xlN      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLM  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNoneNOPQRSTUVWXYZ[\]^_ NPQRSVWXYZ[\NOPQRSTUVWXYZ[\]^_ BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGood Safe-Inferred`sqrti returns two integer (l,b) so that l <= sqrt i <= b the implementation is quite naive, use an approximation for the first number and use a dichotomy algorithm to compute the bound relatively efficiently.a8get the extended GCD of two integer using integer divModbget the extended GCD of two integer using the extended binary algorithm (HAC 14.61) get (x,y,d) where d = gcd(a,b) and x,y satisfying ax + by = dc'check if a list of integer are all even`abc`abc`abc  Safe-Inferredd4os2ip converts a byte string into a positive integere4i2osp converts a positive integer into a byte stringf:returns the number of bytes to store an integer with i2ospdefdefdef  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNoneggenerate a positive integer between 0 and m. using as many bytes as necessary to the same size as m, that are converted to integer.h9generate a number between the inclusive bound [low,high].igenerate a positive integer of a specific size in bits. the number of bits need to be multiple of 8. It will always returns an integer that is close 2^(1+bits/8) by setting the 2 highest bits to 1.ghighighi  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGood Safe-Inferredjexponantiation_rtl_binary computes modular exponantiation as b^e mod m using the right-to-left binary exponentiation algorithm (HAC 14.79)kWexponantiation computes modular exponantiation as b^e mod m using repetitive squaring.l7inverse computes the modular inverse as in g^(-1) mod mjkljkljkl  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNone mreturns if the number is probably prime. first a list of small primes are implicitely tested for divisibility, then a fermat primality test is used with arbitrary numbers and then the Miller Rabin algorithm is used with an accuracy of 30 recursionsn/generate a prime number of the required bitsizeo|generate a prime number of the form 2p+1 where p is also prime. it is also knowed as a Sophie Germaine prime or safe prime.The number of safe prime is significantly smaller to the number of prime, as such it shouldn't be used if this number is supposed to be kept safe.p;find a prime from a starting point where the property hold.q=find a prime from a starting point with no specific property.rMiller Rabin algorithm return if the number is probably prime or composite. the tries parameter is the number of recursion, that determines the accuracy of the test.sProbabilitic Test using Fermat primility test. Beware of Carmichael numbers that are Fermat liars, i.e. this test is useless for them. always combines with some other test.teTest naively is integer is prime. while naive, we skip even number and stop iteration at i > sqrt(n)u-Test is two integer are coprime to each otherv$list of the first primes till 2903.. mnopqrs%number of iterations of the algorithm starting anumber to test for primalitytuvw mnopqrstu mnopqrstuvw BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNoneRthe random generator returns an error. give the opportunity to reseed for example.;signature is not valid r or s is not between the bound 0..q $sign message using the private key. !*verify a bytestring using the public key.  !x ! ! !x BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNoneB"generate params from a specific generator (2 or 5 are common values) we generate a safe prime (a prime number of the form 2p+1 where p is also prime)#`generate a private number with no specific property this number is usually called X in DH text.$kgenerate a public number that is for the other party benefits. this number is usually called Y in DH text.%Pgenerate a shared key using our private number and the other party public number"#$%"#$%"#$%"#$% BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNone24 )Rthe whole key is probably not valid, since the message is bigger than the key size*Rthe random generator returns an error. give the opportunity to reseed for example.+Mthe signature generated through the hash is too long to process with this key,Dthe message decrypted doesn't have a PKCS15 structure (0 2 .. 0 msg)-9the message to encrypt is too long (>= private_size - 11).Nthe message to decrypt is not of the correct size (need to be == private_size)/'decrypt message using the private key. 0encrypt a bytestring using the public key and a CryptoRandomGen random generator. - the message need to be smaller than the key size - 111@sign message using private key, a hash and its ASN1 description 2'verify message with the signed message 3:generate a pair of (private, public) key of size in bytes.&'()*+,-.yz{|/0123}~ &'()*+,-./0123(.-,+*) '&3/012&'(.-,+*)yz{|/0123}~ BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNone:Gencrypt with the key a bytestring and returns the encrypted bytestring ;Gdecrypt with the key a bytestring and returns the encrypted bytestring 1456789:;456789:;456789:;*456789:; BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNone;A`encrypt using CBC mode - IV need to be 16 bytes and the data to encrypt a multiple of 16 bytes Bencrypt using simple EBC mode C`decrypt using CBC mode - IV need to be 16 bytes and the data to decrypt a multiple of 16 bytes Ddecrypt using simple EBC mode J<=>?@ABCDEFG <=>?@ABCDEFG =<BDACEFG@?>B<=>?@ABCDEFG  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNone <=>?@ABCDEFG BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNoneIbinitCtx initialize the Ctx with the key as parameter. the key can be of any size but not empty Jqencrypt with the current context a bytestring and returns a new context and the resulted encrypted bytestring Kqdecrypt with the current context a bytestring and returns a new context and the resulted decrypted bytestring L|encrypt with the current context a lazy bytestring and returns a new context and the resulted lencrypted lazy bytestring M{decrypt with the current context a lazy bytestring and returns a new context and the resulted decrypted lazy bytestring HIJKLMHIJKLMHIJKLM HIJKLM !"#$$%$&$'()*+,-./012(3)456789+,:;;<=>?98@;ABCD9E8?FGHI98JKLLMMNOPQRSTUVWXYZ[\]^_ ` a b c d e f g h i j k l m n o p q r stuvwxyz{t||}~;cryptocipher-0.3.1Crypto.Cipher.RSACrypto.Cipher.DSACrypto.Cipher.DHCrypto.Cipher.CamelliaCrypto.Cipher.AES.HaskellCrypto.Cipher.RC4Number.Polynomial Number.BasicNumber.SerializeNumber.GenerateNumber.ModArithmetic Number.PrimeCrypto.Cipher.AEScrypto-pubkey-types-0.1.1Crypto.Types.PubKey.RSApublic_epublic_n public_size PublicKey private_qinv private_dQ private_dP private_q private_p private_d private_n private_size PrivateKeyCrypto.Types.PubKey.DSAParams Signaturepublic_y public_params private_xprivate_paramsCrypto.Types.PubKey.DH PublicNumber PrivateNumber SharedKeyErrorRandomGenFailureInvalidSignaturesignverifygenerateParamsgeneratePrivategeneratePublic getSharedHashASN1HashFKeyInternalErrorSignatureTooLongMessageNotRecognizedMessageTooLongMessageSizeIncorrectdecryptencryptgenerateKeykkwke initKey128IVAES256AES192AES128 encryptCBC decryptCBC initKey192 initKey256CtxinitCtx encryptlazy decryptlazy PolynomialMonomialtoListfromList getWeight mergePolyaddPolysubPolynegPolymulPoly squarePolyexpPolydivPoly$fShowPolynomial$fShowMonomial $fOrdMonomialsqrtigcde gcde_binaryareEvenos2ipi2osp lengthBytes generateMaxgenerateBetweengenerateOfSizeexponantiation_rtl_binaryexponantiationinverseisProbablyPrime generatePrimegenerateSafePrimefindPrimeFromWith findPrimeFromprimalityTestMillerRabinprimalityTestFermatprimalityTestNaive isCoprime smallPrimesdividesexpmodpadPKCS1 unpadPKCS1dpSlowdpFast makeSignaturegetRandomBytesi2ospOfWord128ModeEncryptDecrypt w128tow64 w64tow128w64tow8w8tow64w64tow32w32tow64w128tow8 getWord64 getWord128 putWord128sboxsbox1sbox2sbox3sbox4sigma1sigma2sigma3sigma4sigma5sigma6rotl128 setKeyInterimfeistelflflinvgetKeyKgetKeyKegetKeyKw doBlockRounddoBlock encryptBlock decryptBlock encryptChunk decryptChunkdoChunksTableAESStateA256unA256A192unA192A128unA128 serializeKey makeChunks newAESState coreEncrypt coreDecryptgetNbrinitKeyaesMain aesMainInv swapIndex coreExpandKey shiftRows addRoundKey mixColumns shiftRowsInv mixColumnsInvr8w8r32w32msbox32mrsbox32 swapBlock swapBlockInvsbox1Tabsbox2Tabsbox3Tabsbox4Tab sbox_000x sbox_00x0 sbox_0x00 sbox_x000rsboxrcongm2gm3gm9gm11gm13gm14$fSerializeAES256$fSerializeAES192$fSerializeAES128$fBlockCipherAES256$fBlockCipherAES192$fBlockCipherAES128swapsetKey getNextChar genstream