diff --git a/Makefile.include b/Makefile.include
index 0f46d7d82..765137095 100644
--- a/Makefile.include
+++ b/Makefile.include
@@ -49,6 +49,7 @@ CFLAGS   += $(OPTFLAGS) \
             -I$(TOP_DIR)gen \
             -I$(TOP_DIR)vendor/trezor-crypto \
             -I$(TOP_DIR)vendor/trezor-crypto/ed25519-donna \
+            -I$(TOP_DIR)vendor/trezor-crypto/curve25519-donna \
             -I$(TOP_DIR)vendor/trezor-qrenc
 
 ifdef APPVER
diff --git a/firmware/Makefile b/firmware/Makefile
index 9c60e6522..573a1b01b 100644
--- a/firmware/Makefile
+++ b/firmware/Makefile
@@ -28,6 +28,7 @@ OBJS += ../vendor/trezor-crypto/curves.o
 OBJS += ../vendor/trezor-crypto/secp256k1.o
 OBJS += ../vendor/trezor-crypto/nist256p1.o
 OBJS += ../vendor/trezor-crypto/ed25519-donna/ed25519.o
+OBJS += ../vendor/trezor-crypto/curve25519-donna/curve25519-donna.o
 OBJS += ../vendor/trezor-crypto/hmac.o
 OBJS += ../vendor/trezor-crypto/bip32.o
 OBJS += ../vendor/trezor-crypto/bip39.o
diff --git a/firmware/crypto.c b/firmware/crypto.c
index 92d6e17f4..f0d205ca9 100644
--- a/firmware/crypto.c
+++ b/firmware/crypto.c
@@ -103,25 +103,6 @@ int gpgMessageSign(HDNode *node, const uint8_t *message, size_t message_len, uin
 	return hdnode_sign_digest(node, message, signature + 1, NULL, NULL);
 }
 
-int cryptoGetECDHSessionKey(const HDNode *node, const uint8_t *peer_public_key, uint8_t *session_key)
-{
-	curve_point point;
-	const ecdsa_curve *curve = node->curve->params;
-	if (!ecdsa_read_pubkey(curve, peer_public_key, &point)) {
-		return 1;
-	}
-	bignum256 k;
-	bn_read_be(node->private_key, &k);
-	point_multiply(curve, &k, &point, &point);
-	MEMSET_BZERO(&k, sizeof(k));
-
-	session_key[0] = 0x04;
-	bn_write_be(&point.x, session_key + 1);
-	bn_write_be(&point.y, session_key + 33);
-	MEMSET_BZERO(&point, sizeof(point));
-	return 0;
-}
-
 int cryptoMessageSign(const CoinType *coin, HDNode *node, const uint8_t *message, size_t message_len, uint8_t *signature)
 {
 	SHA256_CTX ctx;
diff --git a/firmware/crypto.h b/firmware/crypto.h
index b666da376..1f211c37f 100644
--- a/firmware/crypto.h
+++ b/firmware/crypto.h
@@ -37,8 +37,6 @@ int sshMessageSign(HDNode *node, const uint8_t *message, size_t message_len, uin
 
 int gpgMessageSign(HDNode *node, const uint8_t *message, size_t message_len, uint8_t *signature);
 
-int cryptoGetECDHSessionKey(const HDNode *node, const uint8_t *peer_public_key, uint8_t *session_key);
-
 int cryptoMessageSign(const CoinType *coin, HDNode *node, const uint8_t *message, size_t message_len, uint8_t *signature);
 
 int cryptoMessageVerify(const CoinType *coin, const uint8_t *message, size_t message_len, uint32_t address_type, const uint8_t *address_raw, const uint8_t *signature);
diff --git a/firmware/fsm.c b/firmware/fsm.c
index 630485758..b352392cc 100644
--- a/firmware/fsm.c
+++ b/firmware/fsm.c
@@ -906,9 +906,10 @@ void fsm_msgGetECDHSessionKey(GetECDHSessionKey *msg)
 	const HDNode *node = fsm_getDerivedNode(curve, address_n, 5);
 	if (!node) return;
 
-	if (cryptoGetECDHSessionKey(node, msg->peer_public_key.bytes, resp->session_key.bytes) == 0) {
+	int result_size = 0;
+	if (hdnode_get_shared_key(node, msg->peer_public_key.bytes, resp->session_key.bytes, &result_size) == 0) {
 		resp->has_session_key = true;
-		resp->session_key.size = 65;
+		resp->session_key.size = result_size;
 		msg_write(MessageType_MessageType_ECDHSessionKey, resp);
 	} else {
 		fsm_sendFailure(FailureType_Failure_Other, "Error getting ECDH session key");
diff --git a/vendor/trezor-crypto b/vendor/trezor-crypto
index b05776be7..707c869fb 160000
--- a/vendor/trezor-crypto
+++ b/vendor/trezor-crypto
@@ -1 +1 @@
-Subproject commit b05776be77168738d94ef9963019abb4d80a5356
+Subproject commit 707c869fb92b78054d75f9f44789502672d5c51d