Implications of misusing crypto_kx_*_session_keys by providing the matching public / private pair (or for crypto_box_easy)

[cipriancraciun]

Looking at the implementation of crypto_kx_server_session_keys, which actually relies upon crypto_scalarmult_curve25519, one could easily feed the matching private key and public key. (I.e. generate a private key, derive the public key from that, call KX with those two related values, by just doubling the public key.)

For example an attacker could feed a badly implemented server the same public key as the server's.

Would such a misuse have any implications about any of the following:

• weakening the secret key?
• yielding a very week, or useless shared secret? (in theory it could be recoverable only by the party holding the private key;)

---

And as a followup question, if using the matching public / private key pair doesn't present any problems, couldn't one just use the same approach with the underlying implementation of crypto_box_easy to encrypt something for "self"? (Granted, one could just use symmetric encryption, but just for the sake of argument.)