[x25519] donna function `curve25519_mult` generated different shared key

[HawkShea]

Problem

I am using Donna Functions to generate two key pair and generate shared key for both side with function curve25519_mult .But the key generated twice is not the same.

• I searched through the Internet for answer,not solved.
• I checked my own code,no bug found.
• I tested signing and verification.They are OK.

What is the problem with the code below?

Environment

• system and version (Windows 10 Professional x64)
• version of the Crypto++ library (Crypto++ 8.90, Master)
• built the library by Visual Studio 2022

Code

#include <donna.h>
#include <osrng.h>
#include <cassert>
int main()
{
static CryptoPP::AutoSeededRandomPool prng;

//Generate random private keys
unsigned char private_key1[32],private_key2[32];
prng.GenerateBlock(private_key1, 32);
prng.GenerateBlock(private_key2, 32);

//Generate public keys
unsigned char public_key1[32],public_key2[32];
CryptoPP::Donna::ed25519_publickey(public_key1, private_key1);
CryptoPP::Donna::ed25519_publickey(public_key2, private_key2);

//Generate shared key
unsigned char shared_secret1[32],shared_secret2[32];
CryptoPP::Donna::curve25519_mult(shared_secret1, private_key1, publicKey2);
CryptoPP::Donna::curve25519_mult(shared_secret2, private_key2, publicKey1);

//Assertion failed!
assert(::memcmp(shared_secret1,shared_secret2,32) == 0);
}

[HawkShea]

@noloader I'm not well versed in elliptic curve cryptography, so if this isn't a bug, can you suggest how I can get a consistent key?