--- old-from_zaula_new_and_improved/pycryptopp/publickey/ecdsamodule.cpp	2009-03-02 14:23:06.000000000 -0700
+++ new-from_zaula_new_and_improved/pycryptopp/publickey/ecdsamodule.cpp	2009-03-02 14:23:09.000000000 -0700
@@ -1,9 +1,12 @@
 /**
  * ecdsamodule.cpp -- Python wrappers around Crypto++'s
- * ECDSA(1363)/EMSA1(SHA-256), more precisely: <a
- * href="http://www.weidai.com/scan-mirror/sig.html#ECDSA">ECDSA</a> with GF(P)
- * ("ECP") as the elliptic curve group parameters and SHA-256 as the hash
- * function
+ * ECDSA(1363)/EMSA1(Tiger) -- <a
+ * href="http://www.weidai.com/scan-mirror/sig.html#ECDSA">ECDSA</a>.
+ *
+ * The keys (192-bit) use the curve ASN1::secp192r1() and Tiger as the hash
+ * function.  There is a custom Key Derivation Protocol to generate private
+ * (signing) keys from unguessable seeds -- see source code for details and
+ * doc string for usage.
  */
 
 #include <Python.h>
@@ -19,37 +22,105 @@
 #include "osrng.h"
 #include "eccrypto.h"
 #include "oids.h"
+#include "tiger.h"
+#include "sha.h"
+#include "pubkey.h"
+
+// for _dump
+#include <iostream>
+#include "ecp.h"
+#include "hex.h"
+
+/* The ECDSA key size that pycryptopp currently supports -- you should do your
+   own research, and I recommend http://keylength.com , but basically this is
+   probably secure for most purposes for at least the next few years, and
+   possibly for longer. */
+static const int SMALL_KEY_SIZE_BITS=192;
 
 USING_NAMESPACE(CryptoPP)
 
 PyDoc_STRVAR(ecdsa__doc__,
-"ecdsa -- ECDSA(1363)/EMSA1(SHA-256) signatures\n\
+"ecdsa -- ECDSA(1363)/EMSA1(Tiger) signatures\n\
+\n\
+To create a new ECDSA signing key (deterministically from a 12-byte seed), construct an instance of the class, passing the seed as argument, i.e. SigningKey(seed).  If you call serialize() on that instance, you'll get that seed back.\n\
 \n\
-To create a new ECDSA signing key from the operating system's random number generator, call generate().\n\
-To deserialize an ECDSA signing key from a string, call create_signing_key_from_string().\n\
+To get a verifying key from a signing key, call get_verifying_key() on the signing key instance.\n\
 \n\
-To get an ECDSA verifying key from an ECDSA signing key, call get_verifying_key() on the signing key.\n\
-To deserialize an ECDSA verifying key from a string, call create_verifying_key_from_string().");
+To deserialize an ECDSA verifying key from a string, call VerifyingKey(serialized_verifying_key).");
 
 static PyObject *ecdsa_error;
 
 typedef struct {
     PyObject_HEAD
-
-    /* internal */
-    ECDSA<ECP, SHA256>::Verifier *k;
+    ECDSA<ECP, SHA1>::Verifier k;
 } VerifyingKey;
 
 PyDoc_STRVAR(VerifyingKey__doc__,
 "an ECDSA verifying key");
 
+struct VerifyingKey_type;
+static PyObject*
+VerifyingKey_alloc(PyTypeObject* typ, Py_ssize_t nitems) {
+    VerifyingKey* k = new VerifyingKey();
+    if (!k)
+        return PyErr_NoMemory();
+
+    memset(k, 0, sizeof(PyObject));
+    k->ob_refcnt = 1;
+    k->ob_type = typ;
+
+    return reinterpret_cast<PyObject*>(k);
+}
+
 static void
-VerifyingKey_dealloc(VerifyingKey* self) {
-    if (self->k)
-        delete self->k;
-    self->ob_type->tp_free((PyObject*)self);
+VerifyingKey_free(void* self) {
+    delete reinterpret_cast<VerifyingKey*>(self);
+}
+
+static PyObject *
+VerifyingKey__dump(VerifyingKey *self, PyObject *dummy) {
+    const CryptoMaterial& x = self->k.GetMaterial();
+    std::cout << x.GetValueNames();
+    Py_RETURN_NONE;
+}
+
+static int
+VerifyingKey___init__(PyObject* self, PyObject* args, PyObject* kwdict) {
+    static const char *kwlist[] = { "serializedverifyingkey", NULL };
+    const char *serializedverifyingkey;
+    Py_ssize_t serializedverifyingkeysize = 0;
+
+    if (!PyArg_ParseTupleAndKeywords(args, kwdict, "t#:VerifyingKey__init__", const_cast<char**>(kwlist), &serializedverifyingkey, &serializedverifyingkeysize))
+        return NULL;
+    assert (serializedverifyingkeysize >= 0);
+
+    if (serializedverifyingkeysize != 25) {
+        PyErr_Format(ecdsa_error, "Precondition violation: size in bits is required to be %d (for %d-bit key), but it was %d", 25, SMALL_KEY_SIZE_BITS, serializedverifyingkeysize);
+        return -1;
+    }
+
+    VerifyingKey *mself = reinterpret_cast<VerifyingKey*>(self);
+
+    StringSource ss(reinterpret_cast<const byte*>(serializedverifyingkey), serializedverifyingkeysize, true);
+
+    ECP::Element element;
+    DL_GroupParameters_EC<ECP> params(ASN1::secp192r1());
+    params.SetPointCompression(true);
+    try {
+      element = params.DecodeElement(reinterpret_cast<const byte*>(serializedverifyingkey), true);
+      mself->k = ECDSA<ECP, SHA1>::Verifier(params, element);
+    } catch (InvalidDataFormat le) {
+      PyErr_Format(ecdsa_error, "Serialized verifying key was corrupted.  Crypto++ gave this exception: %s", le.what());
+      return -1;
+    }
+
+    return 0;
 }
 
+PyDoc_STRVAR(VerifyingKey__dump__doc__,
+
+"Print to stdout some descriptions of the math pieces.");
+
 static PyObject *
 VerifyingKey_verify(VerifyingKey *self, PyObject *args, PyObject *kwdict) {
     static const char *kwlist[] = { "msg", "signature", NULL };
@@ -62,14 +133,7 @@
     assert (msgsize >= 0);
     assert (signaturesize >= 0);
 
-    Py_ssize_t sigsize = self->k->SignatureLength();
-    if (sigsize != signaturesize)
-        return PyErr_Format(ecdsa_error, "Precondition violation: signatures are required to be of size %zu, but it was %zu", sigsize, signaturesize);
-    assert (sigsize >= 0);
-
-    assert (signaturesize == sigsize);
-
-    if (self->k->VerifyMessage(reinterpret_cast<const byte*>(msg), msgsize, reinterpret_cast<const byte*>(signature), signaturesize))
+    if (self->k.VerifyMessage(reinterpret_cast<const byte*>(msg), msgsize, reinterpret_cast<const byte*>(signature), signaturesize))
         Py_RETURN_TRUE;
     else
         Py_RETURN_FALSE;
@@ -80,14 +144,17 @@
 
 static PyObject *
 VerifyingKey_serialize(VerifyingKey *self, PyObject *dummy) {
-    std::string outstr;
-    StringSink ss(outstr);
-    self->k->DEREncode(ss);
-    PyStringObject* result = reinterpret_cast<PyStringObject*>(PyString_FromStringAndSize(outstr.c_str(), outstr.size()));
-    if (!result)
-        return NULL;
+    const DL_PublicKey_EC<ECP>* pubkey;
+    pubkey = dynamic_cast<const DL_PublicKey_EC<ECP>*>(&(self->k.GetPublicKey()));
+    const DL_GroupParameters_EC<ECP>& params = pubkey->GetGroupParameters();
 
-    return reinterpret_cast<PyObject*>(result);
+    Py_ssize_t len = params.GetEncodedElementSize(true);
+//   params.SetPointCompression(true);
+    PyObject* result = PyString_FromStringAndSize(NULL, len);
+
+    params.EncodeElement(true, pubkey->GetPublicElement(), reinterpret_cast<byte*>(PyString_AS_STRING(result)));
+
+    return result;
 }
 
 PyDoc_STRVAR(VerifyingKey_serialize__doc__,
@@ -97,6 +164,7 @@
 static PyMethodDef VerifyingKey_methods[] = {
     {"verify", reinterpret_cast<PyCFunction>(VerifyingKey_verify), METH_KEYWORDS, VerifyingKey_verify__doc__},
     {"serialize", reinterpret_cast<PyCFunction>(VerifyingKey_serialize), METH_NOARGS, VerifyingKey_serialize__doc__},
+    {"_dump", reinterpret_cast<PyCFunction>(VerifyingKey__dump), METH_NOARGS, VerifyingKey__dump__doc__},
     {NULL},
 };
 
@@ -106,7 +174,7 @@
     "ecdsa.VerifyingKey", /*tp_name*/
     sizeof(VerifyingKey),             /*tp_basicsize*/
     0,                         /*tp_itemsize*/
-    reinterpret_cast<destructor>(VerifyingKey_dealloc), /*tp_dealloc*/
+    0,                         /*tp_dealloc*/
     0,                         /*tp_print*/
     0,                         /*tp_getattr*/
     0,                         /*tp_setattr*/
@@ -123,42 +191,179 @@
     0,                         /*tp_as_buffer*/
     Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, /*tp_flags*/
     VerifyingKey__doc__,           /* tp_doc */
-    0,		               /* tp_traverse */
-    0,		               /* tp_clear */
-    0,		               /* tp_richcompare */
-    0,		               /* tp_weaklistoffset */
-    0,		               /* tp_iter */
-    0,		               /* tp_iternext */
+    0,                               /* tp_traverse */
+    0,                               /* tp_clear */
+    0,                               /* tp_richcompare */
+    0,                               /* tp_weaklistoffset */
+    0,                               /* tp_iter */
+    0,                               /* tp_iternext */
     VerifyingKey_methods,             /* tp_methods */
+    0,                         /* tp_members */
+    0,                         /* tp_getset */
+    0,                         /* tp_base */
+    0,                         /* tp_dict */
+    0,                         /* tp_descr_get */
+    0,                         /* tp_descr_set */
+    0,                         /* tp_dictoffset */
+    VerifyingKey___init__,       /* tp_init */
+    VerifyingKey_alloc,          /* tp_alloc */
+    0,                         /* tp_new */
+    VerifyingKey_free            /* tp_free */
 };
 
-/** This function is only for internal use by ecdsamodule.cpp. */
-static VerifyingKey*
-VerifyingKey_construct() {
-    VerifyingKey *self = reinterpret_cast<VerifyingKey*>(VerifyingKey_type.tp_alloc(&VerifyingKey_type, 0));
-    if (!self)
-        return NULL;
-    self->k = NULL;
-    return self;
-}
-
 PyDoc_STRVAR(SigningKey__doc__,
 "an ECDSA signing key");
 
 typedef struct {
     PyObject_HEAD
-
-    /* internal */
-    ECDSA<ECP, SHA256>::Signer *k;
+    ECDSA<ECP, SHA1>::Signer k;
 } SigningKey;
 
+struct SigningKey_type;
+static PyObject*
+SigningKey_alloc(PyTypeObject* typ, Py_ssize_t nitems) {
+    SigningKey* k = new SigningKey();
+    if (!k)
+        return PyErr_NoMemory();
+
+    memset(k, 0, sizeof(PyObject));
+    k->ob_refcnt = 1;
+    k->ob_type = typ;
+
+    return reinterpret_cast<PyObject*>(k);
+}
+
 static void
-SigningKey_dealloc(SigningKey* self) {
-    if (self->k)
-        delete self->k;
-    self->ob_type->tp_free((PyObject*)self);
+SigningKey_free(void* self) {
+    delete reinterpret_cast<SigningKey*>(self);
 }
 
+static const char* TAG_AND_SALT = "102:pycryptopp v0.5.3 key derivation algorithm using Tiger hash to generate ECDSA 192-bit secret exponents," \
+    "16:H1yGNvUONoc0FD1d,";
+static const size_t TAG_AND_SALT_len = 127;
+
+static int
+SigningKey___init__(PyObject* self, PyObject* args, PyObject* kwdict) {
+    static const char *kwlist[] = { "seed", NULL };
+    const char* seed;
+    int seedlen;
+    if (!PyArg_ParseTupleAndKeywords(args, kwdict, "t#:SigningKey___init__", const_cast<char**>(kwlist), &seed, &seedlen)) {
+        return -1;
+    }
+
+    if (seedlen != 12) {
+        PyErr_Format(ecdsa_error, "Precondition violation: seed is required to be of length 12, but it was %d", seedlen);
+        return -1;
+    }
+
+    OID curve;
+    Integer grouporderm1;
+    byte privexpbytes[24] = {0};
+    Integer privexponentm1;
+    privexponentm1.Decode(privexpbytes, sizeof(privexpbytes)); assert (priveexponentm1 == 0); // just checking..
+
+    curve = ASN1::secp192r1();
+    grouporderm1 = DL_GroupParameters_EC<ECP>(curve).GetGroupOrder() - 1;
+    Tiger t;
+
+    t.Update(reinterpret_cast<const byte*>(TAG_AND_SALT), TAG_AND_SALT_len);
+    t.Update(reinterpret_cast<const byte*>(seed), seedlen);
+    t.TruncatedFinal(privexpbytes, Tiger::DIGESTSIZE);
+    privexponentm1.Decode(privexpbytes, sizeof(privexpbytes));
+
+    while (privexponentm1 >= grouporderm1) {
+        Tiger t2;
+        t2.Update(reinterpret_cast<const byte*>(TAG_AND_SALT), TAG_AND_SALT_len);
+        std::cerr << "WHEE " << sizeof(privexpbytes) << "\n";std::cerr.flush();
+        t2.Update(privexpbytes, sizeof(privexpbytes));
+        t2.TruncatedFinal(privexpbytes, Tiger::DIGESTSIZE);
+        privexponentm1.Decode(privexpbytes, sizeof(privexpbytes));
+    }
+
+    SigningKey* mself = reinterpret_cast<SigningKey*>(self);
+    mself->k.AccessKey().Initialize(curve, privexponentm1+1);
+
+    return 0;
+}
+
+PyDoc_STRVAR(SigningKey__init____doc__,
+"Create a signing key (192 bits) deterministically from the given seed.\n\
+\n\
+This implies that if someone can guess the seed then they can learn the signing key.  A good way to get an unguessable seed is os.urandom(12).\n\
+\n\
+@param seed seed\n\
+\n\
+@precondition len(seed) >= ceil(sizeinbits/16.0)");
+
+static PyObject *
+SigningKey__dump(SigningKey *self, PyObject *dummy) {
+    const DL_GroupParameters_EC<ECP>& gp = self->k.GetKey().GetGroupParameters();
+    std::cout << "whee " << gp.GetEncodedElementSize(true) << "\a";
+    std::cout << "booo " << gp.GetEncodedElementSize(false) << "\n";
+
+    ECPPoint p = gp.GetSubgroupGenerator();
+    std::cout << "generator " << p.x << ", " << p.y << "\n";
+
+    std::cout << "GroupOrder: ";
+    std::cout << gp.GetGroupOrder();
+    std::cout << "\n";
+
+    std::string s;
+    StringSink* ss = new StringSink(s);
+    HexEncoder he(ss);
+    std::cout << "AlgorithmID: ";
+    gp.GetAlgorithmID().DEREncode(he);
+    std::cout << s << "\n";
+
+    const ECP& ec = gp.GetCurve();
+    Integer fieldsize = ec.FieldSize();
+    std::cout << "field size " << fieldsize.BitCount() << " " << fieldsize.ByteCount() << " " << ec.FieldSize() << "\n";
+    std::cout << "Curve: ";
+    std::cout << "curve field max element bit length: " << ec.GetField().MaxElementBitLength() << "\n";
+    std::cout << "curve field modulus: " << ec.GetField().GetModulus() << "\n";
+    std::cout << "curve A: " << ec.GetA() << ", curve B: " << ec.GetB();
+
+    const ECP::Field& f = ec.GetField();
+    std::cout << "curve field modulus: " << f.GetModulus() << "\n";
+    std::cout << "curve field identity: " << f.Identity() << "\n";
+
+    std::string cfs;
+    StringSink* cfss = new StringSink(cfs);
+    HexEncoder cfhe(cfss);
+    f.DEREncode(cfhe);
+    std::cout << "curve field derencoding: " << cfs << "\n";
+
+    const CryptoMaterial& cm = self->k.GetMaterial();
+    Integer i;
+    cm.GetValue("SubgroupOrder", i);
+    std::cout << "\n";
+    std::cout << "SubgroupOrder: ";
+    std::cout << i;
+    std::cout << "\n";
+    ECP::Element e;
+    cm.GetValue("SubgroupGenerator", e);
+    std::cout << "SubgroupGenerator: ";
+    std::cout << e.x << ", " << e.y;
+    std::cout << "\n";
+
+    std::cout << "private key: ";
+
+    const PrivateKey& privkey = self->k.GetPrivateKey();
+
+    std::cout << privkey.GetValueNames() << "\n";
+
+    Integer privi;
+    privkey.GetValue("PrivateExponent", privi);
+    std::cout << privi << "\n";
+    std::cout << "numbits: " << privi.BitCount() << "\n";
+    std::cout << "numbytes: " << privi.ByteCount() << "\n";
+
+    Py_RETURN_NONE;
+}
+
+PyDoc_STRVAR(SigningKey__dump__doc__,
+"Print to stdout some descriptions of the math pieces.");
+
 static PyObject *
 SigningKey_sign(SigningKey *self, PyObject *msgobj) {
     const char *msg;
@@ -166,22 +371,32 @@
     PyString_AsStringAndSize(msgobj, const_cast<char**>(&msg), reinterpret_cast<Py_ssize_t*>(&msgsize));
     assert (msgsize >= 0);
 
-    Py_ssize_t sigsize = self->k->SignatureLength();
+    Py_ssize_t sigsize;
+    sigsize = self->k.SignatureLength();
+
     PyStringObject* result = reinterpret_cast<PyStringObject*>(PyString_FromStringAndSize(NULL, sigsize));
     if (!result)
         return NULL;
     assert (sigsize >= 0);
 
     AutoSeededRandomPool randpool(false);
-    Py_ssize_t siglengthwritten = self->k->SignMessage(
-        randpool,
-        reinterpret_cast<const byte*>(msg),
-        msgsize,
-        reinterpret_cast<byte*>(PyString_AS_STRING(result)));
+
+    Py_ssize_t siglengthwritten;
+    try {
+        siglengthwritten = self->k.SignMessage(
+            randpool,
+            reinterpret_cast<const byte*>(msg),
+            msgsize,
+            reinterpret_cast<byte*>(PyString_AS_STRING(result)));
+    } catch (InvalidDataFormat le) {
+        Py_DECREF(result);
+        return PyErr_Format(ecdsa_error, "Signing key was corrupted.  Crypto++ gave this exception: %s", le.what());
+    }
+
     if (siglengthwritten < sigsize)
         fprintf(stderr, "%s: %d: %s: %s", __FILE__, __LINE__, "SigningKey_sign", "INTERNAL ERROR: signature was shorter than expected.");
     else if (siglengthwritten > sigsize) {
-        fprintf(stderr, "%s: %d: %s: %s", __FILE__, __LINE__, "SigningKey_sign", "INTERNAL ERROR: signature was longer than expected, so invalid memory was overwritten.");
+        fprintf(stderr, "%s: %d: %s: %s", __FILE__, __LINE__, "SigningKey_sign", "INTERNAL ERROR: signature was longer than expected, so memory was invalidly overwritten.");
         abort();
     }
     assert (siglengthwritten >= 0);
@@ -190,43 +405,30 @@
 }
 
 PyDoc_STRVAR(SigningKey_sign__doc__,
-"Return a signature on the argument.");
+     "Return a signature on the argument."); //XXX  If randseed is not None then it is required to be an  "); // XXX randseed!
 
 static PyObject *
 SigningKey_get_verifying_key(SigningKey *self, PyObject *dummy) {
-    VerifyingKey *verifier = reinterpret_cast<VerifyingKey*>(VerifyingKey_construct());
+    VerifyingKey *verifier = PyObject_New(VerifyingKey, &VerifyingKey_type);
+
     if (!verifier)
         return NULL;
 
-    verifier->k = new ECDSA<ECP, SHA256>::Verifier(*(self->k));
-    if (!verifier->k)
-        return PyErr_NoMemory();
+    ECDSA<ECP, SHA1>::Verifier* kp;
+    kp = new ECDSA<ECP, SHA1>::Verifier(self->k);
+
+    verifier->k = (*kp);
+
     return reinterpret_cast<PyObject*>(verifier);
 }
 
 PyDoc_STRVAR(SigningKey_get_verifying_key__doc__,
 "Return the corresponding verifying key.");
 
-static PyObject *
-SigningKey_serialize(SigningKey *self, PyObject *dummy) {
-    Py_ssize_t len = self->k->GetKey().GetGroupParameters().GetSubgroupOrder().ByteCount();
-    PyObject* result = PyString_FromStringAndSize(NULL, len);
-
-    const DL_PrivateKey_EC<ECP>& privkey = dynamic_cast<const DL_PrivateKey_EC<ECP>&>(self->k->GetPrivateKey());
-
-    privkey.GetPrivateExponent().Encode(reinterpret_cast<byte*>(PyString_AS_STRING(result)), len);
-
-    return result;
-}
-
-PyDoc_STRVAR(SigningKey_serialize__doc__,
-"Return a string containing the key material.  The string can be passed to \n\
-create_signing_key_from_string() to instantiate a new copy of this key.");
-
 static PyMethodDef SigningKey_methods[] = {
     {"sign", reinterpret_cast<PyCFunction>(SigningKey_sign), METH_O, SigningKey_sign__doc__},
+    {"_dump", reinterpret_cast<PyCFunction>(SigningKey__dump), METH_NOARGS, SigningKey__dump__doc__},
     {"get_verifying_key", reinterpret_cast<PyCFunction>(SigningKey_get_verifying_key), METH_NOARGS, SigningKey_get_verifying_key__doc__},
-    {"serialize", reinterpret_cast<PyCFunction>(SigningKey_serialize), METH_NOARGS, SigningKey_serialize__doc__},
     {NULL},
 };
 
@@ -236,7 +438,7 @@
     "ecdsa.SigningKey", /*tp_name*/
     sizeof(SigningKey),             /*tp_basicsize*/
     0,                         /*tp_itemsize*/
-    (destructor)SigningKey_dealloc, /*tp_dealloc*/
+    0,                         /*tp_dealloc*/
     0,                         /*tp_print*/
     0,                         /*tp_getattr*/
     0,                         /*tp_setattr*/
@@ -251,143 +453,34 @@
     0,                         /*tp_getattro*/
     0,                         /*tp_setattro*/
     0,                         /*tp_as_buffer*/
-    Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, /*tp_flags*/
-    SigningKey__doc__,           /* tp_doc */
-    0,		               /* tp_traverse */
-    0,		               /* tp_clear */
-    0,		               /* tp_richcompare */
-    0,		               /* tp_weaklistoffset */
-    0,		               /* tp_iter */
-    0,		               /* tp_iternext */
-    SigningKey_methods             /* tp_methods */
+    Py_TPFLAGS_DEFAULT,        /*tp_flags*/
+    SigningKey__doc__,         /* tp_doc */
+    0,                               /* tp_traverse */
+    0,                               /* tp_clear */
+    0,                               /* tp_richcompare */
+    0,                               /* tp_weaklistoffset */
+    0,                               /* tp_iter */
+    0,                               /* tp_iternext */
+    SigningKey_methods,             /* tp_methods */
+    0,                         /* tp_members */
+    0,                         /* tp_getset */
+    0,                         /* tp_base */
+    0,                         /* tp_dict */
+    0,                         /* tp_descr_get */
+    0,                         /* tp_descr_set */
+    0,                         /* tp_dictoffset */
+    SigningKey___init__,       /* tp_init */
+    SigningKey_alloc,          /* tp_alloc */
+    0,                         /* tp_new */
+    SigningKey_free            /* tp_free */
 };
 
-/** This function is only for internal use by ecdsamodule.cpp. */
-static SigningKey*
-SigningKey_construct() {
-    SigningKey *self = reinterpret_cast<SigningKey*>(SigningKey_type.tp_alloc(&SigningKey_type, 0));
-    if (!self)
-        return NULL;
-    self->k = NULL;
-    return self;
-}
-
-/* The smaller ECDSA key size that pycryptopp supports -- you should do your 
-   own research, and I recommend http://keylength.com , but basically this is 
-   probably secure for most purposes for at least the next few years, and 
-   possibly for longer. */
-static const int SMALL_KEY_SIZE_BITS=192;
-
-/* The larger ECDSA key size that pycryptopp supports -- you should do your 
-   own research, and I recommend http://keylength.com , but basically this is 
-   probably secure for many years, unless there is a surprising breakthrough in 
-   the theory of elliptic curve cryptography. */
-static const int LARGE_KEY_SIZE_BITS=521;
-
-static PyObject *
-generate(PyObject *dummy, PyObject *args, PyObject *kwdict) {
-    static const char *kwlist[] = {
-        "sizeinbits",
-        NULL
-    };
-    int sizeinbits;
-
-    if (!PyArg_ParseTupleAndKeywords(args, kwdict, "i:generate", const_cast<char**>(kwlist), &sizeinbits))
-        return NULL;
-
-    if (sizeinbits != SMALL_KEY_SIZE_BITS && sizeinbits != LARGE_KEY_SIZE_BITS)
-        return PyErr_Format(ecdsa_error, "Precondition violation: size in bits is required to be either %d or %d, but it was %d", SMALL_KEY_SIZE_BITS, LARGE_KEY_SIZE_BITS, sizeinbits);
-
-    AutoSeededRandomPool osrng(false);
-    SigningKey *signer = SigningKey_construct();
-    if (!signer)
-        return NULL;
-
-    OID curve;
-    if (sizeinbits == 192)
-        curve = ASN1::secp192r1();
-    else
-        curve = ASN1::secp521r1();
-
-    signer->k = new ECDSA<ECP, SHA256>::Signer(osrng, curve);
-    if (!signer->k)
-        return PyErr_NoMemory();
-    return reinterpret_cast<PyObject*>(signer);
-}
-
-PyDoc_STRVAR(generate__doc__,
-"Create a signing key using the operating system's random number generator.\n\
-\n\
-@param sizeinbits size of the key in bits\n\
-\n\
-@precondition sizeinbits in (192, 521)");
-
-static PyObject *
-create_verifying_key_from_string(PyObject *dummy, PyObject *args, PyObject *kwdict) {
-    static const char *kwlist[] = {
-        "serializedverifyingkey",
-        NULL
-    };
-    const char *serializedverifyingkey;
-    Py_ssize_t serializedverifyingkeysize = 0;
-
-    if (!PyArg_ParseTupleAndKeywords(args, kwdict, "t#:create_verifying_key_from_string", const_cast<char**>(kwlist), &serializedverifyingkey, &serializedverifyingkeysize))
-        return NULL;
-    assert (serializedverifyingkeysize >= 0);
-
-    VerifyingKey *verifier = reinterpret_cast<VerifyingKey*>(VerifyingKey_construct());
-    if (!verifier)
-        return NULL;
-    StringSource ss(reinterpret_cast<const byte*>(serializedverifyingkey), serializedverifyingkeysize, true);
-
-    verifier->k = new ECDSA<ECP, SHA256>::Verifier(ss);
-    if (!verifier->k)
-        return PyErr_NoMemory();
-    return reinterpret_cast<PyObject*>(verifier);
-}
-
 PyDoc_STRVAR(create_verifying_key_from_string__doc__,
-"Create a verifying key from its serialized state.");
-
-static PyObject *
-create_signing_key_from_string(PyObject *dummy, PyObject *args, PyObject *kwdict) {
-    static const char *kwlist[] = {
-        "serializedsigningkey",
-        NULL
-    };
-    const char *serializedsigningkey;
-    Py_ssize_t serializedsigningkeysize = 0;
-
-    if (!PyArg_ParseTupleAndKeywords(args, kwdict, "t#:create_signing_key_from_string", const_cast<char**>(kwlist), &serializedsigningkey, &serializedsigningkeysize))
-        return NULL;
-    if (serializedsigningkeysize != 24 && serializedsigningkeysize != 66)
-        return PyErr_Format(ecdsa_error, "Precondition violation: size in bytes of the serialized signing key is required to be either %d (for %d-bit keys) or %d (for %d-bit keys), but it was %d", 24, SMALL_KEY_SIZE_BITS, 66, LARGE_KEY_SIZE_BITS, serializedsigningkeysize);
-
-
-    SigningKey *verifier = SigningKey_construct();
-    if (!verifier)
-        return NULL;
-
-    OID curve;
-    if (serializedsigningkeysize == 24)
-        curve = ASN1::secp192r1();
-    else
-        curve = ASN1::secp521r1();
-    Integer privexponent(reinterpret_cast<const byte*>(serializedsigningkey), serializedsigningkeysize);
-
-    verifier->k = new ECDSA<ECP, SHA256>::Signer(curve, privexponent);
-    if (!verifier->k)
-        return PyErr_NoMemory();
-    return reinterpret_cast<PyObject*>(verifier);
-}
-
-PyDoc_STRVAR(create_signing_key_from_string__doc__,
-"Create a signing key from its serialized state.");
+"Create a verifying key from its serialized state.\n\
+\n\
+@precondition Length of serialized key is required to be 24 (for 192-bit key)."); //XXX actually 25 length
 
 static PyMethodDef ecdsa_functions[] = {
-    {"generate", reinterpret_cast<PyCFunction>(generate), METH_KEYWORDS, generate__doc__},
-    {"create_verifying_key_from_string", reinterpret_cast<PyCFunction>(create_verifying_key_from_string), METH_KEYWORDS, create_verifying_key_from_string__doc__},
-    {"create_signing_key_from_string", reinterpret_cast<PyCFunction>(create_signing_key_from_string), METH_KEYWORDS, create_signing_key_from_string__doc__},
     {NULL, NULL, 0, NULL}  /* sentinel */
 };
 
@@ -399,8 +492,10 @@
     PyObject *module;
     PyObject *module_dict;
 
+    VerifyingKey_type.tp_new = PyType_GenericNew;
     if (PyType_Ready(&VerifyingKey_type) < 0)
         return;
+    SigningKey_type.tp_new = PyType_GenericNew;
     if (PyType_Ready(&SigningKey_type) < 0)
         return;
 
diff -rN -u old-from_zaula_new_and_improved/pycryptopp/test/test_ecdsa.py new-from_zaula_new_and_improved/pycryptopp/test/test_ecdsa.py
--- old-from_zaula_new_and_improved/pycryptopp/test/test_ecdsa.py	2009-03-02 14:23:06.000000000 -0700
+++ new-from_zaula_new_and_improved/pycryptopp/test/test_ecdsa.py	2009-03-02 14:23:09.000000000 -0700
@@ -2,10 +2,39 @@
 
 import random
 
+import os
+SEED = os.environ.get('REPEATABLE_RANDOMNESS_SEED', None)
+
+if SEED is None:
+    # Generate a seed which is fairly short (to ease cut-and-paste, writing it
+    # down, etc.).  Note that Python's random module's seed() function is going
+    # to take the hash() of this seed, which is a 32-bit value (currently) so
+    # there is no point in making this seed larger than 32 bits.  Make it 30
+    # bits, which conveniently fits into six base-32 chars.  Include a separator
+    # because chunking facilitates memory (including working and short-term
+    # memory) in humans.
+    chars = "ybndrfg8ejkmcpqxot1uwisza345h769" # Zooko's choice, rationale in "DESIGN" doc in z-base-32 project
+    SEED = ''.join([random.choice(chars) for x in range(3)] + ['-'] + [random.choice(chars) for x in range(3)])
+
+import logging
+logging.info("REPEATABLE_RANDOMNESS_SEED: %s\n" % SEED)
+logging.info("In order to reproduce this run of the code, set the environment variable \"REPEATABLE_RANDOMNESS_SEED\" to %s before executing.\n" % SEED)
+random.seed(SEED)
+
+def seed_which_refuses(a):
+    logging.warn("I refuse to reseed to %s -- I already seeded with %s.\n" % (a, SEED,))
+    return
+random.seed = seed_which_refuses
+
+from random import randrange
+
 import unittest
 
 from pycryptopp.publickey import ecdsa
 
+def randstr(n, rr=randrange):
+    return ''.join([chr(rr(0, 256)) for x in xrange(n)])
+
 from base64 import b32encode
 def ab(x): # debuggery
     if len(x) >= 3:
@@ -17,102 +46,186 @@
     elif len(x) == 0:
         return "%s:%s" % (len(x), "--empty--",)
 
-def randstr(n):
-    return ''.join(map(chr, map(random.randrange, [0]*n, [256]*n)))
+def div_ceil(n, d):
+    """
+    The smallest integer k such that k*d >= n.
+    """
+    return (n/d) + (n%d != 0)
+
+KEYBITS=192
+
+# The number of bytes required for a seed to have the same security level as a
+# key in this elliptic curve: 2 bits of public key per bit of security.
+SEEDBITS=div_ceil(192, 2)
+SEEDBYTES=div_ceil(SEEDBITS, 8)
+
+# The number of bytes required to encode a public key in this elliptic curve.
+PUBKEYBYTES=div_ceil(KEYBITS, 8)+1 # 1 byte for the sign of the y component
+
+# The number of bytes requires to encode a signature in this elliptic curve.
+SIGBITS=KEYBITS*2
+SIGBYTES=div_ceil(SIGBITS, 8)
 
-KEYSIZE=192 # The choices are 192 or 521 -- they are both secure, and 192 makes for faster unit tests.
 class Signer(unittest.TestCase):
-    def test_generate_bad_size(self):
+    def test_construct_from_same_seed_is_reproducible(self):
+        seed = randstr(SEEDBYTES)
+        signer1 = ecdsa.SigningKey(seed)
+        self.failUnlessEqual(signer1.serialize(), seed)
+        signer2 = ecdsa.SigningKey(seed)
+        self.failUnlessEqual(signer1.serialize(), signer2.serialize())
+        self.failUnlessEqual(signer1.get_verifying_key().serialize(), signer2.get_verifying_key().serialize())
+
+        # ... and using different seeds constructs a different private key.
+        seed3 = randstr(SEEDBYTES)
+        assert seed3 != seed, "Internal error in Python random module's PRNG (or in pycryptopp's hacks to it to facilitate testing) -- got two identical strings from randstr(%s)" % SEEDBYTES
+        signer3 = ecdsa.SigningKey(seed3)
+        self.failUnlessEqual(signer3.serialize(), seed3)
+        self.failUnlessEqual(signer1.serialize(), signer3.serialize())
+        self.failIfEqual(signer1.get_verifying_key().serialize(), signer3.get_verifying_key().serialize())
+
+        # Also try the all-zeroes string just because bugs sometimes are
+        # data-dependent on zero or cause bogus zeroes.
+        seed4 = '\x00'*SEEDBYTES
+        assert seed4 != seed, "Internal error in Python random module's PRNG (or in pycryptopp's hacks to it to facilitate testing) -- got the all-zeroes string from randstr(%s)" % SEEDBYTES
+        signer4 = ecdsa.SigningKey(seed4)
+        self.failUnlessEqual(signer4.serialize(), seed4)
+        self.failUnlessEqual(signer4.serialize(), signer1.serialize())
+        self.failIfEqual(signer4.get_verifying_key().serialize(), signer1.get_verifying_key().serialize())
+
+        signer5 = ecdsa.SigningKey(seed4)
+        self.failUnlessEqual(signer5.serialize(), seed4)
+        self.failUnlessEqual(signer5.serialize(), signer4.serialize())
+        self.failUnlessEqual(signer5.get_verifying_key().serialize(), signer4.get_verifying_key().serialize())
+
+    def test_construct_short_seed(self):
         try:
-            signer = ecdsa.generate(KEYSIZE-1)
+            signer = ecdsa.SigningKey("\x00\x00\x00")
         except ecdsa.Error, le:
-            self.failUnless("size in bits is required to be " in str(le), le)
+            self.failUnless("seed is required to be of length >=" in str(le), le)
         else:
-            self.fail("Should have raised error from size being too small.")
+           self.fail("Should have raised error from seed being too short.")
+
+    def test_construct_bad_arg_type(self):
         try:
-            signer = ecdsa.generate(sizeinbits=KEYSIZE-1)
-        except ecdsa.Error, le:
-            self.failUnless("size in bits is required to be " in str(le), le)
+            signer = ecdsa.SigningKey(1)
+        except TypeError, le:
+            self.failUnless("must be string" in str(le), le)
         else:
-            self.fail("Should have raised error from size being too small.")
+           self.fail("Should have raised error from seed being of the wrong type.")
 
-    def test_generate(self):
-        signer = ecdsa.generate(KEYSIZE)
-        # Hooray!  It didn't raise an exception!  We win!
-        signer = ecdsa.generate(sizeinbits=KEYSIZE)
-        # Hooray!  It didn't raise an exception!  We win!
-
-    def test_sign(self):
-        signer = ecdsa.generate(KEYSIZE)
-        result = signer.sign("abc")
-        self.failUnlessEqual(len(result), 2*((KEYSIZE+7)/8))
-        # TODO: test against someone's official test vectors.
+class Verifier(unittest.TestCase):
+    def test_from_signer_and_serialize_and_deserialize(self):
+        seed = randstr(SEEDBYTES)
+        signer = ecdsa.SigningKey(seed)
+
+        verifier = signer.get_verifying_key()
+        s1 = verifier.serialize()
+        self.failUnlessEqual(len(s1), PUBKEYBYTES)
+        verifier2 = ecdsa.create_verifying_key_from_string(s1)
+        s2 = verifier.serialize()
+        self.failUnlessEqual(s1, s2)
+
+def flip_one_bit(s):
+    i = randrange(0, len(s))
+    result = s[:i] + chr(ord(s[i])^(0x01<<randrange(0, 8))) + s[i+1:]
+    assert result != s, "Internal error -- flip_one_bit() produced the same string as its input: %s == %s" % (result, s)
+    return result
+
+def randmsg():
+    # Choose a random message size from a range probably large enough to
+    # exercise any different code paths which depend on the message length.
+    randmsglen = randrange(0, SIGBYTES*2+2)
+    return randstr(randmsglen)
 
 class SignAndVerify(unittest.TestCase):
-    def _help_test_sign_and_check(self, signer, verifier, msg):
+    def _help_test_sign_and_check_good_keys(self, signer, verifier):
+        msg = randmsg()
+
         sig = signer.sign(msg)
-        self.failUnlessEqual(len(sig), 2*((KEYSIZE+7)/8))
+        self.failUnlessEqual(len(sig), SIGBYTES)
         self.failUnless(verifier.verify(msg, sig))
 
-    def test_sign_and_check_a(self):
-        signer = ecdsa.generate(KEYSIZE)
-        verifier = signer.get_verifying_key()
-        return self._help_test_sign_and_check(signer, verifier, "a")
-
-    def _help_test_sign_and_check_random(self, signer, verifier):
-        for i in range(3):
-            l = random.randrange(0, 2**10)
-            msg = randstr(l)
-            self._help_test_sign_and_check(signer, verifier, msg)
-
-    def test_sign_and_check_random(self):
-        signer = ecdsa.generate(KEYSIZE)
-        verifier = signer.get_verifying_key()
-        return self._help_test_sign_and_check_random(signer, verifier)
-
-    def _help_test_sign_and_failcheck(self, signer, verifier, msg):
-        sig = signer.sign("a")
-        sig = sig[:-1] + chr(ord(sig[-1])^0x01)
-        self.failUnless(not verifier.verify(msg, sig))
+        # Now flip one bit of the signature and make sure that the signature doesn't check.
+        badsig = flip_one_bit(sig)
+        self.failIf(verifier.verify(msg, badsig))
+
+        # Now generate a random signature and make sure that the signature doesn't check.
+        badsig = randstr(len(sig))
+        assert badsig != sig, "Internal error -- randstr() produced the same string twice: %s == %s" % (badsig, sig)
+        self.failIf(verifier.verify(msg, badsig))
+
+        # Now flip one bit of the message and make sure that the original signature doesn't check.
+        badmsg = flip_one_bit(msg)
+        self.failIf(verifier.verify(badmsg, sig))
+
+        # Now generate a random message and make sure that the original signature doesn't check.
+        badmsg = randstr(len(msg))
+        assert badmsg != msg, "Internal error -- randstr() produced the same string twice: %s == %s" % (badmsg, msg)
+        self.failIf(verifier.verify(badmsg, sig))
+
+    def _help_test_sign_and_check_bad_keys(self, signer, verifier):
+        """
+        Make sure that this signer/verifier pair cannot produce and verify signatures.
+        """
+        msg = randmsg()
 
-    def test_sign_and_failcheck_a(self):
-        signer = ecdsa.generate(KEYSIZE)
-        verifier = signer.get_verifying_key()
-        return self._help_test_sign_and_failcheck(signer, verifier, "a")
-
-    def _help_test_sign_and_failcheck_random(self, signer, verifier):
-        for i in range(3):
-            l = random.randrange(0, 2**10)
-            msg = randstr(l)
-            self._help_test_sign_and_failcheck(signer, verifier, msg)
+        sig = signer.sign(msg)
+        self.failUnlessEqual(len(sig), SIGBYTES)
+        self.failIf(verifier.verify(msg, sig))
 
-    def test_sign_and_failcheck_random(self):
-        signer = ecdsa.generate(KEYSIZE)
-        verifier = signer.get_verifying_key()
-        return self._help_test_sign_and_failcheck_random(signer, verifier)
+    def test(self):
+        seed = randstr(SEEDBYTES)
+        sys.stdout.write("xxx 0\n");sys.stdout.flush()
+        signer = ecdsa.SigningKey(seed)
+        sys.stdout.write("xxx 1\n");sys.stdout.flush()
+        verifier = signer.get_verifying_key()
+        sys.stdout.write("xxx 2\n");sys.stdout.flush()
+        self._help_test_sign_and_check_good_keys(signer, verifier)
+        sys.stdout.write("xxx 3\n");sys.stdout.flush()
+
+        vstr = verifier.serialize()
+        verifier2 = ecdsa.create_verifying_key_from_string(vstr)
+        self._help_test_sign_and_check_good_keys(signer, verifier2)
+       
+        signer2 = ecdsa.SigningKey(seed)
+        self._help_test_sign_and_check_good_keys(signer2, verifier2)
+         
+        verifier3 = signer2.get_verifying_key()
+        self._help_test_sign_and_check_good_keys(signer, verifier3)
 
-    def test_serialize_and_deserialize_verifying_key_and_test(self):
-        signer = ecdsa.generate(KEYSIZE)
-        verifier = signer.get_verifying_key()
-        serstr = verifier.serialize()
-        verifier = None
-        newverifier = ecdsa.create_verifying_key_from_string(serstr)
-        self._help_test_sign_and_check(signer, newverifier, "a")
-        self._help_test_sign_and_check_random(signer, newverifier)
-        self._help_test_sign_and_failcheck(signer, newverifier, "a")
-        self._help_test_sign_and_failcheck_random(signer, newverifier)
+        # Now test various ways that the keys could be corrupted or ill-matched.
 
-    def test_serialize_and_deserialize_signing_key_and_test(self):
-        signer = ecdsa.generate(KEYSIZE)
-        verifier = signer.get_verifying_key()
-        serstr = signer.serialize()
-        signer = None
-        newsigner = ecdsa.create_signing_key_from_string(serstr)
-        self._help_test_sign_and_check(newsigner, verifier, "a")
-        self._help_test_sign_and_check_random(newsigner, verifier)
-        self._help_test_sign_and_failcheck(newsigner, verifier, "a")
-        self._help_test_sign_and_failcheck_random(newsigner, verifier)
+        # Flip one bit of the public key.
+        badvstr = flip_one_bit(vstr)
+        try:
+            badverifier = ecdsa.create_verifying_key_from_string(badvstr)
+        except ecdsa.Error, le:
+            # Ok, fine, the verifying key was corrupted and Crypto++ detected this fact.
+            pass
+        else:
+            self._help_test_sign_and_check_bad_keys(signer, badverifier)
 
+        # Randomize all bits of the public key.
+        badvstr = randstr(len(vstr))
+        assert badvstr != vstr, "Internal error -- randstr() produced the same string twice: %s == %s" % (badvstr, vstr)
+        try:
+            badverifier = ecdsa.create_verifying_key_from_string(badvstr)
+        except ecdsa.Error, le:
+            # Ok, fine, the key was corrupted and Crypto++ detected this fact.
+            pass
+        else:
+            self._help_test_sign_and_check_bad_keys(signer, badverifier)
+        
+        # Flip one bit of the private key.
+        badseed = flip_one_bit(seed)
+        badsigner = ecdsa.SigningKey(badseed)
+        self._help_test_sign_and_check_bad_keys(badsigner, verifier)
+
+        # Randomize all bits of the private key.
+        badseed = randstr(len(seed))
+        assert badseed != seed, "Internal error -- randstr() produced the same string twice: %s == %s" % (badseed, seed)
+        badsigner = ecdsa.SigningKey(badseed)
+        self._help_test_sign_and_check_bad_keys(badsigner, verifier)
 
 if __name__ == "__main__":
     unittest.main()
