed25519_verify(const unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *private_key);
 void ED25519_DECLSPEC ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, const unsigned char *scalar);
+void ED25519_DECLSPEC ed25519_key_exchange(unsigned char *shared_secret, const unsigned char *public_key, const unsigned char *private_key);
 
 
 #ifdef __cplusplus
diff --git a/src/key_exchange.c b/src/key_exchange.c
new file mode 100644
index 0000000..924da79
--- /dev/null
+++ b/src/key_exchange.c
@@ -0,0 +1,79 @@
+#include "ed25519.h"
+#include "fe.h"
+
+void ed25519_key_exchange(unsigned char *shared_secret, const unsigned char *public_key, const unsigned char *private_key) {
+	unsigned char e[32];
+	unsigned int i;
+	
+	fe x1;
+	fe x2;
+	fe z2;
+	fe x3;
+	fe z3;
+	fe tmp0;
+	fe tmp1;
+
+	int pos;
+	unsigned int swap;
+	unsigned int b;
+
+	/* copy the private key and make sure it's valid */
+	for (i = 0; i < 32; ++i) {
+		e[i] = private_key[i];
+	}
+
+	e[0] &= 248;
+	e[31] &= 63;
+	e[31] |= 64;
+
+	/* unpack the public key and convert edwards to montgomery */
+	/* due to CodesInChaos */
+	fe_frombytes(x1, public_key);
+	fe_1(tmp1);
+	fe_add(tmp0, x1, tmp1);
+	fe_sub(tmp1, tmp1, x1);
+	fe_invert(tmp1, tmp1);
+	fe_mul(x1, tmp0, tmp1);
+
+	fe_1(x2);
+	fe_0(z2);
+	fe_copy(x3, x1);
+	fe_1(z3);
+
+	swap = 0;
+	for (pos = 254; pos >= 0; --pos) {
+		b = e[pos / 8] >> (pos & 7);
+		b &= 1;
+		swap ^= b;
+		fe_cswap(x2, x3, swap);
+		fe_cswap(z2, z3, swap);
+		swap = b;
+
+		/* from montgomery.h */
+		fe_sub(tmp0, x3, z3);
+		fe_sub(tmp1, x2, z2);
+		fe_add(x2, x2, z2);
+		fe_add(z2, x3, z3);
+		fe_mul(z3, tmp0, x2);
+		fe_mul(z2, z2, tmp1);
+		fe_sq(tmp0, tmp1);
+		fe_sq(tmp1, x2);
+		fe_add(x3, z3, z2);
+		fe_sub(z2, z3, z2);
+		fe_mul(x2, tmp1, tmp0);
+		fe_sub(tmp1, tmp1, tmp0);
+		fe_sq(z2, z2);
+		fe_mul121666(z3, tmp1);
+		fe_sq(x3, x3);
+		fe_add(tmp0, tmp0, z3);
+		fe_mul(z3, x1, z2);
+		fe_mul(z2, tmp1, tmp0);
+	}
+
+	fe_cswap(x2, x3, swap);
+	fe_cswap(z2, z3, swap);
+
+	fe_invert(z2, z2);
+	fe_mul(x2, x2, z2);
+	fe_tobytes(shared_secret, x2);
+}
diff --git a/test.c b/test.c
index 3230dc0..ec1eeef 100644
--- a/test.c
+++ b/test.c
@@ -14,6 +14,8 @@ const char message[] = "Hello, world!";
 
 int main(int argc, char *argv[]) {
     unsigned char public_key[32], private_key[64], seed[32], scalar[32];
+	unsigned char other_public_key[32], other_private_key[64];
+	unsigned char shared_secret[32], other_shared_secret[32];
     unsigned char signature[64];
 
 	clock_t start;
@@ -56,6 +58,27 @@ int main(int argc, char *argv[]) {
         printf("correctly detected signature change\n");
     }
 
+	/* generate two keypairs for testing key exchange */
+	ed25519_create_seed(seed);
+	ed25519_create_keypair(public_key, private_key, seed);
+	ed25519_create_seed(seed);
+	ed25519_create_keypair(other_public_key, other_private_key, seed);
+
+	/* create two shared secrets - from both perspectives - and check if they're equal */
+	ed25519_key_exchange(shared_secret, other_public_key, private_key);
+	ed25519_key_exchange(other_shared_secret, public_key, other_private_key);
+
+	for (i = 0; i < 32; ++i) {
+		if (shared_secret[i] != other_shared_secret[i]) {
+			printf("key exchange was incorrect\n");
+			break;
+		}
+	}
+
+	if (i == 32) {
+		printf("key exchange was correct\n");
+	}
+
     /* test performance */
     printf("testing key generation performance: ");
     start = clock();
@@ -93,6 +116,15 @@ int main(int argc, char *argv[]) {
     }
     end = clock();
 
+    printf("%fus per signature\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000);
+
+	printf("testing key exchange performance: ");
+    start = clock();
+    for (i = 0; i < 10000; ++i) {
+        ed25519_key_exchange(shared_secret, other_public_key, private_key);
+    }
+    end = clock();
+
     printf("%fus per signature\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000);
 
     return 0;