h$Ą       !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~                                            !!!!!!!!!!!"""####$$$%%%%&&&&&&&&&&&&&&&&&&&&&&&&&&'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''(())))))))))))))))))))))))))))))))))))))))))))))))**++++,----.........../////////////00000000000000000000000001111111111111111111111111222222222222222222222222222222222222223333333333333333333334444444444444444444445555666666666666666666666667777777788888888999999999::::::::::::::::::::::::::::::::::::::;;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<=========>>>>>>>????????@@@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCCCDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEEEEEFFFFFFFFFFGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG G G G G H H H I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I J J J J J J J J J J J J J J J J J J J J J J J J J J J J J J J J K K L L L L L L L L L L L L L L L L L L L L L L L L L L L L L L M M N N N N N N N N NO BSD-style Safe-Inferred>  cryptonite-cda DES block (64 bits)  cryptonite-cdBasic DES encryption which takes a key and a block of plaintext and returns the encrypted block of ciphertext according to the standard.  cryptonite-cdBasic DES decryption which takes a key and a block of ciphertext and returns the decrypted block of plaintext according to the standard.  BSD-style#Vincent Hanquez  experimentalunknownNonej cryptonite-cdFormat of padding cryptonite-cd%PKCS5: PKCS7 with hardcoded size of 8 cryptonite-cd)PKCS7 with padding size between 1 and 255 cryptonite-cdzero padding with block size cryptonite-cdApply some pad to a bytearray cryptonite-cd,Try to remove some padding from a bytearray.P BSD-style#Vincent Hanquez stableGoodNone3 cryptonite-cdA simple Either like type to represent a computation that can fail2 possibles values are:  : The computation succeeded, and contains the result of the computation  : The computation failed, and contains the cryptographic error associated  cryptonite-cdEnumeration of all possible errors that can be found in this library  cryptonite-cdThrow an CryptoError as exception on CryptoFailed result, otherwise return the computed value! cryptonite-cdSame as  $ but throw the error asynchronously." cryptonite-cdSimple  ( like combinator for CryptoFailable type# cryptonite-cd'Transform a CryptoFailable to an Either$ cryptonite-cd%Transform a CryptoFailable to a Maybe  !"#$ BSD-style#Vincent Hanquez Stable ExcellentNone 7  !"#$  !"#$Q BSD-style#Vincent Hanquez stableGoodNone!  cryptonite-cd3Perform io for hashes that do allocation and FFI.   is used when possible as the computation is pure and the output is directly linked to the input. We also do not modify anything after it has been returned to the user. R BSD-style#Vincent Hanquez stableGoodNone"$; S BSD-style#Vincent Hanquez Stable ExcellentNone#J  cryptonite-cd=Chunk some input byte array into @sz byte list of byte array. T BSD-style#Vincent Hanquez stableCompatNone%  cryptonite-cd$Byteswap Word# to or from Big Endian0On a big endian machine, this function is a nop.  cryptonite-cd'Byteswap Word# to or from Little Endian3On a little endian machine, this function is a nop.  cryptonite-cdSimple compatibility for byteswap the lower 32 bits of a Word# at the primitive level  cryptonite-cd experimentalunknown Safe-Inferred&C V BSD-style#Vincent Hanquez Stable ExcellentNone( % cryptonite-cdSymmetric cipher class.& cryptonite-cd&Initialize a cipher context from a key' cryptonite-cd Cipher name( cryptonite-cdreturn the size of the key required for this cipher. Some cipher accept any size for key) cryptonite-cd AEAD Mode; cryptonite-cd%Authentication Tag for AE cipher mode> cryptonite-cd7Offset inside an XTS data unit, measured in block size.? cryptonite-cd)Different specifier for key size in bytes@ cryptonite-cdin the range [min,max]A cryptonite-cdone of the specified valuesB cryptonite-cda specific size%&'()*+,-./0123456789:;<=>?@ABW BSD-style#Vincent Hanquez Stable ExcellentNone)C cryptonite-cdSymmetric stream cipher classD cryptonite-cdCombine using the stream cipherCDX BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred*B0 Y BSD-style)Olivier Chron stableGoodNone+ Z BSD-style#Vincent Hanquez  experimentalunknownNone /32E cryptonite-cd.Represent a digest for a given hash algorithm.This type is an instance of   from package  *https://hackage.haskell.org/package/memorymemory . Module Data.ByteArray provides many primitives to work with those values including conversion to other types.Creating a digest from a bytearray is also possible with function [.F cryptonite-cd/Represent a context for a given hash algorithm.This type is an instance of   for debugging purpose. Internal layout is architecture dependent, may contain uninitialized data fragments, and change in future versions. The bytearray should not be used as input to cryptographic algorithms.G cryptonite-cd7Hashing algorithms with a constant-time implementation.  cryptonite-cdUpdate the context with the first N bytes of a buffer and finalize this context. The code path executed is independent from N and depends only on the complete buffer length.H cryptonite-cd&Class representing hashing algorithms.The interface presented here is update in place and lowlevel. the Hash module takes care of hidding the mutable interface properly.I cryptonite-cd8Associated type for the block size of the hash algorithmJ cryptonite-cd9Associated type for the digest size of the hash algorithmK cryptonite-cdAssociated type for the internal context size of the hash algorithmL cryptonite-cd&Get the block size of a hash algorithmM cryptonite-cd'Get the digest size of a hash algorithmN cryptonite-cd5Get the size of the context used for a hash algorithmO cryptonite-cdInitialize a context pointer to the initial state of a hash algorithmP cryptonite-cd%Update the context with some raw dataQ cryptonite-cdFinalize the context and set the digest raw memory to the right valueE F G HIJKMNQOPL\ BSD-style#Vincent Hanquez  experimentalunknownNone/33aR cryptonite-cd&Whirlpool cryptographic hash algorithmRS] BSD-style#Vincent Hanquez  experimentalunknownNone/34T cryptonite-cd"Tiger cryptographic hash algorithmTU^ BSD-style#Vincent Hanquez  experimentalunknownNone/35}V cryptonite-cd0Skein512 (512 bits) cryptographic hash algorithmX cryptonite-cd0Skein512 (384 bits) cryptographic hash algorithmZ cryptonite-cd0Skein512 (256 bits) cryptographic hash algorithm\ cryptonite-cd0Skein512 (224 bits) cryptographic hash algorithmVWXYZ[\]_ BSD-style#Vincent Hanquez  experimentalunknownNone/36v^ cryptonite-cd0Skein256 (256 bits) cryptographic hash algorithm` cryptonite-cd0Skein256 (224 bits) cryptographic hash algorithm^_`a` BSD-style#Vincent Hanquez  experimentalunknownNone/37ib cryptonite-cd/SHA512t (256 bits) cryptographic hash algorithmd cryptonite-cd/SHA512t (224 bits) cryptographic hash algorithmbcdea BSD-style#Vincent Hanquez  experimentalunknownNone/38 f cryptonite-cd#SHA512 cryptographic hash algorithmfgb BSD-style#Vincent Hanquez  experimentalunknownNone/38h cryptonite-cd#SHA384 cryptographic hash algorithmhic BSD-style#Vincent Hanquez  experimentalunknownNone/3:j cryptonite-cd,SHA3 (512 bits) cryptographic hash algorithml cryptonite-cd,SHA3 (384 bits) cryptographic hash algorithmn cryptonite-cd,SHA3 (256 bits) cryptographic hash algorithmp cryptonite-cd,SHA3 (224 bits) cryptographic hash algorithmjklmnopqd BSD-style#Vincent Hanquez  experimentalunknownNone/3:r cryptonite-cd#SHA256 cryptographic hash algorithmrse BSD-style#Vincent Hanquez  experimentalunknownNone/3;dt cryptonite-cd#SHA224 cryptographic hash algorithmtuf BSD-style#Vincent Hanquez  experimentalunknownNone/3<v cryptonite-cd!SHA1 cryptographic hash algorithmvwg BSD-style#Vincent Hanquez  experimentalunknownNone/3<x cryptonite-cd&RIPEMD160 cryptographic hash algorithmxyh BSD-style#Vincent Hanquez  experimentalunknownNone/3=Hz cryptonite-cd MD5 cryptographic hash algorithmz{i BSD-style#Vincent Hanquez  experimentalunknownNone/3=| cryptonite-cd MD4 cryptographic hash algorithm|}j BSD-style#Vincent Hanquez  experimentalunknownNone/3>~ cryptonite-cd MD2 cryptographic hash algorithm~k BSD-style#Vincent Hanquez  experimentalunknownNone/3? cryptonite-cd.Keccak (512 bits) cryptographic hash algorithm cryptonite-cd.Keccak (384 bits) cryptographic hash algorithm cryptonite-cd.Keccak (256 bits) cryptographic hash algorithm cryptonite-cd.Keccak (224 bits) cryptographic hash algorithm BSD-style#Vincent Hanquez  experimentalunknownNoneCa cryptonite-cdA Mutable hash contextThis type is an instance of   for debugging purpose. Internal layout is architecture dependent, may contain uninitialized data fragments, and change in future versions. The bytearray should not be used as input to cryptographic algorithms. cryptonite-cd"Create a new mutable hash context.the algorithm used is automatically determined from the return constraint. cryptonite-cd"Create a new mutable hash context.0The algorithm is explicitely passed as parameter cryptonite-cd&Update a mutable hash context in place cryptonite-cd4Finalize a mutable hash context and compute a digest cryptonite-cd:Reset the mutable context to the initial state of the hashHIJKMNQOPLHIJKMNQOPLl BSD-style#Vincent Hanquez  experimentalunknownNone/3D cryptonite-cd0Blake2sp (256 bits) cryptographic hash algorithm cryptonite-cd0Blake2sp (224 bits) cryptographic hash algorithmm BSD-style#Vincent Hanquez  experimentalunknownNone/3E cryptonite-cd/Blake2s (256 bits) cryptographic hash algorithm cryptonite-cd/Blake2s (224 bits) cryptographic hash algorithm cryptonite-cd/Blake2s (160 bits) cryptographic hash algorithmn BSD-style#Vincent Hanquez  experimentalunknownNone/3Fv cryptonite-cd0Blake2bp (512 bits) cryptographic hash algorithmo BSD-style#Vincent Hanquez  experimentalunknownNone/3H7 cryptonite-cd/Blake2b (512 bits) cryptographic hash algorithm cryptonite-cd/Blake2b (384 bits) cryptographic hash algorithm cryptonite-cd/Blake2b (256 bits) cryptographic hash algorithm cryptonite-cd/Blake2b (224 bits) cryptographic hash algorithm cryptonite-cd/Blake2b (160 bits) cryptographic hash algorithm p BSD-style#Vincent Hanquez Stable ExcellentNoneI/  cryptonite-cd)Compute the gfmul with the XTS polynomialblock size need to be 128 bits."FIXME: add support for big endian. q BSD-style#Vincent Hanquez Stable ExcellentNoneM cryptonite-cd8Authenticated Encryption with Associated Data algorithms cryptonite-cdAEAD Implementation cryptonite-cd1Append some header information to an AEAD context cryptonite-cd-Encrypt some data and update the AEAD context cryptonite-cd-Decrypt some data and update the AEAD context cryptonite-cd;Finalize the AEAD context and return the authentication tag cryptonite-cdSimple AEAD encryption cryptonite-cdSimple AEAD decryption cryptonite-cdA new AEAD Context cryptonite-cd#Optional Authentication data header cryptonite-cdOptional Plaintext cryptonite-cd Tag length cryptonite-cd!Authentication tag and ciphertext cryptonite-cdA new AEAD Context cryptonite-cd#Optional Authentication data header cryptonite-cd Ciphertext cryptonite-cdThe authentication tag cryptonite-cd Plaintextr BSD-style#Vincent Hanquez Stable ExcellentNone&V cryptonite-cd0class of block cipher with a 128 bits block size cryptonite-cdencrypt using the XTS mode.input need to be a multiple of the blocksize, and the cipher need to process 128 bits block only cryptonite-cddecrypt using the XTS mode.input need to be a multiple of the blocksize, and the cipher need to process 128 bits block only cryptonite-cdSymmetric block cipher class cryptonite-cd7Return the size of block required for this block cipher cryptonite-cdEncrypt blocks6the input string need to be multiple of the block size cryptonite-cdDecrypt blocks6the input string need to be multiple of the block size cryptonite-cdencrypt using the CBC mode.,input need to be a multiple of the blocksize cryptonite-cddecrypt using the CBC mode.,input need to be a multiple of the blocksize cryptonite-cdencrypt using the CFB mode.,input need to be a multiple of the blocksize cryptonite-cddecrypt using the CFB mode.,input need to be a multiple of the blocksize cryptonite-cdcombine using the CTR mode.CTR mode produce a stream of randomized data that is combined (by XOR operation) with the input stream.1encryption and decryption are the same operation.input can be of any size cryptonite-cdInitialize a new AEAD State:When Nothing is returns, it means the mode is not handled.  cryptonite-cd XTS callback cryptonite-cd an IV parametrized by the cipher cryptonite-cd)Create an IV for a specified block cipher cryptonite-cd:Create an IV that is effectively representing the number 0 cryptonite-cdIncrement an IV by a number.&Assume the IV is in Big Endian format. cryptonite-cd2Usually represent the Data Unit (e.g. disk sector) cryptonite-cd+Offset in the data unit in number of blocks cryptonite-cd Plaintext cryptonite-cd Ciphertext cryptonite-cd2Usually represent the Data Unit (e.g. disk sector) cryptonite-cd+Offset in the data unit in number of blocks cryptonite-cd Ciphertext cryptonite-cd Plaintext  cryptonite-cd2Usually represent the Data Unit (e.g. disk sector) cryptonite-cd+Offset in the data unit in number of blocks cryptonite-cdData cryptonite-cdProcessed Data!   BSD-style#Vincent Hanquez Stable ExcellentNone3WI%&'()*+,-./0123456789:;<=>?@ABCD%&'(CD>?@AB)*+,-.3456789:/012;<= BSD-style"Kei Hibino  experimentalunknownNoneZ cryptonite-cdCompute Miyaguchi-Preneel one way compress using the supplied block cipher. cryptonite-cdCompute Miyaguchi-Preneel one way compress using the inferred block cipher. Only safe when KEY-SIZE equals to BLOCK-SIZE. Simple usage "mp' msg :: MiyaguchiPreneel AES128 cryptonite-cdkey build function to compute Miyaguchi-Preneel. care about block-size and key-size cryptonite-cd input message cryptonite-cd output tag cryptonite-cd input message cryptonite-cd output tagNoneZ  BSD-style experimental???None\G cryptonite-cd3DES where the first and third keys are equal, used in alternative direction cryptonite-cd3DES where the first and third keys are equal, used in the same direction cryptonite-cd83DES with 3 different keys used in alternative direction cryptonite-cd93DES with 3 different keys used all in the same direction  BSD-style#Vincent Hanquez stablegoodNone\ cryptonite-cd DES Context  BSD-style#Vincent Hanquez stablegoodNone` cryptonite-cd Salsa context cryptonite-cdInitialize a new Salsa context with the number of rounds, the key and the nonce associated. cryptonite-cdCombine the salsa output and an arbitrary message with a xor, and return the combined output and the new state. cryptonite-cd9Generate a number of bytes from the Salsa output directly cryptonite-cdnumber of rounds (8,12,20) cryptonite-cdthe key (128 or 256 bits) cryptonite-cdthe nonce (64 or 96 bits) cryptonite-cdthe initial Salsa state cryptonite-cdthe current Salsa state cryptonite-cd$the source to xor with the generator cryptonite-cdthe current Salsa state cryptonite-cdthe length of data to generate  BSD-style-Brandon Hamilton stablegoodNoned@ cryptonite-cdInitialize a new XSalsa context with the number of rounds, the key and the nonce associated. cryptonite-cdUse an already initialized context and new nonce material to derive another XSalsa context.4This allows a multi-level cascade where a first key k1 and nonce n1 is used to get  HState(k1,n1)%, and this value is then used as key k2 to build  XSalsa(k2,n2) . Function - is to be called with the first 192 bits of n1|n2, and the call to derive# should add the remaining 128 bits.The output context always uses the same number of rounds as the input context. cryptonite-cdnumber of rounds (8,12,20) cryptonite-cdthe key (256 bits) cryptonite-cdthe nonce (192 bits) cryptonite-cdthe initial XSalsa state cryptonite-cdbase XSalsa state cryptonite-cdthe remainder nonce (128 bits) cryptonite-cdthe new XSalsa state  BSD-style#Vincent Hanquez stableGoodNoneg cryptonite-cdThe encryption state for RC4This type is an instance of   for debugging purpose. Internal layout is architecture dependent, may contain uninitialized data fragments, and change in future versions. The bytearray should not be used as input to cryptographic algorithms. cryptonite-cdRC4 context initialization.seed the context with an initial key. the key size need to be adequate otherwise security takes a hit. cryptonite-cdgenerate the next len bytes of the rc4 stream without combining it to anything. cryptonite-cd3RC4 xor combination of the rc4 stream with an input cryptonite-cdThe key cryptonite-cd%The RC4 context with the key mixed in cryptonite-cd rc4 context cryptonite-cdinput cryptonite-cdnew rc4 context, and the output BSD-style#Vincent Hanquez stablegoodNonel` cryptonite-cdstablegoodNone&zo  cryptonite-cd AESOCB State  cryptonite-cd AESGCM State  cryptonite-cdAES Context (pre-processed key)  cryptonite-cd)Create an AES AEAD implementation for GCM  cryptonite-cd)Create an AES AEAD implementation for OCB  cryptonite-cd)Create an AES AEAD implementation for CCM  cryptonite-cd#Initialize a new context with a keyKey needs to be of length 16, 24 or 32 bytes. Any other values will return failure  cryptonite-cd(encrypt using Electronic Code Book (ECB)  cryptonite-cd)encrypt using Cipher Block Chaining (CBC)  cryptonite-cdgenerate a counter mode pad. this is generally xor-ed to an input to make the standard counter mode block operations.if the length requested is not a multiple of the block cipher size, more data will be returned, so that the returned bytearray is a multiple of the block cipher size.  cryptonite-cdgenerate a counter mode pad. this is generally xor-ed to an input to make the standard counter mode block operations.if the length requested is not a multiple of the block cipher size, more data will be returned, so that the returned bytearray is a multiple of the block cipher size. Similiar to  - but also return the next IV for continuation  cryptonite-cd encrypt using Counter mode (CTR)stablegoodNone{o cryptonite-cdAES with 256 bit key cryptonite-cdAES with 192 bit key cryptonite-cdAES with 128 bit keyt Safe-Inferred -/| cryptonite-cdensure the given bitlen is divisible by 8 cryptonite-cdensure the given bitlen is greater or equal to n cryptonite-cdensure the given bitlen is lesser or equal to n  u BSD-style#Vincent Hanquez  experimentalunknownNone /3G cryptonite-cdSHAKE256 (256 bits) extendable output function. Supports an arbitrary digest size, to be specified as a type parameter of kind  .Note: outputs from  n and  m for the same input are correlated (one being a prefix of the other). Results are unrelated to  results. cryptonite-cdSHAKE128 (128 bits) extendable output function. Supports an arbitrary digest size, to be specified as a type parameter of kind  .Note: outputs from  n and  m for the same input are correlated (one being a prefix of the other). Results are unrelated to  results. cryptonite-cdType class of SHAKE algorithms.  cryptonite-cd(Alternate finalization needed for cSHAKE  cryptonite-cdGet the digest bit length v BSD-style*Nicolas Di Prima  experimentalunknownNone/3g cryptonite-cdFast cryptographic hash.6It is especially known to target 64bits architectures.Known supported digest sizes: Blake2b 160 Blake2b 224 Blake2b 256 Blake2b 384 Blake2b 512 cryptonite-cd1Fast and secure alternative to SHA1 and HMAC-SHA16It is espacially known to target 32bits architectures.Known supported digest sizes: Blake2s 160 Blake2s 224 Blake2s 256 BSD-style#Vincent Hanquez  experimentalunknownNoneGHRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~HG~|}z{vwturshifgdebcxyTUpqnolmjk`a^_\]Z[XYVWRS BSD-style#Vincent Hanquez  experimentalunknownNone  cryptonite-cd'Hash a strict bytestring into a digest. cryptonite-cdHash the first N bytes of a bytestring, with code path independent from N. cryptonite-cd%Hash a lazy bytestring into a digest. cryptonite-cd0Initialize a new context for this hash algorithm cryptonite-cdrun hashUpdates on one single bytestring and return the updated context. cryptonite-cdUpdate the context with a list of strict bytestring, and return a new context with the updates. cryptonite-cd'Finalize a context and return a digest. cryptonite-cdUpdate the context with the first N bytes of a bytestring and return the digest. The code path is independent from N but much slower than a normal . The function can be called for the last bytes of a message, in order to exclude a variable padding, without leaking the padding length. The begining of the message, never impacted by the padding, should preferably go through  for better performance. cryptonite-cd7Initialize a new context for a specified hash algorithm cryptonite-cdRun the 8 function but takes an explicit hash algorithm parameter cryptonite-cdRun the 8 function but takes an explicit hash algorithm parameter cryptonite-cdTry to transform a bytearray into a Digest of specific algorithm.If the digest is not the right size for the algorithm specified, then Nothing is returned.EFGHLMRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~FELMw BSD-style#Vincent Hanquez stableGoodNone  cryptonite-cdArray of mutable Word32  cryptonite-cdArray of Word64  cryptonite-cdArray of Word32  cryptonite-cdArray of Word8  cryptonite-cd*Create an array of Word8 aliasing an Addr#  cryptonite-cdCreate an Array of Word32 of specific size from a list of Word32  cryptonite-cd-Create an Array of BE Word32 aliasing an Addr  cryptonite-cd.Create an Array of Word32 using an initializer  cryptonite-cdCreate an Array of Word64 of specific size from a list of Word64  cryptonite-cdCreate a Mutable Array of Word32 of specific size from a list of Word32  cryptonite-cd4Create a Mutable Array of BE Word32 aliasing an Addr  cryptonite-cdfreeze a Mutable Array of Word32 into a immutable Array of Word32  cryptonite-cdRead a Word8 from an Array  cryptonite-cdRead a Word32 from an Array  cryptonite-cdRead a Word64 from an Array  cryptonite-cd,Read a Word32 from a Mutable Array of Word32  cryptonite-cd-Write a Word32 from a Mutable Array of Word32  cryptonite-cdWrite into the Mutable Array of Word32 by combining through xor the current value and the new value. x[i] = x[i] xor value xNone  cryptonite-cd-Initialize a 128-bit, 192-bit, or 256-bit keyReturn the initialized key or a error message if the given keyseed was not 16-bytes in length.  cryptonite-cd1Encrypts the given ByteString using the given Key  cryptonite-cd1Decrypts the given ByteString using the given Key  cryptonite-cd%The key to create the twofish context  cryptonite-cdThe key to use cryptonite-cdThe data to encrypt  cryptonite-cdThe key to use cryptonite-cdThe data to decrypt Noney BSD-styleNone  cryptonite-cdAll subkeys for 12 or 16 rounds  cryptonite-cd(Encrypts a block using the specified key  cryptonite-cd(Decrypts a block using the specified key  cryptonite-cd+Precompute "masking" and "rotation" subkeys  cryptonite-cdTrue( for short keys that only need 12 rounds cryptonite-cdInput key padded to 16 bytes cryptonite-cdOutput data structure  BSD-style)Olivier Chron stablegoodNone cryptonite-cdCAST5 block cipher (also known as CAST-128). Key is between 40 and 128 bits.z BSD-style experimentalGoodNone  cryptonite-cdCopy the state of one key schedule into the other. The first parameter is the destination and the second the source.  cryptonite-cdCreate a key schedule mutable array of the pbox followed by all the sboxes. { BSD-style experimentalGoodNone  cryptonite-cd-Initialize a new Blowfish context from a key.'key needs to be between 0 and 448 bits.  cryptonite-cdGet an immutable Blowfish context by freezing a mutable key schedule.  cryptonite-cdEncrypt blocks&Input need to be a multiple of 8 bytes  cryptonite-cdDecrypt blocks&Input need to be a multiple of 8 bytes  cryptonite-cdBlowfish encrypt a Word using the current state of the key schedule  BSD-style#Vincent Hanquez stablegoodNone< cryptonite-cd448 bit keyed blowfish state cryptonite-cd256 bit keyed blowfish state cryptonite-cd128 bit keyed blowfish state cryptonite-cd64 bit keyed blowfish state cryptonite-cdvariable keyed blowfish state| BSD-style#Vincent Hanquez  experimentalunknown Safe-Inferred:  cryptonite-cdSplit a   into the highest and lowest   cryptonite-cdReconstruct a   from two   } BSD-style#Vincent Hanquez  experimentalGoodNone  cryptonite-cdCamellia context  cryptonite-cdInitialize a 128-bit keyReturn the initialized key or a error message if the given keyseed was not 16-bytes in length.  cryptonite-cd1Encrypts the given ByteString using the given Key  cryptonite-cd1Decrypts the given ByteString using the given Key  cryptonite-cd&The key to create the camellia context  cryptonite-cdThe key to use cryptonite-cdThe data to encrypt  cryptonite-cdThe key to use cryptonite-cdThe data to decrypt  BSD-style#Vincent Hanquez  experimentalGoodNone[ cryptonite-cd&Camellia block cipher with 128 bit key BSD-style#Vincent Hanquez  experimentalunknownNoneM  cryptonite-cdParameters that can be adjusted to change the runtime performance of the hashing. cryptonite-cdWhich variant of Argon2 to use. cryptonite-cdWhich version of Argon2 to use. cryptonite-cdA parallelism degree, which defines the number of parallel threads.~ <= hashParallelism <= ~ && ~ <= hashParallelism <= ~ cryptonite-cdThe memory cost, which defines the memory usage, given in kibibytes.max ~ (8 * hashParallelism) <=  hashMemory <= ~ cryptonite-cdThe time cost, which defines the amount of computation realized and therefore the execution time, given in number of iterations.~ <= hashIterations <= ~ cryptonite-cdWhich version of Argon2 to use cryptonite-cdWhich variant of Argon2 to use. You should choose the variant that is most applicable to your intention to hash inputs. cryptonite-cdArgon2d is faster than Argon2i and uses data-depending memory access, which makes it suitable for cryptocurrencies and applications with no threats from side-channel timing attacks. cryptonite-cdArgon2i uses data-independent memory access, which is preferred for password hashing and password-based key derivation. Argon2i is slower as it makes more passes over the memory to protect from tradeoff attacks. cryptonite-cdArgon2id is a hybrid of Argon2i and Argon2d, using a combination of data-depending and data-independent memory accesses, which gives some of Argon2i's resistance to side-channel cache timing attacks and much of Argon2d's resistance to GPU cracking attacks BSD-style experimentalGoodNoneK cryptonite-cdThe number of user-defined iterations for the algorithm (must be > 0) cryptonite-cdThe number of bytes to generate out of BCryptPBKDF (must be in 1..1024) cryptonite-cdDerive a key of specified length using the bcrypt_pbkdf algorithm. cryptonite-cdInternal hash function used by ."Normal users should not need this. BSD-style"Kei Hibino  experimentalunknownNone  cryptonite-cdAuthentication code cryptonite-cd'compute a MAC using the supplied cipher cryptonite-cdmake sub-keys used in CMAC cryptonite-cdkey to compute CMAC with cryptonite-cd input message cryptonite-cd output tag cryptonite-cdkey to compute CMAC with cryptonite-cdsub-keys to compute CMAC BSD-style#Vincent Hanquez  experimentalunknownNone cryptonite-cd;Represent an ongoing HMAC state, that can be appended with  and finalize to an HMAC with  hmacFinalize cryptonite-cdRepresent an HMAC that is a phantom type with the hash used to produce the mac.The Eq instance is constant time. No Show instance is provided, to avoid printing by mistake. cryptonite-cd1compute a MAC using the supplied hashing function cryptonite-cd)Initialize a new incremental HMAC context cryptonite-cd#Incrementally update a HMAC context cryptonite-cd9Increamentally update a HMAC context with multiple inputs cryptonite-cd,Finalize a HMAC context and return the HMAC. cryptonite-cd Secret key cryptonite-cdMessage to MAC cryptonite-cd Secret key cryptonite-cdCurrent HMAC context cryptonite-cdMessage to append to the MAC cryptonite-cdUpdated HMAC context cryptonite-cdCurrent HMAC context cryptonite-cdMessages to append to the MAC cryptonite-cdUpdated HMAC context   BSD-style#Vincent Hanquez  experimentalunknownNone3 cryptonite-cdParameters for PBKDF2 cryptonite-cdthe number of user-defined iterations for the algorithms. e.g. WPA2 uses 4000. cryptonite-cd-the number of bytes to generate out of PBKDF2 cryptonite-cdThe PRF used for PBKDF2 cryptonite-cd>PRF for PBKDF2 using HMAC with the hash algorithm as parameter cryptonite-cd;generate the pbkdf2 key derivation function from the output cryptonite-cdthe password parameters cryptonite-cd the content cryptonite-cdprf(password,content)   BSD-style#Vincent Hanquez  experimentalunknownNone" cryptonite-cdParameters for Scrypt cryptonite-cdCpu/Memory cost ratio. must be a power of 2 greater than 1. also known as N. cryptonite-cdMust satisfy r * p < 2^30 cryptonite-cdMust satisfy r * p < 2^30 cryptonite-cd-the number of bytes to generate out of Scrypt cryptonite-cd'Generate the scrypt key derivation data BSD-style#Vincent Hanquez  experimentalunknownNone~ cryptonite-cdPseudo Random Key cryptonite-cdExtract a Pseudo Random Key using the parameter and the underlaying hash mechanism cryptonite-cd2Create a PRK directly from the input key material.Only use when guaranteed to have a good quality and random data to use directly as key. This effectively skip a HMAC with key=salt and data=key. cryptonite-cd experimentalunknownNone cryptonite-cd;Represent an ongoing KMAC state, that can be appended with  and finalized to a  with . cryptonite-cdRepresent a KMAC that is a phantom type with the hash used to produce the mac.The Eq instance is constant time. No Show instance is provided, to avoid printing by mistake. cryptonite-cd?Compute a KMAC using the supplied customization string and key. cryptonite-cdInitialize a new incremental KMAC context with the supplied customization string and key. cryptonite-cd$Incrementally update a KMAC context. cryptonite-cd9Incrementally update a KMAC context with multiple inputs. cryptonite-cd,Finalize a KMAC context and return the KMAC.   BSD-style#Vincent Hanquez  experimentalunknownNone cryptonite-cd Poly1305 Auth cryptonite-cd(Poly1305 State. use State instead of Ctx cryptonite-cdPoly1305 StateThis type is an instance of   for debugging purpose. Internal layout is architecture dependent, may contain uninitialized data fragments, and change in future versions. The bytearray should not be used as input to cryptographic algorithms. cryptonite-cdinitialize a Poly1305 context cryptonite-cd"update a context with a bytestring cryptonite-cd+updates a context with multiples bytestring cryptonite-cd-finalize the context into a digest bytestring cryptonite-cdOne-pass authorization creation   BSD-style#Vincent Hanquez stablegoodNone  cryptonite-cdValid Nonce for ChaChaPoly1305.It can be created with  or  cryptonite-cdA ChaChaPoly1305 State.9The state is immutable, and only new state can be created cryptonite-cd6Nonce smart constructor 12 bytes IV, nonce constructor cryptonite-cd8 bytes IV, nonce constructor cryptonite-cdIncrement a nonce cryptonite-cd%Initialize a new ChaChaPoly1305 StateThe key length need to be 256 bits, and the nonce procured using either  or  cryptonite-cdAppend Authenticated Data to the State and return the new modified State.Once no further call to this function need to be make, the user should call  cryptonite-cd>Finalize the Authenticated Data and return the finalized State cryptonite-cdEncrypt a piece of data and returns the encrypted Data and the updated State. cryptonite-cdDecrypt a piece of data and returns the decrypted Data and the updated State. cryptonite-cd.Generate an authentication tag from the State. cryptonite-cd4 bytes constant cryptonite-cd 8 bytes IV   BSD-style#Vincent Hanquez  experimentalGoodNonek  cryptonite-cdGMP Supported / Unsupported  cryptonite-cdSimple combinator in case the operation is not supported through GMP  cryptonite-cd-Compute the GCDE of a two integer through GMP  cryptonite-cd6Compute the binary logarithm of an integer through GMP  cryptonite-cdCompute the power modulus using extra security to remain constant time wise through GMP  cryptonite-cd%Compute the power modulus through GMP  cryptonite-cd'Inverse modulus of a number through GMP  cryptonite-cd4Get the next prime from a specific value through GMP  cryptonite-cd,Test if a number is prime using Miller Rabin  cryptonite-cd&Return the size in bytes of an integer  cryptonite-cd%Return the size in bits of an integer  cryptonite-cd*Export an integer to a memory (big-endian)  cryptonite-cd-Export an integer to a memory (little-endian)  cryptonite-cd,Import an integer from a memory (big-endian)  cryptonite-cd/Import an integer from a memory (little-endian)  BSD-style#Vincent Hanquez  experimentalGoodNoneǵ cryptonite-cdsqrti returns two integers (l,b) so that l <= sqrt i <= b. The implementation is quite naive, use an approximation for the first number and use a dichotomy algorithm to compute the bound relatively efficiently. cryptonite-cd8Get the extended GCD of two integer using integer divModgcde a b& find (x,y,gcd(a,b)) where ax + by = d cryptonite-cd'Check if a list of integer are all even cryptonite-cd)Compute the binary logarithm of a integer cryptonite-cd)Compute the number of bits for an integer cryptonite-cd*Compute the number of bytes for an integer cryptonite-cd4Express an integer as an odd number and a power of 2 BSD-style#Vincent Hanquez  Experimental ExcellentNone3l  cryptonite-cdDefine a point on a curve.  cryptonite-cdPoint at Infinity  cryptonite-cdECC Private Number  cryptonite-cdDefine common parameters in a curve definition of the form: y^2 = x^3 + ax + b.  cryptonite-cdcurve parameter a  cryptonite-cdcurve parameter b  cryptonite-cd base point  cryptonite-cd order of G  cryptonite-cdcofactor  cryptonite-cd!get the size of the curve in bits  cryptonite-cd"get the size of the curve in bytes  cryptonite-cd*Define names for known recommended curves.   BSD-style"Danny Navarro  experimentalGoodNone  cryptonite-cd+Binary Polynomial represented by an integer cryptonite-cd-Addition over FAm. This is just a synonym of  . cryptonite-cdReduction by modulo over FAm.This function is undefined for negative arguments, because their bit representation is platform-dependent. Zero modulus is also prohibited. cryptonite-cdMultiplication over FAm.This function is undefined for negative arguments, because their bit representation is platform-dependent. Zero modulus is also prohibited. cryptonite-cdSquaring over FAm.This function is undefined for negative arguments, because their bit representation is platform-dependent. Zero modulus is also prohibited. cryptonite-cd.Squaring over FAm without reduction by modulo.The implementation utilizes the fact that for binary polynomial S(x) we have S(x)^2 = S(x^2). In other words, insert a zero bit between every bits of argument: 1101 -> 1010001.This function is undefined for negative arguments, because their bit representation is platform-dependent. cryptonite-cd#Exponentiation in FAm by computing  a^b mod fx.This implements an exponentiation by squaring based solution. It inherits the same restrictions as $. Negative exponents are disallowed. cryptonite-cdSquare rooot in FAm.We exploit the fact that  a^(2^m) = a, or in particular, a^(2^m - 1) = 1 from a classical result by Lagrange. Thus the square root is simply a^(2^(m - 1)). cryptonite-cd Modular inversion over FAm. If n doesn't have an inverse,   is returned.This function is undefined for negative arguments, because their bit representation is platform-dependent. Zero modulus is also prohibited. cryptonite-cdDivision over FAm. If the dividend doesn't have an inverse it returns  .This function is undefined for negative arguments, because their bit representation is platform-dependent. Zero modulus is also prohibited. cryptonite-cdModulus cryptonite-cdModulus cryptonite-cdModulus cryptonite-cdModulus cryptonite-cda cryptonite-cdb cryptonite-cdModulus cryptonite-cda cryptonite-cdModulus cryptonite-cdModulus cryptonite-cdDividend cryptonite-cdDivisor cryptonite-cdQuotient  ! BSD-style#Vincent Hanquez  experimentalGoodNone1 cryptonite-cdCompute the modular exponentiation of base^exponent using algorithms design to avoid side channels and timing measurementModulo need to be odd otherwise the normal fast modular exponentiation is used.When used with integer-simple, this function is not different from expFast, and thus provide the same unstudied and dubious timing and side channels claims.Before GHC 8.4.2, powModSecInteger is missing from integer-gmp, so expSafe has the same security as expFast. cryptonite-cdCompute the modular exponentiation of base^exponent using the fastest algorithm without any consideration for hiding parameters.Use this function when all the parameters are public, otherwise  should be preferred. cryptonite-cdinverse$ computes the modular inverse as in  g^(-1) mod m. cryptonite-cdCompute the modular inverse of two coprime numbers. This is equivalent to inverse except that the result is known to exists.If the numbers are not defined as coprime, this function will raise a  . cryptonite-cd experimentalGoodNone/ cryptonite-cd(get a runtime proof that the constraint  n is satified cryptonite-cd(get a runtime proof that the constraint  value bound is satified cryptonite-cd(get a runtime proof that the constraint  value bound is satified" BSD-style#Vincent Hanquez  experimentalGoodNone, cryptonite-cdFill a pointer with the big endian binary representation of an integerIf the room available ptrSz is less than the number of bytes needed, 0 is returned. Likewise if a parameter is invalid, 0 is returned.#Returns the number of bytes written cryptonite-cd Similar to 3, except it will pad any remaining space with zero. cryptonite-cdTransform a big endian binary integer representation pointed by a pointer and a size into an integer# BSD-style#Vincent Hanquez  experimentalGoodNonez cryptonite-cdos2ip0 converts a byte string into a positive integer. cryptonite-cdi2osp0 converts a positive integer into a byte string.The first byte is MSB (most significant byte); the last byte is the LSB (least significant byte) cryptonite-cd Just like , but takes an extra parameter for size. If the number is too big to fit in len bytes,  ? is returned otherwise the number is padded with 0 to fit the len required. cryptonite-cd Just like  except that it doesn't expect a failure: i.e. an integer larger than the number of output bytes requested.For example if you just took a modulo of the number that represent the size (example the RSA modulo n).$ BSD-style#Vincent Hanquez  experimentalGoodNone cryptonite-cdFill a pointer with the little endian binary representation of an integerIf the room available ptrSz is less than the number of bytes needed, 0 is returned. Likewise if a parameter is invalid, 0 is returned.#Returns the number of bytes written cryptonite-cd Similar to 3, except it will pad any remaining space with zero. cryptonite-cdTransform a little endian binary integer representation pointed by a pointer and a size into an integer% BSD-style#Vincent Hanquez  experimentalGoodNone( cryptonite-cdos2ip0 converts a byte string into a positive integer. cryptonite-cdi2osp0 converts a positive integer into a byte string.The first byte is LSB (least significant byte); the last byte is the MSB (most significant byte) cryptonite-cd Just like , but takes an extra parameter for size. If the number is too big to fit in len bytes,  ? is returned otherwise the number is padded with 0 to fit the len required. cryptonite-cd Just like  except that it doesn't expect a failure: i.e. an integer larger than the number of output bytes requested.For example if you just took a modulo of the number that represent the size (example the RSA modulo n).&None cryptonite-cd"An integral time value in seconds. cryptonite-cdThe strength of the calculated HOTP value, namely the number of digits (between 4 and 9) in the extracted value. cryptonite-cd9A one-time password which is a sequence of 4 to 9 digits. cryptonite-cdAttempt to resynchronize the server's counter value with the client, given a sequence of HOTP values. cryptonite-cdThe default TOTP configuration. cryptonite-cd7Create a TOTP configuration with customized parameters. cryptonite-cd*Calculate a totp value for the given time. cryptonite-cdCheck a supplied TOTP value is valid for the given time, within the window defined by the skew parameter. cryptonite-cdNumber of digits in the HOTP value extracted from the calculated HMAC cryptonite-cd+Shared secret between the client and server cryptonite-cd8Counter value synchronized between the client and server cryptonite-cdThe HOTP value cryptonite-cdThe look-ahead window parameter. Up to this many values will be calculated and checked against the value(s) submitted by the client cryptonite-cdThe shared secret cryptonite-cd The current server counter value cryptonite-cdThe first OTP submitted by the client and a list of additional sequential OTPs (which may be empty) cryptonite-cdThe new counter value, synchronized with the client's current counter or Nothing if the submitted OTP values didn't match anywhere within the window cryptonite-cdThe T0 parameter in seconds. This is the Unix time from which to start counting steps (default 0). Must be before the current time. cryptonite-cdThe time step parameter X in seconds (default 30, maximum allowed 300) cryptonite-cd0Number of required digits in the OTP (default 6) cryptonite-cdThe number of time steps to check either side of the current value to allow for clock skew between client and server and or delay in submitting the value. The default is two time steps. cryptonite-cdThe shared secret cryptonite-cdThe time for which the OTP should be calculated. This is usually the current time as returned by "Data.Time.Clock.POSIX.getPOSIXTime' BSD-style#Vincent Hanquez  Experimental ExcellentNone3 cryptonite-cd*Define names for known recommended curves. cryptonite-cdDefine common parameters in a curve definition of the form: y^2 = x^3 + ax + b. cryptonite-cdcurve parameter a cryptonite-cdcurve parameter b cryptonite-cd base point cryptonite-cd order of G cryptonite-cdcofactor cryptonite-cdDefine an elliptic curve in p. The first parameter is the Prime Number. cryptonite-cdDefine an elliptic curve in (2^m). The firt parameter is the Integer representatioin of the irreducible polynomial f(x). cryptonite-cdDefine a point on a curve. cryptonite-cdPoint at Infinity cryptonite-cdECC Private Number cryptonite-cdECC Public Point cryptonite-cd.Define either a binary curve or a prime curve. cryptonite-cd(2^m) cryptonite-cdp cryptonite-cd5Parameters in common between binary and prime curves. cryptonite-cdIrreducible polynomial representing the characteristic of a CurveBinary. cryptonite-cd=Prime number representing the characteristic of a CurvePrime. cryptonite-cd!get the size of the curve in bits cryptonite-cdGet the curve definition associated with a recommended known curve name.:: BSD-style#Vincent Hanquez  experimentalGoodNone  cryptonite-cdThis is a strict version of and  cryptonite-cdThis is a strict version of &&.  cryptonite-cd$Truncate and hash for DSA and ECDSA.  cryptonite-cd$Truncate a digest for DSA and ECDSA. ( BSD-style#Vincent Hanquez  experimentalGoodNone cryptonite-cd%Represent a mask generation algorithm cryptonite-cdMask generation algorithm MGF1 cryptonite-cdseed cryptonite-cdlength to generate) BSD-style#Vincent Hanquez  experimentalGoodNone3 cryptonite-cdRepresent RSA KeyPairnote the RSA private key contains already an instance of public key for efficiency cryptonite-cdRepresent a RSA private key.-Only the pub, d fields are mandatory to fill.p, q, dP, dQ, qinv are by-product during RSA generation, but are useful to record here to speed up massively the decrypt and sign operation./implementations can leave optional fields to 0. cryptonite-cd,public part of a private key (size, n and e) cryptonite-cdprivate exponent d cryptonite-cdp prime number cryptonite-cdq prime number cryptonite-cd d mod (p-1) cryptonite-cd d mod (q-1) cryptonite-cd q^(-1) mod p cryptonite-cdRepresent a RSA public key cryptonite-cdsize of key in bytes cryptonite-cd public p*q cryptonite-cdpublic exponent e cryptonite-cd8error possible during encryption, decryption or signing. cryptonite-cdthe message to decrypt is not of the correct size (need to be == private_size) cryptonite-cd"the message to encrypt is too long cryptonite-cdthe message decrypted doesn't have a PKCS15 structure (0 2 .. 0 msg) cryptonite-cd the message's digest is too long cryptonite-cd-some parameters lead to breaking assumptions. cryptonite-cdBlinder which is used to obfuscate the timing of the decryption primitive (used by decryption and signing). cryptonite-cd(get the size in bytes from a private key cryptonite-cdget n from a private key cryptonite-cdget e from a private key cryptonite-cdPublic key of a RSA KeyPair cryptonite-cdPrivate key of a RSA KeyPair* BSD-style#Vincent Hanquez  experimentalGoodNone cryptonite-cdCompute the RSA decrypt primitive. if the p and q numbers are available, then dpFast is used otherwise, we use dpSlow which only need d and n. cryptonite-cd!Compute the RSA encrypt primitive BSD-style#Vincent Hanquez  experimentalGood Safe-Inferred7  cryptonite-cdA handle to an entropy maker, either a system capability or a hardware generator.  cryptonite-cd%Try to open an handle for this source  cryptonite-cdTry to gather a number of entropy bytes into a buffer. Return the number of actual bytes gathered  cryptonite-cdClose an open handle  BSD-style#Vincent Hanquez  experimentalGood Safe-Inferred  cryptonite-cd3Fake handle to Intel RDRand entropy CPU instruction  BSD-style#Vincent Hanquez  experimentalGood Safe-Inferred  cryptonite-cdEntropy device devurandom on unix system  cryptonite-cdEntropy device devrandom on unix system  BSD-style#Vincent Hanquez stablegood Safe-Inferred  cryptonite-cdAny Entropy Backend cryptonite-cdAll supported backends  cryptonite-cd%Gather randomness from an open handle cryptonite-cdAn open Entropy Backend cryptonite-cdPointer to a buffer to write to cryptonite-cdnumber of bytes to write cryptonite-cd+return the number of bytes actually written+ BSD-style#Vincent Hanquez  experimentalGood Safe-Inferred  cryptonite-cdRefill the entropy in a bufferCall each entropy backend in turn until the buffer has been replenished.If the buffer cannot be refill after 3 loopings, this will raise an User Error exception, BSD-style#Vincent Hanquez  experimentalGoodNone  cryptonite-cd2Get some entropy from the system source of entropy- BSD-style#Vincent Hanquez  experimentalGoodNone, cryptonite-cdPool of Entropy. Contains a self-mutating pool of entropy, that is always guaranteed to contain data. cryptonite-cd,Create a new entropy pool of a specific sizeWhile you can create as many entropy pools as you want, the pool can be shared between multiples RNGs. cryptonite-cd.Create a new entropy pool with a default size.While you can create as many entropy pools as you want, the pool can be shared between multiples RNGs. cryptonite-cd.Grab a chunk of entropy from the entropy pool.. BSD-style#Vincent Hanquez  experimentalGoodNone) cryptonite-cdA simple Monad class very similar to a State Monad with the state being a DRG. cryptonite-cd,A Deterministic Random Generator (DRG) class cryptonite-cd)Generate N bytes of randomness from a DRG cryptonite-cd7A monad constraint that allows to generate random bytes cryptonite-cdRun a pure computation with a Deterministic Random Generator in the  BSD-style#Vincent Hanquez  experimentalGoodNone  cryptonite-cdA referentially transparent System representation of the random evaluated out of the system.Holding onto a specific DRG means that all the already evaluated bytes will be consistently replayed.There's no need to reseed this DRG, as only pure entropy is represented here. cryptonite-cd#Grab one instance of the System DRG BSD-style#Vincent Hanquez stablegoodNone cryptonite-cd%ChaCha Deterministic Random Generator  cryptonite-cdInitialize a new ChaCha context with the number of rounds, the key and the nonce associated.  cryptonite-cdInitialize a new ChaCha context from 5-tuple of words64. This interface is useful when creating a RNG out of tests generators (e.g. QuickCheck).  cryptonite-cd40 bytes of seed cryptonite-cdthe initial ChaCha state / BSD-style#Vincent Hanquez stablegoodNone[ cryptonite-cd%Create a new Seed from system entropy cryptonite-cdConvert a Seed to an integer cryptonite-cdConvert an integer to a Seed cryptonite-cdConvert a binary to a seed cryptonite-cd$Create a new DRG from system entropy cryptonite-cdCreate a new DRG from a seed cryptonite-cdCreate a new DRG from 5 Word64.This is a convenient interface to create deterministic interface for quickcheck style testing.It can also be used in other contexts provided the input has been properly randomly generated.Note that the  Arbitrary% instance provided by QuickCheck for   does not have a uniform distribution. It is often better to use instead arbitraryBoundedRandom.System endianness impacts how the tuple is interpreted and therefore changes the resulting DRG. cryptonite-cd Generate 6len random bytes and mapped the bytes to the function f.(This is equivalent to use Control.Arrow   with  BSD-style#Vincent Hanquez  experimentalGoodNonet  cryptonite-cdThis create a random number generator out of thin air with the system entropy; don't generally use as the IO is not exposed this can have unexpected random for.This is useful for probabilistic algorithm like Miller Rabin probably prime algorithm, given appropriate choice of the heuristic1Generally, it's advised not to use this function. 0 BSD-style)Olivier Chron  experimentalunknownNoneZ  cryptonite-cdAn Ed448 signature cryptonite-cdAn Ed448 public key cryptonite-cdAn Ed448 Secret key cryptonite-cd*Try to build a public key from a bytearray cryptonite-cd*Try to build a secret key from a bytearray cryptonite-cd)Try to build a signature from a bytearray cryptonite-cd%Create a public key from a secret key cryptonite-cd!Sign a message using the key pair cryptonite-cdVerify a message cryptonite-cdGenerate a secret key cryptonite-cdA public key is 57 bytes cryptonite-cdA secret key is 57 bytes cryptonite-cdA signature is 114 bytes  1 BSD-style#Vincent Hanquez  experimentalunknownNone o  cryptonite-cdAn Ed25519 signature cryptonite-cdAn Ed25519 public key cryptonite-cdAn Ed25519 Secret key cryptonite-cd*Try to build a public key from a bytearray cryptonite-cd*Try to build a secret key from a bytearray cryptonite-cd)Try to build a signature from a bytearray cryptonite-cd%Create a public key from a secret key cryptonite-cd!Sign a message using the key pair cryptonite-cdVerify a message cryptonite-cdGenerate a secret key cryptonite-cdA public key is 32 bytes cryptonite-cdA secret key is 32 bytes cryptonite-cdA signature is 64 bytes  2 BSD-style#Vincent Hanquez  experimentalunknownNone( cryptonite-cd A P256 point cryptonite-cd A P256 scalar cryptonite-cd%Get the base point for the P256 Curve cryptonite-cdLift to curve a scalar0Using the curve generator as base point compute:  scalar * G cryptonite-cdAdd a point to another point cryptonite-cdNegate a point cryptonite-cdMultiply a point by a scalarwarning: variable time cryptonite-cd Similar to , serializing the x coordinate as binary. When scalar is multiple of point order the result is all zero. cryptonite-cdmultiply the point p with &n2 and add a lifted to curve value @n1 n1 * G + n2 * pwarning: variable time cryptonite-cd Check if a  is valid cryptonite-cd Check if a  is the point at infinity cryptonite-cdReturn the x coordinate as a  if the point is not at infinity cryptonite-cd!Convert a point to (x,y) Integers cryptonite-cd&Convert from (x,y) Integers to a point cryptonite-cd*Convert a point to a binary representation cryptonite-cd$Convert from binary to a valid point cryptonite-cd0Convert from binary to a point, possibly invalid cryptonite-cd(Generate a randomly generated new scalar cryptonite-cdThe scalar representing 0 cryptonite-cd'The scalar representing the curve order cryptonite-cdCheck if the scalar is 0 cryptonite-cd$Perform addition between two scalars a + b cryptonite-cd'Perform subtraction between two scalars a - b cryptonite-cd*Perform multiplication between two scalars a * b cryptonite-cdGive the inverse of the scalar 1 / awarning: variable time cryptonite-cd8Give the inverse of the scalar using safe exponentiation 1 / a cryptonite-cdCompare 2 Scalar cryptonite-cdconvert a scalar from binary cryptonite-cdconvert a scalar to binary cryptonite-cd(Convert from an Integer to a P256 Scalar cryptonite-cd(Convert from a P256 Scalar to an Integer3 BSD-style John Galt  experimentalunknownNone,[  cryptonite-cdA Curve448 Diffie Hellman secret related to a public key and a secret key. cryptonite-cdA Curve448 public key cryptonite-cdA Curve448 Secret key cryptonite-cd*Try to build a public key from a bytearray cryptonite-cd*Try to build a secret key from a bytearray cryptonite-cd)Create a DhSecret from a bytearray object cryptonite-cdCompute the Diffie Hellman secret from a public key and a secret key.This implementation may return an all-zero value as it does not check for the condition. cryptonite-cd%Create a public key from a secret key cryptonite-cdGenerate a secret key.  4 BSD-style#Vincent Hanquez  experimentalunknownNone/{  cryptonite-cdA Curve25519 Diffie Hellman secret related to a public key and a secret key. cryptonite-cdA Curve25519 public key cryptonite-cdA Curve25519 Secret key cryptonite-cd*Try to build a public key from a bytearray cryptonite-cd*Try to build a secret key from a bytearray cryptonite-cd)Create a DhSecret from a bytearray object cryptonite-cdCompute the Diffie Hellman secret from a public key and a secret key.This implementation may return an all-zero value as it does not check for the condition. cryptonite-cd%Create a public key from a secret key cryptonite-cdGenerate a secret key.  5None5 cryptonite-cdCreate a bcrypt hash for a password with a provided cost value. Typically used to create a hash when a new user account is registered or when a user changes their password.Each increment of the cost approximately doubles the time taken. The 16 bytes of random salt will be generated internally. cryptonite-cdCreate a bcrypt hash for a password with a provided cost value and salt.Cost value under 4 will be automatically adjusted back to 10 for safety reason. cryptonite-cdCheck a password against a stored bcrypt hash when authenticating a user.Returns False if the password doesn't match the hash, or if the hash is invalid or an unsupported version. cryptonite-cd&Check a password against a bcrypt hashAs for validatePassword but will provide error information if the hash is invalid or an unsupported version. cryptonite-cdThe cost parameter. Should be between 4 and 31 (inclusive). Values which lie outside this range will be adjusted accordingly. cryptonite-cdThe password. Should be the UTF-8 encoded bytes of the password text. cryptonite-cd#The bcrypt hash in standard format. cryptonite-cdThe cost parameter. Should be between 4 and 31 (inclusive). Values which lie outside this range will be adjusted accordingly. cryptonite-cdThe salt. Must be 16 bytes in length or an error will be raised. cryptonite-cdThe password. Should be the UTF-8 encoded bytes of the password text. cryptonite-cd#The bcrypt hash in standard format.6 BSD-style)Olivier Chron  experimentalunknownNone= cryptonite-cdA point on curve edwards25519. cryptonite-cd2A scalar modulo prime order of curve edwards25519. cryptonite-cdGenerate a random scalar. cryptonite-cdSerialize a scalar to binary, i.e. a 32-byte little-endian number. cryptonite-cdDeserialize a little-endian number as a scalar. Input array can have any length from 0 to 64 bytes.Note: it is not advised to put secret information in the 3 lowest bits of a scalar if this scalar may be multiplied to untrusted points outside the prime-order subgroup. cryptonite-cdAdd two scalars. cryptonite-cdMultiply two scalars. cryptonite-cd.Multiplies a scalar with the curve base point. cryptonite-cd%Serialize a point to a 32-byte array.!Format is binary compatible with 1 from module Crypto.PubKey.Ed25519. cryptonite-cdDeserialize a 32-byte array as a point, ensuring the point is valid on edwards25519.WARNING: variable time cryptonite-cdTest whether a point belongs to the prime-order subgroup generated by the base point. Result is   for the identity point. pointHasPrimeOrder p =  p ==  l_minus_one p  cryptonite-cdNegate a point. cryptonite-cdAdd two points. cryptonite-cdAdd a point to itself. pointDouble p =  p p  cryptonite-cdMultiply a point by h = 8. pointMulByCofactor p =  scalar_8 p  cryptonite-cd.Scalar multiplication over curve edwards25519.Note: when the scalar had reduction modulo L and the input point has a torsion component, the output point may not be in the expected subgroup. cryptonite-cdMultiply the point p with s2! and add a lifted to curve value s1. pointsMulVarTime s1 s2 p =  ( s1) ( s2 p) WARNING: variable time7 BSD-style)Olivier Chron  experimentalunknownNoneA' cryptonite-cd-Nonce value for AES-GCM-SIV, always 12 bytes. cryptonite-cd6Nonce smart constructor. Accepts only 12-byte inputs. cryptonite-cd1Generate a random nonce for use with AES-GCM-SIV. cryptonite-cdAEAD encryption with the specified key and nonce. The key must be given as an initialized  or  cipher.Lengths of additional data and plaintext must be less than 2^32 bytes, otherwise an exception is thrown. cryptonite-cdAEAD decryption with the specified key and nonce. The key must be given as an initialized  or  cipher.Lengths of additional data and ciphertext must be less than 2^32 bytes, otherwise an exception is thrown.8 BSD-style#Vincent Hanquez  experimentalGoodNoneD cryptonite-cd(Top bits policy when generating a number cryptonite-cdset the highest bit cryptonite-cdset the two highest bit cryptonite-cdGenerate a number for a specific size of bits, and optionaly set bottom and top bitsIf the top bit policy is  , then nothing is done on the highest bit (it's whatever the random generator set).If @generateOdd is set to  , then the number generated is guaranteed to be odd. Otherwise it will be whatever is generated cryptonite-cd2Generate a positive integer x, s.t. 0 <= x < range cryptonite-cd9generate a number between the inclusive bound [low,high]. cryptonite-cdnumber of bits cryptonite-cdtop bit policy cryptonite-cdforce the number to be odd cryptonite-cdrange9NoneJ  cryptonite-cd,Generate a valid scalar for a specific Curve cryptonite-cd Elliptic Curve point negation: pointNegate c p returns point q such that pointAdd c p q == PointO. cryptonite-cdElliptic Curve point addition.WARNING: Vulnerable to timing attacks. cryptonite-cdElliptic Curve point doubling.WARNING: Vulnerable to timing attacks.This perform the following calculation: > lambda = (3 * xp ^ 2 + a) / 2 yp > xr = lambda ^ 2 - 2 xp > yr = lambda (xp - xr) - ypWith binary curve: > xp == 0 => P = O > otherwise => > s = xp + (yp / xp) > xr = s ^ 2 + s + a > yr = xp ^ 2 + (s+1) * xr cryptonite-cd2Elliptic curve point multiplication using the baseWARNING: Vulnerable to timing attacks. cryptonite-cd?Elliptic curve point multiplication (double and add algorithm).WARNING: Vulnerable to timing attacks. cryptonite-cdElliptic curve double-scalar multiplication (uses Shamir's trick). pointAddTwoMuls c n1 p1 n2 p2 == pointAdd c (pointMul c n1 p1) (pointMul c n2 p2)WARNING: Vulnerable to timing attacks. cryptonite-cd*Check if a point is the point at infinity. cryptonite-cd%check if a point is on specific curveThis perform three checks:x is not out of rangey is not out of range the equation y^2 = x^3 + a*x + b (mod p) holds  :None3O[ cryptonite-cdECDSA Key Pair. cryptonite-cdECDSA Public Key. cryptonite-cdECDSA Private Key. cryptonite-cd+Represent a ECDSA signature namely R and S. cryptonite-cdECDSA r cryptonite-cdECDSA s cryptonite-cdPublic key of a ECDSA Key pair. cryptonite-cd Private key of a ECDSA Key pair. cryptonite-cd;Sign digest using the private key and an explicit k number.WARNING: Vulnerable to timing attacks. cryptonite-cd experimentalGoodNone3V cryptonite-cdRepresent a DSA key pair cryptonite-cdRepresent a DSA private key.Only x need to be secret. the DSA parameters are publicly shared with the other side. cryptonite-cdDSA parameters cryptonite-cd DSA private X cryptonite-cdRepresent a DSA public key. cryptonite-cdDSA parameters cryptonite-cd DSA public Y cryptonite-cd)Represent a DSA signature namely R and S. cryptonite-cdDSA r cryptonite-cdDSA s cryptonite-cd,Represent DSA parameters namely P, G, and Q. cryptonite-cdDSA p cryptonite-cdDSA g cryptonite-cdDSA q cryptonite-cd7DSA Private Number, usually embedded in DSA Private Key cryptonite-cd5DSA Public Number, usually embedded in DSA Public Key cryptonite-cdPublic key of a DSA Key pair cryptonite-cdPrivate key of a DSA Key pair cryptonite-cdgenerate a private number with no specific property this number is usually called X in DSA text. cryptonite-cdCalculate the public number from the parameters and the private key cryptonite-cd experimentalGoodNone_8  cryptonite-cdReturns if the number is probably prime. First a list of small primes are implicitely tested for divisibility, then a fermat primality test is used with arbitrary numbers and then the Miller Rabin algorithm is used with an accuracy of 30 recursions. cryptonite-cdGenerate a prime number of the required bitsize (i.e. in the range [2^(b-1)+2^(b-2), 2^b)). May throw a  if the requested size is less than 5 bits, as the smallest prime meeting these conditions is 29. This function requires that the two highest bits are set, so that when multiplied with another prime to create a key, it is guaranteed to be of the proper size. cryptonite-cdGenerate a prime number of the form 2p+1 where p is also prime. it is also knowed as a Sophie Germaine prime or safe prime.The number of safe prime is significantly smaller to the number of prime, as such it shouldn't be used if this number is supposed to be kept safe. May throw a  if the requested size is less than 6 bits, as the smallest safe prime with the two highest bits set is 59. cryptonite-cd;Find a prime from a starting point where the property hold. cryptonite-cd=Find a prime from a starting point with no specific property. cryptonite-cdMiller Rabin algorithm return if the number is probably prime or composite. the tries parameter is the number of recursion, that determines the accuracy of the test. cryptonite-cdProbabilitic Test using Fermat primility test. Beware of Carmichael numbers that are Fermat liars, i.e. this test is useless for them. always combines with some other test. cryptonite-cdTest naively is integer is prime. while naive, we skip even number and stop iteration at i > sqrt(n) cryptonite-cd-Test is two integer are coprime to each other cryptonite-cd%number of iterations of the algorithm cryptonite-cd starting a cryptonite-cdnumber to test for primality  > BSD-style(Carlos Rodriguez-Vega  experimentalunknownNonea cryptonite-cd8Error possible during encryption, decryption or signing. cryptonite-cd"the message to encrypt is too long cryptonite-cd3the message decrypted doesn't have a OAEP structure cryptonite-cd,some parameters lead to breaking assumptions cryptonite-cdGenerate primes p & q cryptonite-cdsize in bytes  cryptonite-cdcondition prime p must satisfy cryptonite-cdcondition prime q must satisfy cryptonite-cdchosen distinct primes p and q? BSD-style(Carlos Rodriguez-Vega  experimentalunknownNoned cryptonite-cdParameters for OAEP padding. cryptonite-cdhash function to use cryptonite-cdmask Gen algorithm to use cryptonite-cd#optional label prepended to message cryptonite-cd.Default Params with a specified hash function. cryptonite-cdPad a message using OAEP. cryptonite-cdUn-pad a OAEP encoded message. cryptonite-cdSeed cryptonite-cdOAEP params to use cryptonite-cdsize of public key in bytes cryptonite-cd Message pad cryptonite-cdOAEP params to use cryptonite-cdsize of public key in bytes cryptonite-cdencoded message (not encrypted)@ BSD-style(Carlos Rodriguez-Vega  experimentalunknownNone3j  cryptonite-cd'Represent a Rabin-Williams private key. cryptonite-cdp prime number cryptonite-cdq prime number cryptonite-cd&Represent a Rabin-Williams public key. cryptonite-cdsize of key in bytes cryptonite-cd public p*q cryptonite-cdGenerate a pair of (private, public) key of size in bytes. Prime p is congruent 3 mod 8 and prime q is congruent 7 mod 8. cryptonite-cd=Encrypt plaintext using public key an a predefined OAEP seed.See algorithm 8.11 in "Handbook of Applied Cryptography" by Alfred J. Menezes et al. cryptonite-cd#Encrypt plaintext using public key. cryptonite-cd%Decrypt ciphertext using private key. cryptonite-cd2Sign message using hash algorithm and private key. cryptonite-cd5Verify signature using hash algorithm and public key. cryptonite-cdSeed cryptonite-cd OAEP padding cryptonite-cd public key cryptonite-cd plaintext cryptonite-cdOAEP padding parameters cryptonite-cd public key cryptonite-cd plaintext  cryptonite-cdOAEP padding parameters cryptonite-cd private key cryptonite-cd ciphertext cryptonite-cd private key cryptonite-cd hash function cryptonite-cdmessage to sign cryptonite-cd public key cryptonite-cd hash function cryptonite-cdmessage cryptonite-cd signatureA BSD-style(Carlos Rodriguez-Vega  experimentalunknownNone3nS  cryptonite-cd'Represent a Modified-Rabin private key. cryptonite-cdp prime number cryptonite-cdq prime number cryptonite-cd&Represent a Modified-Rabin public key. cryptonite-cdsize of key in bytes cryptonite-cd public p*q cryptonite-cdGenerate a pair of (private, public) key of size in bytes. Prime p is congruent 3 mod 8 and prime q is congruent 7 mod 8. cryptonite-cd2Sign message using hash algorithm and private key. cryptonite-cd5Verify signature using hash algorithm and public key. cryptonite-cd private key cryptonite-cd hash function cryptonite-cdmessage to sign cryptonite-cd public key cryptonite-cd hash function cryptonite-cdmessage cryptonite-cd signature  B BSD-style(Carlos Rodriguez-Vega  experimentalunknownNone3v cryptonite-cdRabin Signature. cryptonite-cdRepresent a Rabin private key. cryptonite-cdp prime number cryptonite-cdq prime number cryptonite-cdRepresent a Rabin public key. cryptonite-cdsize of key in bytes cryptonite-cd public p*q cryptonite-cdGenerate a pair of (private, public) key of size in bytes. Primes p and q are both congruent 3 mod 4.See algorithm 8.11 in "Handbook of Applied Cryptography" by Alfred J. Menezes et al. cryptonite-cd=Encrypt plaintext using public key an a predefined OAEP seed.See algorithm 8.11 in "Handbook of Applied Cryptography" by Alfred J. Menezes et al. cryptonite-cd#Encrypt plaintext using public key. cryptonite-cd%Decrypt ciphertext using private key.See algorithm 8.12 in "Handbook of Applied Cryptography" by Alfred J. Menezes et al. cryptonite-cd;Sign message using padding, hash algorithm and private key.See  7https://en.wikipedia.org/wiki/Rabin_signature_algorithm. cryptonite-cd2Sign message using hash algorithm and private key.See  7https://en.wikipedia.org/wiki/Rabin_signature_algorithm. cryptonite-cd5Verify signature using hash algorithm and public key.See  7https://en.wikipedia.org/wiki/Rabin_signature_algorithm. cryptonite-cdSeed cryptonite-cd OAEP padding cryptonite-cd public key cryptonite-cd plaintext cryptonite-cdOAEP padding parameters cryptonite-cd public key cryptonite-cd plaintext  cryptonite-cdOAEP padding parameters cryptonite-cd private key cryptonite-cd ciphertext cryptonite-cdpadding cryptonite-cd private key cryptonite-cd hash function cryptonite-cdmessage to sign cryptonite-cd private key cryptonite-cd hash function cryptonite-cdmessage to sign cryptonite-cd private key cryptonite-cd hash function cryptonite-cdmessage cryptonite-cd signatureC BSD-style#Vincent Hanquez  experimentalGoodNonez cryptonite-cd"Generate a key pair given p and q.*p and q need to be distinct prime numbers.e need to be coprime to phi=(p-1)*(q-1). If that's not the case, the function will not return a key pair. A small hamming weight results in better performance.e=0x10001 is a popular choicee=3 is popular as well, but proven to not be as secure for some cases. cryptonite-cd:generate a pair of (private, public) key of size in bytes. cryptonite-cd?Generate a blinder to use with decryption and signing operationthe unique parameter apart from the random number generator is the public key value N. cryptonite-cdchosen distinct primes p and q cryptonite-cd size in bytes cryptonite-cdRSA public exponent e cryptonite-cd size in bytes cryptonite-cdRSA public exponent e cryptonite-cdRSA public N parameter.D BSD-style#Vincent Hanquez  experimentalGoodNone! cryptonite-cd*Parameters for PSS signature/verification. cryptonite-cdHash function to use cryptonite-cdMask Gen algorithm to use cryptonite-cd&Length of salt. need to be <= to hLen. cryptonite-cdTrailer field, usually 0xbc cryptonite-cd-Default Params with a specified hash function cryptonite-cd$Default Params using SHA1 algorithm. cryptonite-cdSign using the PSS parameters and the salt explicitely passed as parameters.6the function ignore SaltLength from the PSS Parameters cryptonite-cdSign using the PSS parameters and the salt explicitely passed as parameters.6the function ignore SaltLength from the PSS Parameters cryptonite-cdSign using the PSS Parameters cryptonite-cdSign using the PSS Parameters cryptonite-cdSign using the PSS Parameters and an automatically generated blinder. cryptonite-cdSign using the PSS Parameters and an automatically generated blinder. cryptonite-cd+Verify a signature using the PSS Parameters cryptonite-cd+Verify a signature using the PSS Parameters cryptonite-cd Salt to use cryptonite-cdoptional blinder to use cryptonite-cdPSS Parameters to use cryptonite-cdRSA Private Key cryptonite-cdMessage digest cryptonite-cd Salt to use cryptonite-cdoptional blinder to use cryptonite-cdPSS Parameters to use cryptonite-cdRSA Private Key cryptonite-cdMessage to sign cryptonite-cdoptional blinder to use cryptonite-cdPSS Parameters to use cryptonite-cdRSA Private Key cryptonite-cdMessage to sign cryptonite-cdoptional blinder to use cryptonite-cdPSS Parameters to use cryptonite-cdRSA Private Key cryptonite-cdMessage digest cryptonite-cdPSS Parameters to use cryptonite-cd private key cryptonite-cdmessage to sign cryptonite-cdPSS Parameters to use cryptonite-cd private key cryptonite-cd message digst cryptonite-cdPSS Parameters to use to verify, this need to be identical to the parameters when signing cryptonite-cdRSA Public Key cryptonite-cdMessage to verify cryptonite-cd Signature cryptonite-cdPSS Parameters to use to verify, this need to be identical to the parameters when signing cryptonite-cdRSA Public Key cryptonite-cdDigest to verify cryptonite-cd SignatureE BSD-style#Vincent Hanquez  experimentalGoodNone  cryptonite-cdA specialized class for hash algorithm that can product a ASN1 wrapped description the algorithm plus the content of the digest. cryptonite-cd6This produce a standard PKCS1.5 padding for encryption cryptonite-cd0Produce a standard PKCS1.5 padding for signature cryptonite-cd4Try to remove a standard PKCS1.5 encryption padding. cryptonite-cd&decrypt message using the private key.When the decryption is not in a context where an attacker could gain information from the timing of the operation, the blinder can be set to None.2If unsure always set a blinder or use decryptSafer"The message is returned un-padded. cryptonite-cddecrypt message using the private key and by automatically generating a blinder. cryptonite-cd*encrypt a bytestring using the public key.The message needs to be smaller than the key size - 11. The message should not be padded. cryptonite-cd?sign message using private key, a hash and its ASN1 descriptionWhen the signature is not in a context where an attacker could gain information from the timing of the operation, the blinder can be set to None./If unsure always set a blinder or use signSafer cryptonite-cdsign message using the private key and by automatically generating a blinder. cryptonite-cd&verify message with the signed message cryptonite-cdoptional blinder cryptonite-cdRSA private key cryptonite-cd cipher text cryptonite-cdRSA private key cryptonite-cd cipher text cryptonite-cdoptional blinder cryptonite-cdhash algorithm cryptonite-cd private key cryptonite-cdmessage to sign cryptonite-cdHash algorithm cryptonite-cd private key cryptonite-cdmessage to sign  F BSD-style#Vincent Hanquez  experimentalGoodNoneS  cryptonite-cd)Parameters for OAEP encryption/decryption cryptonite-cdHash function to use. cryptonite-cdMask Gen algorithm to use. cryptonite-cd$Optional label prepended to message. cryptonite-cd-Default Params with a specified hash function cryptonite-cd4Encrypt a message using OAEP with a predefined seed. cryptonite-cdEncrypt a message using OAEP cryptonite-cdDecrypt a ciphertext using OAEPWhen the signature is not in a context where an attacker could gain information from the timing of the operation, the blinder can be set to None.2If unsure always set a blinder or use decryptSafer cryptonite-cdDecrypt a ciphertext using OAEP and by automatically generating a blinder. cryptonite-cdSeed cryptonite-cd!OAEP params to use for encryption cryptonite-cd Public key. cryptonite-cdMessage to encrypt cryptonite-cd"OAEP params to use for encryption. cryptonite-cd Public key. cryptonite-cdMessage to encrypt cryptonite-cdOptional blinder cryptonite-cd!OAEP params to use for decryption cryptonite-cd Private key cryptonite-cd Cipher text cryptonite-cd!OAEP params to use for decryption cryptonite-cd Private key cryptonite-cd Cipher text  G BSD-style#Vincent Hanquez  experimentalGoodNone3  cryptonite-cd'Represent Diffie Hellman shared secret. cryptonite-cd*Represent Diffie Hellman private number X. cryptonite-cd)Represent Diffie Hellman public number Y. cryptonite-cdRepresent Diffie Hellman parameters namely P (prime), and G (generator). cryptonite-cdgenerate params from a specific generator (2 or 5 are common values) we generate a safe prime (a prime number of the form 2p+1 where p is also prime) cryptonite-cdgenerate a private number with no specific property this number is usually called X in DH text. cryptonite-cdcalculate the public number from the parameters and the private key this number is usually called Y in DH text. cryptonite-cdcalculate the public number from the parameters and the private key this number is usually called Y in DH text.DEPRECATED use calculatePublic cryptonite-cdgenerate a shared key using our private number and the other party public number cryptonite-cdnumber of bits cryptonite-cd generator BSD-style#Vincent Hanquez  experimentalGoodNone  cryptonite-cd1ElGamal Ephemeral key. also called Temporary key.  cryptonite-cdElGamal Signature  cryptonite-cdgenerate a private number with no specific property this number is usually called a and need to be between 0 and q (order of the group G).  cryptonite-cdgenerate a public number that is for the other party benefits. this number is usually called h=g^a  cryptonite-cdencrypt with a specified ephemeral key do not reuse ephemeral key.  cryptonite-cdencrypt a message using params and public keys will generate b (called the ephemeral key)  cryptonite-cddecrypt message  cryptonite-cd(sign a message with an explicit k number7if k is not appropriate, then no signature is returned.with some appropriate value of k, the signature generation can fail, and no signature is returned. User of this function need to retry with a different k value.  cryptonite-cd sign messageThis function will generate a random number, however as the signature might fail, the function will automatically retry until a proper signature has been created.  cryptonite-cdverify a signature  cryptonite-cd3random number k, between 0 and p-1 and gcd(k,p-1)=1 cryptonite-cdDH params (p,g) cryptonite-cdDH private key cryptonite-cd"collision resistant hash algorithm cryptonite-cdmessage to sign  cryptonite-cdDH params (p,g) cryptonite-cdDH private key cryptonite-cd"collision resistant hash algorithm cryptonite-cdmessage to sign H BSD-style#Vincent Hanquez  experimentalunknownNone  cryptonite-cdGenerating a private number d.  cryptonite-cdGenerating a public point Q.  cryptonite-cdGenerating a shared key using our private number and the other party public point.  Noneh  cryptonite-cd,Generate a valid scalar for a specific Curve  cryptonite-cd Elliptic Curve point negation:  pointNegate p returns point q such that pointAdd p q == PointO.  cryptonite-cdElliptic Curve point addition.WARNING: Vulnerable to timing attacks.  cryptonite-cdElliptic Curve point doubling.WARNING: Vulnerable to timing attacks.This perform the following calculation: > lambda = (3 * xp ^ 2 + a) / 2 yp > xr = lambda ^ 2 - 2 xp > yr = lambda (xp - xr) - ypWith binary curve: > xp == 0 => P = O > otherwise => > s = xp + (yp / xp) > xr = s ^ 2 + s + a > yr = xp ^ 2 + (s+1) * xr  cryptonite-cd2Elliptic curve point multiplication using the baseWARNING: Vulnerable to timing attacks.  cryptonite-cd?Elliptic curve point multiplication (double and add algorithm).WARNING: Vulnerable to timing attacks.  cryptonite-cdElliptic curve double-scalar multiplication (uses Shamir's trick). pointAddTwoMuls n1 p1 n2 p2 == pointAdd (pointMul n1 p1) (pointMul n2 p2)WARNING: Vulnerable to timing attacks.  cryptonite-cd*Check if a point is the point at infinity.  cryptonite-cd5Make a point on a curve from integer (x,y) coordinateif the point is not valid related to the curve then an error is returned instead of a point  cryptonite-cd%check if a point is on specific curveThis perform three checks:x is not out of rangey is not out of range the equation y^2 = x^3 + a*x + b (mod p) holds I BSD-style#Vincent Hanquez  experimentalunknownNone 3?  cryptonite-cd P256 Curvealso known as P256  cryptonite-cd Get the curve order size in bits  cryptonite-cd+Multiply a scalar with the curve base point  cryptonite-cdMultiply the point p with s2! and add a lifted to curve value s1  cryptonite-cd4Encode an elliptic curve scalar into big-endian form  cryptonite-cd=Try to decode the big-endian form of an elliptic curve scalar  cryptonite-cd.Convert an elliptic curve scalar to an integer  cryptonite-cd6Try to create an elliptic curve scalar from an integer  cryptonite-cd1Add two scalars and reduce modulo the curve order  cryptonite-cd6Multiply two scalars and reduce modulo the curve order  cryptonite-cdAdd points on a curve  cryptonite-cdNegate a curve point  cryptonite-cd Scalar Multiplication on a curve  cryptonite-cd'Generate a Diffie hellman secret value.This is generally just the .x coordinate of the resulting point, that is not hashed.use  $ to keep the result in Point format.WARNING: Curve implementations may return a special value or an exception when the public point lies in a subgroup of small order. This function is adequate when the scalar is in expected range and contributory behaviour is not needed. Otherwise use  .  cryptonite-cdGenerate a Diffie hellman secret value and verify that the result is not the point at infinity.9This additional test avoids risks existing with function  #. Implementations always return a  - instead of a special value or an exception.  cryptonite-cdPoint on an Elliptic Curve  cryptonite-cd#Scalar in the Elliptic Curve domain  cryptonite-cdGenerate a new random scalar on the curve. The scalar will represent a number between 1 and the order of the curve non included  cryptonite-cdGenerate a new random keypair  cryptonite-cdGet the curve size in bits  cryptonite-cd.Encode a elliptic curve point into binary form  cryptonite-cd8Try to decode the binary form of an elliptic curve point  cryptonite-cdAn elliptic curve key pair composed of the private part (a scalar), and the associated point.+ + J BSD-style)Olivier Chron  experimentalunknownNone  /?   cryptonite-cd/Elliptic curves with an implementation of EdDSA  cryptonite-cd,Size of the digest for this curve (in bytes)  cryptonite-cd-Size of secret keys for this curve (in bytes)  cryptonite-cdAn EdDSA signature  cryptonite-cdAn EdDSA public key  cryptonite-cdAn EdDSA Secret key  cryptonite-cd-Size of public keys for this curve (in bytes)  cryptonite-cd,Size of signatures for this curve (in bytes)  cryptonite-cd*Try to build a public key from a bytearray  cryptonite-cd*Try to build a secret key from a bytearray  cryptonite-cd)Try to build a signature from a bytearray  cryptonite-cdGenerate a secret key  cryptonite-cd%Create a public key from a secret key  cryptonite-cd!Sign a message using the key pair  cryptonite-cdVerify a message  cryptonite-cd0Sign a message using the key pair under context ctx  cryptonite-cdVerify a message under context ctx  cryptonite-cd:Sign a prehashed message using the key pair under context ctx  cryptonite-cd)Verify a prehashed message under context ctx  K BSD-style#Vincent Hanquez  experimentalunknownNone  cryptonite-cdGenerate random a new Shared secret and the associated point to do a ECIES style encryption  cryptonite-cdDerive the shared secret with the receiver key and the R point of the scheme.  cryptonite-cdrepresentation of the curve cryptonite-cdthe public key of the receiver  cryptonite-cdrepresentation of the curve cryptonite-cdThe received R (supposedly, randomly generated on the encrypt side) cryptonite-cdThe secret key of the receiver  L BSD-style#Vincent Hanquez  experimentalunknownNone 2?  cryptonite-cd(Elliptic curves with ECDSA capabilities.  cryptonite-cd+Is a scalar in the accepted range for ECDSA  cryptonite-cdTest whether the scalar is zero  cryptonite-cd'Scalar inversion modulo the curve order  cryptonite-cd)Return the point X coordinate as a scalar  cryptonite-cdECDSA Private Key.  cryptonite-cdECDSA Public Key.  cryptonite-cd+Represent a ECDSA signature namely R and S.  cryptonite-cdECDSA r  cryptonite-cdECDSA s  cryptonite-cd(Create a signature from integers (R, S).  cryptonite-cd%Get integers (R, S) from a signature.The values can then be used to encode the signature to binary with ASN.1.  cryptonite-cdEncode a public key into binary form, i.e. the uncompressed encoding referenced from  #https://tools.ietf.org/html/rfc5480RFC 5480 section 2.2.  cryptonite-cd.Try to decode the binary form of a public key.  cryptonite-cd0Encode a private key into binary form, i.e. the  privateKey field described in  #https://tools.ietf.org/html/rfc5915RFC 5915.  cryptonite-cd/Try to decode the binary form of a private key.  cryptonite-cd'Create a public key from a private key.  cryptonite-cd;Sign digest using the private key and an explicit k scalar.  cryptonite-cd experimentalunknownNone  cryptonite-cdSplit data to diffused data, using a random generator and an hash algorithm.the diffused data will consist of random data for (expandTimes-1) then the last block will be xor of the accumulated random data diffused by the hash algorithm. ---------orig - ---------#--------- ---------- --------------"rand1 - - rand2 - - orig ^ acc -#--------- ---------- --------------9where acc is : acc(n+1) = hash (n ++ rand(n)) ^ acc(n)  cryptonite-cd9Merge previously diffused data back to the original data.  cryptonite-cd!Hash algorithm to use as diffuser cryptonite-cdRandom generator to use cryptonite-cd$Number of times to diffuse the data. cryptonite-cdoriginal data to diffuse. cryptonite-cdThe diffused data  cryptonite-cdHash algorithm used as diffuser cryptonite-cd&Number of times to un-diffuse the data cryptonite-cd Diffused data cryptonite-cd Original data  N BSD-style)Olivier Chron  experimentalunknownNone3E  cryptonite-cdCPU options impacting cryptography implementation and library performance.  cryptonite-cd(Support for AES instructions, with flag  support_aesni  cryptonite-cd*Support for CLMUL instructions, with flag support_pclmuldq  cryptonite-cd*Support for RDRAND instruction, with flag support_rdrand  cryptonite-cdOptions which have been enabled at compile time and are supported by the current CPU.   Safe-InferredĀ PPPPPPPPPPPPPPPPPPPPPPPPPPPPPVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWWZZZZZZZZZZZZZ\\]]^^^^^^^^____````aabbccccccccddeeffgghhiijjkkkkkkkkllllmmmmmmnnooooooooooqqqqqqqqqqqqqqqqrrrrrrrrrrrrrrrrr                                  tttuuuuuvvvvvvvv[          !!!!!!!!!!!"""####$$$%%%%&&&&&&&&&&&&&&&&&&&&&&&&&&'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''(())))))))))))))))))))))))))))))))))))))))))))))))**+,----...........//////////00000000000000000000000001111111111111111111111111222222222222222222222222222222222222223333333333333333333334444444444444444444445555666666666666666666666667777777788888888999999999::::::::::::::::::::::::::::::::::::::;;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<=========>>>>>>>????????@@@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCCCDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEEEEEFFFFFFFFFFGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGHHHIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJKKLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLMMNNNNNNNNNOOOOOQRSTTTTTYYYYYYZZZprrsss s s s s s s s s s s s s s s s s s s t t t t t  u u w w w w w w w w w w w w w w w w w w x xxx y yyy z z z z { { {{{ {{ { | |     } } }}                                   ! !                   +cryptonite-cd-0.29.1-HbYOn2WA6aOHtqcRmOWkzACrypto.Data.Padding Crypto.ErrorCrypto.Cipher.Types Crypto.HashCrypto.Hash.AlgorithmsCrypto.Hash.IO%Crypto.ConstructHash.MiyaguchiPreneelCrypto.Cipher.UtilsCrypto.Cipher.TripleDESCrypto.Cipher.DESCrypto.Cipher.SalsaCrypto.Cipher.XSalsaCrypto.Cipher.RC4Crypto.Cipher.ChaChaCrypto.Cipher.AESCrypto.Number.NatCrypto.MAC.KMACCrypto.Cipher.TwofishCrypto.Cipher.CAST5Crypto.Cipher.BlowfishCrypto.Cipher.CamelliaCrypto.KDF.Argon2Crypto.KDF.BCryptPBKDFCrypto.MAC.CMACCrypto.MAC.HMACCrypto.KDF.PBKDF2Crypto.KDF.ScryptCrypto.KDF.HKDFCrypto.MAC.Poly1305Crypto.Cipher.ChaChaPoly1305Crypto.Number.BasicCrypto.Number.F2mCrypto.Number.ModArithmetic Crypto.Number.Serialize.InternalCrypto.Number.Serialize#Crypto.Number.Serialize.Internal.LECrypto.Number.Serialize.LE Crypto.OTPCrypto.PubKey.ECC.TypesCrypto.PubKey.MaskGenFunctionCrypto.PubKey.RSA.TypesCrypto.PubKey.RSA.PrimCrypto.Random.Entropy.UnsafeCrypto.Random.EntropyCrypto.Random.EntropyPoolCrypto.Random.Types Crypto.RandomCrypto.PubKey.Ed448Crypto.PubKey.Ed25519Crypto.PubKey.ECC.P256Crypto.PubKey.Curve448Crypto.PubKey.Curve25519Crypto.KDF.BCryptCrypto.ECC.Edwards25519Crypto.Cipher.AESGCMSIVCrypto.Number.GenerateCrypto.PubKey.ECC.PrimCrypto.PubKey.ECC.ECDSACrypto.PubKey.ECC.GenerateCrypto.PubKey.DSACrypto.Number.PrimeCrypto.PubKey.Rabin.TypesCrypto.PubKey.Rabin.OAEPCrypto.PubKey.Rabin.RWCrypto.PubKey.Rabin.ModifiedCrypto.PubKey.Rabin.BasicCrypto.PubKey.RSACrypto.PubKey.RSA.PSSCrypto.PubKey.RSA.PKCS15Crypto.PubKey.RSA.OAEPCrypto.PubKey.DHCrypto.PubKey.ECC.DH Crypto.ECCCrypto.PubKey.EdDSACrypto.PubKey.ECIESCrypto.PubKey.ECDSACrypto.Data.AFISCrypto.System.CPUCrypto.Cipher.DES.PrimitiveCrypto.Error.TypesCrypto.Internal.CompatCrypto.Internal.ByteArrayCrypto.Cipher.Types.UtilsCrypto.Internal.CompatPrimCrypto.Internal.DeepSeqCrypto.Cipher.Types.BaseCrypto.Cipher.Types.StreamCrypto.Internal.ImportsCrypto.Internal.BuilderCrypto.Hash.TypesdigestFromByteStringCrypto.Hash.WhirlpoolCrypto.Hash.TigerCrypto.Hash.Skein512Crypto.Hash.Skein256Crypto.Hash.SHA512tCrypto.Hash.SHA512Crypto.Hash.SHA384Crypto.Hash.SHA3Crypto.Hash.SHA256Crypto.Hash.SHA224Crypto.Hash.SHA1Crypto.Hash.RIPEMD160Crypto.Hash.MD5Crypto.Hash.MD4Crypto.Hash.MD2Crypto.Hash.KeccakCrypto.Hash.Blake2spCrypto.Hash.Blake2sCrypto.Hash.Blake2bpCrypto.Hash.Blake2bCrypto.Cipher.Types.GFCrypto.Cipher.Types.AEADCrypto.Cipher.Types.BlockCrypto.Cipher.AES.PrimitiveCrypto.Internal.NatCrypto.Hash.SHAKECrypto.Hash.Blake2Crypto.Internal.WordArrayCrypto.Cipher.Twofish.PrimitiveCrypto.Cipher.CAST5.PrimitiveCrypto.Cipher.Blowfish.Box Crypto.Cipher.Blowfish.PrimitiveCrypto.Internal.Words Crypto.Cipher.Camellia.PrimitiveFFIARGON2_MIN_LANESARGON2_MAX_LANESARGON_MIN_THREADSARGON2_MAX_THREADSARGON2_MIN_MEMORYARGON2_MAX_MEMORYARGON2_MIN_TIMEARGON2_MAX_TIMECrypto.Number.CompatCrypto.ECC.Simple.TypesCrypto.PubKey.InternalCrypto.Random.Entropy.SourceCrypto.Random.Entropy.RDRandCrypto.Random.Entropy.UnixCrypto.Random.Entropy.BackendCrypto.Random.SystemDRGCrypto.Random.ChaChaDRGCrypto.Random.Probabilistic PublicKeyAES128AES256Crypto.PubKey.ElGamalCrypto.ECC.Simple.PrimCrypto.TutorialFormatPKCS5PKCS7ZEROpadunpad $fShowFormat $fEqFormatCryptoFailable CryptoPassed CryptoFailed CryptoErrorCryptoError_KeySizeInvalidCryptoError_IvSizeInvalidCryptoError_SeedSizeInvalid CryptoError_AEADModeNotSupported CryptoError_SecretKeySizeInvalid%CryptoError_SecretKeyStructureInvalid CryptoError_PublicKeySizeInvalid#CryptoError_SharedSecretSizeInvalidCryptoError_EcScalarOutOfBoundsCryptoError_PointSizeInvalidCryptoError_PointFormatInvalid"CryptoError_PointFormatUnsupported#CryptoError_PointCoordinatesInvalid'CryptoError_ScalarMultiplicationInvalidCryptoError_MacKeyInvalid(CryptoError_AuthenticationTagSizeInvalidCryptoError_PrimeSizeInvalidCryptoError_SaltTooSmall CryptoError_OutputLengthTooSmallCryptoError_OutputLengthTooBigthrowCryptoErrorIOthrowCryptoErroronCryptoFailureeitherCryptoErrormaybeCryptoErrorCipher cipherInit cipherName cipherKeySizeAEADModeAEAD_OCBAEAD_CCMAEAD_EAXAEAD_CWCAEAD_GCMCCM_LCCM_L2CCM_L3CCM_L4CCM_MCCM_M4CCM_M6CCM_M8CCM_M10CCM_M12CCM_M14CCM_M16AuthTag unAuthTagDataUnitOffsetKeySizeSpecifier KeySizeRange KeySizeEnum KeySizeFixed StreamCipher streamCombineDigestContextHashAlgorithmPrefix HashAlgorithm HashBlockSizeHashDigestSizeHashInternalContextSize hashBlockSizehashDigestSizehashInternalContextSizehashInternalInithashInternalUpdatehashInternalFinalize WhirlpoolTiger Skein512_512 Skein512_384 Skein512_256 Skein512_224 Skein256_256 Skein256_224 SHA512t_256 SHA512t_224SHA512SHA384SHA3_512SHA3_384SHA3_256SHA3_224SHA256SHA224SHA1 RIPEMD160MD5MD4MD2 Keccak_512 Keccak_384 Keccak_256 Keccak_224MutableContexthashMutableInithashMutableInitWithhashMutableUpdatehashMutableFinalizehashMutableReset$fByteArrayAccessMutableContext Blake2sp_256 Blake2sp_224 Blake2s_256 Blake2s_224 Blake2s_160 Blake2bp_512 Blake2b_512 Blake2b_384 Blake2b_256 Blake2b_224 Blake2b_160AEAD aeadModeImpl aeadState AEADModeImplaeadImplAppendHeaderaeadImplEncryptaeadImplDecryptaeadImplFinalizeaeadAppendHeader aeadEncrypt aeadDecrypt aeadFinalizeaeadSimpleEncryptaeadSimpleDecryptBlockCipher128 xtsEncrypt xtsDecrypt BlockCipher blockSize ecbEncrypt ecbDecrypt cbcEncrypt cbcDecrypt cfbEncrypt cfbDecrypt ctrCombineaeadInitIVmakeIVnullIVivAddMiyaguchiPreneelcompute'compute$fEqMiyaguchiPreneel!$fByteArrayAccessMiyaguchiPreneelvalidateKeySizeDES_EDE2DES_EEE2DES_EDE3DES_EEE3$fBlockCipherDES_EEE3$fCipherDES_EEE3$fBlockCipherDES_EDE3$fCipherDES_EDE3$fBlockCipherDES_EEE2$fCipherDES_EEE2$fBlockCipherDES_EDE2$fCipherDES_EDE2 $fEqDES_EDE2 $fEqDES_EEE2 $fEqDES_EDE3 $fEqDES_EEE3DES$fBlockCipherDES $fCipherDES$fEqDESState initializecombinegenerate $fNFDataStatederive$fByteArrayAccessState StateSimpleinitializeSimplegenerateSimple$fNFDataStateSimpleAES192$fBlockCipher128AES128$fBlockCipherAES128$fCipherAES128$fBlockCipher128AES192$fBlockCipherAES192$fCipherAES192$fBlockCipher128AES256$fBlockCipherAES256$fCipherAES256$fNFDataAES256$fNFDataAES192$fNFDataAES128IsDivisibleBy8 IsAtLeastIsAtMostSHAKE256SHAKE128 HashSHAKEBlake2bpBlake2spBlake2bBlake2shash hashPrefixhashlazyhashInit hashUpdate hashUpdates hashFinalizehashFinalizePrefix hashInitWithhashWithhashPrefixWith Twofish256 Twofish192 Twofish128$fBlockCipherTwofish128$fCipherTwofish128$fBlockCipherTwofish192$fCipherTwofish192$fBlockCipherTwofish256$fCipherTwofish256CAST5$fBlockCipherCAST5 $fCipherCAST5 Blowfish448 Blowfish256 Blowfish128 Blowfish64Blowfish$fBlockCipherBlowfish$fCipherBlowfish$fBlockCipherBlowfish64$fCipherBlowfish64$fBlockCipherBlowfish128$fCipherBlowfish128$fBlockCipherBlowfish256$fCipherBlowfish256$fBlockCipherBlowfish448$fCipherBlowfish448$fNFDataBlowfish448$fNFDataBlowfish256$fNFDataBlowfish128$fNFDataBlowfish64$fNFDataBlowfish Camellia128$fBlockCipherCamellia128$fCipherCamellia128Options iterationsmemory parallelismvariantversion Parallelism MemoryCostTimeCostVersion Version10 Version13VariantArgon2dArgon2iArgon2iddefaultOptions $fEqOptions $fOrdOptions $fReadOptions $fShowOptions $fEqVersion $fOrdVersion $fReadVersion $fShowVersion $fEnumVersion$fBoundedVersion $fEqVariant $fOrdVariant $fReadVariant $fShowVariant $fEnumVariant$fBoundedVariant Parameters iterCounts outputLength hashInternal$fEqParameters$fOrdParameters$fShowParametersCMACcmacsubKeys$fEqCMAC$fByteArrayAccessCMACHMAC hmacGetDigesthmacupdateupdatesfinalize$fEqHMAC$fByteArrayAccessHMACPRFprfHMACfastPBKDF2_SHA1fastPBKDF2_SHA256fastPBKDF2_SHA512nrpPRKextract extractSkipexpand$fByteArrayAccessPRK$fEqPRKKMAC kmacGetDigestkmac$fEqKMAC$fByteArrayAccessKMAC $fNFDataKMACAuthCtxauthTagauth$fEqAuth$fByteArrayAccessAuth $fNFDataAuthNoncenonce12nonce8incrementNonce appendAAD finalizeAADencryptdecrypt$fByteArrayAccessNoncesqrtigcdeareEvenlog2numBitsnumBytesasPowerOf2AndOddBinaryPolynomialaddF2mmodF2mmulF2m squareF2m squareF2m'powF2msqrtF2minvF2mdivF2mexpSafeexpFastinverseinverseCoprimesjacobi inverseFermat squareRoot!$fExceptionCoprimesAssertionError $fExceptionModulusAssertionError$fShowModulusAssertionError$fShowCoprimesAssertionErrorisDivisibleBy8isAtMost isAtLeasti2ospi2ospOfos2ipi2ospOf_ ClockSkewNoSkewOneStepTwoSteps ThreeSteps FourSteps TOTPParamsOTPTime OTPDigitsOTP4OTP5OTP6OTP7OTP8OTP9OTPhotp resynchronizedefaultTOTPParams mkTOTPParamstotp totpVerify$fShowTOTPParams$fEnumClockSkew$fShowClockSkew$fShowOTPDigits CurveName SEC_p112r1 SEC_p112r2 SEC_p128r1 SEC_p128r2 SEC_p160k1 SEC_p160r1 SEC_p160r2 SEC_p192k1 SEC_p192r1 SEC_p224k1 SEC_p224r1 SEC_p256k1 SEC_p256r1 SEC_p384r1 SEC_p521r1 SEC_t113r1 SEC_t113r2 SEC_t131r1 SEC_t131r2 SEC_t163k1 SEC_t163r1 SEC_t163r2 SEC_t193r1 SEC_t193r2 SEC_t233k1 SEC_t233r1 SEC_t239k1 SEC_t283k1 SEC_t283r1 SEC_t409k1 SEC_t409r1 SEC_t571k1 SEC_t571r1 CurveCommonecc_aecc_becc_gecc_necc_h CurvePrime CurveBinaryPointPointO PrivateNumber PublicPointCurveCurveF2mCurveFP common_curveecc_fxecc_p curveSizeBitsgetCurveByName $fNFDataPoint$fNFDataCurveBinary$fShowCurveName$fReadCurveName $fEqCurveName$fOrdCurveName$fEnumCurveName$fBoundedCurveName$fDataCurveName $fShowCurve $fReadCurve $fEqCurve $fDataCurve$fShowCurveBinary$fReadCurveBinary$fEqCurveBinary$fDataCurveBinary$fShowCurvePrime$fReadCurvePrime$fEqCurvePrime$fDataCurvePrime$fShowCurveCommon$fReadCurveCommon$fEqCurveCommon$fDataCurveCommon $fShowPoint $fReadPoint $fEqPoint $fDataPointMaskGenAlgorithmmgf1KeyPair PrivateKey private_pub private_d private_p private_q private_dP private_dQ private_qinv public_sizepublic_npublic_eErrorMessageSizeIncorrectMessageTooLongMessageNotRecognizedSignatureTooLongInvalidParametersBlinder private_size private_n private_e toPublicKey toPrivateKey$fNFDataPublicKey$fNFDataPrivateKey $fShowKeyPair $fReadKeyPair $fEqKeyPair $fDataKeyPair$fNFDataKeyPair$fShowPrivateKey$fReadPrivateKey$fEqPrivateKey$fDataPrivateKey$fShowPublicKey$fReadPublicKey $fEqPublicKey$fDataPublicKey $fShowError $fEqError $fShowBlinder $fEqBlinderdpepEntropyBackendsupportedBackends gatherBackend replenish getEntropy EntropyPoolcreateEntropyPoolWithcreateEntropyPoolgetEntropyFromMonadPseudoRandomDRGrandomBytesGenerate MonadRandomgetRandomByteswithDRG$fMonadRandomIO$fMonadRandomMonadPseudoRandom$fMonadMonadPseudoRandom$fApplicativeMonadPseudoRandom$fFunctorMonadPseudoRandom SystemDRG getSystemDRG ChaChaDRGSeedseedNew seedToIntegerseedFromIntegerseedFromBinarydrgNew drgNewSeed drgNewTestwithRandomBytes$fByteArrayAccessSeed Signature SecretKey publicKey secretKey signaturetoPublicsignverifygenerateSecretKey publicKeySize secretKeySize signatureSize$fShowSignature $fEqSignature$fByteArrayAccessSignature$fNFDataSignature$fByteArrayAccessPublicKey$fShowSecretKey $fEqSecretKey$fByteArrayAccessSecretKey$fNFDataSecretKeyScalar pointBasetoPointpointAdd pointNegatepointMulpointDhpointsMulVarTime pointIsValidpointIsAtInfinitypointXpointToIntegerspointFromIntegers pointToBinarypointFromBinaryunsafePointFromBinaryscalarGenerate scalarZeroscalarN scalarIsZero scalarAdd scalarSub scalarMul scalarInv scalarInvSafe scalarCmpscalarFromBinaryscalarToBinaryscalarFromIntegerscalarToInteger $fShowScalar $fEqScalar$fByteArrayAccessScalar$fNFDataScalarDhSecretdhSecretdh$fShowDhSecret $fEqDhSecret$fByteArrayAccessDhSecret$fNFDataDhSecret hashPasswordbcryptvalidatePasswordvalidatePasswordEither scalarEncodescalarDecodeLong pointEncode pointDecodepointHasPrimeOrder pointDoublepointMulByCofactornonce generateNonce $fShowNonce $fEqNonce GenTopPolicy SetHighest SetTwoHighestgenerateParams generateMaxgenerateBetween$fShowGenTopPolicy$fEqGenTopPolicy pointBaseMulpointAddTwoMulsisPointAtInfinity isPointValid public_curvepublic_q private_curvesign_rsign_ssignDigestWithsignWith signDigest verifyDigest$fReadSignature$fDataSignature generateQprivate_params private_x public_paramspublic_yParamsparams_pparams_gparams_q PublicNumbergeneratePrivatecalculatePublic$fNFDataParams $fShowParams $fReadParams $fEqParams $fDataParamsisProbablyPrime generatePrimegenerateSafePrimefindPrimeFromWith findPrimeFromprimalityTestMillerRabinprimalityTestFermatprimalityTestNaive isCoprimegeneratePrimes OAEPParamsoaepHashoaepMaskGenAlg oaepLabeldefaultOAEPParamsencryptWithSeed private_a private_b generateWithgenerateBlinder PSSParamspssHash pssMaskGenAlg pssSaltLengthpssTrailerFielddefaultPSSParamsdefaultPSSParamsSHA1signDigestWithSalt signWithSalt signSafersignDigestSaferHashAlgorithmASN1 padSignature decryptSafer$fHashAlgorithmASN1RIPEMD160$fHashAlgorithmASN1SHA512t_256$fHashAlgorithmASN1SHA512t_224$fHashAlgorithmASN1SHA512$fHashAlgorithmASN1SHA384$fHashAlgorithmASN1SHA256$fHashAlgorithmASN1SHA224$fHashAlgorithmASN1SHA1$fHashAlgorithmASN1MD5$fHashAlgorithmASN1MD2 SharedKey params_bitsgeneratePublic getShared$fShowSharedKey $fEqSharedKey$fByteArrayAccessSharedKey$fNFDataSharedKey$fShowPrivateNumber$fReadPrivateNumber$fEqPrivateNumber$fEnumPrivateNumber$fRealPrivateNumber$fNumPrivateNumber$fOrdPrivateNumber$fNFDataPrivateNumber$fShowPublicNumber$fReadPublicNumber$fEqPublicNumber$fEnumPublicNumber$fRealPublicNumber$fNumPublicNumber$fOrdPublicNumber$fNFDataPublicNumberCurve_Edwards25519 Curve_X448 Curve_X25519 Curve_P521R1 Curve_P384R1 Curve_P256R1EllipticCurveBasepointArithcurveOrderBits pointBaseSmulpointsSmulVarTime encodeScalar decodeScalarEllipticCurveArith pointSmulEllipticCurveDHecdhRawecdh EllipticCurvecurveGenerateScalarcurveGenerateKeyPair encodePoint decodePoint SharedSecretkeypairGetPublickeypairGetPrivate)$fEllipticCurveBasepointArithCurve_P256R1$fEllipticCurveDHCurve_P256R1 $fEllipticCurveArithCurve_P256R1$fEllipticCurveCurve_P256R1)$fEllipticCurveBasepointArithCurve_P384R1$fEllipticCurveDHCurve_P384R1 $fEllipticCurveArithCurve_P384R1$fEllipticCurveCurve_P384R1)$fEllipticCurveBasepointArithCurve_P521R1$fEllipticCurveDHCurve_P521R1 $fEllipticCurveArithCurve_P521R1$fEllipticCurveCurve_P521R1$fEllipticCurveDHCurve_X25519$fEllipticCurveCurve_X25519$fEllipticCurveDHCurve_X448$fEllipticCurveCurve_X448/$fEllipticCurveBasepointArithCurve_Edwards25519&$fEllipticCurveArithCurve_Edwards25519!$fEllipticCurveCurve_Edwards25519$fShowCurve_Edwards25519$fDataCurve_Edwards25519$fShowCurve_X448$fDataCurve_X448$fShowCurve_X25519$fDataCurve_X25519$fShowCurve_P521R1$fDataCurve_P521R1$fShowCurve_P384R1$fDataCurve_P384R1$fShowCurve_P256R1$fDataCurve_P256R1$fEqSharedSecret$fByteArrayAccessSharedSecret$fNFDataSharedSecretEllipticCurveEdDSACurveDigestSizesignCtx verifyCtxsignPhverifyPh&$fEllipticCurveEdDSACurve_Edwards25519 deriveEncrypt deriveDecryptEllipticCurveECDSA scalarIsValidsignatureFromIntegerssignatureToIntegers encodePublic decodePublic encodePrivate decodePrivate $fEllipticCurveECDSACurve_P521R1 $fEllipticCurveECDSACurve_P384R1 $fEllipticCurveECDSACurve_P256R1splitmergeProcessorOptionAESNIPCLMULRDRANDprocessorOptions$fShowProcessorOption$fEqProcessorOption$fEnumProcessorOption$fDataProcessorOptionBlockunBlockbase Data.Eithereither unsafeDoIO GHC.IO.UnsafeunsafeDupablePerformIOGHC.Word byteSwap64 Data.BitspopCount)memory-cd-0.16.0.1-DAK4ls2JbAF9pQ0n6LbiPdData.ByteArray.BytesBytesData.ByteArray.EncodingconvertFromBase convertToBaseBase Base64OpenBSDBase64URLUnpaddedBase64Base16Base32Data.ByteArray.Mapping mapAsWord64 mapAsWord128 fromW64BEtoW64LEtoW64BEData.ByteArray.ViewdropViewtakeViewviewViewData.ByteArray.MethodsconvertallanyconstEqeqzero replicate copyAndFreezecopyRetcopyappendconcatreversespandroptakesplitAtindexxorsnoccons singletonunconsunpackpacknullempty unsafeCreateallocAndFreezecreateallocData.ByteArray.ScrubbedBytes ScrubbedBytesData.ByteArray.MemViewMemViewData.ByteArray.TypesByteArrayAccesscopyByteArrayToPtrlength withByteArray ByteArrayallocRet constAllZerochunkbe32Primle32Primbyteswap32Prim convert4To32 booleanPrimdeepseq-1.4.4.0Control.DeepSeqNFDatarnfGHC.Base<$ Applicative<*liftA2*>pure<*>ghc-prim GHC.TypesWordWord8Word16Word32Word64Data.TraversableforMControl.Applicativeoptional WrappedMonad WrapMonad unwrapMonad WrappedArrow WrapArrow unwrapArrowZipList getZipList Control.ArrowfirstsecondData.Functor.ConstConstgetConst Data.FoldableforM_ bitReverse64 bitReverse32 bitReverse16 bitReverse8 byteSwap32 byteSwap16 Data.Functorvoid<$>liftA3liftA<**> Alternativemanysome<|>Builder builderLengthbuildAndFreezebytebyteshashInternalFinalizePrefixxtsGFMulXTSAESOCBAESGCMAESgcmModeocbModeccmModeinitAES encryptECB encryptCBCgenCTR genCounter encryptCTR encryptXTS decryptECB decryptCBC decryptCTR decryptXTS combineC32gcmInitocbInitccmInitMod8IsDiv8Div8byteLenintegralNatValNatcshakeInternalFinalizecshakeOutputLengthMutableArray32Array64Array32Array8array8array32array32FromAddrBEallocArray32AndFreezearray64mutableArray32mutableArray32FromAddrBEmutableArray32Freeze arrayRead8 arrayRead32 arrayRead64mutableArrayRead32mutableArrayWrite32mutableArrayWriteXor32 initTwofishTwofishKeybuildKeycopyKeySchedulecreateKeySchedule KeySchedule initBlowfishfreezeKeySchedulecipherBlockMutable expandKeyexpandKeyWithSaltw64to32w32to64Data.Memory.ExtendedWordsWord128Camellia initCamellia GmpSupportedonGmpUnsupportedgmpGcdegmpLog2gmpPowModSecIntegergmpPowModInteger gmpInverse gmpNextPrimegmpTestPrimeMillerRabingmpSizeInBytes gmpSizeInBitsgmpExportIntegergmpExportIntegerLEgmpImportIntegergmpImportIntegerLEGmpUnsupportedCurveParameters curveEccA curveEccB curveEccG curveEccN curveEccHcurveSizeBytes$fCurveSEC_p112r1 CurveTypeCurvePrimeParamCurveBinaryParamcurveParameters curveType GHC.MaybeNothingCoprimesAssertionErrorModulusAssertionErrorand'&&! dsaTruncHashdsaTruncHashDigest EntropySource entropyOpen entropyGather entropyCloseRDRand DevURandom DevRandominitializeWords probabilisticTrue EphemeralKey encryptWith