h&^       !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~                                            !!!!!!!!!!!"""####$$$%%%%&&&&&&&&&&&&&&&&&&&&&&&&&&'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''(())))))))))))))))))))))))))))))))))))))))))))))))**++++,----.........../////////////00000000000000000000000001111111111111111111111111222222222222222222222222222222222222223333333333333333333334444444444444444444445555666666666666666666666667777777788888888999999999::::::::::::::::::::::::::::::::::::::;;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<=========>>>>>>>????????@@@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCCCDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEEEEEFFFFFFFFFFGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG G G G G G H H H I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I J J J J J J J J J J J J J J J J J J J J J J J J J J J J J J J J K K L L L L L L L L L L L L L L L L L L L L L L L L L L L L L L M M N N N N N N N N NO BSD-style Safe-Inferred cryptona DES block (64 bits) cryptonBasic DES encryption which takes a key and a block of plaintext and returns the encrypted block of ciphertext according to the standard. cryptonBasic DES decryption which takes a key and a block of ciphertext and returns the decrypted block of plaintext according to the standard.  BSD-style#Vincent Hanquez  experimentalunknown Safe-InferredCcryptonFormat of paddingcrypton%PKCS5: PKCS7 with hardcoded size of 8crypton)PKCS7 with padding size between 1 and 255cryptonzero padding with block sizecryptonApply some pad to a bytearraycrypton,Try to remove some padding from a bytearray.P BSD-style#Vincent Hanquez stableGood Safe-Inferred6ucryptonA simple Either like type to represent a computation that can fail2 possibles values are:  : The computation succeeded, and contains the result of the computation  : The computation failed, and contains the cryptographic error associated cryptonEnumeration of all possible errors that can be found in this library cryptonThrow an CryptoError as exception on CryptoFailed result, otherwise return the computed value!cryptonSame as  $ but throw the error asynchronously."cryptonSimple  ( like combinator for CryptoFailable type#crypton'Transform a CryptoFailable to an Either$crypton%Transform a CryptoFailable to a Maybe  !"#$ BSD-style#Vincent Hanquez Stable Excellent Safe-Inferred  !"#$  !"#$Q BSD-style#Vincent Hanquez stableGood Safe-Inferred! crypton3Perform io for hashes that do allocation and FFI.   is used when possible as the computation is pure and the output is directly linked to the input. We also do not modify anything after it has been returned to the user. R BSD-style#Vincent Hanquez stableGood Safe-Inferred!; S BSD-style#Vincent Hanquez Stable Excellent Safe-Inferred# crypton=Chunk some input byte array into @sz byte list of byte array. T BSD-style#Vincent Hanquez stableCompat Safe-Inferred% crypton$Byteswap Word# to or from Big Endian0On a big endian machine, this function is a nop. crypton'Byteswap Word# to or from Little Endian3On a little endian machine, this function is a nop. cryptonSimple compatibility for byteswap the lower 32 bits of a Word# at the primitive level crypton experimentalunknown Safe-Inferred% V BSD-style#Vincent Hanquez Stable Excellent Safe-Inferred(x %cryptonSymmetric cipher class.&crypton&Initialize a cipher context from a key'crypton Cipher name(cryptonreturn the size of the key required for this cipher. Some cipher accept any size for key)crypton AEAD Mode;crypton%Authentication Tag for AE cipher mode>crypton7Offset inside an XTS data unit, measured in block size.?crypton)Different specifier for key size in bytes@cryptonin the range [min,max]Acryptonone of the specified valuesBcryptona specific size%&'()*+,-./0123456789:;<=>?@ABW BSD-style#Vincent Hanquez Stable Excellent Safe-Inferred)TCcryptonSymmetric stream cipher classDcryptonCombine using the stream cipherCDX BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred)1 Y BSD-style)Olivier Chron stableGood Safe-Inferred* Z BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred 161Ecrypton.Represent a digest for a given hash algorithm.This type is an instance of   from package  *https://hackage.haskell.org/package/memorymemory . Module Data.ByteArray provides many primitives to work with those values including conversion to other types.Creating a digest from a bytearray is also possible with function [.Fcrypton/Represent a context for a given hash algorithm.This type is an instance of   for debugging purpose. Internal layout is architecture dependent, may contain uninitialized data fragments, and change in future versions. The bytearray should not be used as input to cryptographic algorithms.Gcrypton7Hashing algorithms with a constant-time implementation. cryptonUpdate the context with the first N bytes of a buffer and finalize this context. The code path executed is independent from N and depends only on the complete buffer length.Hcrypton&Class representing hashing algorithms.The interface presented here is update in place and lowlevel. the Hash module takes care of hidding the mutable interface properly.Icrypton8Associated type for the block size of the hash algorithmJcrypton9Associated type for the digest size of the hash algorithmKcryptonAssociated type for the internal context size of the hash algorithmLcrypton&Get the block size of a hash algorithmMcrypton'Get the digest size of a hash algorithmNcrypton5Get the size of the context used for a hash algorithmOcryptonInitialize a context pointer to the initial state of a hash algorithmPcrypton%Update the context with some raw dataQcryptonFinalize the context and set the digest raw memory to the right valueE F G HIJKMNQOPL\ BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred162Rcrypton&Whirlpool cryptographic hash algorithmRS] BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred163HTcrypton"Tiger cryptographic hash algorithmTU^ BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred164Vcrypton0Skein512 (512 bits) cryptographic hash algorithmXcrypton0Skein512 (384 bits) cryptographic hash algorithmZcrypton0Skein512 (256 bits) cryptographic hash algorithm\crypton0Skein512 (224 bits) cryptographic hash algorithmVWXYZ[\]_ BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred165^crypton0Skein256 (256 bits) cryptographic hash algorithm`crypton0Skein256 (224 bits) cryptographic hash algorithm^_`a` BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred166bcrypton/SHA512t (256 bits) cryptographic hash algorithmdcrypton/SHA512t (224 bits) cryptographic hash algorithmbcdea BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred167Afcrypton#SHA512 cryptographic hash algorithmfgb BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred167hcrypton#SHA384 cryptographic hash algorithmhic BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred169Bjcrypton,SHA3 (512 bits) cryptographic hash algorithmlcrypton,SHA3 (384 bits) cryptographic hash algorithmncrypton,SHA3 (256 bits) cryptographic hash algorithmpcrypton,SHA3 (224 bits) cryptographic hash algorithmjklmnopqd BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred169rcrypton#SHA256 cryptographic hash algorithmrse BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred16:tcrypton#SHA224 cryptographic hash algorithmtuf BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred16;5vcrypton!SHA1 cryptographic hash algorithmvwg BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred16;xcrypton&RIPEMD160 cryptographic hash algorithmxyh BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred16<zcrypton MD5 cryptographic hash algorithmz{i BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred16=!|crypton MD4 cryptographic hash algorithm|}j BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred16=~crypton MD2 cryptographic hash algorithm~k BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred16?+crypton.Keccak (512 bits) cryptographic hash algorithmcrypton.Keccak (384 bits) cryptographic hash algorithmcrypton.Keccak (256 bits) cryptographic hash algorithmcrypton.Keccak (224 bits) cryptographic hash algorithm BSD-style#Vincent Hanquez  experimentalunknown Safe-InferredBtcryptonA Mutable hash contextThis type is an instance of   for debugging purpose. Internal layout is architecture dependent, may contain uninitialized data fragments, and change in future versions. The bytearray should not be used as input to cryptographic algorithms.crypton"Create a new mutable hash context.the algorithm used is automatically determined from the return constraint.crypton"Create a new mutable hash context.0The algorithm is explicitely passed as parametercrypton&Update a mutable hash context in placecrypton4Finalize a mutable hash context and compute a digestcrypton:Reset the mutable context to the initial state of the hashHIJKMNQOPLHIJKMNQOPLl BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred16Ccrypton0Blake2sp (256 bits) cryptographic hash algorithmcrypton0Blake2sp (224 bits) cryptographic hash algorithmm BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred16Dcrypton/Blake2s (256 bits) cryptographic hash algorithmcrypton/Blake2s (224 bits) cryptographic hash algorithmcrypton/Blake2s (160 bits) cryptographic hash algorithmn BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred16Ecrypton0Blake2bp (512 bits) cryptographic hash algorithmo BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred16G,crypton/Blake2b (512 bits) cryptographic hash algorithmcrypton/Blake2b (384 bits) cryptographic hash algorithmcrypton/Blake2b (256 bits) cryptographic hash algorithmcrypton/Blake2b (224 bits) cryptographic hash algorithmcrypton/Blake2b (160 bits) cryptographic hash algorithm p BSD-style#Vincent Hanquez Stable Excellent Safe-InferredH' crypton)Compute the gfmul with the XTS polynomialblock size need to be 128 bits."FIXME: add support for big endian. q BSD-style#Vincent Hanquez Stable Excellent Safe-InferredKcrypton8Authenticated Encryption with Associated Data algorithmscryptonAEAD Implementationcrypton1Append some header information to an AEAD contextcrypton-Encrypt some data and update the AEAD contextcrypton-Decrypt some data and update the AEAD contextcrypton;Finalize the AEAD context and return the authentication tagcryptonSimple AEAD encryptioncryptonSimple AEAD decryptioncryptonA new AEAD Contextcrypton#Optional Authentication data headercryptonOptional Plaintextcrypton Tag lengthcrypton!Authentication tag and ciphertextcryptonA new AEAD Contextcrypton#Optional Authentication data headercrypton CiphertextcryptonThe authentication tagcrypton Plaintextr BSD-style#Vincent Hanquez Stable Excellent Safe-Inferred(Tcrypton0class of block cipher with a 128 bits block sizecryptonencrypt using the XTS mode.input need to be a multiple of the blocksize, and the cipher need to process 128 bits block onlycryptondecrypt using the XTS mode.input need to be a multiple of the blocksize, and the cipher need to process 128 bits block onlycryptonSymmetric block cipher classcrypton7Return the size of block required for this block ciphercryptonEncrypt blocks6the input string need to be multiple of the block sizecryptonDecrypt blocks6the input string need to be multiple of the block sizecryptonencrypt using the CBC mode.,input need to be a multiple of the blocksizecryptondecrypt using the CBC mode.,input need to be a multiple of the blocksizecryptonencrypt using the CFB mode.,input need to be a multiple of the blocksizecryptondecrypt using the CFB mode.,input need to be a multiple of the blocksizecryptoncombine using the CTR mode.CTR mode produce a stream of randomized data that is combined (by XOR operation) with the input stream.1encryption and decryption are the same operation.input can be of any sizecryptonInitialize a new AEAD State:When Nothing is returns, it means the mode is not handled. crypton XTS callbackcrypton an IV parametrized by the ciphercrypton)Create an IV for a specified block ciphercrypton:Create an IV that is effectively representing the number 0cryptonIncrement an IV by a number.&Assume the IV is in Big Endian format.crypton2Usually represent the Data Unit (e.g. disk sector)crypton+Offset in the data unit in number of blockscrypton Plaintextcrypton Ciphertextcrypton2Usually represent the Data Unit (e.g. disk sector)crypton+Offset in the data unit in number of blockscrypton Ciphertextcrypton Plaintext crypton2Usually represent the Data Unit (e.g. disk sector)crypton+Offset in the data unit in number of blockscryptonDatacryptonProcessed Data!   BSD-style#Vincent Hanquez Stable Excellent Safe-Inferred6U<%&'()*+,-./0123456789:;<=>?@ABCD%&'(CD>?@AB)*+,-.3456789:/012;<= BSD-style"Kei Hibino  experimentalunknown Safe-InferredXcryptonCompute Miyaguchi-Preneel one way compress using the supplied block cipher.cryptonCompute Miyaguchi-Preneel one way compress using the inferred block cipher. Only safe when KEY-SIZE equals to BLOCK-SIZE. Simple usage "mp' msg :: MiyaguchiPreneel AES128 crypton%computation step of Miyaguchi-Preneelcryptonkey build function to compute Miyaguchi-Preneel. care about block-size and key-sizecrypton input messagecrypton output tagcrypton input messagecrypton output tag Safe-InferredX  BSD-style experimental??? Safe-InferredZGcrypton3DES where the first and third keys are equal, used in alternative directioncrypton3DES where the first and third keys are equal, used in the same directioncrypton83DES with 3 different keys used in alternative directioncrypton93DES with 3 different keys used all in the same direction  BSD-style#Vincent Hanquez stablegood Safe-InferredZcrypton DES Context  BSD-style#Vincent Hanquez stablegood Safe-Inferred]crypton Salsa contextcryptonInitialize a new Salsa context with the number of rounds, the key and the nonce associated.cryptonCombine the salsa output and an arbitrary message with a xor, and return the combined output and the new state.crypton9Generate a number of bytes from the Salsa output directlycryptonnumber of rounds (8,12,20)cryptonthe key (128 or 256 bits)cryptonthe nonce (64 or 96 bits)cryptonthe initial Salsa statecryptonthe current Salsa statecrypton$the source to xor with the generatorcryptonthe current Salsa statecryptonthe length of data to generate  BSD-style-Brandon Hamilton stablegood Safe-InferredacryptonInitialize a new XSalsa context with the number of rounds, the key and the nonce associated.cryptonUse an already initialized context and new nonce material to derive another XSalsa context.4This allows a multi-level cascade where a first key k1 and nonce n1 is used to get  HState(k1,n1)%, and this value is then used as key k2 to build  XSalsa(k2,n2) . Function - is to be called with the first 192 bits of n1|n2, and the call to derive# should add the remaining 128 bits.The output context always uses the same number of rounds as the input context.cryptonnumber of rounds (8,12,20)cryptonthe key (256 bits)cryptonthe nonce (192 bits)cryptonthe initial XSalsa statecryptonbase XSalsa statecryptonthe remainder nonce (128 bits)cryptonthe new XSalsa state  BSD-style#Vincent Hanquez stableGood Safe-InferredfncryptonThe encryption state for RC4This type is an instance of   for debugging purpose. Internal layout is architecture dependent, may contain uninitialized data fragments, and change in future versions. The bytearray should not be used as input to cryptographic algorithms. crypton%C Call for initializing the encryptorcryptonRC4 context initialization.seed the context with an initial key. the key size need to be adequate otherwise security takes a hit.cryptongenerate the next len bytes of the rc4 stream without combining it to anything.crypton3RC4 xor combination of the rc4 stream with an input cryptonPointer to the permutationcryptonPointer to the clear textcryptonLength of the clear textcrypton Output buffer crypton The rc4 keycryptonThe key lengthcrypton The contextcryptonThe keycrypton%The RC4 context with the key mixed incrypton rc4 contextcryptoninputcryptonnew rc4 context, and the output BSD-style#Vincent Hanquez stablegood Safe-Inferredjcryptonstablegood Safe-Inferred(" crypton AESCCM State crypton AESOCB State crypton AESGCM State cryptonAES Context (pre-processed key) crypton)Create an AES AEAD implementation for GCM crypton)Create an AES AEAD implementation for OCB crypton)Create an AES AEAD implementation for CCM crypton#Initialize a new context with a keyKey needs to be of length 16, 24 or 32 bytes. Any other values will return failure crypton(encrypt using Electronic Code Book (ECB) crypton)encrypt using Cipher Block Chaining (CBC) cryptongenerate a counter mode pad. this is generally xor-ed to an input to make the standard counter mode block operations.if the length requested is not a multiple of the block cipher size, more data will be returned, so that the returned bytearray is a multiple of the block cipher size. cryptongenerate a counter mode pad. this is generally xor-ed to an input to make the standard counter mode block operations.if the length requested is not a multiple of the block cipher size, more data will be returned, so that the returned bytearray is a multiple of the block cipher size. Similiar to  - but also return the next IV for continuation crypton encrypt using Counter mode (CTR)stablegood Safe-InferredcryptonAES with 256 bit keycryptonAES with 192 bit keycryptonAES with 128 bit keyt Safe-Inferred /1cryptonensure the given bitlen is divisible by 8cryptonensure the given bitlen is greater or equal to ncryptonensure the given bitlen is lesser or equal to n  u BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred 16cryptonSHAKE256 (256 bits) extendable output function. Supports an arbitrary digest size, to be specified as a type parameter of kind  .Note: outputs from  n and  m for the same input are correlated (one being a prefix of the other). Results are unrelated to  results.cryptonSHAKE128 (128 bits) extendable output function. Supports an arbitrary digest size, to be specified as a type parameter of kind  .Note: outputs from  n and  m for the same input are correlated (one being a prefix of the other). Results are unrelated to  results.cryptonType class of SHAKE algorithms. crypton(Alternate finalization needed for cSHAKE cryptonGet the digest bit length v BSD-style*Nicolas Di Prima  experimentalunknown Safe-Inferred16cryptonFast cryptographic hash.6It is especially known to target 64bits architectures.Known supported digest sizes: Blake2b 160 Blake2b 224 Blake2b 256 Blake2b 384 Blake2b 512crypton1Fast and secure alternative to SHA1 and HMAC-SHA16It is espacially known to target 32bits architectures.Known supported digest sizes: Blake2s 160 Blake2s 224 Blake2s 256 BSD-style#Vincent Hanquez  experimentalunknown Safe-InferredOGHRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~HG~|}z{vwturshifgdebcxyTUpqnolmjk`a^_\]Z[XYVWRS BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred# crypton'Hash a strict bytestring into a digest.cryptonHash the first N bytes of a bytestring, with code path independent from N.crypton%Hash a lazy bytestring into a digest.crypton0Initialize a new context for this hash algorithmcryptonrun hashUpdates on one single bytestring and return the updated context.cryptonUpdate the context with a list of strict bytestring, and return a new context with the updates.crypton'Finalize a context and return a digest.cryptonUpdate the context with the first N bytes of a bytestring and return the digest. The code path is independent from N but much slower than a normal . The function can be called for the last bytes of a message, in order to exclude a variable padding, without leaking the padding length. The begining of the message, never impacted by the padding, should preferably go through  for better performance.crypton7Initialize a new context for a specified hash algorithmcryptonRun the 8 function but takes an explicit hash algorithm parametercryptonRun the 8 function but takes an explicit hash algorithm parametercryptonTry to transform a bytearray into a Digest of specific algorithm.If the digest is not the right size for the algorithm specified, then Nothing is returned.EFGHLMRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~FELMw BSD-style#Vincent Hanquez stableGood Safe-Inferred cryptonArray of mutable Word32 cryptonArray of Word64 cryptonArray of Word32 cryptonArray of Word8 crypton*Create an array of Word8 aliasing an Addr# cryptonCreate an Array of Word32 of specific size from a list of Word32 crypton-Create an Array of BE Word32 aliasing an Addr crypton.Create an Array of Word32 using an initializer cryptonCreate an Array of Word64 of specific size from a list of Word64 cryptonCreate a Mutable Array of Word32 of specific size from a list of Word32 crypton4Create a Mutable Array of BE Word32 aliasing an Addr cryptonfreeze a Mutable Array of Word32 into a immutable Array of Word32 cryptonRead a Word8 from an Array cryptonRead a Word32 from an Array cryptonRead a Word64 from an Array crypton,Read a Word32 from a Mutable Array of Word32 crypton-Write a Word32 from a Mutable Array of Word32 cryptonWrite into the Mutable Array of Word32 by combining through xor the current value and the new value. x[i] = x[i] xor value x Safe-Inferred crypton-Initialize a 128-bit, 192-bit, or 256-bit keyReturn the initialized key or a error message if the given keyseed was not 16-bytes in length. crypton1Encrypts the given ByteString using the given Key crypton1Decrypts the given ByteString using the given Key crypton%The key to create the twofish context cryptonThe key to usecryptonThe data to encrypt cryptonThe key to usecryptonThe data to decrypt  Safe-Inferredy BSD-style Safe-Inferredv cryptonAll subkeys for 12 or 16 rounds crypton(Encrypts a block using the specified key crypton(Decrypts a block using the specified key crypton+Precompute "masking" and "rotation" subkeys cryptonTrue( for short keys that only need 12 roundscryptonInput key padded to 16 bytescryptonOutput data structure  BSD-style)Olivier Chron stablegood Safe-InferredDcryptonCAST5 block cipher (also known as CAST-128). Key is between 40 and 128 bits.z BSD-style experimentalGood Safe-Inferredo cryptonCopy the state of one key schedule into the other. The first parameter is the destination and the second the source. cryptonCreate a key schedule mutable array of the pbox followed by all the sboxes. { BSD-style experimentalGood Safe-Inferred crypton-Initialize a new Blowfish context from a key.'key needs to be between 0 and 448 bits. cryptonGet an immutable Blowfish context by freezing a mutable key schedule. cryptonEncrypt blocks&Input need to be a multiple of 8 bytes cryptonDecrypt blocks&Input need to be a multiple of 8 bytes crypton-Encrypt or decrypt a single block of 64 bits.;The inverse argument decides whether to encrypt or decrypt. cryptonBlowfish encrypt a Word using the current state of the key schedule cryptonThe key schedulecryptonThe keycryptonThe salt cryptonThe key schedulecryptonThe keycryptonFirst word of the saltcryptonSecond word of the salt  BSD-style#Vincent Hanquez stablegood Safe-Inferredcrypton448 bit keyed blowfish statecrypton256 bit keyed blowfish statecrypton128 bit keyed blowfish statecrypton64 bit keyed blowfish statecryptonvariable keyed blowfish state| BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred cryptonSplit a   into the highest and lowest  cryptonReconstruct a   from two   } BSD-style#Vincent Hanquez  experimentalGood Safe-Inferred2 cryptonCamellia context cryptonInitialize a 128-bit keyReturn the initialized key or a error message if the given keyseed was not 16-bytes in length. crypton1Encrypts the given ByteString using the given Key crypton1Decrypts the given ByteString using the given Key crypton&The key to create the camellia context cryptonThe key to usecryptonThe data to encrypt cryptonThe key to usecryptonThe data to decrypt  BSD-style#Vincent Hanquez  experimentalGood Safe-Inferredcrypton&Camellia block cipher with 128 bit key BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred cryptonParameters that can be adjusted to change the runtime performance of the hashing.cryptonWhich variant of Argon2 to use.cryptonWhich version of Argon2 to use.cryptonA parallelism degree, which defines the number of parallel threads.~ <= hashParallelism <= ~ && ~ <= hashParallelism <= ~cryptonThe memory cost, which defines the memory usage, given in kibibytes.max ~ (8 * hashParallelism) <=  hashMemory <= ~cryptonThe time cost, which defines the amount of computation realized and therefore the execution time, given in number of iterations.~ <= hashIterations <= ~cryptonWhich version of Argon2 to usecryptonWhich variant of Argon2 to use. You should choose the variant that is most applicable to your intention to hash inputs.cryptonArgon2d is faster than Argon2i and uses data-depending memory access, which makes it suitable for cryptocurrencies and applications with no threats from side-channel timing attacks.cryptonArgon2i uses data-independent memory access, which is preferred for password hashing and password-based key derivation. Argon2i is slower as it makes more passes over the memory to protect from tradeoff attacks.cryptonArgon2id is a hybrid of Argon2i and Argon2d, using a combination of data-depending and data-independent memory accesses, which gives some of Argon2i's resistance to side-channel cache timing attacks and much of Argon2d's resistance to GPU cracking attacks BSD-style experimentalGood Safe-Inferred~cryptonThe number of user-defined iterations for the algorithm (must be > 0)cryptonThe number of bytes to generate out of BCryptPBKDF (must be in 1..1024)cryptonDerive a key of specified length using the bcrypt_pbkdf algorithm.cryptonInternal hash function used by ."Normal users should not need this. BSD-style"Kei Hibino  experimentalunknown Safe-InferredcryptonAuthentication codecrypton'compute a MAC using the supplied ciphercryptonmake sub-keys used in CMACcryptonkey to compute CMAC withcrypton input messagecrypton output tagcryptonkey to compute CMAC withcryptonsub-keys to compute CMAC crypton width in bytecrypton(irreducible binary polynomial definitioncryptonresult bit pattern BSD-style#Vincent Hanquez  experimentalunknown Safe-InferredHcrypton;Represent an ongoing HMAC state, that can be appended with  and finalize to an HMAC with  hmacFinalizecryptonRepresent an HMAC that is a phantom type with the hash used to produce the mac.The Eq instance is constant time. No Show instance is provided, to avoid printing by mistake.crypton1Compute a MAC using the supplied hashing functioncryptonCompute a MAC using the supplied hashing function, for a lazy inputcrypton)Initialize a new incremental HMAC contextcrypton#Incrementally update a HMAC contextcrypton9Increamentally update a HMAC context with multiple inputscrypton,Finalize a HMAC context and return the HMAC.crypton Secret keycryptonMessage to MACcrypton Secret keycryptonMessage to MACcrypton Secret keycryptonCurrent HMAC contextcryptonMessage to append to the MACcryptonUpdated HMAC contextcryptonCurrent HMAC contextcryptonMessages to append to the MACcryptonUpdated HMAC context   BSD-style#Vincent Hanquez  experimentalunknown Safe-InferredcryptonParameters for PBKDF2cryptonthe number of user-defined iterations for the algorithms. e.g. WPA2 uses 4000.crypton-the number of bytes to generate out of PBKDF2cryptonThe PRF used for PBKDF2crypton>PRF for PBKDF2 using HMAC with the hash algorithm as parametercrypton;generate the pbkdf2 key derivation function from the outputcryptonthe password parameterscrypton the contentcryptonprf(password,content)   BSD-style#Vincent Hanquez  experimentalunknown Safe-InferredcryptonParameters for ScryptcryptonCpu/Memory cost ratio. must be a power of 2 greater than 1. also known as N.cryptonMust satisfy r * p < 2^30cryptonMust satisfy r * p < 2^30crypton-the number of bytes to generate out of Scryptcrypton'Generate the scrypt key derivation data BSD-style#Vincent Hanquez  experimentalunknown Safe-InferredcryptonPseudo Random KeycryptonExtract a Pseudo Random Key using the parameter and the underlaying hash mechanismcrypton2Create a PRK directly from the input key material.Only use when guaranteed to have a good quality and random data to use directly as key. This effectively skip a HMAC with key=salt and data=key.crypton experimentalunknown Safe-Inferredcrypton;Represent an ongoing KMAC state, that can be appended with  and finalized to a  with .cryptonRepresent a KMAC that is a phantom type with the hash used to produce the mac.The Eq instance is constant time. No Show instance is provided, to avoid printing by mistake.crypton?Compute a KMAC using the supplied customization string and key.cryptonInitialize a new incremental KMAC context with the supplied customization string and key.crypton$Incrementally update a KMAC context.crypton9Incrementally update a KMAC context with multiple inputs.crypton,Finalize a KMAC context and return the KMAC.   BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferredcrypton Poly1305 Authcrypton(Poly1305 State. use State instead of CtxcryptonPoly1305 StateThis type is an instance of   for debugging purpose. Internal layout is architecture dependent, may contain uninitialized data fragments, and change in future versions. The bytearray should not be used as input to cryptographic algorithms.cryptoninitialize a Poly1305 contextcrypton"update a context with a bytestringcrypton+updates a context with multiples bytestringcrypton-finalize the context into a digest bytestringcryptonOne-pass authorization creation   BSD-style#Vincent Hanquez stablegood Safe-Inferredą cryptonValid Nonce for ChaChaPoly1305.It can be created with  or cryptonA ChaChaPoly1305 State.9The state is immutable, and only new state can be createdcrypton6Nonce smart constructor 12 bytes IV, nonce constructorcrypton8 bytes IV, nonce constructorcryptonIncrement a noncecrypton%Initialize a new ChaChaPoly1305 StateThe key length need to be 256 bits, and the nonce procured using either  or cryptonAppend Authenticated Data to the State and return the new modified State.Once no further call to this function need to be make, the user should call crypton>Finalize the Authenticated Data and return the finalized StatecryptonEncrypt a piece of data and returns the encrypted Data and the updated State.cryptonDecrypt a piece of data and returns the decrypted Data and the updated State.crypton.Generate an authentication tag from the State.crypton4 bytes constantcrypton 8 bytes IV   BSD-style#Vincent Hanquez  experimentalGood Safe-Inferred cryptonGMP Supported / Unsupported cryptonSimple combinator in case the operation is not supported through GMP crypton-Compute the GCDE of a two integer through GMP crypton6Compute the binary logarithm of an integer through GMP cryptonCompute the power modulus using extra security to remain constant time wise through GMP crypton%Compute the power modulus through GMP crypton'Inverse modulus of a number through GMP crypton4Get the next prime from a specific value through GMP crypton,Test if a number is prime using Miller Rabin crypton&Return the size in bytes of an integer crypton%Return the size in bits of an integer crypton*Export an integer to a memory (big-endian) crypton-Export an integer to a memory (little-endian) crypton,Import an integer from a memory (big-endian) crypton/Import an integer from a memory (little-endian)  BSD-style#Vincent Hanquez  experimentalGood Safe-Inferredcryptonsqrti returns two integers (l,b) so that l <= sqrt i <= b. The implementation is quite naive, use an approximation for the first number and use a dichotomy algorithm to compute the bound relatively efficiently.crypton8Get the extended GCD of two integer using integer divModgcde a b& find (x,y,gcd(a,b)) where ax + by = dcrypton'Check if a list of integer are all evencrypton)Compute the binary logarithm of a integercrypton)Compute the number of bits for an integercrypton*Compute the number of bytes for an integercrypton4Express an integer as an odd number and a power of 2 BSD-style#Vincent Hanquez  Experimental Excellent Safe-Inferred6d cryptonDefine a point on a curve. cryptonPoint at Infinity cryptonECC Private Number cryptonDefine common parameters in a curve definition of the form: y^2 = x^3 + ax + b. cryptoncurve parameter a cryptoncurve parameter b crypton base point crypton order of G cryptoncofactor crypton!get the size of the curve in bits crypton"get the size of the curve in bytes crypton*Define names for known recommended curves.   BSD-style"Danny Navarro  experimentalGood Safe-InferredW crypton+Binary Polynomial represented by an integercrypton-Addition over FAm. This is just a synonym of  .cryptonReduction by modulo over FAm.This function is undefined for negative arguments, because their bit representation is platform-dependent. Zero modulus is also prohibited.cryptonMultiplication over FAm.This function is undefined for negative arguments, because their bit representation is platform-dependent. Zero modulus is also prohibited.cryptonSquaring over FAm.This function is undefined for negative arguments, because their bit representation is platform-dependent. Zero modulus is also prohibited.crypton.Squaring over FAm without reduction by modulo.The implementation utilizes the fact that for binary polynomial S(x) we have S(x)^2 = S(x^2). In other words, insert a zero bit between every bits of argument: 1101 -> 1010001.This function is undefined for negative arguments, because their bit representation is platform-dependent.crypton#Exponentiation in FAm by computing  a^b mod fx.This implements an exponentiation by squaring based solution. It inherits the same restrictions as $. Negative exponents are disallowed.cryptonSquare rooot in FAm.We exploit the fact that  a^(2^m) = a, or in particular, a^(2^m - 1) = 1 from a classical result by Lagrange. Thus the square root is simply a^(2^(m - 1)). crypton,Extended GCD algorithm for polynomials. For a and b returns  (g, u, v) such that a * u + b * v == g. Reference: https://en.wikipedia.org/wiki/Polynomial_greatest_common_divisor#B.C3.A9zout.27s_identity_and_extended_GCD_algorithmcrypton Modular inversion over FAm. If n doesn't have an inverse,   is returned.This function is undefined for negative arguments, because their bit representation is platform-dependent. Zero modulus is also prohibited.cryptonDivision over FAm. If the dividend doesn't have an inverse it returns  .This function is undefined for negative arguments, because their bit representation is platform-dependent. Zero modulus is also prohibited.cryptonModuluscryptonModuluscryptonModuluscryptonModuluscryptonacryptonbcryptonModuluscryptonacryptonModuluscryptonModuluscryptonDividendcryptonDivisorcryptonQuotient  ! BSD-style#Vincent Hanquez  experimentalGood Safe-Inferredu crypton8Raised when the assumption about the modulus is invalid. cryptonRaised when two numbers are supposed to be coprimes but are not.cryptonCompute the modular exponentiation of base^exponent using algorithms design to avoid side channels and timing measurementModulo need to be odd otherwise the normal fast modular exponentiation is used.When used with integer-simple, this function is not different from expFast, and thus provide the same unstudied and dubious timing and side channels claims.Before GHC 8.4.2, powModSecInteger is missing from integer-gmp, so expSafe has the same security as expFast.cryptonCompute the modular exponentiation of base^exponent using the fastest algorithm without any consideration for hiding parameters.Use this function when all the parameters are public, otherwise  should be preferred. cryptonexponentiation$ computes modular exponentiation as  b^e mod m using repetitive squaring.cryptoninverse$ computes the modular inverse as in  g^(-1) mod m.cryptonCompute the modular inverse of two coprime numbers. This is equivalent to inverse except that the result is known to exists.If the numbers are not defined as coprime, this function will raise a  .crypton experimentalGood Safe-Inferred1crypton(get a runtime proof that the constraint  n is satifiedcrypton(get a runtime proof that the constraint  value bound is satifiedcrypton(get a runtime proof that the constraint  value bound is satified" BSD-style#Vincent Hanquez  experimentalGood Safe-Inferred^cryptonFill a pointer with the big endian binary representation of an integerIf the room available ptrSz is less than the number of bytes needed, 0 is returned. Likewise if a parameter is invalid, 0 is returned.#Returns the number of bytes writtencrypton Similar to 3, except it will pad any remaining space with zero.cryptonTransform a big endian binary integer representation pointed by a pointer and a size into an integer# BSD-style#Vincent Hanquez  experimentalGood Safe-Inferredcryptonos2ip0 converts a byte string into a positive integer.cryptoni2osp0 converts a positive integer into a byte string.The first byte is MSB (most significant byte); the last byte is the LSB (least significant byte)crypton Just like , but takes an extra parameter for size. If the number is too big to fit in len bytes,  ? is returned otherwise the number is padded with 0 to fit the len required.crypton Just like  except that it doesn't expect a failure: i.e. an integer larger than the number of output bytes requested.For example if you just took a modulo of the number that represent the size (example the RSA modulo n).$ BSD-style#Vincent Hanquez  experimentalGood Safe-InferredcryptonFill a pointer with the little endian binary representation of an integerIf the room available ptrSz is less than the number of bytes needed, 0 is returned. Likewise if a parameter is invalid, 0 is returned.#Returns the number of bytes writtencrypton Similar to 3, except it will pad any remaining space with zero.cryptonTransform a little endian binary integer representation pointed by a pointer and a size into an integer% BSD-style#Vincent Hanquez  experimentalGood Safe-Inferred3cryptonos2ip0 converts a byte string into a positive integer.cryptoni2osp0 converts a positive integer into a byte string.The first byte is LSB (least significant byte); the last byte is the MSB (most significant byte)crypton Just like , but takes an extra parameter for size. If the number is too big to fit in len bytes,  ? is returned otherwise the number is padded with 0 to fit the len required.crypton Just like  except that it doesn't expect a failure: i.e. an integer larger than the number of output bytes requested.For example if you just took a modulo of the number that represent the size (example the RSA modulo n).& Safe-Inferredcrypton"An integral time value in seconds.cryptonThe strength of the calculated HOTP value, namely the number of digits (between 4 and 9) in the extracted value.crypton9A one-time password which is a sequence of 4 to 9 digits.cryptonAttempt to resynchronize the server's counter value with the client, given a sequence of HOTP values.cryptonThe default TOTP configuration.crypton7Create a TOTP configuration with customized parameters.crypton*Calculate a totp value for the given time.cryptonCheck a supplied TOTP value is valid for the given time, within the window defined by the skew parameter.cryptonNumber of digits in the HOTP value extracted from the calculated HMACcrypton+Shared secret between the client and servercrypton8Counter value synchronized between the client and servercryptonThe HOTP valuecryptonThe look-ahead window parameter. Up to this many values will be calculated and checked against the value(s) submitted by the clientcryptonThe shared secretcrypton The current server counter valuecryptonThe first OTP submitted by the client and a list of additional sequential OTPs (which may be empty)cryptonThe new counter value, synchronized with the client's current counter or Nothing if the submitted OTP values didn't match anywhere within the windowcryptonThe T0 parameter in seconds. This is the Unix time from which to start counting steps (default 0). Must be before the current time.cryptonThe time step parameter X in seconds (default 30, maximum allowed 300)crypton0Number of required digits in the OTP (default 6)cryptonThe number of time steps to check either side of the current value to allow for clock skew between client and server and or delay in submitting the value. The default is two time steps.cryptonThe shared secretcryptonThe time for which the OTP should be calculated. This is usually the current time as returned by "Data.Time.Clock.POSIX.getPOSIXTime' BSD-style#Vincent Hanquez  Experimental Excellent Safe-Inferred6crypton*Define names for known recommended curves.cryptonDefine common parameters in a curve definition of the form: y^2 = x^3 + ax + b.cryptoncurve parameter acryptoncurve parameter bcrypton base pointcrypton order of GcryptoncofactorcryptonDefine an elliptic curve in p. The first parameter is the Prime Number.cryptonDefine an elliptic curve in (2^m). The firt parameter is the Integer representatioin of the irreducible polynomial f(x).cryptonDefine a point on a curve.cryptonPoint at InfinitycryptonECC Private NumbercryptonECC Public Pointcrypton.Define either a binary curve or a prime curve.crypton(2^m)cryptonpcrypton5Parameters in common between binary and prime curves.cryptonIrreducible polynomial representing the characteristic of a CurveBinary.crypton=Prime number representing the characteristic of a CurvePrime.crypton!get the size of the curve in bitscryptonGet the curve definition associated with a recommended known curve name.:: BSD-style#Vincent Hanquez  experimentalGood Safe-Inferred cryptonThis is a strict version of and cryptonThis is a strict version of &&. crypton$Truncate and hash for DSA and ECDSA. crypton$Truncate a digest for DSA and ECDSA. ( BSD-style#Vincent Hanquez  experimentalGood Safe-Inferredcrypton%Represent a mask generation algorithmcryptonMask generation algorithm MGF1cryptonseedcryptonlength to generate) BSD-style#Vincent Hanquez  experimentalGood Safe-Inferred6BcryptonRepresent RSA KeyPairnote the RSA private key contains already an instance of public key for efficiencycryptonRepresent a RSA private key.-Only the pub, d fields are mandatory to fill.p, q, dP, dQ, qinv are by-product during RSA generation, but are useful to record here to speed up massively the decrypt and sign operation./implementations can leave optional fields to 0.crypton,public part of a private key (size, n and e)cryptonprivate exponent dcryptonp prime numbercryptonq prime numbercrypton d mod (p-1)crypton d mod (q-1)crypton q^(-1) mod pcryptonRepresent a RSA public keycryptonsize of key in bytescrypton public p*qcryptonpublic exponent ecrypton8error possible during encryption, decryption or signing.cryptonthe message to decrypt is not of the correct size (need to be == private_size)crypton"the message to encrypt is too longcryptonthe message decrypted doesn't have a PKCS15 structure (0 2 .. 0 msg)crypton the message's digest is too longcrypton-some parameters lead to breaking assumptions.cryptonBlinder which is used to obfuscate the timing of the decryption primitive (used by decryption and signing).crypton(get the size in bytes from a private keycryptonget n from a private keycryptonget e from a private keycryptonPublic key of a RSA KeyPaircryptonPrivate key of a RSA KeyPair* BSD-style#Vincent Hanquez  experimentalGood Safe-InferredGcryptonCompute the RSA decrypt primitive. if the p and q numbers are available, then dpFast is used otherwise, we use dpSlow which only need d and n.crypton!Compute the RSA encrypt primitive cryptonmultiply 2 integers in Zm only performing the modulo operation if necessary BSD-style#Vincent Hanquez  experimentalGood Safe-Inferred  cryptonA handle to an entropy maker, either a system capability or a hardware generator. crypton%Try to open an handle for this source cryptonTry to gather a number of entropy bytes into a buffer. Return the number of actual bytes gathered cryptonClose an open handle  BSD-style#Vincent Hanquez  experimentalGood Safe-Inferred  crypton3Fake handle to Intel RDRand entropy CPU instruction  BSD-style#Vincent Hanquez  experimentalGood Safe-Inferred  cryptonEntropy device devurandom on unix system cryptonEntropy device devrandom on unix system  BSD-style#Vincent Hanquez stablegood Safe-Inferred BcryptonAny Entropy BackendcryptonAll supported backends cryptonOpen a backend handlecrypton%Gather randomness from an open handlecryptonAn open Entropy BackendcryptonPointer to a buffer to write tocryptonnumber of bytes to writecrypton+return the number of bytes actually written+ BSD-style#Vincent Hanquez  experimentalGood Safe-InferredcryptonRefill the entropy in a bufferCall each entropy backend in turn until the buffer has been replenished.If the buffer cannot be refill after 3 loopings, this will raise an User Error exception, BSD-style#Vincent Hanquez  experimentalGood Safe-Inferred?crypton2Get some entropy from the system source of entropy- BSD-style#Vincent Hanquez  experimentalGood Safe-InferredcryptonPool of Entropy. Contains a self-mutating pool of entropy, that is always guaranteed to contain data.crypton,Create a new entropy pool of a specific sizeWhile you can create as many entropy pools as you want, the pool can be shared between multiples RNGs.crypton.Create a new entropy pool with a default size.While you can create as many entropy pools as you want, the pool can be shared between multiples RNGs. crypton-Put a chunk of the entropy pool into a buffercrypton.Grab a chunk of entropy from the entropy pool.. BSD-style#Vincent Hanquez  experimentalGood Safe-InferredcryptonA simple Monad class very similar to a State Monad with the state being a DRG.crypton,A Deterministic Random Generator (DRG) classcrypton)Generate N bytes of randomness from a DRGcrypton7A monad constraint that allows to generate random bytescryptonRun a pure computation with a Deterministic Random Generator in the  BSD-style#Vincent Hanquez  experimentalGood Safe-InferredcryptonA referentially transparent System representation of the random evaluated out of the system.Holding onto a specific DRG means that all the already evaluated bytes will be consistently replayed.There's no need to reseed this DRG, as only pure entropy is represented here.crypton#Grab one instance of the System DRG BSD-style#Vincent Hanquez stablegood Safe-Inferredcrypton%ChaCha Deterministic Random Generator cryptonInitialize a new ChaCha context with the number of rounds, the key and the nonce associated. cryptonInitialize a new ChaCha context from 5-tuple of words64. This interface is useful when creating a RNG out of tests generators (e.g. QuickCheck). crypton40 bytes of seedcryptonthe initial ChaCha state / BSD-style#Vincent Hanquez stablegood Safe-Inferredcrypton%Create a new Seed from system entropycryptonConvert a Seed to an integercryptonConvert an integer to a SeedcryptonConvert a binary to a seedcrypton$Create a new DRG from system entropycryptonCreate a new DRG from a seedcryptonCreate a new DRG from 5 Word64.This is a convenient interface to create deterministic interface for quickcheck style testing.It can also be used in other contexts provided the input has been properly randomly generated.Note that the  Arbitrary% instance provided by QuickCheck for   does not have a uniform distribution. It is often better to use instead arbitraryBoundedRandom.System endianness impacts how the tuple is interpreted and therefore changes the resulting DRG.crypton Generate 6len random bytes and mapped the bytes to the function f.(This is equivalent to use Control.Arrow   with  BSD-style#Vincent Hanquez  experimentalGood Safe-Inferred cryptonThis create a random number generator out of thin air with the system entropy; don't generally use as the IO is not exposed this can have unexpected random for.This is useful for probabilistic algorithm like Miller Rabin probably prime algorithm, given appropriate choice of the heuristic1Generally, it's advised not to use this function. 0 BSD-style)Olivier Chron  experimentalunknown Safe-Inferred cryptonAn Ed448 signaturecryptonAn Ed448 public keycryptonAn Ed448 Secret keycrypton*Try to build a public key from a bytearraycrypton*Try to build a secret key from a bytearraycrypton)Try to build a signature from a bytearraycrypton%Create a public key from a secret keycrypton!Sign a message using the key paircryptonVerify a messagecryptonGenerate a secret keycryptonA public key is 57 bytescryptonA secret key is 57 bytescryptonA signature is 114 bytes  1 BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred#P cryptonAn Ed25519 signaturecryptonAn Ed25519 public keycryptonAn Ed25519 Secret keycrypton*Try to build a public key from a bytearraycrypton*Try to build a secret key from a bytearraycrypton)Try to build a signature from a bytearraycrypton%Create a public key from a secret keycrypton!Sign a message using the key paircryptonVerify a messagecryptonGenerate a secret keycryptonA public key is 32 bytescryptonA secret key is 32 bytescryptonA signature is 64 bytes  2 BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred+!crypton A P256 pointcrypton A P256 scalarcrypton%Get the base point for the P256 CurvecryptonLift to curve a scalar0Using the curve generator as base point compute:  scalar * GcryptonAdd a point to another pointcryptonNegate a pointcryptonMultiply a point by a scalarwarning: variable timecrypton Similar to , serializing the x coordinate as binary. When scalar is multiple of point order the result is all zero.cryptonmultiply the point p with &n2 and add a lifted to curve value @n1 n1 * G + n2 * pwarning: variable timecrypton Check if a  is validcrypton Check if a  is the point at infinitycryptonReturn the x coordinate as a  if the point is not at infinitycrypton!Convert a point to (x,y) Integerscrypton&Convert from (x,y) Integers to a pointcrypton*Convert a point to a binary representationcrypton$Convert from binary to a valid pointcrypton0Convert from binary to a point, possibly invalidcrypton(Generate a randomly generated new scalarcryptonThe scalar representing 0crypton'The scalar representing the curve ordercryptonCheck if the scalar is 0crypton$Perform addition between two scalars a + bcrypton'Perform subtraction between two scalars a - bcrypton*Perform multiplication between two scalars a * bcryptonGive the inverse of the scalar 1 / awarning: variable timecrypton8Give the inverse of the scalar using safe exponentiation 1 / acryptonCompare 2 Scalarcryptonconvert a scalar from binarycryptonconvert a scalar to binarycrypton(Convert from an Integer to a P256 Scalarcrypton(Convert from a P256 Scalar to an Integer3 BSD-style John Galt  experimentalunknown Safe-Inferred. cryptonA Curve448 Diffie Hellman secret related to a public key and a secret key.cryptonA Curve448 public keycryptonA Curve448 Secret keycrypton*Try to build a public key from a bytearraycrypton*Try to build a secret key from a bytearraycrypton)Create a DhSecret from a bytearray objectcryptonCompute the Diffie Hellman secret from a public key and a secret key.This implementation may return an all-zero value as it does not check for the condition.crypton%Create a public key from a secret keycryptonGenerate a secret key. cryptonpubliccryptonsecret cryptonpubliccrypton basepointcryptonsecret  4 BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred2 cryptonA Curve25519 Diffie Hellman secret related to a public key and a secret key.cryptonA Curve25519 public keycryptonA Curve25519 Secret keycrypton*Try to build a public key from a bytearraycrypton*Try to build a secret key from a bytearraycrypton)Create a DhSecret from a bytearray objectcryptonCompute the Diffie Hellman secret from a public key and a secret key.This implementation may return an all-zero value as it does not check for the condition.crypton%Create a public key from a secret keycryptonGenerate a secret key. cryptonpubliccryptonsecretcrypton basepoint  5 Safe-Inferred97cryptonCreate a bcrypt hash for a password with a provided cost value. Typically used to create a hash when a new user account is registered or when a user changes their password.Each increment of the cost approximately doubles the time taken. The 16 bytes of random salt will be generated internally.cryptonCreate a bcrypt hash for a password with a provided cost value and salt.Cost value under 4 will be automatically adjusted back to 10 for safety reason.cryptonCheck a password against a stored bcrypt hash when authenticating a user.Returns False if the password doesn't match the hash, or if the hash is invalid or an unsupported version.crypton&Check a password against a bcrypt hashAs for validatePassword but will provide error information if the hash is invalid or an unsupported version. crypton%Create a key schedule for the BCrypt EKS version.Salt must be a 128-bit byte array. Cost must be between 4 and 31 inclusive See https://www.usenix.org/conference/1999-usenix-annual-technical-conference/future-adaptable-password-schemecryptonThe cost parameter. Should be between 4 and 31 (inclusive). Values which lie outside this range will be adjusted accordingly.cryptonThe password. Should be the UTF-8 encoded bytes of the password text.crypton#The bcrypt hash in standard format.cryptonThe cost parameter. Should be between 4 and 31 (inclusive). Values which lie outside this range will be adjusted accordingly.cryptonThe salt. Must be 16 bytes in length or an error will be raised.cryptonThe password. Should be the UTF-8 encoded bytes of the password text.crypton#The bcrypt hash in standard format.6 BSD-style)Olivier Chron  experimentalunknown Safe-Inferred@cryptonA point on curve edwards25519.crypton2A scalar modulo prime order of curve edwards25519.cryptonGenerate a random scalar.cryptonSerialize a scalar to binary, i.e. a 32-byte little-endian number.cryptonDeserialize a little-endian number as a scalar. Input array can have any length from 0 to 64 bytes.Note: it is not advised to put secret information in the 3 lowest bits of a scalar if this scalar may be multiplied to untrusted points outside the prime-order subgroup.cryptonAdd two scalars.cryptonMultiply two scalars.crypton.Multiplies a scalar with the curve base point.crypton%Serialize a point to a 32-byte array.!Format is binary compatible with 1 from module Crypto.PubKey.Ed25519.cryptonDeserialize a 32-byte array as a point, ensuring the point is valid on edwards25519.WARNING: variable timecryptonTest whether a point belongs to the prime-order subgroup generated by the base point. Result is   for the identity point. pointHasPrimeOrder p =  p ==  l_minus_one p cryptonNegate a point.cryptonAdd two points.cryptonAdd a point to itself. pointDouble p =  p p cryptonMultiply a point by h = 8. pointMulByCofactor p =  scalar_8 p crypton.Scalar multiplication over curve edwards25519.Note: when the scalar had reduction modulo L and the input point has a torsion component, the output point may not be in the expected subgroup.cryptonMultiply the point p with s2! and add a lifted to curve value s1. pointsMulVarTime s1 s2 p =  ( s1) ( s2 p) WARNING: variable time7 BSD-style)Olivier Chron  experimentalunknown Safe-InferredDcrypton-Nonce value for AES-GCM-SIV, always 12 bytes.crypton6Nonce smart constructor. Accepts only 12-byte inputs.crypton1Generate a random nonce for use with AES-GCM-SIV.cryptonAEAD encryption with the specified key and nonce. The key must be given as an initialized  or  cipher.Lengths of additional data and plaintext must be less than 2^32 bytes, otherwise an exception is thrown.cryptonAEAD decryption with the specified key and nonce. The key must be given as an initialized  or  cipher.Lengths of additional data and ciphertext must be less than 2^32 bytes, otherwise an exception is thrown.8 BSD-style#Vincent Hanquez  experimentalGood Safe-InferredGocrypton(Top bits policy when generating a numbercryptonset the highest bitcryptonset the two highest bitcryptonGenerate a number for a specific size of bits, and optionaly set bottom and top bitsIf the top bit policy is  , then nothing is done on the highest bit (it's whatever the random generator set).If @generateOdd is set to  , then the number generated is guaranteed to be odd. Otherwise it will be whatever is generatedcrypton2Generate a positive integer x, s.t. 0 <= x < rangecrypton9generate a number between the inclusive bound [low,high].cryptonnumber of bitscryptontop bit policycryptonforce the number to be oddcryptonrange9 Safe-InferredM8 crypton,Generate a valid scalar for a specific Curvecrypton Elliptic Curve point negation: pointNegate c p returns point q such that pointAdd c p q == PointO.cryptonElliptic Curve point addition.WARNING: Vulnerable to timing attacks.cryptonElliptic Curve point doubling.WARNING: Vulnerable to timing attacks.This perform the following calculation: > lambda = (3 * xp ^ 2 + a) / 2 yp > xr = lambda ^ 2 - 2 xp > yr = lambda (xp - xr) - ypWith binary curve: > xp == 0 => P = O > otherwise => > s = xp + (yp / xp) > xr = s ^ 2 + s + a > yr = xp ^ 2 + (s+1) * xrcrypton2Elliptic curve point multiplication using the baseWARNING: Vulnerable to timing attacks.crypton?Elliptic curve point multiplication (double and add algorithm).WARNING: Vulnerable to timing attacks.cryptonElliptic curve double-scalar multiplication (uses Shamir's trick). pointAddTwoMuls c n1 p1 n2 p2 == pointAdd c (pointMul c n1 p1) (pointMul c n2 p2)WARNING: Vulnerable to timing attacks.crypton*Check if a point is the point at infinity.crypton%check if a point is on specific curveThis perform three checks:x is not out of rangey is not out of range the equation y^2 = x^3 + a*x + b (mod p) holds crypton div and mod  : Safe-Inferred6QcryptonECDSA Key Pair.cryptonECDSA Public Key.cryptonECDSA Private Key.crypton+Represent a ECDSA signature namely R and S.cryptonECDSA rcryptonECDSA scryptonPublic key of a ECDSA Key pair.crypton Private key of a ECDSA Key pair.crypton;Sign digest using the private key and an explicit k number.WARNING: Vulnerable to timing attacks.crypton experimentalGood Safe-Inferred6X;cryptonRepresent a DSA key paircryptonRepresent a DSA private key.Only x need to be secret. the DSA parameters are publicly shared with the other side.cryptonDSA parameterscrypton DSA private XcryptonRepresent a DSA public key.cryptonDSA parameterscrypton DSA public Ycrypton)Represent a DSA signature namely R and S.cryptonDSA rcryptonDSA scrypton,Represent DSA parameters namely P, G, and Q.cryptonDSA pcryptonDSA gcryptonDSA qcrypton7DSA Private Number, usually embedded in DSA Private Keycrypton5DSA Public Number, usually embedded in DSA Public KeycryptonPublic key of a DSA Key paircryptonPrivate key of a DSA Key paircryptongenerate a private number with no specific property this number is usually called X in DSA text.cryptonCalculate the public number from the parameters and the private keycrypton experimentalGood Safe-Inferred` cryptonReturns if the number is probably prime. First a list of small primes are implicitely tested for divisibility, then a fermat primality test is used with arbitrary numbers and then the Miller Rabin algorithm is used with an accuracy of 30 recursions.cryptonGenerate a prime number of the required bitsize (i.e. in the range [2^(b-1)+2^(b-2), 2^b)). May throw a  if the requested size is less than 5 bits, as the smallest prime meeting these conditions is 29. This function requires that the two highest bits are set, so that when multiplied with another prime to create a key, it is guaranteed to be of the proper size.cryptonGenerate a prime number of the form 2p+1 where p is also prime. it is also knowed as a Sophie Germaine prime or safe prime.The number of safe prime is significantly smaller to the number of prime, as such it shouldn't be used if this number is supposed to be kept safe. May throw a  if the requested size is less than 6 bits, as the smallest safe prime with the two highest bits set is 59.crypton;Find a prime from a starting point where the property hold.crypton=Find a prime from a starting point with no specific property.cryptonMiller Rabin algorithm return if the number is probably prime or composite. the tries parameter is the number of recursion, that determines the accuracy of the test.cryptonProbabilitic Test using Fermat primility test. Beware of Carmichael numbers that are Fermat liars, i.e. this test is useless for them. always combines with some other test.cryptonTest naively is integer is prime. while naive, we skip even number and stop iteration at i > sqrt(n)crypton-Test is two integer are coprime to each other crypton#List of the first primes till 2903.crypton%number of iterations of the algorithmcrypton starting acryptonnumber to test for primality  > BSD-style(Carlos Rodriguez-Vega  experimentalunknown Safe-Inferredc crypton8Error possible during encryption, decryption or signing.crypton"the message to encrypt is too longcrypton3the message decrypted doesn't have a OAEP structurecrypton,some parameters lead to breaking assumptionscryptonGenerate primes p & qcryptonsize in bytes cryptoncondition prime p must satisfycryptoncondition prime q must satisfycryptonchosen distinct primes p and q? BSD-style(Carlos Rodriguez-Vega  experimentalunknown Safe-InferredecryptonParameters for OAEP padding.cryptonhash function to usecryptonmask Gen algorithm to usecrypton#optional label prepended to messagecrypton.Default Params with a specified hash function.cryptonPad a message using OAEP.cryptonUn-pad a OAEP encoded message.cryptonSeedcryptonOAEP params to usecryptonsize of public key in bytescrypton Message padcryptonOAEP params to usecryptonsize of public key in bytescryptonencoded message (not encrypted)@ BSD-style(Carlos Rodriguez-Vega  experimentalunknown Safe-Inferred6kcrypton'Represent a Rabin-Williams private key.cryptonp prime numbercryptonq prime numbercrypton&Represent a Rabin-Williams public key.cryptonsize of key in bytescrypton public p*qcryptonGenerate a pair of (private, public) key of size in bytes. Prime p is congruent 3 mod 8 and prime q is congruent 7 mod 8.crypton=Encrypt plaintext using public key an a predefined OAEP seed.See algorithm 8.11 in "Handbook of Applied Cryptography" by Alfred J. Menezes et al.crypton#Encrypt plaintext using public key.crypton%Decrypt ciphertext using private key.crypton2Sign message using hash algorithm and private key.crypton5Verify signature using hash algorithm and public key. cryptonEncryption primitive 1 cryptonEncryption primitive 2 cryptonDecryption primitive 1 cryptonDecryption primitive 2cryptonSeedcrypton OAEP paddingcrypton public keycrypton plaintextcryptonOAEP padding parameterscrypton public keycrypton plaintext cryptonOAEP padding parameterscrypton private keycrypton ciphertextcrypton private keycrypton hash functioncryptonmessage to signcrypton public keycrypton hash functioncryptonmessagecrypton signatureA BSD-style(Carlos Rodriguez-Vega  experimentalunknown Safe-Inferred6n crypton'Represent a Modified-Rabin private key.cryptonp prime numbercryptonq prime numbercrypton&Represent a Modified-Rabin public key.cryptonsize of key in bytescrypton public p*qcryptonGenerate a pair of (private, public) key of size in bytes. Prime p is congruent 3 mod 8 and prime q is congruent 7 mod 8.crypton2Sign message using hash algorithm and private key.crypton5Verify signature using hash algorithm and public key.crypton private keycrypton hash functioncryptonmessage to signcrypton public keycrypton hash functioncryptonmessagecrypton signature  B BSD-style(Carlos Rodriguez-Vega  experimentalunknown Safe-Inferred6zFcryptonRabin Signature.cryptonRepresent a Rabin private key.cryptonp prime numbercryptonq prime numbercryptonRepresent a Rabin public key.cryptonsize of key in bytescrypton public p*qcryptonGenerate a pair of (private, public) key of size in bytes. Primes p and q are both congruent 3 mod 4.See algorithm 8.11 in "Handbook of Applied Cryptography" by Alfred J. Menezes et al.crypton=Encrypt plaintext using public key an a predefined OAEP seed.See algorithm 8.11 in "Handbook of Applied Cryptography" by Alfred J. Menezes et al.crypton#Encrypt plaintext using public key.crypton%Decrypt ciphertext using private key.See algorithm 8.12 in "Handbook of Applied Cryptography" by Alfred J. Menezes et al.crypton;Sign message using padding, hash algorithm and private key.See  7https://en.wikipedia.org/wiki/Rabin_signature_algorithm.crypton2Sign message using hash algorithm and private key.See  7https://en.wikipedia.org/wiki/Rabin_signature_algorithm. cryptonCalculate hash of message and padding. If the padding is valid, then the result of the hash operation is returned, otherwise an error.crypton5Verify signature using hash algorithm and public key.See  7https://en.wikipedia.org/wiki/Rabin_signature_algorithm. cryptonSquare roots modulo prime p where p is congruent 3 mod 4 Value a must be a quadratic residue modulo p (i.e. jacobi symbol (a/n) = 1).See algorithm 3.36 in "Handbook of Applied Cryptography" by Alfred J. Menezes et al. cryptonSquare roots modulo n given its prime factors p and q (both congruent 3 mod 4) Value a must be a quadratic residue of both modulo p and modulo q (i.e. jacobi symbols (ap) = (aq) = 1).See algorithm 3.44 in "Handbook of Applied Cryptography" by Alfred J. Menezes et al. cryptonSeedcrypton OAEP paddingcrypton public keycrypton plaintextcryptonOAEP padding parameterscrypton public keycrypton plaintext cryptonOAEP padding parameterscrypton private keycrypton ciphertextcryptonpaddingcrypton private keycrypton hash functioncryptonmessage to signcrypton private keycrypton hash functioncryptonmessage to sign cryptonpaddingcrypton private keycrypton hash functioncryptonmessage to signcrypton private keycrypton hash functioncryptonmessagecrypton signature cryptonprime p cryptonprime pcryptonprime qcryptonc such that c*p + d*q = 1cryptond such that c*p + d*q = 1cryptonn = p*qC BSD-style#Vincent Hanquez  experimentalGood Safe-Inferred~?crypton"Generate a key pair given p and q.*p and q need to be distinct prime numbers.e need to be coprime to phi=(p-1)*(q-1). If that's not the case, the function will not return a key pair. A small hamming weight results in better performance.e=0x10001 is a popular choicee=3 is popular as well, but proven to not be as secure for some cases.crypton:generate a pair of (private, public) key of size in bytes.crypton?Generate a blinder to use with decryption and signing operationthe unique parameter apart from the random number generator is the public key value N.cryptonchosen distinct primes p and qcrypton size in bytescryptonRSA public exponent ecrypton size in bytescryptonRSA public exponent ecryptonRSA public N parameter.D BSD-style#Vincent Hanquez  experimentalGood Safe-Inferredvcrypton*Parameters for PSS signature/verification.cryptonHash function to usecryptonMask Gen algorithm to usecrypton&Length of salt. need to be <= to hLen.cryptonTrailer field, usually 0xbccrypton-Default Params with a specified hash functioncrypton$Default Params using SHA1 algorithm.cryptonSign using the PSS parameters and the salt explicitely passed as parameters.6the function ignore SaltLength from the PSS ParameterscryptonSign using the PSS parameters and the salt explicitely passed as parameters.6the function ignore SaltLength from the PSS ParameterscryptonSign using the PSS ParameterscryptonSign using the PSS ParameterscryptonSign using the PSS Parameters and an automatically generated blinder.cryptonSign using the PSS Parameters and an automatically generated blinder.crypton+Verify a signature using the PSS Parameterscrypton+Verify a signature using the PSS Parameterscrypton Salt to usecryptonoptional blinder to usecryptonPSS Parameters to usecryptonRSA Private KeycryptonMessage digestcrypton Salt to usecryptonoptional blinder to usecryptonPSS Parameters to usecryptonRSA Private KeycryptonMessage to signcryptonoptional blinder to usecryptonPSS Parameters to usecryptonRSA Private KeycryptonMessage to signcryptonoptional blinder to usecryptonPSS Parameters to usecryptonRSA Private KeycryptonMessage digestcryptonPSS Parameters to usecrypton private keycryptonmessage to signcryptonPSS Parameters to usecrypton private keycrypton message digstcryptonPSS Parameters to use to verify, this need to be identical to the parameters when signingcryptonRSA Public KeycryptonMessage to verifycrypton SignaturecryptonPSS Parameters to use to verify, this need to be identical to the parameters when signingcryptonRSA Public KeycryptonDigest to verifycrypton SignatureE BSD-style#Vincent Hanquez  experimentalGood Safe-InferredM cryptonA specialized class for hash algorithm that can product a ASN1 wrapped description the algorithm plus the content of the digest. crypton;Convert a Digest into an ASN1 wrapped descriptive ByteArraycrypton6This produce a standard PKCS1.5 padding for encryptioncrypton0Produce a standard PKCS1.5 padding for signaturecrypton4Try to remove a standard PKCS1.5 encryption padding.crypton&decrypt message using the private key.When the decryption is not in a context where an attacker could gain information from the timing of the operation, the blinder can be set to None.2If unsure always set a blinder or use decryptSafer"The message is returned un-padded.cryptondecrypt message using the private key and by automatically generating a blinder.crypton*encrypt a bytestring using the public key.The message needs to be smaller than the key size - 11. The message should not be padded.crypton?sign message using private key, a hash and its ASN1 descriptionWhen the signature is not in a context where an attacker could gain information from the timing of the operation, the blinder can be set to None./If unsure always set a blinder or use signSafercryptonsign message using the private key and by automatically generating a blinder.crypton&verify message with the signed message cryptonmake signature digest, used in  and cryptonoptional blindercryptonRSA private keycrypton cipher textcryptonRSA private keycrypton cipher textcryptonoptional blindercryptonhash algorithmcrypton private keycryptonmessage to signcryptonHash algorithmcrypton private keycryptonmessage to sign cryptonoptional hashing algorithm  F BSD-style#Vincent Hanquez  experimentalGood Safe-Inferred5 crypton)Parameters for OAEP encryption/decryptioncryptonHash function to use.cryptonMask Gen algorithm to use.crypton$Optional label prepended to message.crypton-Default Params with a specified hash functioncrypton4Encrypt a message using OAEP with a predefined seed.cryptonEncrypt a message using OAEP cryptonun-pad a OAEP encoded message.-It doesn't apply the RSA decryption primitivecryptonDecrypt a ciphertext using OAEPWhen the signature is not in a context where an attacker could gain information from the timing of the operation, the blinder can be set to None.2If unsure always set a blinder or use decryptSafercryptonDecrypt a ciphertext using OAEP and by automatically generating a blinder.cryptonSeedcrypton!OAEP params to use for encryptioncrypton Public key.cryptonMessage to encryptcrypton"OAEP params to use for encryption.crypton Public key.cryptonMessage to encrypt cryptonOAEP params to usecryptonsize of the key in bytescryptonencoded message (not encrypted)cryptonOptional blindercrypton!OAEP params to use for decryptioncrypton Private keycrypton Cipher textcrypton!OAEP params to use for decryptioncrypton Private keycrypton Cipher text  G BSD-style#Vincent Hanquez  experimentalGood Safe-Inferred6 crypton'Represent Diffie Hellman shared secret.crypton*Represent Diffie Hellman private number X.crypton)Represent Diffie Hellman public number Y.cryptonRepresent Diffie Hellman parameters namely P (prime), and G (generator).cryptongenerate params from a specific generator (2 or 5 are common values) we generate a safe prime (a prime number of the form 2p+1 where p is also prime)cryptongenerate a private number with no specific property this number is usually called X in DH text.cryptoncalculate the public number from the parameters and the private key this number is usually called Y in DH text.cryptoncalculate the public number from the parameters and the private key this number is usually called Y in DH text.DEPRECATED use calculatePubliccryptongenerate a shared key using our private number and the other party public numbercryptonnumber of bitscrypton generator BSD-style#Vincent Hanquez  experimentalGood Safe-Inferrede crypton1ElGamal Ephemeral key. also called Temporary key. cryptonElGamal Signature cryptongenerate a private number with no specific property this number is usually called a and need to be between 0 and q (order of the group G). cryptongenerate an ephemeral key which is a number with no specific property, and need to be between 0 and q (order of the group G). cryptongenerate a public number that is for the other party benefits. this number is usually called h=g^a cryptonencrypt with a specified ephemeral key do not reuse ephemeral key. cryptonencrypt a message using params and public keys will generate b (called the ephemeral key) cryptondecrypt message crypton(sign a message with an explicit k number7if k is not appropriate, then no signature is returned.with some appropriate value of k, the signature generation can fail, and no signature is returned. User of this function need to retry with a different k value. crypton sign messageThis function will generate a random number, however as the signature might fail, the function will automatically retry until a proper signature has been created. cryptonverify a signature crypton3random number k, between 0 and p-1 and gcd(k,p-1)=1cryptonDH params (p,g)cryptonDH private keycrypton"collision resistant hash algorithmcryptonmessage to sign cryptonDH params (p,g)cryptonDH private keycrypton"collision resistant hash algorithmcryptonmessage to sign H BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred cryptonGenerating a private number d. cryptonGenerating a public point Q. cryptonGenerating a shared key using our private number and the other party public point.   Safe-Inferred crypton,Generate a valid scalar for a specific Curve crypton Elliptic Curve point negation:  pointNegate p returns point q such that pointAdd p q == PointO. cryptonElliptic Curve point addition.WARNING: Vulnerable to timing attacks. cryptonElliptic Curve point doubling.WARNING: Vulnerable to timing attacks.This perform the following calculation: > lambda = (3 * xp ^ 2 + a) / 2 yp > xr = lambda ^ 2 - 2 xp > yr = lambda (xp - xr) - ypWith binary curve: > xp == 0 => P = O > otherwise => > s = xp + (yp / xp) > xr = s ^ 2 + s + a > yr = xp ^ 2 + (s+1) * xr crypton2Elliptic curve point multiplication using the baseWARNING: Vulnerable to timing attacks. crypton?Elliptic curve point multiplication (double and add algorithm).WARNING: Vulnerable to timing attacks. cryptonElliptic curve double-scalar multiplication (uses Shamir's trick). pointAddTwoMuls n1 p1 n2 p2 == pointAdd (pointMul n1 p1) (pointMul n2 p2)WARNING: Vulnerable to timing attacks. crypton*Check if a point is the point at infinity. crypton5Make a point on a curve from integer (x,y) coordinateif the point is not valid related to the curve then an error is returned instead of a point crypton%check if a point is on specific curveThis perform three checks:x is not out of rangey is not out of range the equation y^2 = x^3 + a*x + b (mod p) holds crypton div and mod I BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred 6 crypton P256 Curvealso known as P256 crypton Get the curve order size in bits crypton+Multiply a scalar with the curve base point cryptonMultiply the point p with s2! and add a lifted to curve value s1 crypton4Encode an elliptic curve scalar into big-endian form crypton=Try to decode the big-endian form of an elliptic curve scalar crypton.Convert an elliptic curve scalar to an integer crypton6Try to create an elliptic curve scalar from an integer crypton1Add two scalars and reduce modulo the curve order crypton6Multiply two scalars and reduce modulo the curve order cryptonAdd points on a curve cryptonNegate a curve point crypton Scalar Multiplication on a curve crypton'Generate a Diffie hellman secret value.This is generally just the .x coordinate of the resulting point, that is not hashed.use  $ to keep the result in Point format.WARNING: Curve implementations may return a special value or an exception when the public point lies in a subgroup of small order. This function is adequate when the scalar is in expected range and contributory behaviour is not needed. Otherwise use  . cryptonGenerate a Diffie hellman secret value and verify that the result is not the point at infinity.9This additional test avoids risks existing with function  #. Implementations always return a  - instead of a special value or an exception. cryptonPoint on an Elliptic Curve crypton#Scalar in the Elliptic Curve domain cryptonGenerate a new random scalar on the curve. The scalar will represent a number between 1 and the order of the curve non included cryptonGenerate a new random keypair cryptonGet the curve size in bits crypton.Encode a elliptic curve point into binary form crypton8Try to decode the binary form of an elliptic curve point cryptonAn elliptic curve key pair composed of the private part (a scalar), and the associated point.+ + J BSD-style)Olivier Chron  experimentalunknown Safe-Inferred "1 crypton/Elliptic curves with an implementation of EdDSA crypton,Size of the digest for this curve (in bytes) crypton-Size of secret keys for this curve (in bytes) cryptonAn EdDSA signature cryptonAn EdDSA public key cryptonAn EdDSA Secret key crypton-Size of public keys for this curve (in bytes) crypton,Size of signatures for this curve (in bytes) crypton*Try to build a public key from a bytearray crypton*Try to build a secret key from a bytearray crypton)Try to build a signature from a bytearray cryptonGenerate a secret key crypton%Create a public key from a secret key crypton!Sign a message using the key pair cryptonVerify a message crypton0Sign a message using the key pair under context ctx cryptonVerify a message under context ctx crypton:Sign a prehashed message using the key pair under context ctx crypton)Verify a prehashed message under context ctx  K BSD-style#Vincent Hanquez  experimentalunknown Safe-InferredR cryptonGenerate random a new Shared secret and the associated point to do a ECIES style encryption cryptonDerive the shared secret with the receiver key and the R point of the scheme. cryptonrepresentation of the curvecryptonthe public key of the receiver cryptonrepresentation of the curvecryptonThe received R (supposedly, randomly generated on the encrypt side)cryptonThe secret key of the receiver  L BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred 5 crypton(Elliptic curves with ECDSA capabilities. crypton+Is a scalar in the accepted range for ECDSA cryptonTest whether the scalar is zero crypton'Scalar inversion modulo the curve order crypton)Return the point X coordinate as a scalar cryptonECDSA Private Key. cryptonECDSA Public Key. crypton+Represent a ECDSA signature namely R and S. cryptonECDSA r cryptonECDSA s crypton(Create a signature from integers (R, S). crypton%Get integers (R, S) from a signature.The values can then be used to encode the signature to binary with ASN.1. cryptonEncode a public key into binary form, i.e. the uncompressed encoding referenced from  #https://tools.ietf.org/html/rfc5480RFC 5480 section 2.2. crypton.Try to decode the binary form of a public key. crypton0Encode a private key into binary form, i.e. the  privateKey field described in  #https://tools.ietf.org/html/rfc5915RFC 5915. crypton/Try to decode the binary form of a private key. crypton'Create a public key from a private key. crypton;Sign digest using the private key and an explicit k scalar. crypton experimentalunknown Safe-Inferred cryptonSplit data to diffused data, using a random generator and an hash algorithm.the diffused data will consist of random data for (expandTimes-1) then the last block will be xor of the accumulated random data diffused by the hash algorithm. ---------orig - ---------#--------- ---------- --------------"rand1 - - rand2 - - orig ^ acc -#--------- ---------- --------------9where acc is : acc(n+1) = hash (n ++ rand(n)) ^ acc(n) crypton9Merge previously diffused data back to the original data. crypton%inplace Xor with an input dst = src   dst crypton!Hash algorithm to use as diffusercryptonRandom generator to usecrypton$Number of times to diffuse the data.cryptonoriginal data to diffuse.cryptonThe diffused data cryptonHash algorithm used as diffusercrypton&Number of times to un-diffuse the datacrypton Diffused datacrypton Original data crypton Hash function to use as diffusercrypton"buffer to diffuse, modify in placecryptonlength of buffer to diffuse  N BSD-style)Olivier Chron  experimentalunknown Safe-Inferred6 cryptonCPU options impacting cryptography implementation and library performance. crypton(Support for AES instructions, with flag  support_aesni crypton*Support for CLMUL instructions, with flag support_pclmuldq crypton*Support for RDRAND instruction, with flag support_rdrand cryptonOptions which have been enabled at compile time and are supported by the current CPU.   Safe-InferredZ PPPPPPPPPPPPPPPPPPPPPPPPPPPPPVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWWZZZZZZZZZZZZZ\\]]^^^^^^^^____````aabbccccccccddeeffgghhiijjkkkkkkkkllllmmmmmmnnooooooooooqqqqqqqqqqqqqqqqrrrrrrrrrrrrrrrrr                                  tttuuuuuvvvvvvvv[          !!!!!!!!!!!"""####$$$%%%%&&&&&&&&&&&&&&&&&&&&&&&&&&'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''(())))))))))))))))))))))))))))))))))))))))))))))))**+,----...........//////////00000000000000000000000001111111111111111111111111222222222222222222222222222222222222223333333333333333333334444444444444444444445555666666666666666666666667777777788888888999999999::::::::::::::::::::::::::::::::::::::;;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<=========>>>>>>>????????@@@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCCCDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEEEEEFFFFFFFFFFGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGHHHIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJKKLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLMMNNNNNNNNNOOOOOQRSTTTTTYYYYYYZZZprr s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s t t t t t   u u w w w w w w w w w w w w w w w w w w x xxx y yyy z z z z { { {{{ { { { {{ { | |     } } }}                                     ! ! !     *         -   3 3 4 5  9 = @ @ @ @ B B B E E F     L M M "crypton-0.31-8dKVjJp3hRzBNjPnw4xL9Crypto.Data.Padding Crypto.ErrorCrypto.Cipher.Types Crypto.HashCrypto.Hash.AlgorithmsCrypto.Hash.IO%Crypto.ConstructHash.MiyaguchiPreneelCrypto.Cipher.UtilsCrypto.Cipher.TripleDESCrypto.Cipher.DESCrypto.Cipher.SalsaCrypto.Cipher.XSalsaCrypto.Cipher.RC4Crypto.Cipher.ChaChaCrypto.Cipher.AESCrypto.Number.NatCrypto.MAC.KMACCrypto.Cipher.TwofishCrypto.Cipher.CAST5Crypto.Cipher.BlowfishCrypto.Cipher.CamelliaCrypto.KDF.Argon2Crypto.KDF.BCryptPBKDFCrypto.MAC.CMACCrypto.MAC.HMACCrypto.KDF.PBKDF2Crypto.KDF.ScryptCrypto.KDF.HKDFCrypto.MAC.Poly1305Crypto.Cipher.ChaChaPoly1305Crypto.Number.BasicCrypto.Number.F2mCrypto.Number.ModArithmetic Crypto.Number.Serialize.InternalCrypto.Number.Serialize#Crypto.Number.Serialize.Internal.LECrypto.Number.Serialize.LE Crypto.OTPCrypto.PubKey.ECC.TypesCrypto.PubKey.MaskGenFunctionCrypto.PubKey.RSA.TypesCrypto.PubKey.RSA.PrimCrypto.Random.Entropy.UnsafeCrypto.Random.EntropyCrypto.Random.EntropyPoolCrypto.Random.Types Crypto.RandomCrypto.PubKey.Ed448Crypto.PubKey.Ed25519Crypto.PubKey.ECC.P256Crypto.PubKey.Curve448Crypto.PubKey.Curve25519Crypto.KDF.BCryptCrypto.ECC.Edwards25519Crypto.Cipher.AESGCMSIVCrypto.Number.GenerateCrypto.PubKey.ECC.PrimCrypto.PubKey.ECC.ECDSACrypto.PubKey.ECC.GenerateCrypto.PubKey.DSACrypto.Number.PrimeCrypto.PubKey.Rabin.TypesCrypto.PubKey.Rabin.OAEPCrypto.PubKey.Rabin.RWCrypto.PubKey.Rabin.ModifiedCrypto.PubKey.Rabin.BasicCrypto.PubKey.RSACrypto.PubKey.RSA.PSSCrypto.PubKey.RSA.PKCS15Crypto.PubKey.RSA.OAEPCrypto.PubKey.DHCrypto.PubKey.ECC.DH Crypto.ECCCrypto.PubKey.EdDSACrypto.PubKey.ECIESCrypto.PubKey.ECDSACrypto.Data.AFISCrypto.System.CPUCrypto.Cipher.DES.PrimitiveCrypto.Error.TypesCrypto.Internal.CompatCrypto.Internal.ByteArrayCrypto.Cipher.Types.UtilsCrypto.Internal.CompatPrimCrypto.Internal.DeepSeqCrypto.Cipher.Types.BaseCrypto.Cipher.Types.StreamCrypto.Internal.ImportsCrypto.Internal.BuilderCrypto.Hash.TypesdigestFromByteStringCrypto.Hash.WhirlpoolCrypto.Hash.TigerCrypto.Hash.Skein512Crypto.Hash.Skein256Crypto.Hash.SHA512tCrypto.Hash.SHA512Crypto.Hash.SHA384Crypto.Hash.SHA3Crypto.Hash.SHA256Crypto.Hash.SHA224Crypto.Hash.SHA1Crypto.Hash.RIPEMD160Crypto.Hash.MD5Crypto.Hash.MD4Crypto.Hash.MD2Crypto.Hash.KeccakCrypto.Hash.Blake2spCrypto.Hash.Blake2sCrypto.Hash.Blake2bpCrypto.Hash.Blake2bCrypto.Cipher.Types.GFCrypto.Cipher.Types.AEADCrypto.Cipher.Types.BlockCrypto.Cipher.AES.PrimitiveCrypto.Internal.NatCrypto.Hash.SHAKECrypto.Hash.Blake2Crypto.Internal.WordArrayCrypto.Cipher.Twofish.PrimitiveCrypto.Cipher.CAST5.PrimitiveCrypto.Cipher.Blowfish.Box Crypto.Cipher.Blowfish.PrimitiveCrypto.Internal.Words Crypto.Cipher.Camellia.PrimitiveFFIARGON2_MIN_LANESARGON2_MAX_LANESARGON_MIN_THREADSARGON2_MAX_THREADSARGON2_MIN_MEMORYARGON2_MAX_MEMORYARGON2_MIN_TIMEARGON2_MAX_TIMECrypto.Number.CompatCrypto.ECC.Simple.TypesCrypto.PubKey.InternalCrypto.Random.Entropy.SourceCrypto.Random.Entropy.RDRandCrypto.Random.Entropy.UnixCrypto.Random.Entropy.BackendCrypto.Random.SystemDRGCrypto.Random.ChaChaDRGCrypto.Random.Probabilistic PublicKeyAES128AES256Crypto.PubKey.ElGamalCrypto.ECC.Simple.PrimCrypto.TutorialFormatPKCS5PKCS7ZEROpadunpad $fShowFormat $fEqFormatCryptoFailable CryptoPassed CryptoFailed CryptoErrorCryptoError_KeySizeInvalidCryptoError_IvSizeInvalidCryptoError_SeedSizeInvalid CryptoError_AEADModeNotSupported CryptoError_SecretKeySizeInvalid%CryptoError_SecretKeyStructureInvalid CryptoError_PublicKeySizeInvalid#CryptoError_SharedSecretSizeInvalidCryptoError_EcScalarOutOfBoundsCryptoError_PointSizeInvalidCryptoError_PointFormatInvalid"CryptoError_PointFormatUnsupported#CryptoError_PointCoordinatesInvalid'CryptoError_ScalarMultiplicationInvalidCryptoError_MacKeyInvalid(CryptoError_AuthenticationTagSizeInvalidCryptoError_PrimeSizeInvalidCryptoError_SaltTooSmall CryptoError_OutputLengthTooSmallCryptoError_OutputLengthTooBigthrowCryptoErrorIOthrowCryptoErroronCryptoFailureeitherCryptoErrormaybeCryptoErrorCipher cipherInit cipherName cipherKeySizeAEADModeAEAD_OCBAEAD_CCMAEAD_EAXAEAD_CWCAEAD_GCMCCM_LCCM_L2CCM_L3CCM_L4CCM_MCCM_M4CCM_M6CCM_M8CCM_M10CCM_M12CCM_M14CCM_M16AuthTag unAuthTagDataUnitOffsetKeySizeSpecifier KeySizeRange KeySizeEnum KeySizeFixed StreamCipher streamCombineDigestContextHashAlgorithmPrefix HashAlgorithm HashBlockSizeHashDigestSizeHashInternalContextSize hashBlockSizehashDigestSizehashInternalContextSizehashInternalInithashInternalUpdatehashInternalFinalize WhirlpoolTiger Skein512_512 Skein512_384 Skein512_256 Skein512_224 Skein256_256 Skein256_224 SHA512t_256 SHA512t_224SHA512SHA384SHA3_512SHA3_384SHA3_256SHA3_224SHA256SHA224SHA1 RIPEMD160MD5MD4MD2 Keccak_512 Keccak_384 Keccak_256 Keccak_224MutableContexthashMutableInithashMutableInitWithhashMutableUpdatehashMutableFinalizehashMutableReset$fByteArrayAccessMutableContext Blake2sp_256 Blake2sp_224 Blake2s_256 Blake2s_224 Blake2s_160 Blake2bp_512 Blake2b_512 Blake2b_384 Blake2b_256 Blake2b_224 Blake2b_160AEAD aeadModeImpl aeadState AEADModeImplaeadImplAppendHeaderaeadImplEncryptaeadImplDecryptaeadImplFinalizeaeadAppendHeader aeadEncrypt aeadDecrypt aeadFinalizeaeadSimpleEncryptaeadSimpleDecryptBlockCipher128 xtsEncrypt xtsDecrypt BlockCipher blockSize ecbEncrypt ecbDecrypt cbcEncrypt cbcDecrypt cfbEncrypt cfbDecrypt ctrCombineaeadInitIVmakeIVnullIVivAddMiyaguchiPreneelcompute'compute$fEqMiyaguchiPreneel!$fByteArrayAccessMiyaguchiPreneelvalidateKeySizeDES_EDE2DES_EEE2DES_EDE3DES_EEE3$fBlockCipherDES_EEE3$fCipherDES_EEE3$fBlockCipherDES_EDE3$fCipherDES_EDE3$fBlockCipherDES_EEE2$fCipherDES_EEE2$fBlockCipherDES_EDE2$fCipherDES_EDE2 $fEqDES_EDE2 $fEqDES_EEE2 $fEqDES_EDE3 $fEqDES_EEE3DES$fBlockCipherDES $fCipherDES$fEqDESState initializecombinegenerate $fNFDataStatederive$fByteArrayAccessState StateSimpleinitializeSimplegenerateSimple$fNFDataStateSimpleAES192$fBlockCipher128AES128$fBlockCipherAES128$fCipherAES128$fBlockCipher128AES192$fBlockCipherAES192$fCipherAES192$fBlockCipher128AES256$fBlockCipherAES256$fCipherAES256$fNFDataAES256$fNFDataAES192$fNFDataAES128IsDivisibleBy8 IsAtLeastIsAtMostSHAKE256SHAKE128 HashSHAKEBlake2bpBlake2spBlake2bBlake2shash hashPrefixhashlazyhashInit hashUpdate hashUpdates hashFinalizehashFinalizePrefix hashInitWithhashWithhashPrefixWith Twofish256 Twofish192 Twofish128$fBlockCipherTwofish128$fCipherTwofish128$fBlockCipherTwofish192$fCipherTwofish192$fBlockCipherTwofish256$fCipherTwofish256CAST5$fBlockCipherCAST5 $fCipherCAST5 Blowfish448 Blowfish256 Blowfish128 Blowfish64Blowfish$fBlockCipherBlowfish$fCipherBlowfish$fBlockCipherBlowfish64$fCipherBlowfish64$fBlockCipherBlowfish128$fCipherBlowfish128$fBlockCipherBlowfish256$fCipherBlowfish256$fBlockCipherBlowfish448$fCipherBlowfish448$fNFDataBlowfish448$fNFDataBlowfish256$fNFDataBlowfish128$fNFDataBlowfish64$fNFDataBlowfish Camellia128$fBlockCipherCamellia128$fCipherCamellia128Options iterationsmemory parallelismvariantversion Parallelism MemoryCostTimeCostVersion Version10 Version13VariantArgon2dArgon2iArgon2iddefaultOptions $fEqOptions $fOrdOptions $fReadOptions $fShowOptions $fEqVersion $fOrdVersion $fReadVersion $fShowVersion $fEnumVersion$fBoundedVersion $fEqVariant $fOrdVariant $fReadVariant $fShowVariant $fEnumVariant$fBoundedVariant Parameters iterCounts outputLength hashInternal$fEqParameters$fOrdParameters$fShowParametersCMACcmacsubKeys$fEqCMAC$fByteArrayAccessCMACHMAC hmacGetDigesthmachmacLazyupdateupdatesfinalize$fEqHMAC$fByteArrayAccessHMACPRFprfHMACfastPBKDF2_SHA1fastPBKDF2_SHA256fastPBKDF2_SHA512nrpPRKextract extractSkipexpand$fByteArrayAccessPRK$fEqPRKKMAC kmacGetDigestkmac$fEqKMAC$fByteArrayAccessKMAC $fNFDataKMACAuthCtxauthTagauth$fEqAuth$fByteArrayAccessAuth $fNFDataAuthNoncenonce12nonce8incrementNonce appendAAD finalizeAADencryptdecrypt$fByteArrayAccessNoncesqrtigcdeareEvenlog2numBitsnumBytesasPowerOf2AndOddBinaryPolynomialaddF2mmodF2mmulF2m squareF2m squareF2m'powF2msqrtF2minvF2mdivF2mexpSafeexpFastinverseinverseCoprimesjacobi inverseFermat squareRoot!$fExceptionCoprimesAssertionError $fExceptionModulusAssertionError$fShowModulusAssertionError$fShowCoprimesAssertionErrorisDivisibleBy8isAtMost isAtLeasti2ospi2ospOfos2ipi2ospOf_ ClockSkewNoSkewOneStepTwoSteps ThreeSteps FourSteps TOTPParamsOTPTime OTPDigitsOTP4OTP5OTP6OTP7OTP8OTP9OTPhotp resynchronizedefaultTOTPParams mkTOTPParamstotp totpVerify$fShowTOTPParams$fEnumClockSkew$fShowClockSkew$fShowOTPDigits CurveName SEC_p112r1 SEC_p112r2 SEC_p128r1 SEC_p128r2 SEC_p160k1 SEC_p160r1 SEC_p160r2 SEC_p192k1 SEC_p192r1 SEC_p224k1 SEC_p224r1 SEC_p256k1 SEC_p256r1 SEC_p384r1 SEC_p521r1 SEC_t113r1 SEC_t113r2 SEC_t131r1 SEC_t131r2 SEC_t163k1 SEC_t163r1 SEC_t163r2 SEC_t193r1 SEC_t193r2 SEC_t233k1 SEC_t233r1 SEC_t239k1 SEC_t283k1 SEC_t283r1 SEC_t409k1 SEC_t409r1 SEC_t571k1 SEC_t571r1 CurveCommonecc_aecc_becc_gecc_necc_h CurvePrime CurveBinaryPointPointO PrivateNumber PublicPointCurveCurveF2mCurveFP common_curveecc_fxecc_p curveSizeBitsgetCurveByName $fNFDataPoint$fNFDataCurveBinary$fShowCurveName$fReadCurveName $fEqCurveName$fOrdCurveName$fEnumCurveName$fBoundedCurveName$fDataCurveName $fShowCurve $fReadCurve $fEqCurve $fDataCurve$fShowCurveBinary$fReadCurveBinary$fEqCurveBinary$fDataCurveBinary$fShowCurvePrime$fReadCurvePrime$fEqCurvePrime$fDataCurvePrime$fShowCurveCommon$fReadCurveCommon$fEqCurveCommon$fDataCurveCommon $fShowPoint $fReadPoint $fEqPoint $fDataPointMaskGenAlgorithmmgf1KeyPair PrivateKey private_pub private_d private_p private_q private_dP private_dQ private_qinv public_sizepublic_npublic_eErrorMessageSizeIncorrectMessageTooLongMessageNotRecognizedSignatureTooLongInvalidParametersBlinder private_size private_n private_e toPublicKey toPrivateKey$fNFDataPublicKey$fNFDataPrivateKey $fShowKeyPair $fReadKeyPair $fEqKeyPair $fDataKeyPair$fNFDataKeyPair$fShowPrivateKey$fReadPrivateKey$fEqPrivateKey$fDataPrivateKey$fShowPublicKey$fReadPublicKey $fEqPublicKey$fDataPublicKey $fShowError $fEqError $fShowBlinder $fEqBlinderdpepEntropyBackendsupportedBackends gatherBackend replenish getEntropy EntropyPoolcreateEntropyPoolWithcreateEntropyPoolgetEntropyFromMonadPseudoRandomDRGrandomBytesGenerate MonadRandomgetRandomByteswithDRG$fMonadRandomIO$fMonadRandomMonadPseudoRandom$fMonadMonadPseudoRandom$fApplicativeMonadPseudoRandom$fFunctorMonadPseudoRandom SystemDRG getSystemDRG ChaChaDRGSeedseedNew seedToIntegerseedFromIntegerseedFromBinarydrgNew drgNewSeed drgNewTestwithRandomBytes$fByteArrayAccessSeed Signature SecretKey publicKey secretKey signaturetoPublicsignverifygenerateSecretKey publicKeySize secretKeySize signatureSize$fShowSignature $fEqSignature$fByteArrayAccessSignature$fNFDataSignature$fByteArrayAccessPublicKey$fShowSecretKey $fEqSecretKey$fByteArrayAccessSecretKey$fNFDataSecretKeyScalar pointBasetoPointpointAdd pointNegatepointMulpointDhpointsMulVarTime pointIsValidpointIsAtInfinitypointXpointToIntegerspointFromIntegers pointToBinarypointFromBinaryunsafePointFromBinaryscalarGenerate scalarZeroscalarN scalarIsZero scalarAdd scalarSub scalarMul scalarInv scalarInvSafe scalarCmpscalarFromBinaryscalarToBinaryscalarFromIntegerscalarToInteger $fShowScalar $fEqScalar$fByteArrayAccessScalar$fNFDataScalarDhSecretdhSecretdh$fShowDhSecret $fEqDhSecret$fByteArrayAccessDhSecret$fNFDataDhSecret hashPasswordbcryptvalidatePasswordvalidatePasswordEither scalarEncodescalarDecodeLong pointEncode pointDecodepointHasPrimeOrder pointDoublepointMulByCofactornonce generateNonce $fShowNonce $fEqNonce GenTopPolicy SetHighest SetTwoHighestgenerateParams generateMaxgenerateBetween$fShowGenTopPolicy$fEqGenTopPolicy pointBaseMulpointAddTwoMulsisPointAtInfinity isPointValid public_curvepublic_q private_curvesign_rsign_ssignDigestWithsignWith signDigest verifyDigest$fReadSignature$fDataSignature generateQprivate_params private_x public_paramspublic_yParamsparams_pparams_gparams_q PublicNumbergeneratePrivatecalculatePublic$fNFDataParams $fShowParams $fReadParams $fEqParams $fDataParamsisProbablyPrime generatePrimegenerateSafePrimefindPrimeFromWith findPrimeFromprimalityTestMillerRabinprimalityTestFermatprimalityTestNaive isCoprimegeneratePrimes OAEPParamsoaepHashoaepMaskGenAlg oaepLabeldefaultOAEPParamsencryptWithSeed private_a private_b generateWithgenerateBlinder PSSParamspssHash pssMaskGenAlg pssSaltLengthpssTrailerFielddefaultPSSParamsdefaultPSSParamsSHA1signDigestWithSalt signWithSalt signSafersignDigestSaferHashAlgorithmASN1 padSignature decryptSafer$fHashAlgorithmASN1RIPEMD160$fHashAlgorithmASN1SHA512t_256$fHashAlgorithmASN1SHA512t_224$fHashAlgorithmASN1SHA512$fHashAlgorithmASN1SHA384$fHashAlgorithmASN1SHA256$fHashAlgorithmASN1SHA224$fHashAlgorithmASN1SHA1$fHashAlgorithmASN1MD5$fHashAlgorithmASN1MD2 SharedKey params_bitsgeneratePublic getShared$fShowSharedKey $fEqSharedKey$fByteArrayAccessSharedKey$fNFDataSharedKey$fShowPrivateNumber$fReadPrivateNumber$fEqPrivateNumber$fEnumPrivateNumber$fRealPrivateNumber$fNumPrivateNumber$fOrdPrivateNumber$fNFDataPrivateNumber$fShowPublicNumber$fReadPublicNumber$fEqPublicNumber$fEnumPublicNumber$fRealPublicNumber$fNumPublicNumber$fOrdPublicNumber$fNFDataPublicNumberCurve_Edwards25519 Curve_X448 Curve_X25519 Curve_P521R1 Curve_P384R1 Curve_P256R1EllipticCurveBasepointArithcurveOrderBits pointBaseSmulpointsSmulVarTime encodeScalar decodeScalarEllipticCurveArith pointSmulEllipticCurveDHecdhRawecdh EllipticCurvecurveGenerateScalarcurveGenerateKeyPair encodePoint decodePoint SharedSecretkeypairGetPublickeypairGetPrivate)$fEllipticCurveBasepointArithCurve_P256R1$fEllipticCurveDHCurve_P256R1 $fEllipticCurveArithCurve_P256R1$fEllipticCurveCurve_P256R1)$fEllipticCurveBasepointArithCurve_P384R1$fEllipticCurveDHCurve_P384R1 $fEllipticCurveArithCurve_P384R1$fEllipticCurveCurve_P384R1)$fEllipticCurveBasepointArithCurve_P521R1$fEllipticCurveDHCurve_P521R1 $fEllipticCurveArithCurve_P521R1$fEllipticCurveCurve_P521R1$fEllipticCurveDHCurve_X25519$fEllipticCurveCurve_X25519$fEllipticCurveDHCurve_X448$fEllipticCurveCurve_X448/$fEllipticCurveBasepointArithCurve_Edwards25519&$fEllipticCurveArithCurve_Edwards25519!$fEllipticCurveCurve_Edwards25519$fShowCurve_Edwards25519$fDataCurve_Edwards25519$fShowCurve_X448$fDataCurve_X448$fShowCurve_X25519$fDataCurve_X25519$fShowCurve_P521R1$fDataCurve_P521R1$fShowCurve_P384R1$fDataCurve_P384R1$fShowCurve_P256R1$fDataCurve_P256R1$fEqSharedSecret$fByteArrayAccessSharedSecret$fNFDataSharedSecretEllipticCurveEdDSACurveDigestSizesignCtx verifyCtxsignPhverifyPh&$fEllipticCurveEdDSACurve_Edwards25519 deriveEncrypt deriveDecryptEllipticCurveECDSA scalarIsValidsignatureFromIntegerssignatureToIntegers encodePublic decodePublic encodePrivate decodePrivate $fEllipticCurveECDSACurve_P521R1 $fEllipticCurveECDSACurve_P384R1 $fEllipticCurveECDSACurve_P256R1splitmergeProcessorOptionAESNIPCLMULRDRANDprocessorOptions$fShowProcessorOption$fEqProcessorOption$fEnumProcessorOption$fDataProcessorOptionBlockunBlockbase Data.Eithereither unsafeDoIO GHC.IO.UnsafeunsafeDupablePerformIOGHC.Word byteSwap64GHC.BitspopCount$memory-0.18.0-6kuxJXXMyNMJRwhOy3Nxc9Data.ByteArray.BytesBytesData.ByteArray.EncodingconvertFromBase convertToBaseBase Base64OpenBSDBase64URLUnpaddedBase64Base16Base32Data.ByteArray.Mapping mapAsWord64 mapAsWord128 fromW64BEtoW64LEtoW64BEData.ByteArray.ViewdropViewtakeViewviewViewData.ByteArray.MethodsconvertallanyconstEqeqzero replicate copyAndFreezecopyRetcopyappendconcatreversespandroptakesplitAtindexxorsnoccons singletonunconsunpackpacknullempty unsafeCreateallocAndFreezecreateallocData.ByteArray.ScrubbedBytes ScrubbedBytesData.ByteArray.MemViewMemViewData.ByteArray.TypesByteArrayAccesscopyByteArrayToPtrlength withByteArray ByteArrayallocRet constAllZerochunkbe32Primle32Primbyteswap32Prim convert4To32 booleanPrimdeepseq-1.4.6.1Control.DeepSeqNFDatarnfGHC.Base<$ ApplicativeliftA2<**><*>pureghc-prim GHC.TypesWordWord8Word16Word32Word64Data.TraversableforMControl.ApplicativeZipList getZipList WrappedMonad WrapMonad unwrapMonad WrappedArrow WrapArrow unwrapArrowoptional Control.ArrowfirstsecondData.Functor.ConstConstgetConst Data.FoldableforM_asum byteSwap32 byteSwap16 bitReverse8 bitReverse64 bitReverse32 bitReverse16 Data.Functorvoid<$> Alternativesomemany<|>liftA3liftA<**>Builder builderLengthbuildAndFreezebytebyteshashInternalFinalizePrefixxtsGFMulXTSstep c_rc4_init c_rc4_combineAESCCMAESOCBAESGCMAESgcmModeocbModeccmModeinitAES encryptECB encryptCBCgenCTR genCounter encryptCTR encryptXTS decryptECB decryptCBC decryptCTR decryptXTS combineC32gcmInit gcmAppendAADgcmAppendEncryptgcmAppendDecrypt gcmFinishocbInit ocbAppendAADocbAppendEncryptocbAppendDecrypt ocbFinishccmInit ccmAppendAAD ccmEncrypt ccmDecrypt ccmFinishMod8IsDiv8Div8byteLenintegralNatVal GHC.TypeNatsNatcshakeInternalFinalizecshakeOutputLengthMutableArray32Array64Array32Array8array8array32array32FromAddrBEallocArray32AndFreezearray64mutableArray32mutableArray32FromAddrBEmutableArray32Freeze arrayRead8 arrayRead32 arrayRead64mutableArrayRead32mutableArrayWrite32mutableArrayWriteXor32 initTwofishTwofishKeybuildKeycopyKeySchedulecreateKeySchedule KeySchedule initBlowfishfreezeKeySchedule cipherBlockcipherBlockMutableexpandKeyWithSaltAnyexpandKeyWithSalt128 expandKeyexpandKeyWithSaltw64to32w32to64Data.Memory.ExtendedWordsWord128Camellia initCamellia expandIPT' GmpSupportedonGmpUnsupportedgmpGcdegmpLog2gmpPowModSecIntegergmpPowModInteger gmpInverse gmpNextPrimegmpTestPrimeMillerRabingmpSizeInBytes gmpSizeInBitsgmpExportIntegergmpExportIntegerLEgmpImportIntegergmpImportIntegerLEGmpUnsupportedCurveParameters curveEccA curveEccB curveEccG curveEccN curveEccHcurveSizeBytes$fCurveSEC_p112r1 CurveTypeCurvePrimeParamCurveBinaryParamcurveParameters curveTypegcdF2m GHC.MaybeNothingModulusAssertionErrorCoprimesAssertionErrorexponentiationand'&&! dsaTruncHashdsaTruncHashDigestmultiplication EntropySource entropyOpen entropyGather entropyCloseRDRand DevURandom DevRandom openBackend getEntropyPtrinitializeWords probabilisticdecaf_x448_derive_public_key decaf_x448ccryptonite_curve25519expensiveBlowfishContextTruedivmod firstPrimesep1ep2dp1dp2 calculateHashsqrootsqroot'hashDigestASN1 makeSignature EphemeralKeygenerateEphemeral encryptWith tHashDigestxorMemdiffuse