rand.c: Show keyword argument as optional.

[catacomb-python] / pubkey.c
diff --git a/pubkey.c b/pubkey.c

index 50fa78c1b8af70d51c623720bd2daa91bf11beb0..5680429c1a410cd81ee5724078a9b8abcf5b99be 100644 (file)
--- a/pubkey.c
+++ b/pubkey.c
@@ -54,26 +54,39 @@ static void dsa_pydealloc(PyObject *me)
  }
  
  static PyObject *dsa_setup(PyTypeObject *ty, PyObject *G, PyObject *u,
  }
  
  static PyObject *dsa_setup(PyTypeObject *ty, PyObject *G, PyObject *u,
-                          PyObject *p, PyObject *rng, PyObject *hash)
+                          PyObject *p, PyObject *rng, PyObject *hash,
+                          void (*calcpub)(group *, ge *, mp *))
  {
    dsa_pyobj *g;
  {
    dsa_pyobj *g;
+  ge *pp;
  
    g = PyObject_New(dsa_pyobj, ty);
  
    g = PyObject_New(dsa_pyobj, ty);
-  if (GROUP_G(G) != GE_G(p) && !group_samep(GROUP_G(G), GE_G(p)))
-    TYERR("public key not from group");
+  if (p) Py_INCREF(p);
    if (!u) {
      g->d.u = 0;
      u = Py_None;
    if (!u) {
      g->d.u = 0;
      u = Py_None;
-  } else if ((g->d.u = getmp(u)) == 0)
-    goto end;
+  } else {
+    if ((g->d.u = getmp(u)) == 0)
+      goto end;
+    if (MP_PYCHECK(u)) Py_INCREF(u);
+    else u = mp_pywrap(g->d.u);
+  }
+  if (!p) {
+    assert(g->d.u); assert(calcpub);
+    pp = G_CREATE(GROUP_G(G));
+    calcpub(GROUP_G(G), pp, g->d.u);
+    p = ge_pywrap(G, pp);
+  } else if (GROUP_G(G) != GE_G(p) && !group_samep(GROUP_G(G), GE_G(p)))
+    TYERR("public key not from group");
    g->d.g = GROUP_G(G);
    g->d.p = GE_X(p);
    g->d.r = GRAND_R(rng);
    g->d.h = GCHASH_CH(hash);
    g->d.g = GROUP_G(G);
    g->d.p = GE_X(p);
    g->d.r = GRAND_R(rng);
    g->d.h = GCHASH_CH(hash);
-  g->G = G; Py_INCREF(G); g->u = u; Py_INCREF(u); g->p = p; Py_INCREF(p);
+  g->G = G; Py_INCREF(G); g->u = u; g->p = p;
    g->rng = rng; Py_INCREF(rng); g->hash = hash; Py_INCREF(hash);
    return ((PyObject *)g);
  end:
    g->rng = rng; Py_INCREF(rng); g->hash = hash; Py_INCREF(hash);
    return ((PyObject *)g);
  end:
+  if (p) Py_DECREF(p);
    FREEOBJ(g);
    return (0);
  }
    FREEOBJ(g);
    return (0);
  }
@@ -81,17 +94,16 @@ end:
  static PyObject *dsapub_pynew(PyTypeObject *ty,
                               PyObject *arg, PyObject *kw)
  {
  static PyObject *dsapub_pynew(PyTypeObject *ty,
                               PyObject *arg, PyObject *kw)
  {
-  PyObject *G, *p, *u = 0, *rng = rand_pyobj, *hash = sha_pyobj;
+  PyObject *G, *p, *rng = rand_pyobj, *hash = sha_pyobj;
    PyObject *rc = 0;
    PyObject *rc = 0;
-  char *kwlist[] = { "G", "p", "u", "hash", "rng", 0 };
+  static const char *const kwlist[] = { "G", "p", "hash", "rng", 0 };
  
  
-  if (!PyArg_ParseTupleAndKeywords(arg, kw, "O!O!|OO!O!:new", kwlist,
+  if (!PyArg_ParseTupleAndKeywords(arg, kw, "O!O!|O!O!:new", KWLIST,
                                    group_pytype, &G,
                                    ge_pytype, &p,
                                    group_pytype, &G,
                                    ge_pytype, &p,
-                                  &u,
                                    gchash_pytype, &hash,
                                    grand_pytype, &rng) ||
                                    gchash_pytype, &hash,
                                    grand_pytype, &rng) ||
-      (rc = dsa_setup(dsapub_pytype, G, u, p, rng, hash)) == 0)
+      (rc = dsa_setup(dsapub_pytype, G, 0, p, rng, hash, 0)) == 0)
      goto end;
  end:
    return (rc);
      goto end;
  end:
    return (rc);
@@ -100,7 +112,7 @@ end:
  static PyObject *dsameth_beginhash(PyObject *me, PyObject *arg)
  {
    if (!PyArg_ParseTuple(arg, ":beginhash")) return (0);
  static PyObject *dsameth_beginhash(PyObject *me, PyObject *arg)
  {
    if (!PyArg_ParseTuple(arg, ":beginhash")) return (0);
-  return (ghash_pywrap(DSA_HASH(me), gdsa_beginhash(DSA_D(me)), f_freeme));
+  return (ghash_pywrap(DSA_HASH(me), gdsa_beginhash(DSA_D(me))));
  }
  
  static PyObject *dsameth_endhash(PyObject *me, PyObject *arg)
  }
  
  static PyObject *dsameth_endhash(PyObject *me, PyObject *arg)
@@ -123,9 +135,9 @@ static PyObject *dsameth_sign(PyObject *me, PyObject *arg, PyObject *kw)
    Py_ssize_t n;
    mp *k = 0;
    PyObject *rc = 0;
    Py_ssize_t n;
    mp *k = 0;
    PyObject *rc = 0;
-  char *kwlist[] = { "msg", "k", 0 };
+  static const char *const kwlist[] = { "msg", "k", 0 };
  
  
-  if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#|O&:sign", kwlist,
+  if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#|O&:sign", KWLIST,
                                    &p, &n, convmp, &k))
      goto end;
    if (n != DSA_D(me)->h->hashsz)
                                    &p, &n, convmp, &k))
      goto end;
    if (n != DSA_D(me)->h->hashsz)
@@ -156,20 +168,22 @@ end:
    return (rc);
  }
  
    return (rc);
  }
  
+static void dsa_calcpub(group *g, ge *p, mp *u) { G_EXP(g, p, g->g, u); }
+
  static PyObject *dsapriv_pynew(PyTypeObject *ty,
                                PyObject *arg, PyObject *kw)
  {
  static PyObject *dsapriv_pynew(PyTypeObject *ty,
                                PyObject *arg, PyObject *kw)
  {
-  PyObject *G, *p, *u = Py_None, *rng = rand_pyobj, *hash = sha_pyobj;
+  PyObject *G, *p = 0, *u, *rng = rand_pyobj, *hash = sha_pyobj;
    PyObject *rc = 0;
    PyObject *rc = 0;
-  char *kwlist[] = { "G", "p", "u", "hash", "rng", 0 };
+  static const char *const kwlist[] = { "G", "u", "p", "hash", "rng", 0 };
  
  
-  if (!PyArg_ParseTupleAndKeywords(arg, kw, "O!O!O|O!O!:new", kwlist,
+  if (!PyArg_ParseTupleAndKeywords(arg, kw, "O!O|O!O!O!:new", KWLIST,
                                    group_pytype, &G,
                                    group_pytype, &G,
-                                  ge_pytype, &p,
                                    &u,
                                    &u,
+                                  ge_pytype, &p,
                                    gchash_pytype, &hash,
                                    grand_pytype, &rng) ||
                                    gchash_pytype, &hash,
                                    grand_pytype, &rng) ||
-      (rc = dsa_setup(dsapriv_pytype, G, u, p, rng, hash)) == 0)
+      (rc = dsa_setup(dsapriv_pytype, G, u, p, rng, hash, dsa_calcpub)) == 0)
      goto end;
  end:
    return (rc);
      goto end;
  end:
    return (rc);
@@ -186,7 +200,7 @@ static PyMethodDef dsapub_pymethods[] = {
  
  static PyMethodDef dsapriv_pymethods[] = {
  #define METHNAME(name) dsameth_##name
  
  static PyMethodDef dsapriv_pymethods[] = {
  #define METHNAME(name) dsameth_##name
-  KWMETH(sign,                 "D.sign(MSG, k = K) -> R, S")
+  KWMETH(sign,                 "D.sign(MSG, [k = K]) -> R, S")
  #undef METHNAME
    { 0 }
  };
  #undef METHNAME
    { 0 }
  };
@@ -233,7 +247,7 @@ static PyTypeObject dsapub_pytype_skel = {
      Py_TPFLAGS_BASETYPE,
  
    /* @tp_doc@ */
      Py_TPFLAGS_BASETYPE,
  
    /* @tp_doc@ */
-"DSA public key information.",
+"DSAPub(GROUP, P, [hash = sha], [rng = rand]): DSA public key.",
  
    0,                                   /* @tp_traverse@ */
    0,                                   /* @tp_clear@ */
  
    0,                                   /* @tp_traverse@ */
    0,                                   /* @tp_clear@ */
@@ -281,7 +295,7 @@ static PyTypeObject dsapriv_pytype_skel = {
      Py_TPFLAGS_BASETYPE,
  
    /* @tp_doc@ */
      Py_TPFLAGS_BASETYPE,
  
    /* @tp_doc@ */
-"DSA private key information.",
+"DSAPriv(GROUP, U, [p = u G], [hash = sha], [rng = rand]): DSA private key.",
  
    0,                                   /* @tp_traverse@ */
    0,                                   /* @tp_clear@ */
  
    0,                                   /* @tp_traverse@ */
    0,                                   /* @tp_clear@ */
@@ -307,36 +321,43 @@ static PyTypeObject dsapriv_pytype_skel = {
  static PyObject *kcdsapub_pynew(PyTypeObject *ty,
                                 PyObject *arg, PyObject *kw)
  {
  static PyObject *kcdsapub_pynew(PyTypeObject *ty,
                                 PyObject *arg, PyObject *kw)
  {
-  PyObject *G, *p, *u = 0, *rng = rand_pyobj, *hash = has160_pyobj;
+  PyObject *G, *p, *rng = rand_pyobj, *hash = has160_pyobj;
    PyObject *rc = 0;
    PyObject *rc = 0;
-  char *kwlist[] = { "G", "p", "u", "hash", "rng", 0 };
+  static const char *const kwlist[] = { "G", "p", "hash", "rng", 0 };
  
  
-  if (!PyArg_ParseTupleAndKeywords(arg, kw, "O!O!O|O!O!:new", kwlist,
+  if (!PyArg_ParseTupleAndKeywords(arg, kw, "O!O!|O!O!:new", KWLIST,
                                    group_pytype, &G,
                                    ge_pytype, &p,
                                    group_pytype, &G,
                                    ge_pytype, &p,
-                                  &u,
                                    gchash_pytype, &hash,
                                    grand_pytype, &rng) ||
                                    gchash_pytype, &hash,
                                    grand_pytype, &rng) ||
-      (rc = dsa_setup(kcdsapub_pytype, G, u, p, rng, hash)) == 0)
+      (rc = dsa_setup(kcdsapub_pytype, G, 0, p, rng, hash, 0)) == 0)
      goto end;
  end:
    return (rc);
  }
  
      goto end;
  end:
    return (rc);
  }
  
+static void kcdsa_calcpub(group *g, ge *p, mp *u)
+{
+  mp *uinv = mp_modinv(MP_NEW, u, g->r);
+  G_EXP(g, p, g->g, uinv);
+  mp_drop(uinv);
+}
+
  static PyObject *kcdsapriv_pynew(PyTypeObject *ty,
                                  PyObject *arg, PyObject *kw)
  {
  static PyObject *kcdsapriv_pynew(PyTypeObject *ty,
                                  PyObject *arg, PyObject *kw)
  {
-  PyObject *G, *p, *u = Py_None, *rng = rand_pyobj, *hash = has160_pyobj;
+  PyObject *G, *u, *p = 0, *rng = rand_pyobj, *hash = has160_pyobj;
    PyObject *rc = 0;
    PyObject *rc = 0;
-  char *kwlist[] = { "G", "p", "u", "hash", "rng", 0 };
+  static const char *const kwlist[] = { "G", "u", "p", "hash", "rng", 0 };
  
  
-  if (!PyArg_ParseTupleAndKeywords(arg, kw, "O!O!|OO!O!:new", kwlist,
+  if (!PyArg_ParseTupleAndKeywords(arg, kw, "O!O|O!O!O!:new", KWLIST,
                                    group_pytype, &G,
                                    group_pytype, &G,
-                                  ge_pytype, &p,
                                    &u,
                                    &u,
+                                  ge_pytype, &p,
                                    gchash_pytype, &hash,
                                    grand_pytype, &rng) ||
                                    gchash_pytype, &hash,
                                    grand_pytype, &rng) ||
-      (rc = dsa_setup(kcdsapriv_pytype, G, u, p, rng, hash)) == 0)
+      (rc = dsa_setup(kcdsapriv_pytype, G, u, p,
+                     rng, hash, kcdsa_calcpub)) == 0)
      goto end;
  end:
    return (rc);
      goto end;
  end:
    return (rc);
@@ -345,7 +366,7 @@ end:
  static PyObject *kcdsameth_beginhash(PyObject *me, PyObject *arg)
  {
    if (!PyArg_ParseTuple(arg, ":beginhash")) return (0);
  static PyObject *kcdsameth_beginhash(PyObject *me, PyObject *arg)
  {
    if (!PyArg_ParseTuple(arg, ":beginhash")) return (0);
-  return (ghash_pywrap(DSA_HASH(me), gkcdsa_beginhash(DSA_D(me)), f_freeme));
+  return (ghash_pywrap(DSA_HASH(me), gkcdsa_beginhash(DSA_D(me))));
  }
  
  static PyObject *kcdsameth_endhash(PyObject *me, PyObject *arg)
  }
  
  static PyObject *kcdsameth_endhash(PyObject *me, PyObject *arg)
@@ -368,9 +389,9 @@ static PyObject *kcdsameth_sign(PyObject *me, PyObject *arg, PyObject *kw)
    Py_ssize_t n;
    mp *k = 0;
    PyObject *r = 0, *rc = 0;
    Py_ssize_t n;
    mp *k = 0;
    PyObject *r = 0, *rc = 0;
-  char *kwlist[] = { "msg", "k", 0 };
+  static const char *const kwlist[] = { "msg", "k", 0 };
  
  
-  if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#|O&:sign", kwlist,
+  if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#|O&:sign", KWLIST,
                                    &p, &n, convmp, &k))
      goto end;
    if (n != DSA_D(me)->h->hashsz)
                                    &p, &n, convmp, &k))
      goto end;
    if (n != DSA_D(me)->h->hashsz)
@@ -416,7 +437,7 @@ static PyMethodDef kcdsapub_pymethods[] = {
  
  static PyMethodDef kcdsapriv_pymethods[] = {
  #define METHNAME(name) kcdsameth_##name
  
  static PyMethodDef kcdsapriv_pymethods[] = {
  #define METHNAME(name) kcdsameth_##name
-  KWMETH(sign,                 "D.sign(MSG, k = K) -> R, S")
+  KWMETH(sign,                 "D.sign(MSG, [k = K]) -> R, S")
  #undef METHNAME
    { 0 }
  };
  #undef METHNAME
    { 0 }
  };
@@ -446,7 +467,7 @@ static PyTypeObject kcdsapub_pytype_skel = {
      Py_TPFLAGS_BASETYPE,
  
    /* @tp_doc@ */
      Py_TPFLAGS_BASETYPE,
  
    /* @tp_doc@ */
-"KCDSA public key information.",
+"KCDSAPub(GROUP, P, [hash = sha], [rng = rand]): KCDSA public key.",
  
    0,                                   /* @tp_traverse@ */
    0,                                   /* @tp_clear@ */
  
    0,                                   /* @tp_traverse@ */
    0,                                   /* @tp_clear@ */
@@ -494,7 +515,7 @@ static PyTypeObject kcdsapriv_pytype_skel = {
      Py_TPFLAGS_BASETYPE,
  
    /* @tp_doc@ */
      Py_TPFLAGS_BASETYPE,
  
    /* @tp_doc@ */
-"KCDSA private key information.",
+"KCDSAPriv(GROUP, U, [p = u G], [hash = sha], [rng = rand]): KCDSA private key.",
  
    0,                                   /* @tp_traverse@ */
    0,                                   /* @tp_clear@ */
  
    0,                                   /* @tp_traverse@ */
    0,                                   /* @tp_clear@ */
@@ -548,9 +569,9 @@ static PyObject *rsapub_pynew(PyTypeObject *ty,
  {
    rsa_pub rp = { 0 };
    rsapub_pyobj *o;
  {
    rsa_pub rp = { 0 };
    rsapub_pyobj *o;
-  char *kwlist[] = { "n", "e", 0 };
+  static const char *const kwlist[] = { "n", "e", 0 };
  
  
-  if (!PyArg_ParseTupleAndKeywords(arg, kw, "O&O&:new", kwlist,
+  if (!PyArg_ParseTupleAndKeywords(arg, kw, "O&O&:new", KWLIST,
                                    convmp, &rp.n, convmp, &rp.e))
      goto end;
    if (!MP_ODDP(rp.n)) VALERR("RSA modulus must be even");
                                    convmp, &rp.n, convmp, &rp.e))
      goto end;
    if (!MP_ODDP(rp.n)) VALERR("RSA modulus must be even");
@@ -615,10 +636,10 @@ static PyObject *rsapriv_pynew(PyTypeObject *ty,
  {
    rsa_priv rp = { 0 };
    PyObject *rng = Py_None;
  {
    rsa_priv rp = { 0 };
    PyObject *rng = Py_None;
-  char *kwlist[] =
+  static const char *const kwlist[] =
      { "n", "e", "d", "p", "q", "dp", "dq", "q_inv", "rng", 0 };
  
      { "n", "e", "d", "p", "q", "dp", "dq", "q_inv", "rng", 0 };
  
-  if (!PyArg_ParseTupleAndKeywords(arg, kw, "|O&O&O&O&O&O&O&O&O:new", kwlist,
+  if (!PyArg_ParseTupleAndKeywords(arg, kw, "|O&O&O&O&O&O&O&O&O:new", KWLIST,
                                    convmp, &rp.n, convmp, &rp.e,
                                    convmp, &rp.d,
                                    convmp, &rp.p, convmp, &rp.q,
                                    convmp, &rp.n, convmp, &rp.e,
                                    convmp, &rp.d,
                                    convmp, &rp.p, convmp, &rp.q,
@@ -628,7 +649,7 @@ static PyObject *rsapriv_pynew(PyTypeObject *ty,
      goto end;
    if ((rp.n && !MP_ODDP(rp.n)) ||
        (rp.p && !MP_ODDP(rp.p)) ||
      goto end;
    if ((rp.n && !MP_ODDP(rp.n)) ||
        (rp.p && !MP_ODDP(rp.p)) ||
-      (rp.p && !MP_ODDP(rp.q)))
+      (rp.q && !MP_ODDP(rp.q)))
      VALERR("RSA modulus and factors must be odd");
    if (rsa_recover(&rp)) VALERR("couldn't construct private key");
    if (rng != Py_None && !GRAND_PYCHECK(rng))
      VALERR("RSA modulus and factors must be odd");
    if (rsa_recover(&rp)) VALERR("couldn't construct private key");
    if (rng != Py_None && !GRAND_PYCHECK(rng))
@@ -690,9 +711,9 @@ static PyObject *rsameth_privop(PyObject *me, PyObject *arg, PyObject *kw)
    PyObject *rng = RSA_RNG(me);
    mp *x = 0;
    PyObject *rc = 0;
    PyObject *rng = RSA_RNG(me);
    mp *x = 0;
    PyObject *rc = 0;
-  char *kwlist[] = { "x", "rng", 0 };
+  static const char *const kwlist[] = { "x", "rng", 0 };
  
  
-  if (!PyArg_ParseTupleAndKeywords(arg, kw, "O&|O:privop", kwlist,
+  if (!PyArg_ParseTupleAndKeywords(arg, kw, "O&|O:privop", KWLIST,
                                    convmp, &x, &rng))
      goto end;
    if (rng != Py_None && !GRAND_PYCHECK(rng))
                                    convmp, &x, &rng))
      goto end;
    if (rng != Py_None && !GRAND_PYCHECK(rng))
@@ -711,19 +732,27 @@ static PyObject *meth__RSAPriv_generate(PyObject *me,
    unsigned nbits;
    unsigned n = 0;
    rsa_priv rp;
    unsigned nbits;
    unsigned n = 0;
    rsa_priv rp;
-  pgev evt = { 0 };
-  char *kwlist[] = { "class", "nbits", "event", "rng", "nsteps", 0 };
+  mp *e = 0;
+  struct excinfo exc = EXCINFO_INIT;
+  pypgev evt = { { 0 } };
+  static const char *const kwlist[] =
+    { "class", "nbits", "event", "rng", "nsteps", "e", 0 };
    PyObject *rc = 0;
  
    PyObject *rc = 0;
  
-  if (!PyArg_ParseTupleAndKeywords(arg, kw, "OO&|O&O&O&:generate", kwlist,
+  evt.exc = &exc;
+  if (!PyArg_ParseTupleAndKeywords(arg, kw, "OO&|O&O&O&O&:generate", KWLIST,
                                    &me, convuint, &nbits, convpgev, &evt,
                                    &me, convuint, &nbits, convpgev, &evt,
-                                  convgrand, &r, convuint, &n))
+                                  convgrand, &r, convuint, &n,
+                                  convmp, &e))
      goto end;
      goto end;
-  if (rsa_gen(&rp, nbits, r, n, evt.proc, evt.ctx))
-    PGENERR;
+  if (e) MP_COPY(e);
+  else e = mp_fromulong(MP_NEW, 65537);
+  if (rsa_gen_e(&rp, nbits, e, r, n, evt.ev.proc, evt.ev.ctx))
+    PGENERR(&exc);
    rc = rsapriv_pywrap(&rp);
  end:
    droppgev(&evt);
    rc = rsapriv_pywrap(&rp);
  end:
    droppgev(&evt);
+  mp_drop(e);
    return (rc);
  }
  
    return (rc);
  }
  
@@ -757,7 +786,7 @@ static PyGetSetDef rsapriv_pygetset[] = {
  
  static PyMethodDef rsapriv_pymethods[] = {
  #define METHNAME(name) rsameth_##name
  
  static PyMethodDef rsapriv_pymethods[] = {
  #define METHNAME(name) rsameth_##name
-  KWMETH(privop,               "R.privop(X, rng = None) -> X^D (mod N)")
+  KWMETH(privop,               "R.privop(X, [rng = None]) -> X^D (mod N)")
  #undef METHNAME
    { 0 }
  };
  #undef METHNAME
    { 0 }
  };
@@ -787,7 +816,7 @@ static PyTypeObject rsapub_pytype_skel = {
      Py_TPFLAGS_BASETYPE,
  
    /* @tp_doc@ */
      Py_TPFLAGS_BASETYPE,
  
    /* @tp_doc@ */
-"RSA public key information.",
+"RSAPub(N, E): RSA public key.",
  
    0,                                   /* @tp_traverse@ */
    0,                                   /* @tp_clear@ */
  
    0,                                   /* @tp_traverse@ */
    0,                                   /* @tp_clear@ */
@@ -835,7 +864,8 @@ static PyTypeObject rsapriv_pytype_skel = {
      Py_TPFLAGS_BASETYPE,
  
    /* @tp_doc@ */
      Py_TPFLAGS_BASETYPE,
  
    /* @tp_doc@ */
-"RSA private key information.",
+"RSAPriv(..., [rng = rand]): RSA private key.\n\
+  Keywords: n, e, d, p, q, dp, dq, q_inv; must provide enough",
  
    0,                                   /* @tp_traverse@ */
    0,                                   /* @tp_clear@ */
  
    0,                                   /* @tp_traverse@ */
    0,                                   /* @tp_clear@ */
@@ -871,10 +901,10 @@ static PyObject *meth__p1crypt_encode(PyObject *me,
    octet *b = 0;
    size_t sz;
    mp *x;
    octet *b = 0;
    size_t sz;
    mp *x;
-  char *kwlist[] = { "msg", "nbits", "ep", "rng", 0 };
+  static const char *const kwlist[] = { "msg", "nbits", "ep", "rng", 0 };
  
    p1.r = &rand_global; ep = 0; epsz = 0;
  
    p1.r = &rand_global; ep = 0; epsz = 0;
-  if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&|s#O&:encode", kwlist,
+  if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&|s#O&:encode", KWLIST,
                                    &m, &msz, convulong, &nbits,
                                    &ep, &epsz, convgrand, &p1.r))
      goto end;
                                    &m, &msz, convulong, &nbits,
                                    &ep, &epsz, convgrand, &p1.r))
      goto end;
@@ -901,10 +931,10 @@ static PyObject *meth__p1crypt_decode(PyObject *me,
    octet *b = 0;
    size_t sz;
    mp *x = 0;
    octet *b = 0;
    size_t sz;
    mp *x = 0;
-  char *kwlist[] = { "ct", "nbits", "ep", "rng", 0 };
+  static const char *const kwlist[] = { "ct", "nbits", "ep", "rng", 0 };
  
    p1.r = &rand_global; ep = 0; epsz = 0;
  
    p1.r = &rand_global; ep = 0; epsz = 0;
-  if (!PyArg_ParseTupleAndKeywords(arg, kw, "O&O&|s#O&:decode", kwlist,
+  if (!PyArg_ParseTupleAndKeywords(arg, kw, "O&O&|s#O&:decode", KWLIST,
                                    convmp, &x, convulong, &nbits,
                                    &ep, &epsz, convgrand, &p1.r))
      goto end;
                                    convmp, &x, convulong, &nbits,
                                    &ep, &epsz, convgrand, &p1.r))
      goto end;
@@ -932,10 +962,10 @@ static PyObject *meth__p1sig_encode(PyObject *me,
    octet *b = 0;
    size_t sz;
    mp *x;
    octet *b = 0;
    size_t sz;
    mp *x;
-  char *kwlist[] = { "msg", "nbits", "ep", "rng", 0 };
+  static const char *const kwlist[] = { "msg", "nbits", "ep", "rng", 0 };
  
    p1.r = &rand_global; ep = 0; epsz = 0;
  
    p1.r = &rand_global; ep = 0; epsz = 0;
-  if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&|s#O&:encode", kwlist,
+  if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&|s#O&:encode", KWLIST,
                                    &m, &msz, convulong, &nbits,
                                    &ep, &epsz, convgrand, &p1.r))
      goto end;
                                    &m, &msz, convulong, &nbits,
                                    &ep, &epsz, convgrand, &p1.r))
      goto end;
@@ -963,10 +993,11 @@ static PyObject *meth__p1sig_decode(PyObject *me,
    octet *b = 0;
    size_t sz;
    mp *x = 0;
    octet *b = 0;
    size_t sz;
    mp *x = 0;
-  char *kwlist[] = { "msg", "sig", "nbits", "ep", "rng", 0 };
+  static const char *const kwlist[] =
+    { "msg", "sig", "nbits", "ep", "rng", 0 };
  
    p1.r = &rand_global; ep = 0; epsz = 0;
  
    p1.r = &rand_global; ep = 0; epsz = 0;
-  if (!PyArg_ParseTupleAndKeywords(arg, kw, "OO&O&|s#O&:decode", kwlist,
+  if (!PyArg_ParseTupleAndKeywords(arg, kw, "OO&O&|s#O&:decode", KWLIST,
                                    &hukairz, convmp, &x, convulong, &nbits,
                                    &ep, &epsz, convgrand, &p1.r))
      goto end;
                                    &hukairz, convmp, &x, convulong, &nbits,
                                    &ep, &epsz, convgrand, &p1.r))
      goto end;
@@ -994,10 +1025,11 @@ static PyObject *meth__oaep_encode(PyObject *me,
    octet *b = 0;
    size_t sz;
    mp *x;
    octet *b = 0;
    size_t sz;
    mp *x;
-  char *kwlist[] = { "msg", "nbits", "mgf", "hash", "ep", "rng", 0 };
+  static const char *const kwlist[] =
+    { "msg", "nbits", "mgf", "hash", "ep", "rng", 0 };
  
    o.r = &rand_global; o.cc = &sha_mgf; o.ch = &sha; ep = 0; epsz = 0;
  
    o.r = &rand_global; o.cc = &sha_mgf; o.ch = &sha; ep = 0; epsz = 0;
-  if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&|O&O&s#O&:encode", kwlist,
+  if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&|O&O&s#O&:encode", KWLIST,
                                    &m, &msz, convulong, &nbits,
                                    convgccipher, &o.cc,
                                    convgchash, &o.ch,
                                    &m, &msz, convulong, &nbits,
                                    convgccipher, &o.cc,
                                    convgchash, &o.ch,
@@ -1027,10 +1059,11 @@ static PyObject *meth__oaep_decode(PyObject *me,
    octet *b = 0;
    size_t sz;
    mp *x = 0;
    octet *b = 0;
    size_t sz;
    mp *x = 0;
-  char *kwlist[] = { "ct", "nbits", "mgf", "hash", "ep", "rng", 0 };
+  static const char *const kwlist[] =
+    { "ct", "nbits", "mgf", "hash", "ep", "rng", 0 };
  
    o.r = &rand_global; o.cc = &sha_mgf; o.ch = &sha; ep = 0; epsz = 0;
  
    o.r = &rand_global; o.cc = &sha_mgf; o.ch = &sha; ep = 0; epsz = 0;
-  if (!PyArg_ParseTupleAndKeywords(arg, kw, "O&O&|O&O&s#O&:decode", kwlist,
+  if (!PyArg_ParseTupleAndKeywords(arg, kw, "O&O&|O&O&s#O&:decode", KWLIST,
                                    convmp, &x, convulong, &nbits,
                                    convgccipher, &o.cc,
                                    convgchash, &o.ch,
                                    convmp, &x, convulong, &nbits,
                                    convgccipher, &o.cc,
                                    convgchash, &o.ch,
@@ -1061,10 +1094,11 @@ static PyObject *meth__pss_encode(PyObject *me,
    octet *b = 0;
    size_t sz;
    mp *x = 0;
    octet *b = 0;
    size_t sz;
    mp *x = 0;
-  char *kwlist[] = { "msg", "nbits", "mgf", "hash", "saltsz", "rng", 0 };
+  static const char *const kwlist[] =
+    { "msg", "nbits", "mgf", "hash", "saltsz", "rng", 0 };
  
    p.cc = &sha_mgf; p.ch = &sha; p.r = &rand_global; p.ssz = (size_t)-1;
  
    p.cc = &sha_mgf; p.ch = &sha; p.r = &rand_global; p.ssz = (size_t)-1;
-  if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&|O&O&O&O&:encode", kwlist,
+  if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&|O&O&O&O&:encode", KWLIST,
                                    &m, &msz, convulong, &nbits,
                                    convgccipher, &p.cc,
                                    convgchash, &p.ch,
                                    &m, &msz, convulong, &nbits,
                                    convgccipher, &p.cc,
                                    convgchash, &p.ch,
@@ -1094,11 +1128,11 @@ static PyObject *meth__pss_decode(PyObject *me,
    size_t sz;
    int n;
    mp *x = 0;
    size_t sz;
    int n;
    mp *x = 0;
-  char *kwlist[] =
+  static const char *const kwlist[] =
      { "msg", "sig", "nbits", "mgf", "hash", "saltsz", "rng", 0 };
  
    p.cc = &sha_mgf; p.ch = &sha; p.r = &rand_global; p.ssz = (size_t)-1;
      { "msg", "sig", "nbits", "mgf", "hash", "saltsz", "rng", 0 };
  
    p.cc = &sha_mgf; p.ch = &sha; p.r = &rand_global; p.ssz = (size_t)-1;
-  if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&O&|O&O&O&O&:decode", kwlist,
+  if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&O&|O&O&O&O&:decode", KWLIST,
                                    &m, &msz, convmp, &x, convulong, &nbits,
                                    convgccipher, &p.cc,
                                    convgchash, &p.ch,
                                    &m, &msz, convmp, &x, convulong, &nbits,
                                    convgccipher, &p.cc,
                                    convgchash, &p.ch,
@@ -1118,23 +1152,111 @@ end:
    return (rc);
  }
  
    return (rc);
  }
  
-/*----- X25519 ------------------------------------------------------------*/
-
-static PyObject *meth_x25519(PyObject *me, PyObject *arg)
-{
-  const char *k, *p;
-  Py_ssize_t ksz, psz;
-  PyObject *rc = 0;
-  if (!PyArg_ParseTuple(arg, "s#s#:x25519", &k, &ksz, &p, &psz)) goto end;
-  if (ksz != X25519_KEYSZ) VALERR("bad key length");
-  if (psz != X25519_PUBSZ) VALERR("bad public length");
-  rc = bytestring_pywrap(0, X25519_OUTSZ);
-  x25519((octet *)PyString_AS_STRING(rc),
-        (const octet *)k, (const octet *)p);
-  return (rc);
-end:
-  return (0);
-}
+/*----- X25519 and related algorithms -------------------------------------*/
+
+#define XDHS(_)                                                                \
+  _(X25519, x25519)                                                    \
+  _(X448, x448)
+
+#define DEFXDH(X, x)                                                   \
+  static PyObject *meth_##x(PyObject *me, PyObject *arg)               \
+  {                                                                    \
+    const char *k, *p;                                                 \
+    Py_ssize_t ksz, psz;                                               \
+    PyObject *rc = 0;                                                  \
+    if (!PyArg_ParseTuple(arg, "s#s#:" #x, &k, &ksz, &p, &psz))                \
+      goto end;                                                                \
+    if (ksz != X##_KEYSZ) VALERR("bad key length");                    \
+    if (psz != X##_PUBSZ) VALERR("bad public length");                 \
+    rc = bytestring_pywrap(0, X##_OUTSZ);                              \
+    x((octet *)PyString_AS_STRING(rc),                                 \
+      (const octet *)k, (const octet *)p);                             \
+    return (rc);                                                       \
+  end:                                                                 \
+    return (0);                                                                \
+  }
+XDHS(DEFXDH)
+#undef DEFXDH
+
+/*----- Ed25519 and related algorithms ------------------------------------*/
+
+#define EDDSAS(_)                                                      \
+  _(ED25519, ed25519, -1, ctx)                                         \
+  _(ED448, ed448, 0, )
+
+#define DEFEDDSA(ED, ed, phdflt, sigver)                               \
+                                                                       \
+  static PyObject *meth_##ed##_pubkey(PyObject *me, PyObject *arg)     \
+  {                                                                    \
+    const char *k;                                                     \
+    Py_ssize_t ksz;                                                    \
+    PyObject *rc = 0;                                                  \
+    if (!PyArg_ParseTuple(arg, "s#:" #ed "_pubkey", &k, &ksz))         \
+      goto end;                                                                \
+    rc = bytestring_pywrap(0, ED##_PUBSZ);                             \
+    ed##_pubkey((octet *)PyString_AS_STRING(rc), k, ksz);              \
+    return (rc);                                                       \
+  end:                                                                 \
+    return (0);                                                                \
+  }                                                                    \
+                                                                       \
+  static PyObject *meth_##ed##_sign(PyObject *me, PyObject *arg,       \
+                                   PyObject *kw)                       \
+  {                                                                    \
+    const char *k, *p = 0, *c = 0, *m;                                 \
+    Py_ssize_t ksz, psz, csz = 0, msz;                                 \
+    int ph = phdflt;                                                   \
+    PyObject *rc = 0;                                                  \
+    octet pp[ED##_PUBSZ];                                              \
+    static const char *const kwlist[] =                                        \
+      { "key", "msg", "pub", "perso", "phflag", 0 };                   \
+    if (!PyArg_ParseTupleAndKeywords(arg, kw,                          \
+                                    "s#s#|s#s#O&:" #ed "_sign",        \
+                                    KWLIST,                            \
+                                    &k, &ksz, &m, &msz, &p, &psz,      \
+                                    &c, &csz, convbool, &ph))          \
+      goto end;                                                                \
+    if (p && psz != ED##_PUBSZ) VALERR("bad public length");           \
+    if (c && csz > ED##_MAXPERSOSZ)                                    \
+      VALERR("personalization string too long");                       \
+    if (c && ph == -1) ph = 0;                                         \
+    if (!p) { p = (const char *)pp; ed##_pubkey(pp, k, ksz); }         \
+    rc = bytestring_pywrap(0, ED##_SIGSZ);                             \
+    ed##sigver##_sign((octet *)PyString_AS_STRING(rc), k, ksz,         \
+                     (const octet *)p, ph, c, csz, m, msz);            \
+    return (rc);                                                       \
+  end:                                                                 \
+    return (0);                                                                \
+  }                                                                    \
+                                                                       \
+  static PyObject *meth_##ed##_verify(PyObject *me,                    \
+                                     PyObject *arg, PyObject *kw)      \
+  {                                                                    \
+    const char *p, *c = 0, *m, *s;                                     \
+    Py_ssize_t psz, csz = 0, msz, ssz;                                 \
+    int ph = phdflt;                                                   \
+    PyObject *rc = 0;                                                  \
+    static const char *const kwlist[] =                                        \
+      { "pub", "msg", "sig", "perso", "phflag", 0 };                   \
+    if (!PyArg_ParseTupleAndKeywords(arg, kw,                          \
+                                    "s#s#s#|s#O&:" #ed "_verify",      \
+                                    KWLIST,                            \
+                                    &p, &psz, &m, &msz, &s, &ssz,      \
+                                    &c, &csz, convbool, &ph))          \
+      goto end;                                                                \
+    if (psz != ED##_PUBSZ) VALERR("bad public length");                        \
+    if (ssz != ED##_SIGSZ) VALERR("bad signature length");             \
+    if (c && csz > ED##_MAXPERSOSZ)                                    \
+      VALERR("personalization string too long");                       \
+    if (c && ph == -1) ph = 0;                                         \
+    rc = getbool(!ed##sigver##_verify((const octet *)p, ph, c, csz,    \
+                                     m, msz, (const octet *)s));       \
+    return (rc);                                                       \
+  end:                                                                 \
+    return (0);                                                                \
+  }
+EDDSAS(DEFEDDSA)
+#undef DEFEDDSA
  
  /*----- Global stuff ------------------------------------------------------*/
  
  
  /*----- Global stuff ------------------------------------------------------*/
  
@@ -1149,9 +1271,23 @@ static PyMethodDef methods[] = {
    KWMETH(_pss_encode,                  0)
    KWMETH(_pss_decode,                  0)
    KWMETH(_RSAPriv_generate,            "\
    KWMETH(_pss_encode,                  0)
    KWMETH(_pss_decode,                  0)
    KWMETH(_RSAPriv_generate,            "\
-generate(NBITS, [event = pgen_nullev, rng = rand, nsteps = 0]) -> R")
-  METH  (x25519,                       "\
-x25519(KEY, PUBLIC) -> SHARED")
+generate(NBITS, [event = pgen_nullev], [rng = rand], [nsteps = 0]) -> R")
+#define DEFMETH(X, x)                                                  \
+  METH  (x,                            "\
+" #x "(KEY, PUBLIC) -> SHARED")
+  XDHS(DEFMETH)
+#undef DEFMETH
+#define DEFMETH(ED, ed, phdflt, sigver)                                        \
+  METH  (ed##_pubkey,                  "\
+" #ed "_pubkey(KEY) -> PUBLIC")                                                \
+  KWMETH(ed##_sign,                    "\
+" #ed "_sign(KEY, MSG, [pub = PUBLIC], "                               \
+        "[perso = STRING], [phflag = BOOL]) -> SIG")                   \
+  KWMETH(ed##_verify,                  "\
+" #ed "_verify(PUBLIC, MSG, SIG, "                                     \
+        "[perso = STRING], [phflag = BOOL]) -> BOOL")
+  EDDSAS(DEFMETH)
+#undef DEFMETH
  #undef METHNAME
    { 0 }
  };
  #undef METHNAME
    { 0 }
  };