diff --git a/ChangeLog b/ChangeLog
index 23d976f3fd0d228537f9787a2010f85063feb09b..0c77dda24d31297f9d7eafc39eba27a27101075c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2015-03-18 Niels Möller <nisse@diamant.hack.org>
+
+ * eddsa-pubkey.c (_eddsa_public_key, _eddsa_public_key_itch): New
+ file, new functions.
+
2015-03-14 Niels Möller <nisse@diamant.hack.org>
* ccm.c (memeql_sec): New function, more side-channel silent than
diff --git a/Makefile.in b/Makefile.in
index abba3cd94c35cbcaf4ce34eb4bd5445a66f19b47..7362a02dc4f437e20a8dbe252513ba836ad116fc 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -179,7 +179,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \
ecc-ecdsa-verify.c ecdsa-verify.c ecdsa-keygen.c \
curve25519-mul-g.c curve25519-mul.c curve25519-eh-to-x.c \
eddsa-compress.c eddsa-decompress.c eddsa-expand.c \
- eddsa-hash.c eddsa-sign.c eddsa-verify.c \
+ eddsa-hash.c eddsa-pubkey.c eddsa-sign.c eddsa-verify.c \
ed25519-sha512-sign.c ed25519-sha512-verify.c \
$(OPT_HOGWEED_SOURCES)
diff --git a/eddsa-pubkey.c b/eddsa-pubkey.c
new file mode 100644
index 0000000000000000000000000000000000000000..d1546707eb2f1c5c47f7704e78455dfe90980fdd
--- /dev/null
+++ b/eddsa-pubkey.c
@@ -0,0 +1,56 @@
+/* eddsa-pubkey.c
+
+ Copyright (C) 2015 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "eddsa.h"
+
+#include "ecc-internal.h"
+
+mp_size_t
+_eddsa_public_key_itch (const struct ecc_curve *ecc)
+{
+ return 3*ecc->p.size + ecc->mul_g_itch;
+}
+
+void
+_eddsa_public_key (const struct ecc_curve *ecc,
+ const mp_limb_t *k, uint8_t *pub, mp_limb_t *scratch)
+{
+#define P scratch
+#define scratch_out (scratch + 3*ecc->p.size)
+ ecc->mul_g (ecc, P, k, scratch_out);
+ _eddsa_compress (ecc, pub, P, scratch_out);
+#undef P
+#undef scratch_out
+}
diff --git a/eddsa.h b/eddsa.h
index dffe5ececc21ca81c8f0f875341c9edc96d92953..b052ef8294ce446842b86eebe05bf608217c705d 100644
--- a/eddsa.h
+++ b/eddsa.h
@@ -57,6 +57,8 @@ extern "C" {
#define _eddsa_sign_itch _nettle_eddsa_sign_itch
#define _eddsa_verify _nettle_eddsa_verify
#define _eddsa_verify_itch _nettle_eddsa_verify_itch
+#define _eddsa_public_key_itch _nettle_eddsa_public_key_itch
+#define _eddsa_public_key _nettle_eddsa_public_key
#define ED25519_KEY_SIZE 32
#define ED25519_SIGNATURE_SIZE 64
@@ -159,6 +161,13 @@ _eddsa_expand_key (const struct ecc_curve *ecc,
mp_limb_t *k2,
mp_limb_t *scratch);
+mp_size_t
+_eddsa_public_key_itch (const struct ecc_curve *ecc);
+
+void
+_eddsa_public_key (const struct ecc_curve *ecc,
+ const mp_limb_t *k, uint8_t *pub, mp_limb_t *scratch);
+
#ifdef __cplusplus
}