« back to all changes in this revision
Viewing changes to nettle.html
- browse files at revision 1.5.2
- compare with another revision
- download diff
- download tarball
- view history from revision 1.5.2
- Committer: Package Import Robot
- Author(s): Magnus Holmgren
- Date: 2013-03-24 11:38:21 UTC
- mto: (1.4.6) (3.1.11 experimental)
- mto: This revision was merged to the branch mainline in revision 14.
- Revision ID: package-import@ubuntu.com-20130324113821-3rsmekqi09c93lnh
Tags: upstream-2.6
ImportĀ upstreamĀ versionĀ 2.6
- files added:
- gosthash94-meta.c
- files modified:
- ChangeLog
added
removed
nettle.html
7
7
<link title="Top" rel="top" href="#Top">
8
8
<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
9
9
<!--
10
This manual is for the Nettle library (version 2.5), a
10
This manual is for the Nettle library (version 2.6), a
11
11
low-level cryptographic library.
12
12
13
Originally written 2001 by Niels Mƶller, updated 2011.
13
Originally written 2001 by Niels Mƶller, updated 2012.
14
14
15
15
This manual is placed in the public domain. You may freely copy
16
16
it, in whole or in part, with or without modification. Attribution
44
44
<ul>
45
45
<li><a href="#Hash-functions">6.1 Hash functions</a>
46
46
<ul>
47
<li><a href="#Hash-functions">6.1.1 <acronym>MD5</acronym></a>
48
<li><a href="#Hash-functions">6.1.2 <acronym>MD2</acronym></a>
49
<li><a href="#Hash-functions">6.1.3 <acronym>MD4</acronym></a>
50
<li><a href="#Hash-functions">6.1.4 <acronym>RIPEMD160</acronym></a>
51
<li><a href="#Hash-functions">6.1.5 <acronym>SHA1</acronym></a>
52
<li><a href="#Hash-functions">6.1.6 <acronym>SHA256</acronym></a>
53
<li><a href="#Hash-functions">6.1.7 <acronym>SHA224</acronym></a>
54
<li><a href="#Hash-functions">6.1.8 <acronym>SHA512</acronym></a>
55
<li><a href="#Hash-functions">6.1.9 <acronym>SHA384</acronym></a>
56
<li><a href="#Hash-functions">6.1.10 <code>struct nettle_hash</code></a>
47
<li><a href="#Recommended-hash-functions">6.1.1 Recommended hash functions</a>
48
<ul>
49
<li><a href="#Recommended-hash-functions">6.1.1.1 <acronym>SHA256</acronym></a>
50
<li><a href="#Recommended-hash-functions">6.1.1.2 <acronym>SHA224</acronym></a>
51
<li><a href="#Recommended-hash-functions">6.1.1.3 <acronym>SHA512</acronym></a>
52
<li><a href="#Recommended-hash-functions">6.1.1.4 <acronym>SHA384</acronym></a>
53
<li><a href="#Recommended-hash-functions">6.1.1.5 <acronym>SHA3-224</acronym></a>
54
<li><a href="#Recommended-hash-functions">6.1.1.6 <acronym>SHA3-256</acronym></a>
55
<li><a href="#Recommended-hash-functions">6.1.1.7 <acronym>SHA3-384</acronym></a>
56
<li><a href="#Recommended-hash-functions">6.1.1.8 <acronym>SHA3-512</acronym></a>
57
</li></ul>
58
<li><a href="#Legacy-hash-functions">6.1.2 Legacy hash functions</a>
59
<ul>
60
<li><a href="#Legacy-hash-functions">6.1.2.1 <acronym>MD5</acronym></a>
61
<li><a href="#Legacy-hash-functions">6.1.2.2 <acronym>MD2</acronym></a>
62
<li><a href="#Legacy-hash-functions">6.1.2.3 <acronym>MD4</acronym></a>
63
<li><a href="#Legacy-hash-functions">6.1.2.4 <acronym>RIPEMD160</acronym></a>
64
<li><a href="#Legacy-hash-functions">6.1.2.5 <acronym>SHA1</acronym></a>
65
<li><a href="#Legacy-hash-functions">6.1.2.6 <acronym>GOSTHASH94</acronym></a>
66
</li></ul>
67
<li><a href="#nettle_005fhash-abstraction">6.1.3 The nettle_hash abstraction</a>
57
68
</li></ul>
58
69
<li><a href="#Cipher-functions">6.2 Cipher functions</a>
59
70
<ul>
93
104
<li><a href="#Keyed-hash-functions">6.4.2.5 <acronym>HMAC-SHA512</acronym></a>
94
105
</li></ul>
95
106
</li></ul>
96
<li><a href="#Public_002dkey-algorithms">6.5 Public-key algorithms</a>
97
<ul>
98
<li><a href="#RSA">6.5.1 <acronym>RSA</acronym></a>
99
<li><a href="#RSA">6.5.2 Nettle's <acronym>RSA</acronym> support</a>
100
<li><a href="#DSA">6.5.3 Nettle's <acronym>DSA</acronym> support</a>
101
<li><a href="#DSA">6.5.4 Nettle's <acronym>DSA</acronym> support</a>
102
</li></ul>
103
<li><a href="#Randomness">6.6 Randomness</a>
104
<ul>
105
<li><a href="#Randomness">6.6.1 Yarrow</a>
106
</li></ul>
107
<li><a href="#Ascii-encoding">6.7 Ascii encoding</a>
108
<li><a href="#Miscellaneous-functions">6.8 Miscellaneous functions</a>
109
<li><a href="#Compatibility-functions">6.9 Compatibility functions</a>
107
<li><a href="#Key-derivation-functions">6.5 Key derivation Functions</a>
108
<ul>
109
<li><a href="#Key-derivation-functions">6.5.1 <acronym>PBKDF2</acronym></a>
110
<li><a href="#Key-derivation-functions">6.5.2 Concrete <acronym>PBKDF2</acronym> functions</a>
111
<ul>
112
<li><a href="#Key-derivation-functions">6.5.2.1 <acronym>PBKDF2-HMAC-SHA1</acronym></a>
113
<li><a href="#Key-derivation-functions">6.5.2.2 <acronym>PBKDF2-HMAC-SHA256</acronym></a>
114
</li></ul>
115
</li></ul>
116
<li><a href="#Public_002dkey-algorithms">6.6 Public-key algorithms</a>
117
<ul>
118
<li><a href="#RSA">6.6.1 <acronym>RSA</acronym></a>
119
<li><a href="#RSA">6.6.2 Nettle's <acronym>RSA</acronym> support</a>
120
<li><a href="#DSA">6.6.3 <acronym>DSA</acronym></a>
121
<li><a href="#DSA">6.6.4 Nettle's <acronym>DSA</acronym> support</a>
122
</li></ul>
123
<li><a href="#Randomness">6.7 Randomness</a>
124
<ul>
125
<li><a href="#Randomness">6.7.1 Yarrow</a>
126
</li></ul>
127
<li><a href="#Ascii-encoding">6.8 Ascii encoding</a>
128
<li><a href="#Miscellaneous-functions">6.9 Miscellaneous functions</a>
129
<li><a href="#Compatibility-functions">6.10 Compatibility functions</a>
110
130
</li></ul>
111
131
<li><a name="toc_Nettle-soup" href="#Nettle-soup">7 Traditional Nettle Soup</a>
112
132
<li><a name="toc_Installation" href="#Installation">8 Installation</a>
132
152
can use the library directly from your C programs, or write or use an
133
153
object-oriented wrapper for your favorite language or application.
134
154
135
<p>This manual is for the Nettle library (version 2.5), a
155
<p>This manual is for the Nettle library (version 2.6), a
136
156
low-level cryptographic library.
137
157
138
<p>Originally written 2001 by Niels Mƶller, updated 2011.
158
<p>Originally written 2001 by Niels Mƶller, updated 2012.
139
159
140
160
<blockquote>
141
161
This manual is placed in the public domain. You may freely copy it, in
165
185
<li><a href="#Cipher-functions">Cipher functions</a>
166
186
<li><a href="#Cipher-modes">Cipher modes</a>
167
187
<li><a href="#Keyed-hash-functions">Keyed hash functions</a>
188
<li><a href="#Key-derivation-functions">Key derivation functions</a>
168
189
<li><a href="#Public_002dkey-algorithms">Public-key algorithms</a>
169
190
<li><a href="#Randomness">Randomness</a>
170
191
<li><a href="#Ascii-encoding">Ascii encoding</a>
301
322
Josefsson, and heavily modified by Niels Mƶller. Assembly for x86_64 by
302
323
Niels Mƶller. Released under the LGPL.
303
324
325
<br><dt><em>PBKDF2</em><dd>The C implementation of PBKDF2 is based on earlier work for Shishi and
326
GnuTLS by Simon Josefsson. Released under the LGPL.
327
304
328
<br><dt><em>SERPENT</em><dd>The implementation of the SERPENT cipher is based on the code in libgcrypt,
305
329
copyright owned by the Free Software Foundation. Adapted to Nettle by
306
330
Simon Josefsson and heavily modified by Niels Mƶller. Assembly for
311
335
Released into the public domain. Assembler for x86 by Niels Mƶller,
312
336
released under the LGPL.
313
337
314
<br><dt><em>SHA224, SHA256, SHA384, and SHA512</em><dd>Written by Niels Mƶller, using Peter Gutmann's SHA1 code as a model.
338
<br><dt><em>SHA2</em><dd>Written by Niels Mƶller, using Peter Gutmann's SHA1 code as a model.
315
339
Released under the LGPL.
316
340
341
<br><dt><em>SHA3</em><dd>Written by Niels Mƶller. Released under the LGPL.
342
343
<br><dt><em>GOSTHASH94</em><dd>The C implementation of the GOST94 message digest is written by
344
Aleksey Kravchenko and was ported from the rhash library by Nikos
345
Mavrogiannopoulos. It is released under the MIT license.
346
317
347
<br><dt><em>TWOFISH</em><dd>The implementation of the TWOFISH cipher is written by Ruud de Rooij.
318
348
Released under the LGPL.
319
349
391
421
<pre class="example"><pre class="verbatim"> #include <stdio.h>
392
422
#include <stdlib.h>
393
423
394
#include <nettle/sha.h>
424
#include <nettle/sha1.h>
395
425
396
426
#define BUF_SIZE 1000
397
427
432
462
</pre></pre>
433
463
<p>On a typical Unix system, this program can be compiled and linked with
434
464
the command line
435
<pre class="example"> cc sha-example.c -o sha-example -lnettle
465
<pre class="example"> gcc sha-example.c -o sha-example -lnettle
436
466
</pre>
437
467
<div class="node">
438
468
<a name="Linking"></a>
479
509
<li><a accesskey="2" href="#Cipher-functions">Cipher functions</a>
480
510
<li><a accesskey="3" href="#Cipher-modes">Cipher modes</a>
481
511
<li><a accesskey="4" href="#Keyed-hash-functions">Keyed hash functions</a>
482
<li><a accesskey="5" href="#Public_002dkey-algorithms">Public-key algorithms</a>
483
<li><a accesskey="6" href="#Randomness">Randomness</a>
484
<li><a accesskey="7" href="#Ascii-encoding">Ascii encoding</a>
485
<li><a accesskey="8" href="#Miscellaneous-functions">Miscellaneous functions</a>
486
<li><a accesskey="9" href="#Compatibility-functions">Compatibility functions</a>
512
<li><a accesskey="5" href="#Key-derivation-functions">Key derivation functions</a>
513
<li><a accesskey="6" href="#Public_002dkey-algorithms">Public-key algorithms</a>
514
<li><a accesskey="7" href="#Randomness">Randomness</a>
515
<li><a accesskey="8" href="#Ascii-encoding">Ascii encoding</a>
516
<li><a accesskey="9" href="#Miscellaneous-functions">Miscellaneous functions</a>
517
<li><a href="#Compatibility-functions">Compatibility functions</a>
487
518
</ul>
488
519
489
520
<div class="node">
520
551
521
552
<p>The most commonly used hash functions are MD5 and SHA1. Unfortunately,
522
553
both these fail the collision-resistance requirement; cryptologists have
523
found ways to construct colliding inputs. The recommended hash function
524
for new applications is SHA256, even though it uses a structure similar
525
to MD5 and SHA1. Constructing better hash functions is an urgent research
526
problem.
527
528
<h4 class="subsection">6.1.1 <acronym>MD5</acronym></h4>
554
found ways to construct colliding inputs. The recommended hash functions
555
for new applications are SHA2 (with main variants SHA256 and SHA512). At
556
the time of this writing (December 2012), the winner of the NIST SHA3
557
competition has recently been announced, and the new SHA3 (earlier known
558
as Keccak) and other top SHA3 candidates may also be reasonable
559
alternatives.
560
561
<ul class="menu">
562
<li><a accesskey="1" href="#Recommended-hash-functions">Recommended hash functions</a>
563
<li><a accesskey="2" href="#Legacy-hash-functions">Legacy hash functions</a>
564
<li><a accesskey="3" href="#nettle_005fhash-abstraction">nettle_hash abstraction</a>
565
</ul>
566
567
<div class="node">
568
<a name="Recommended-hash-functions"></a>
569
<p><hr>
570
Next: <a rel="next" accesskey="n" href="#Legacy-hash-functions">Legacy hash functions</a>,
571
Up: <a rel="up" accesskey="u" href="#Hash-functions">Hash functions</a>
572
573
</div>
574
575
<!-- node-name, next, previous, up -->
576
<h4 class="subsection">6.1.1 Recommended hash functions</h4>
577
578
<p>The following hash functions have no known weaknesses, and are suitable
579
for new applications. The SHA2 family of hash functions were specified
580
by <dfn>NIST</dfn>, intended as a replacement for <acronym>SHA1</acronym>.
581
582
<h5 class="subsubsection">6.1.1.1 <acronym>SHA256</acronym></h5>
583
584
<p>SHA256 is a member of the SHA2 family. It outputs hash values of 256
585
bits, or 32 octets. Nettle defines SHA256 in <samp><span class="file"><nettle/sha2.h></span></samp>.
586
587
<div class="defun">
588
— Context struct: <b>struct sha256_ctx</b><var><a name="index-struct-sha256_005fctx-4"></a></var><br>
589
</div>
590
591
<div class="defun">
592
— Constant: <b>SHA256_DIGEST_SIZE</b><var><a name="index-SHA256_005fDIGEST_005fSIZE-5"></a></var><br>
593
<blockquote><p>The size of a SHA256 digest, i.e. 32.
594
</p></blockquote></div>
595
596
<div class="defun">
597
— Constant: <b>SHA256_DATA_SIZE</b><var><a name="index-SHA256_005fDATA_005fSIZE-6"></a></var><br>
598
<blockquote><p>The internal block size of SHA256. Useful for some special constructions,
599
in particular HMAC-SHA256.
600
</p></blockquote></div>
601
602
<div class="defun">
603
— Function: void <b>sha256_init</b> (<var>struct sha256_ctx *ctx</var>)<var><a name="index-sha256_005finit-7"></a></var><br>
604
<blockquote><p>Initialize the SHA256 state.
605
</p></blockquote></div>
606
607
<div class="defun">
608
— Function: void <b>sha256_update</b> (<var>struct sha256_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha256_005fupdate-8"></a></var><br>
609
<blockquote><p>Hash some more data.
610
</p></blockquote></div>
611
612
<div class="defun">
613
— Function: void <b>sha256_digest</b> (<var>struct sha256_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha256_005fdigest-9"></a></var><br>
614
<blockquote><p>Performs final processing and extracts the message digest, writing it
615
to <var>digest</var>. <var>length</var> may be smaller than
616
<code>SHA256_DIGEST_SIZE</code>, in which case only the first <var>length</var>
617
octets of the digest are written.
618
619
<p>This function also resets the context in the same way as
620
<code>sha256_init</code>.
621
</p></blockquote></div>
622
623
<p>Earlier versions of nettle defined SHA256 in the header file
624
<samp><span class="file"><nettle/sha.h></span></samp>, which is now deprecated, but kept for
625
compatibility.
626
627
<h5 class="subsubsection">6.1.1.2 <acronym>SHA224</acronym></h5>
628
629
<p>SHA224 is a variant of SHA256, with a different initial state, and with
630
the output truncated to 224 bits, or 28 octets. Nettle defines SHA224 in
631
<samp><span class="file"><nettle/sha2.h></span></samp> (and in <samp><span class="file"><nettle/sha.h></span></samp>, for backwards
632
compatibility).
633
634
<div class="defun">
635
— Context struct: <b>struct sha224_ctx</b><var><a name="index-struct-sha224_005fctx-10"></a></var><br>
636
</div>
637
638
<div class="defun">
639
— Constant: <b>SHA224_DIGEST_SIZE</b><var><a name="index-SHA224_005fDIGEST_005fSIZE-11"></a></var><br>
640
<blockquote><p>The size of a SHA224 digest, i.e. 28.
641
</p></blockquote></div>
642
643
<div class="defun">
644
— Constant: <b>SHA224_DATA_SIZE</b><var><a name="index-SHA224_005fDATA_005fSIZE-12"></a></var><br>
645
<blockquote><p>The internal block size of SHA224. Useful for some special constructions,
646
in particular HMAC-SHA224.
647
</p></blockquote></div>
648
649
<div class="defun">
650
— Function: void <b>sha224_init</b> (<var>struct sha224_ctx *ctx</var>)<var><a name="index-sha224_005finit-13"></a></var><br>
651
<blockquote><p>Initialize the SHA224 state.
652
</p></blockquote></div>
653
654
<div class="defun">
655
— Function: void <b>sha224_update</b> (<var>struct sha224_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha224_005fupdate-14"></a></var><br>
656
<blockquote><p>Hash some more data.
657
</p></blockquote></div>
658
659
<div class="defun">
660
— Function: void <b>sha224_digest</b> (<var>struct sha224_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha224_005fdigest-15"></a></var><br>
661
<blockquote><p>Performs final processing and extracts the message digest, writing it
662
to <var>digest</var>. <var>length</var> may be smaller than
663
<code>SHA224_DIGEST_SIZE</code>, in which case only the first <var>length</var>
664
octets of the digest are written.
665
666
<p>This function also resets the context in the same way as
667
<code>sha224_init</code>.
668
</p></blockquote></div>
669
670
<h5 class="subsubsection">6.1.1.3 <acronym>SHA512</acronym></h5>
671
672
<p>SHA512 is a larger sibling to SHA256, with a very similar structure but
673
with both the output and the internal variables of twice the size. The
674
internal variables are 64 bits rather than 32, making it significantly
675
slower on 32-bit computers. It outputs hash values of 512 bits, or 64
676
octets. Nettle defines SHA512 in <samp><span class="file"><nettle/sha2.h></span></samp> (and in
677
<samp><span class="file"><nettle/sha.h></span></samp>, for backwards compatibility).
678
679
<div class="defun">
680
— Context struct: <b>struct sha512_ctx</b><var><a name="index-struct-sha512_005fctx-16"></a></var><br>
681
</div>
682
683
<div class="defun">
684
— Constant: <b>SHA512_DIGEST_SIZE</b><var><a name="index-SHA512_005fDIGEST_005fSIZE-17"></a></var><br>
685
<blockquote><p>The size of a SHA512 digest, i.e. 64.
686
</p></blockquote></div>
687
688
<div class="defun">
689
— Constant: <b>SHA512_DATA_SIZE</b><var><a name="index-SHA512_005fDATA_005fSIZE-18"></a></var><br>
690
<blockquote><p>The internal block size of SHA512. Useful for some special constructions,
691
in particular HMAC-SHA512.
692
</p></blockquote></div>
693
694
<div class="defun">
695
— Function: void <b>sha512_init</b> (<var>struct sha512_ctx *ctx</var>)<var><a name="index-sha512_005finit-19"></a></var><br>
696
<blockquote><p>Initialize the SHA512 state.
697
</p></blockquote></div>
698
699
<div class="defun">
700
— Function: void <b>sha512_update</b> (<var>struct sha512_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha512_005fupdate-20"></a></var><br>
701
<blockquote><p>Hash some more data.
702
</p></blockquote></div>
703
704
<div class="defun">
705
— Function: void <b>sha512_digest</b> (<var>struct sha512_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha512_005fdigest-21"></a></var><br>
706
<blockquote><p>Performs final processing and extracts the message digest, writing it
707
to <var>digest</var>. <var>length</var> may be smaller than
708
<code>SHA512_DIGEST_SIZE</code>, in which case only the first <var>length</var>
709
octets of the digest are written.
710
711
<p>This function also resets the context in the same way as
712
<code>sha512_init</code>.
713
</p></blockquote></div>
714
715
<h5 class="subsubsection">6.1.1.4 <acronym>SHA384</acronym></h5>
716
717
<p>SHA384 is a variant of SHA512, with a different initial state, and with
718
the output truncated to 384 bits, or 48 octets. Nettle defines SHA384 in
719
<samp><span class="file"><nettle/sha2.h></span></samp> (and in <samp><span class="file"><nettle/sha.h></span></samp>, for backwards
720
compatibility).
721
722
<div class="defun">
723
— Context struct: <b>struct sha384_ctx</b><var><a name="index-struct-sha384_005fctx-22"></a></var><br>
724
</div>
725
726
<div class="defun">
727
— Constant: <b>SHA384_DIGEST_SIZE</b><var><a name="index-SHA384_005fDIGEST_005fSIZE-23"></a></var><br>
728
<blockquote><p>The size of a SHA384 digest, i.e. 48.
729
</p></blockquote></div>
730
731
<div class="defun">
732
— Constant: <b>SHA384_DATA_SIZE</b><var><a name="index-SHA384_005fDATA_005fSIZE-24"></a></var><br>
733
<blockquote><p>The internal block size of SHA384. Useful for some special constructions,
734
in particular HMAC-SHA384.
735
</p></blockquote></div>
736
737
<div class="defun">
738
— Function: void <b>sha384_init</b> (<var>struct sha384_ctx *ctx</var>)<var><a name="index-sha384_005finit-25"></a></var><br>
739
<blockquote><p>Initialize the SHA384 state.
740
</p></blockquote></div>
741
742
<div class="defun">
743
— Function: void <b>sha384_update</b> (<var>struct sha384_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha384_005fupdate-26"></a></var><br>
744
<blockquote><p>Hash some more data.
745
</p></blockquote></div>
746
747
<div class="defun">
748
— Function: void <b>sha384_digest</b> (<var>struct sha384_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha384_005fdigest-27"></a></var><br>
749
<blockquote><p>Performs final processing and extracts the message digest, writing it
750
to <var>digest</var>. <var>length</var> may be smaller than
751
<code>SHA384_DIGEST_SIZE</code>, in which case only the first <var>length</var>
752
octets of the digest are written.
753
754
<p>This function also resets the context in the same way as
755
<code>sha384_init</code>.
756
</p></blockquote></div>
757
758
<h5 class="subsubsection">6.1.1.5 <acronym>SHA3-224</acronym></h5>
759
760
<p>The SHA3 hash functions were specified by NIST in repsonse to weaknesses
761
in SHA1, and doubts about SHA2 hash functions which structurally are
762
very similar to SHA1. The standard is a result of a competition, where
763
the winner, also known as Keccak, was designed by Guido Bertoni, Joan
764
Daemen, Michaƫl Peeters and Gilles Van Assche. It is structurally very
765
different from all widely used earlier hash functions. Like SHA2, there
766
are several variants, with output sizes of 224, 256, 384 and 512 bits
767
(28, 32, 48 and 64 octets, respectively).
768
769
<p>Nettle defines SHA3-224 in <samp><span class="file"><nettle/sha3.h></span></samp>.
770
771
<div class="defun">
772
— Context struct: <b>struct sha3_224_ctx</b><var><a name="index-struct-sha3_005f224_005fctx-28"></a></var><br>
773
</div>
774
775
<div class="defun">
776
— Constant: <b>SHA3_224_DIGEST_SIZE</b><var><a name="index-SHA3_005f224_005fDIGEST_005fSIZE-29"></a></var><br>
777
<blockquote><p>The size of a SHA3_224 digest, i.e., 28.
778
</p></blockquote></div>
779
780
<div class="defun">
781
— Constant: <b>SHA3_224_DATA_SIZE</b><var><a name="index-SHA3_005f224_005fDATA_005fSIZE-30"></a></var><br>
782
<blockquote><p>The internal block size of SHA3_224.
783
</p></blockquote></div>
784
785
<div class="defun">
786
— Function: void <b>sha3_224_init</b> (<var>struct sha3_224_ctx *ctx</var>)<var><a name="index-sha3_005f224_005finit-31"></a></var><br>
787
<blockquote><p>Initialize the SHA3-224 state.
788
</p></blockquote></div>
789
790
<div class="defun">
791
— Function: void <b>sha3_224_update</b> (<var>struct sha3_224_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha3_005f224_005fupdate-32"></a></var><br>
792
<blockquote><p>Hash some more data.
793
</p></blockquote></div>
794
795
<div class="defun">
796
— Function: void <b>sha3_224_digest</b> (<var>struct sha3_224_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha3_005f224_005fdigest-33"></a></var><br>
797
<blockquote><p>Performs final processing and extracts the message digest, writing it
798
to <var>digest</var>. <var>length</var> may be smaller than
799
<code>SHA3_224_DIGEST_SIZE</code>, in which case only the first <var>length</var>
800
octets of the digest are written.
801
802
<p>This function also resets the context.
803
</p></blockquote></div>
804
805
<h5 class="subsubsection">6.1.1.6 <acronym>SHA3-256</acronym></h5>
806
807
<p>This is SHA3 with 256-bit output size, and possibly the most useful
808
of the SHA3 hash functions.
809
810
<p>Nettle defines SHA3-256 in <samp><span class="file"><nettle/sha3.h></span></samp>.
811
812
<div class="defun">
813
— Context struct: <b>struct sha3_256_ctx</b><var><a name="index-struct-sha3_005f256_005fctx-34"></a></var><br>
814
</div>
815
816
<div class="defun">
817
— Constant: <b>SHA3_256_DIGEST_SIZE</b><var><a name="index-SHA3_005f256_005fDIGEST_005fSIZE-35"></a></var><br>
818
<blockquote><p>The size of a SHA3_256 digest, i.e., 32.
819
</p></blockquote></div>
820
821
<div class="defun">
822
— Constant: <b>SHA3_256_DATA_SIZE</b><var><a name="index-SHA3_005f256_005fDATA_005fSIZE-36"></a></var><br>
823
<blockquote><p>The internal block size of SHA3_256.
824
</p></blockquote></div>
825
826
<div class="defun">
827
— Function: void <b>sha3_256_init</b> (<var>struct sha3_256_ctx *ctx</var>)<var><a name="index-sha3_005f256_005finit-37"></a></var><br>
828
<blockquote><p>Initialize the SHA3-256 state.
829
</p></blockquote></div>
830
831
<div class="defun">
832
— Function: void <b>sha3_256_update</b> (<var>struct sha3_256_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha3_005f256_005fupdate-38"></a></var><br>
833
<blockquote><p>Hash some more data.
834
</p></blockquote></div>
835
836
<div class="defun">
837
— Function: void <b>sha3_256_digest</b> (<var>struct sha3_256_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha3_005f256_005fdigest-39"></a></var><br>
838
<blockquote><p>Performs final processing and extracts the message digest, writing it
839
to <var>digest</var>. <var>length</var> may be smaller than
840
<code>SHA3_256_DIGEST_SIZE</code>, in which case only the first <var>length</var>
841
octets of the digest are written.
842
843
<p>This function also resets the context.
844
</p></blockquote></div>
845
846
<h5 class="subsubsection">6.1.1.7 <acronym>SHA3-384</acronym></h5>
847
848
<p>This is SHA3 with 384-bit output size.
849
850
<p>Nettle defines SHA3-384 in <samp><span class="file"><nettle/sha3.h></span></samp>.
851
852
<div class="defun">
853
— Context struct: <b>struct sha3_384_ctx</b><var><a name="index-struct-sha3_005f384_005fctx-40"></a></var><br>
854
</div>
855
856
<div class="defun">
857
— Constant: <b>SHA3_384_DIGEST_SIZE</b><var><a name="index-SHA3_005f384_005fDIGEST_005fSIZE-41"></a></var><br>
858
<blockquote><p>The size of a SHA3_384 digest, i.e., 48.
859
</p></blockquote></div>
860
861
<div class="defun">
862
— Constant: <b>SHA3_384_DATA_SIZE</b><var><a name="index-SHA3_005f384_005fDATA_005fSIZE-42"></a></var><br>
863
<blockquote><p>The internal block size of SHA3_384.
864
</p></blockquote></div>
865
866
<div class="defun">
867
— Function: void <b>sha3_384_init</b> (<var>struct sha3_384_ctx *ctx</var>)<var><a name="index-sha3_005f384_005finit-43"></a></var><br>
868
<blockquote><p>Initialize the SHA3-384 state.
869
</p></blockquote></div>
870
871
<div class="defun">
872
— Function: void <b>sha3_384_update</b> (<var>struct sha3_384_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha3_005f384_005fupdate-44"></a></var><br>
873
<blockquote><p>Hash some more data.
874
</p></blockquote></div>
875
876
<div class="defun">
877
— Function: void <b>sha3_384_digest</b> (<var>struct sha3_384_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha3_005f384_005fdigest-45"></a></var><br>
878
<blockquote><p>Performs final processing and extracts the message digest, writing it
879
to <var>digest</var>. <var>length</var> may be smaller than
880
<code>SHA3_384_DIGEST_SIZE</code>, in which case only the first <var>length</var>
881
octets of the digest are written.
882
883
<p>This function also resets the context.
884
</p></blockquote></div>
885
886
<h5 class="subsubsection">6.1.1.8 <acronym>SHA3-512</acronym></h5>
887
888
<p>This is SHA3 with 512-bit output size.
889
890
<p>Nettle defines SHA3-512 in <samp><span class="file"><nettle/sha3.h></span></samp>.
891
892
<div class="defun">
893
— Context struct: <b>struct sha3_512_ctx</b><var><a name="index-struct-sha3_005f512_005fctx-46"></a></var><br>
894
</div>
895
896
<div class="defun">
897
— Constant: <b>SHA3_512_DIGEST_SIZE</b><var><a name="index-SHA3_005f512_005fDIGEST_005fSIZE-47"></a></var><br>
898
<blockquote><p>The size of a SHA3_512 digest, i.e. 64.
899
</p></blockquote></div>
900
901
<div class="defun">
902
— Constant: <b>SHA3_512_DATA_SIZE</b><var><a name="index-SHA3_005f512_005fDATA_005fSIZE-48"></a></var><br>
903
<blockquote><p>The internal block size of SHA3_512.
904
</p></blockquote></div>
905
906
<div class="defun">
907
— Function: void <b>sha3_512_init</b> (<var>struct sha3_512_ctx *ctx</var>)<var><a name="index-sha3_005f512_005finit-49"></a></var><br>
908
<blockquote><p>Initialize the SHA3-512 state.
909
</p></blockquote></div>
910
911
<div class="defun">
912
— Function: void <b>sha3_512_update</b> (<var>struct sha3_512_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha3_005f512_005fupdate-50"></a></var><br>
913
<blockquote><p>Hash some more data.
914
</p></blockquote></div>
915
916
<div class="defun">
917
— Function: void <b>sha3_512_digest</b> (<var>struct sha3_512_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha3_005f512_005fdigest-51"></a></var><br>
918
<blockquote><p>Performs final processing and extracts the message digest, writing it
919
to <var>digest</var>. <var>length</var> may be smaller than
920
<code>SHA3_512_DIGEST_SIZE</code>, in which case only the first <var>length</var>
921
octets of the digest are written.
922
923
<p>This function also resets the context.
924
</p></blockquote></div>
925
926
<div class="node">
927
<a name="Legacy-hash-functions"></a>
928
<p><hr>
929
Next: <a rel="next" accesskey="n" href="#nettle_005fhash-abstraction">nettle_hash abstraction</a>,
930
Previous: <a rel="previous" accesskey="p" href="#Recommended-hash-functions">Recommended hash functions</a>,
931
Up: <a rel="up" accesskey="u" href="#Hash-functions">Hash functions</a>
932
933
</div>
934
935
<!-- node-name, next, previous, up -->
936
<h4 class="subsection">6.1.2 Legacy hash functions</h4>
937
938
<p>The hash functions in this section all have some known weaknesses, and
939
should be avoided for new applications. These hash functions are mainly
940
useful for compatibility with old applications and protocols. Some are
941
still considered safe as building blocks for particular constructions,
942
e.g., there seems to be no known attacks against HMAC-SHA1 or even
943
HMAC-MD5. In some important cases, use of a “legacy” hash function
944
does not in itself make the application insecure; if a known weakness is
945
relevant depends on how the hash function is used, and on the threat
946
model.
947
948
<h5 class="subsubsection">6.1.2.1 <acronym>MD5</acronym></h5>
529
949
530
950
<p>MD5 is a message digest function constructed by Ronald Rivest, and
531
951
described in <cite>RFC 1321</cite>. It outputs message digests of 128 bits, or
532
952
16 octets. Nettle defines MD5 in <samp><span class="file"><nettle/md5.h></span></samp>.
533
953
534
954
<div class="defun">
535
— Context struct: <b>struct md5_ctx</b><var><a name="index-struct-md5_005fctx-4"></a></var><br>
955
— Context struct: <b>struct md5_ctx</b><var><a name="index-struct-md5_005fctx-52"></a></var><br>
536
956
</div>
537
957
538
958
<div class="defun">
539
— Constant: <b>MD5_DIGEST_SIZE</b><var><a name="index-MD5_005fDIGEST_005fSIZE-5"></a></var><br>
959
— Constant: <b>MD5_DIGEST_SIZE</b><var><a name="index-MD5_005fDIGEST_005fSIZE-53"></a></var><br>
540
960
<blockquote><p>The size of an MD5 digest, i.e. 16.
541
961
</p></blockquote></div>
542
962
543
963
<div class="defun">
544
— Constant: <b>MD5_DATA_SIZE</b><var><a name="index-MD5_005fDATA_005fSIZE-6"></a></var><br>
964
— Constant: <b>MD5_DATA_SIZE</b><var><a name="index-MD5_005fDATA_005fSIZE-54"></a></var><br>
545
965
<blockquote><p>The internal block size of MD5. Useful for some special constructions,
546
966
in particular HMAC-MD5.
547
967
</p></blockquote></div>
548
968
549
969
<div class="defun">
550
— Function: void <b>md5_init</b> (<var>struct md5_ctx *ctx</var>)<var><a name="index-md5_005finit-7"></a></var><br>
970
— Function: void <b>md5_init</b> (<var>struct md5_ctx *ctx</var>)<var><a name="index-md5_005finit-55"></a></var><br>
551
971
<blockquote><p>Initialize the MD5 state.
552
972
</p></blockquote></div>
553
973
554
974
<div class="defun">
555
— Function: void <b>md5_update</b> (<var>struct md5_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-md5_005fupdate-8"></a></var><br>
975
— Function: void <b>md5_update</b> (<var>struct md5_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-md5_005fupdate-56"></a></var><br>
556
976
<blockquote><p>Hash some more data.
557
977
</p></blockquote></div>
558
978
559
979
<div class="defun">
560
— Function: void <b>md5_digest</b> (<var>struct md5_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-md5_005fdigest-9"></a></var><br>
980
— Function: void <b>md5_digest</b> (<var>struct md5_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-md5_005fdigest-57"></a></var><br>
561
981
<blockquote><p>Performs final processing and extracts the message digest, writing it
562
982
to <var>digest</var>. <var>length</var> may be smaller than
563
983
<code>MD5_DIGEST_SIZE</code>, in which case only the first <var>length</var>
575
995
576
996
<p>To start over, you can call <code>md5_init</code> at any time.
577
997
578
<h4 class="subsection">6.1.2 <acronym>MD2</acronym></h4>
998
<h5 class="subsubsection">6.1.2.2 <acronym>MD2</acronym></h5>
579
999
580
1000
<p>MD2 is another hash function of Ronald Rivest's, described in
581
1001
<cite>RFC 1319</cite>. It outputs message digests of 128 bits, or 16 octets.
582
1002
Nettle defines MD2 in <samp><span class="file"><nettle/md2.h></span></samp>.
583
1003
584
1004
<div class="defun">
585
— Context struct: <b>struct md2_ctx</b><var><a name="index-struct-md2_005fctx-10"></a></var><br>
1005
— Context struct: <b>struct md2_ctx</b><var><a name="index-struct-md2_005fctx-58"></a></var><br>
586
1006
</div>
587
1007
588
1008
<div class="defun">
589
— Constant: <b>MD2_DIGEST_SIZE</b><var><a name="index-MD2_005fDIGEST_005fSIZE-11"></a></var><br>
1009
— Constant: <b>MD2_DIGEST_SIZE</b><var><a name="index-MD2_005fDIGEST_005fSIZE-59"></a></var><br>
590
1010
<blockquote><p>The size of an MD2 digest, i.e. 16.
591
1011
</p></blockquote></div>
592
1012
593
1013
<div class="defun">
594
— Constant: <b>MD2_DATA_SIZE</b><var><a name="index-MD2_005fDATA_005fSIZE-12"></a></var><br>
1014
— Constant: <b>MD2_DATA_SIZE</b><var><a name="index-MD2_005fDATA_005fSIZE-60"></a></var><br>
595
1015
<blockquote><p>The internal block size of MD2.
596
1016
</p></blockquote></div>
597
1017
598
1018
<div class="defun">
599
— Function: void <b>md2_init</b> (<var>struct md2_ctx *ctx</var>)<var><a name="index-md2_005finit-13"></a></var><br>
1019
— Function: void <b>md2_init</b> (<var>struct md2_ctx *ctx</var>)<var><a name="index-md2_005finit-61"></a></var><br>
600
1020
<blockquote><p>Initialize the MD2 state.
601
1021
</p></blockquote></div>
602
1022
603
1023
<div class="defun">
604
— Function: void <b>md2_update</b> (<var>struct md2_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-md2_005fupdate-14"></a></var><br>
1024
— Function: void <b>md2_update</b> (<var>struct md2_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-md2_005fupdate-62"></a></var><br>
605
1025
<blockquote><p>Hash some more data.
606
1026
</p></blockquote></div>
607
1027
608
1028
<div class="defun">
609
— Function: void <b>md2_digest</b> (<var>struct md2_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-md2_005fdigest-15"></a></var><br>
1029
— Function: void <b>md2_digest</b> (<var>struct md2_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-md2_005fdigest-63"></a></var><br>
610
1030
<blockquote><p>Performs final processing and extracts the message digest, writing it
611
1031
to <var>digest</var>. <var>length</var> may be smaller than
612
1032
<code>MD2_DIGEST_SIZE</code>, in which case only the first <var>length</var>
616
1036
<code>md2_init</code>.
617
1037
</p></blockquote></div>
618
1038
619
<h4 class="subsection">6.1.3 <acronym>MD4</acronym></h4>
1039
<h5 class="subsubsection">6.1.2.3 <acronym>MD4</acronym></h5>
620
1040
621
1041
<p>MD4 is a predecessor of MD5, described in <cite>RFC 1320</cite>. Like MD5, it
622
1042
is constructed by Ronald Rivest. It outputs message digests of 128 bits,
625
1045
existing applications and protocols.
626
1046
627
1047
<div class="defun">
628
— Context struct: <b>struct md4_ctx</b><var><a name="index-struct-md4_005fctx-16"></a></var><br>
1048
— Context struct: <b>struct md4_ctx</b><var><a name="index-struct-md4_005fctx-64"></a></var><br>
629
1049
</div>
630
1050
631
1051
<div class="defun">
632
— Constant: <b>MD4_DIGEST_SIZE</b><var><a name="index-MD4_005fDIGEST_005fSIZE-17"></a></var><br>
1052
— Constant: <b>MD4_DIGEST_SIZE</b><var><a name="index-MD4_005fDIGEST_005fSIZE-65"></a></var><br>
633
1053
<blockquote><p>The size of an MD4 digest, i.e. 16.
634
1054
</p></blockquote></div>
635
1055
636
1056
<div class="defun">
637
— Constant: <b>MD4_DATA_SIZE</b><var><a name="index-MD4_005fDATA_005fSIZE-18"></a></var><br>
1057
— Constant: <b>MD4_DATA_SIZE</b><var><a name="index-MD4_005fDATA_005fSIZE-66"></a></var><br>
638
1058
<blockquote><p>The internal block size of MD4.
639
1059
</p></blockquote></div>
640
1060
641
1061
<div class="defun">
642
— Function: void <b>md4_init</b> (<var>struct md4_ctx *ctx</var>)<var><a name="index-md4_005finit-19"></a></var><br>
1062
— Function: void <b>md4_init</b> (<var>struct md4_ctx *ctx</var>)<var><a name="index-md4_005finit-67"></a></var><br>
643
1063
<blockquote><p>Initialize the MD4 state.
644
1064
</p></blockquote></div>
645
1065
646
1066
<div class="defun">
647
— Function: void <b>md4_update</b> (<var>struct md4_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-md4_005fupdate-20"></a></var><br>
1067
— Function: void <b>md4_update</b> (<var>struct md4_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-md4_005fupdate-68"></a></var><br>
648
1068
<blockquote><p>Hash some more data.
649
1069
</p></blockquote></div>
650
1070
651
1071
<div class="defun">
652
— Function: void <b>md4_digest</b> (<var>struct md4_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-md4_005fdigest-21"></a></var><br>
1072
— Function: void <b>md4_digest</b> (<var>struct md4_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-md4_005fdigest-69"></a></var><br>
653
1073
<blockquote><p>Performs final processing and extracts the message digest, writing it
654
1074
to <var>digest</var>. <var>length</var> may be smaller than
655
1075
<code>MD4_DIGEST_SIZE</code>, in which case only the first <var>length</var>
659
1079
<code>md4_init</code>.
660
1080
</p></blockquote></div>
661
1081
662
<h4 class="subsection">6.1.4 <acronym>RIPEMD160</acronym></h4>
1082
<h5 class="subsubsection">6.1.2.4 <acronym>RIPEMD160</acronym></h5>
663
1083
664
1084
<p>RIPEMD160 is a hash function designed by Hans Dobbertin, Antoon
665
1085
Bosselaers, and Bart Preneel, as a strengthened version of RIPEMD
668
1088
RIPEMD160 in <samp><span class="file">nettle/ripemd160.h</span></samp>.
669
1089
670
1090
<div class="defun">
671
— Context struct: <b>struct ripemd160_ctx</b><var><a name="index-struct-ripemd160_005fctx-22"></a></var><br>
1091
— Context struct: <b>struct ripemd160_ctx</b><var><a name="index-struct-ripemd160_005fctx-70"></a></var><br>
672
1092
</div>
673
1093
674
1094
<div class="defun">
675
— Constant: <b>RIPEMD160_DIGEST_SIZE</b><var><a name="index-RIPEMD160_005fDIGEST_005fSIZE-23"></a></var><br>
676
<blockquote><p>The size of an RIPEMD160 digest, i.e. 20.
1095
— Constant: <b>RIPEMD160_DIGEST_SIZE</b><var><a name="index-RIPEMD160_005fDIGEST_005fSIZE-71"></a></var><br>
1096
<blockquote><p>The size of a RIPEMD160 digest, i.e. 20.
677
1097
</p></blockquote></div>
678
1098
679
1099
<div class="defun">
680
— Constant: <b>RIPEMD160_DATA_SIZE</b><var><a name="index-RIPEMD160_005fDATA_005fSIZE-24"></a></var><br>
1100
— Constant: <b>RIPEMD160_DATA_SIZE</b><var><a name="index-RIPEMD160_005fDATA_005fSIZE-72"></a></var><br>
681
1101
<blockquote><p>The internal block size of RIPEMD160.
682
1102
</p></blockquote></div>
683
1103
684
1104
<div class="defun">
685
— Function: void <b>ripemd160_init</b> (<var>struct ripemd160_ctx *ctx</var>)<var><a name="index-ripemd160_005finit-25"></a></var><br>
1105
— Function: void <b>ripemd160_init</b> (<var>struct ripemd160_ctx *ctx</var>)<var><a name="index-ripemd160_005finit-73"></a></var><br>
686
1106
<blockquote><p>Initialize the RIPEMD160 state.
687
1107
</p></blockquote></div>
688
1108
689
1109
<div class="defun">
690
— Function: void <b>ripemd160_update</b> (<var>struct ripemd160_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-ripemd160_005fupdate-26"></a></var><br>
1110
— Function: void <b>ripemd160_update</b> (<var>struct ripemd160_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-ripemd160_005fupdate-74"></a></var><br>
691
1111
<blockquote><p>Hash some more data.
692
1112
</p></blockquote></div>
693
1113
694
1114
<div class="defun">
695
— Function: void <b>ripemd160_digest</b> (<var>struct ripemd160_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-ripemd160_005fdigest-27"></a></var><br>
1115
— Function: void <b>ripemd160_digest</b> (<var>struct ripemd160_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-ripemd160_005fdigest-75"></a></var><br>
696
1116
<blockquote><p>Performs final processing and extracts the message digest, writing it
697
1117
to <var>digest</var>. <var>length</var> may be smaller than
698
1118
<code>RIPEMD160_DIGEST_SIZE</code>, in which case only the first <var>length</var>
702
1122
<code>ripemd160_init</code>.
703
1123
</p></blockquote></div>
704
1124
705
<h4 class="subsection">6.1.5 <acronym>SHA1</acronym></h4>
706
707
<p>SHA1 is a hash function specified by <dfn>NIST</dfn> (The U.S. National Institute
708
for Standards and Technology). It outputs hash values of 160 bits, or 20
709
octets. Nettle defines SHA1 in <samp><span class="file"><nettle/sha.h></span></samp>.
710
711
<p>The functions are analogous to the MD5 ones.
1125
<h5 class="subsubsection">6.1.2.5 <acronym>SHA1</acronym></h5>
1126
1127
<p>SHA1 is a hash function specified by <dfn>NIST</dfn> (The U.S. National
1128
Institute for Standards and Technology). It outputs hash values of 160
1129
bits, or 20 octets. Nettle defines SHA1 in <samp><span class="file"><nettle/sha1.h></span></samp> (and
1130
in <samp><span class="file"><nettle/sha.h></span></samp>, for backwards compatibility).
712
1131
713
1132
<div class="defun">
714
— Context struct: <b>struct sha1_ctx</b><var><a name="index-struct-sha1_005fctx-28"></a></var><br>
1133
— Context struct: <b>struct sha1_ctx</b><var><a name="index-struct-sha1_005fctx-76"></a></var><br>
715
1134
</div>
716
1135
717
1136
<div class="defun">
718
— Constant: <b>SHA1_DIGEST_SIZE</b><var><a name="index-SHA1_005fDIGEST_005fSIZE-29"></a></var><br>
719
<blockquote><p>The size of an SHA1 digest, i.e. 20.
1137
— Constant: <b>SHA1_DIGEST_SIZE</b><var><a name="index-SHA1_005fDIGEST_005fSIZE-77"></a></var><br>
1138
<blockquote><p>The size of a SHA1 digest, i.e. 20.
720
1139
</p></blockquote></div>
721
1140
722
1141
<div class="defun">
723
— Constant: <b>SHA1_DATA_SIZE</b><var><a name="index-SHA1_005fDATA_005fSIZE-30"></a></var><br>
1142
— Constant: <b>SHA1_DATA_SIZE</b><var><a name="index-SHA1_005fDATA_005fSIZE-78"></a></var><br>
724
1143
<blockquote><p>The internal block size of SHA1. Useful for some special constructions,
725
1144
in particular HMAC-SHA1.
726
1145
</p></blockquote></div>
727
1146
728
1147
<div class="defun">
729
— Function: void <b>sha1_init</b> (<var>struct sha1_ctx *ctx</var>)<var><a name="index-sha1_005finit-31"></a></var><br>
1148
— Function: void <b>sha1_init</b> (<var>struct sha1_ctx *ctx</var>)<var><a name="index-sha1_005finit-79"></a></var><br>
730
1149
<blockquote><p>Initialize the SHA1 state.
731
1150
</p></blockquote></div>
732
1151
733
1152
<div class="defun">
734
— Function: void <b>sha1_update</b> (<var>struct sha1_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha1_005fupdate-32"></a></var><br>
1153
— Function: void <b>sha1_update</b> (<var>struct sha1_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha1_005fupdate-80"></a></var><br>
735
1154
<blockquote><p>Hash some more data.
736
1155
</p></blockquote></div>
737
1156
738
1157
<div class="defun">
739
— Function: void <b>sha1_digest</b> (<var>struct sha1_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha1_005fdigest-33"></a></var><br>
1158
— Function: void <b>sha1_digest</b> (<var>struct sha1_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha1_005fdigest-81"></a></var><br>
740
1159
<blockquote><p>Performs final processing and extracts the message digest, writing it
741
1160
to <var>digest</var>. <var>length</var> may be smaller than
742
1161
<code>SHA1_DIGEST_SIZE</code>, in which case only the first <var>length</var>
746
1165
<code>sha1_init</code>.
747
1166
</p></blockquote></div>
748
1167
749
<h4 class="subsection">6.1.6 <acronym>SHA256</acronym></h4>
750
751
<p>SHA256 is another hash function specified by <dfn>NIST</dfn>, intended as a
752
replacement for <acronym>SHA1</acronym>, generating larger digests. It outputs
753
hash values of 256 bits, or 32 octets. Nettle defines SHA256 in
754
<samp><span class="file"><nettle/sha.h></span></samp>.
755
756
<p>The functions are analogous to the MD5 ones.
757
758
<div class="defun">
759
— Context struct: <b>struct sha256_ctx</b><var><a name="index-struct-sha256_005fctx-34"></a></var><br>
760
</div>
761
762
<div class="defun">
763
— Constant: <b>SHA256_DIGEST_SIZE</b><var><a name="index-SHA256_005fDIGEST_005fSIZE-35"></a></var><br>
764
<blockquote><p>The size of an SHA256 digest, i.e. 32.
765
</p></blockquote></div>
766
767
<div class="defun">
768
— Constant: <b>SHA256_DATA_SIZE</b><var><a name="index-SHA256_005fDATA_005fSIZE-36"></a></var><br>
769
<blockquote><p>The internal block size of SHA256. Useful for some special constructions,
770
in particular HMAC-SHA256.
771
</p></blockquote></div>
772
773
<div class="defun">
774
— Function: void <b>sha256_init</b> (<var>struct sha256_ctx *ctx</var>)<var><a name="index-sha256_005finit-37"></a></var><br>
775
<blockquote><p>Initialize the SHA256 state.
776
</p></blockquote></div>
777
778
<div class="defun">
779
— Function: void <b>sha256_update</b> (<var>struct sha256_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha256_005fupdate-38"></a></var><br>
780
<blockquote><p>Hash some more data.
781
</p></blockquote></div>
782
783
<div class="defun">
784
— Function: void <b>sha256_digest</b> (<var>struct sha256_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha256_005fdigest-39"></a></var><br>
785
<blockquote><p>Performs final processing and extracts the message digest, writing it
786
to <var>digest</var>. <var>length</var> may be smaller than
787
<code>SHA256_DIGEST_SIZE</code>, in which case only the first <var>length</var>
788
octets of the digest are written.
789
790
<p>This function also resets the context in the same way as
791
<code>sha256_init</code>.
792
</p></blockquote></div>
793
794
<h4 class="subsection">6.1.7 <acronym>SHA224</acronym></h4>
795
796
<p>SHA224 is a variant of SHA256, with a different initial state, and with
797
the output truncated to 224 bits, or 28 octets. Nettle defines SHA224 in
798
<samp><span class="file"><nettle/sha.h></span></samp>.
799
800
<p>The functions are analogous to the MD5 ones.
801
802
<div class="defun">
803
— Context struct: <b>struct sha224_ctx</b><var><a name="index-struct-sha224_005fctx-40"></a></var><br>
804
</div>
805
806
<div class="defun">
807
— Constant: <b>SHA224_DIGEST_SIZE</b><var><a name="index-SHA224_005fDIGEST_005fSIZE-41"></a></var><br>
808
<blockquote><p>The size of an SHA224 digest, i.e. 28.
809
</p></blockquote></div>
810
811
<div class="defun">
812
— Constant: <b>SHA224_DATA_SIZE</b><var><a name="index-SHA224_005fDATA_005fSIZE-42"></a></var><br>
813
<blockquote><p>The internal block size of SHA224. Useful for some special constructions,
814
in particular HMAC-SHA224.
815
</p></blockquote></div>
816
817
<div class="defun">
818
— Function: void <b>sha224_init</b> (<var>struct sha224_ctx *ctx</var>)<var><a name="index-sha224_005finit-43"></a></var><br>
819
<blockquote><p>Initialize the SHA224 state.
820
</p></blockquote></div>
821
822
<div class="defun">
823
— Function: void <b>sha224_update</b> (<var>struct sha224_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha224_005fupdate-44"></a></var><br>
824
<blockquote><p>Hash some more data.
825
</p></blockquote></div>
826
827
<div class="defun">
828
— Function: void <b>sha224_digest</b> (<var>struct sha224_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha224_005fdigest-45"></a></var><br>
829
<blockquote><p>Performs final processing and extracts the message digest, writing it
830
to <var>digest</var>. <var>length</var> may be smaller than
831
<code>SHA224_DIGEST_SIZE</code>, in which case only the first <var>length</var>
832
octets of the digest are written.
833
834
<p>This function also resets the context in the same way as
835
<code>sha224_init</code>.
836
</p></blockquote></div>
837
838
<h4 class="subsection">6.1.8 <acronym>SHA512</acronym></h4>
839
840
<p>SHA512 is a larger sibling to SHA256, with a very similar structure but
841
with both the output and the internal variables of twice the size. The
842
internal variables are 64 bits rather than 32, making it significantly
843
slower on 32-bit computers. It outputs hash values of 512 bits, or 64
844
octets. Nettle defines SHA512 in <samp><span class="file"><nettle/sha.h></span></samp>.
845
846
<p>The functions are analogous to the MD5 ones.
847
848
<div class="defun">
849
— Context struct: <b>struct sha512_ctx</b><var><a name="index-struct-sha512_005fctx-46"></a></var><br>
850
</div>
851
852
<div class="defun">
853
— Constant: <b>SHA512_DIGEST_SIZE</b><var><a name="index-SHA512_005fDIGEST_005fSIZE-47"></a></var><br>
854
<blockquote><p>The size of an SHA512 digest, i.e. 64.
855
</p></blockquote></div>
856
857
<div class="defun">
858
— Constant: <b>SHA512_DATA_SIZE</b><var><a name="index-SHA512_005fDATA_005fSIZE-48"></a></var><br>
859
<blockquote><p>The internal block size of SHA512. Useful for some special constructions,
860
in particular HMAC-SHA512.
861
</p></blockquote></div>
862
863
<div class="defun">
864
— Function: void <b>sha512_init</b> (<var>struct sha512_ctx *ctx</var>)<var><a name="index-sha512_005finit-49"></a></var><br>
865
<blockquote><p>Initialize the SHA512 state.
866
</p></blockquote></div>
867
868
<div class="defun">
869
— Function: void <b>sha512_update</b> (<var>struct sha512_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha512_005fupdate-50"></a></var><br>
870
<blockquote><p>Hash some more data.
871
</p></blockquote></div>
872
873
<div class="defun">
874
— Function: void <b>sha512_digest</b> (<var>struct sha512_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha512_005fdigest-51"></a></var><br>
875
<blockquote><p>Performs final processing and extracts the message digest, writing it
876
to <var>digest</var>. <var>length</var> may be smaller than
877
<code>SHA512_DIGEST_SIZE</code>, in which case only the first <var>length</var>
878
octets of the digest are written.
879
880
<p>This function also resets the context in the same way as
881
<code>sha512_init</code>.
882
</p></blockquote></div>
883
884
<h4 class="subsection">6.1.9 <acronym>SHA384</acronym></h4>
885
886
<p>SHA384 is a variant of SHA512, with a different initial state, and with
887
the output truncated to 384 bits, or 48 octets. Nettle defines SHA384 in
888
<samp><span class="file"><nettle/sha.h></span></samp>.
889
890
<p>The functions are analogous to the MD5 ones.
891
892
<div class="defun">
893
— Context struct: <b>struct sha384_ctx</b><var><a name="index-struct-sha384_005fctx-52"></a></var><br>
894
</div>
895
896
<div class="defun">
897
— Constant: <b>SHA384_DIGEST_SIZE</b><var><a name="index-SHA384_005fDIGEST_005fSIZE-53"></a></var><br>
898
<blockquote><p>The size of an SHA384 digest, i.e. 48.
899
</p></blockquote></div>
900
901
<div class="defun">
902
— Constant: <b>SHA384_DATA_SIZE</b><var><a name="index-SHA384_005fDATA_005fSIZE-54"></a></var><br>
903
<blockquote><p>The internal block size of SHA384. Useful for some special constructions,
904
in particular HMAC-SHA384.
905
</p></blockquote></div>
906
907
<div class="defun">
908
— Function: void <b>sha384_init</b> (<var>struct sha384_ctx *ctx</var>)<var><a name="index-sha384_005finit-55"></a></var><br>
909
<blockquote><p>Initialize the SHA384 state.
910
</p></blockquote></div>
911
912
<div class="defun">
913
— Function: void <b>sha384_update</b> (<var>struct sha384_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha384_005fupdate-56"></a></var><br>
914
<blockquote><p>Hash some more data.
915
</p></blockquote></div>
916
917
<div class="defun">
918
— Function: void <b>sha384_digest</b> (<var>struct sha384_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha384_005fdigest-57"></a></var><br>
919
<blockquote><p>Performs final processing and extracts the message digest, writing it
920
to <var>digest</var>. <var>length</var> may be smaller than
921
<code>SHA384_DIGEST_SIZE</code>, in which case only the first <var>length</var>
922
octets of the digest are written.
923
924
<p>This function also resets the context in the same way as
925
<code>sha384_init</code>.
926
</p></blockquote></div>
927
928
<h4 class="subsection">6.1.10 <code>struct nettle_hash</code></h4>
1168
<h5 class="subsubsection">6.1.2.6 <acronym>GOSTHASH94</acronym></h5>
1169
1170
<p>The GOST94 or GOST R 34.11-94 hash algorithm is a Soviet-era algorithm
1171
used in Russian government standards (see <cite>RFC 4357</cite>).
1172
It outputs message digests of 256 bits, or 32 octets.
1173
Nettle defines GOSTHASH94 in <samp><span class="file"><nettle/gosthash94.h></span></samp>.
1174
1175
<div class="defun">
1176
— Context struct: <b>struct gosthash94_ctx</b><var><a name="index-struct-gosthash94_005fctx-82"></a></var><br>
1177
</div>
1178
1179
<div class="defun">
1180
— Constant: <b>GOSTHASH94_DIGEST_SIZE</b><var><a name="index-GOSTHASH94_005fDIGEST_005fSIZE-83"></a></var><br>
1181
<blockquote><p>The size of a GOSTHASH94 digest, i.e. 32.
1182
</p></blockquote></div>
1183
1184
<div class="defun">
1185
— Constant: <b>GOSTHASH94_DATA_SIZE</b><var><a name="index-GOSTHASH94_005fDATA_005fSIZE-84"></a></var><br>
1186
<blockquote><p>The internal block size of GOSTHASH94, i.e., 32.
1187
</p></blockquote></div>
1188
1189
<div class="defun">
1190
— Function: void <b>gosthash94_init</b> (<var>struct gosthash94_ctx *ctx</var>)<var><a name="index-gosthash94_005finit-85"></a></var><br>
1191
<blockquote><p>Initialize the GOSTHASH94 state.
1192
</p></blockquote></div>
1193
1194
<div class="defun">
1195
— Function: void <b>gosthash94_update</b> (<var>struct gosthash94_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-gosthash94_005fupdate-86"></a></var><br>
1196
<blockquote><p>Hash some more data.
1197
</p></blockquote></div>
1198
1199
<div class="defun">
1200
— Function: void <b>gosthash94_digest</b> (<var>struct gosthash94_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-gosthash94_005fdigest-87"></a></var><br>
1201
<blockquote><p>Performs final processing and extracts the message digest, writing it
1202
to <var>digest</var>. <var>length</var> may be smaller than
1203
<code>GOSTHASH94_DIGEST_SIZE</code>, in which case only the first <var>length</var>
1204
octets of the digest are written.
1205
1206
<p>This function also resets the context in the same way as
1207
<code>gosthash94_init</code>.
1208
</p></blockquote></div>
1209
1210
<div class="node">
1211
<a name="nettle_hash-abstraction"></a>
1212
<a name="nettle_005fhash-abstraction"></a>
1213
<p><hr>
1214
Previous: <a rel="previous" accesskey="p" href="#Legacy-hash-functions">Legacy hash functions</a>,
1215
Up: <a rel="up" accesskey="u" href="#Hash-functions">Hash functions</a>
1216
1217
</div>
1218
1219
<!-- node-name, next, previous, up -->
1220
<h4 class="subsection">6.1.3 The nettle_hash abstraction</h4>
929
1221
930
1222
<p>Nettle includes a struct including information about the supported hash
931
1223
functions. It is defined in <samp><span class="file"><nettle/nettle-meta.h></span></samp>, and is used
932
1224
by Nettle's implementation of <acronym>HMAC</acronym> (see <a href="#Keyed-hash-functions">Keyed hash functions</a>).
933
1225
934
1226
<div class="defun">
935
— Meta struct: <code>struct nettle_hash</code><var> name context_size digest_size block_size init update digest<a name="index-g_t_0040code_007bstruct-nettle_005fhash_007d-58"></a></var><br>
1227
— Meta struct: <code>struct nettle_hash</code><var> name context_size digest_size block_size init update digest<a name="index-g_t_0040code_007bstruct-nettle_005fhash_007d-88"></a></var><br>
936
1228
<blockquote><p>The last three attributes are function pointers, of types
937
1229
<code>nettle_hash_init_func</code>, <code>nettle_hash_update_func</code>, and
938
1230
<code>nettle_hash_digest_func</code>. The first argument to these functions is
941
1233
</p></blockquote></div>
942
1234
943
1235
<div class="defun">
944
— Constant Struct: struct nettle_hash <b>nettle_md2</b><var><a name="index-nettle_005fmd2-59"></a></var><br>
945
— Constant Struct: struct nettle_hash <b>nettle_md4</b><var><a name="index-nettle_005fmd4-60"></a></var><br>
946
— Constant Struct: struct nettle_hash <b>nettle_md5</b><var><a name="index-nettle_005fmd5-61"></a></var><br>
947
— Constant Struct: struct nettle_hash <b>nettle_ripemd160</b><var><a name="index-nettle_005fripemd160-62"></a></var><br>
948
— Constant Struct: struct nettle_hash <b>nettle_sha1</b><var><a name="index-nettle_005fsha1-63"></a></var><br>
949
— Constant Struct: struct nettle_hash <b>nettle_sha224</b><var><a name="index-nettle_005fsha224-64"></a></var><br>
950
— Constant Struct: struct nettle_hash <b>nettle_sha256</b><var><a name="index-nettle_005fsha256-65"></a></var><br>
951
— Constant Struct: struct nettle_hash <b>nettle_sha384</b><var><a name="index-nettle_005fsha384-66"></a></var><br>
952
— Constant Struct: struct nettle_hash <b>nettle_sha512</b><var><a name="index-nettle_005fsha512-67"></a></var><br>
953
<blockquote>
954
<p>These are all the hash functions that Nettle implements.
955
956
<p>Nettle also exports a list of all these hashes. This list can be used
957
to dynamically enumerate or search the supported algorithms:
958
959
— Constant Struct: struct nettle_hash ** <b>nettle_hashes</b><var><a name="index-nettle_005fhashes-68"></a></var><br>
960
961
</div>
1236
— Constant Struct: struct nettle_hash <b>nettle_md2</b><var><a name="index-nettle_005fmd2-89"></a></var><br>
1237
— Constant Struct: struct nettle_hash <b>nettle_md4</b><var><a name="index-nettle_005fmd4-90"></a></var><br>
1238
— Constant Struct: struct nettle_hash <b>nettle_md5</b><var><a name="index-nettle_005fmd5-91"></a></var><br>
1239
— Constant Struct: struct nettle_hash <b>nettle_ripemd160</b><var><a name="index-nettle_005fripemd160-92"></a></var><br>
1240
— Constant Struct: struct nettle_hash <b>nettle_sha1</b><var><a name="index-nettle_005fsha1-93"></a></var><br>
1241
— Constant Struct: struct nettle_hash <b>nettle_sha224</b><var><a name="index-nettle_005fsha224-94"></a></var><br>
1242
— Constant Struct: struct nettle_hash <b>nettle_sha256</b><var><a name="index-nettle_005fsha256-95"></a></var><br>
1243
— Constant Struct: struct nettle_hash <b>nettle_sha384</b><var><a name="index-nettle_005fsha384-96"></a></var><br>
1244
— Constant Struct: struct nettle_hash <b>nettle_sha512</b><var><a name="index-nettle_005fsha512-97"></a></var><br>
1245
— Constant Struct: struct nettle_hash <b>nettle_sha3_256</b><var><a name="index-nettle_005fsha3_005f256-98"></a></var><br>
1246
— Constant Struct: struct nettle_hash <b>nettle_gosthash94</b><var><a name="index-nettle_005fgosthash94-99"></a></var><br>
1247
<blockquote><p>These are all the hash functions that Nettle implements.
1248
</p></blockquote></div>
1249
1250
<p>Nettle also exports a list of all these hashes.
1251
1252
<div class="defun">
1253
— Constant Array: struct nettle_hash ** <b>nettle_hashes</b><var><a name="index-nettle_005fhashes-100"></a></var><br>
1254
<blockquote><p>This list can be used to dynamically enumerate or search the supported
1255
algorithms. NULL-terminated.
1256
</p></blockquote></div>
962
1257
963
1258
<div class="node">
964
1259
<a name="Cipher-functions"></a>
972
1267
<!-- node-name, next, previous, up -->
973
1268
<h3 class="section">6.2 Cipher functions</h3>
974
1269
975
<p><a name="index-Cipher-69"></a>
1270
<p><a name="index-Cipher-101"></a>
976
1271
A <dfn>cipher</dfn> is a function that takes a message or <dfn>plaintext</dfn>
977
1272
and a secret <dfn>key</dfn> and transforms it to a <dfn>ciphertext</dfn>. Given
978
1273
only the ciphertext, but not the key, it should be hard to find the
979
1274
plaintext. Given matching pairs of plaintext and ciphertext, it should
980
1275
be hard to find the key.
981
1276
982
<p><a name="index-Block-Cipher-70"></a><a name="index-Stream-Cipher-71"></a>
1277
<p><a name="index-Block-Cipher-102"></a><a name="index-Stream-Cipher-103"></a>
983
1278
There are two main classes of ciphers: Block ciphers and stream ciphers.
984
1279
985
1280
<p>A block cipher can process data only in fixed size chunks, called
1054
1349
keys. Nettle defines AES in <samp><span class="file"><nettle/aes.h></span></samp>.
1055
1350
1056
1351
<div class="defun">
1057
— Context struct: <b>struct aes_ctx</b><var><a name="index-struct-aes_005fctx-72"></a></var><br>
1352
— Context struct: <b>struct aes_ctx</b><var><a name="index-struct-aes_005fctx-104"></a></var><br>
1058
1353
</div>
1059
1354
1060
1355
<div class="defun">
1061
— Constant: <b>AES_BLOCK_SIZE</b><var><a name="index-AES_005fBLOCK_005fSIZE-73"></a></var><br>
1356
— Constant: <b>AES_BLOCK_SIZE</b><var><a name="index-AES_005fBLOCK_005fSIZE-105"></a></var><br>
1062
1357
<blockquote><p>The AES block-size, 16
1063
1358
</p></blockquote></div>
1064
1359
1065
1360
<div class="defun">
1066
— Constant: <b>AES_MIN_KEY_SIZE</b><var><a name="index-AES_005fMIN_005fKEY_005fSIZE-74"></a></var><br>
1067
</div>
1068
1069
<div class="defun">
1070
— Constant: <b>AES_MAX_KEY_SIZE</b><var><a name="index-AES_005fMAX_005fKEY_005fSIZE-75"></a></var><br>
1071
</div>
1072
1073
<div class="defun">
1074
— Constant: <b>AES_KEY_SIZE</b><var><a name="index-AES_005fKEY_005fSIZE-76"></a></var><br>
1361
— Constant: <b>AES_MIN_KEY_SIZE</b><var><a name="index-AES_005fMIN_005fKEY_005fSIZE-106"></a></var><br>
1362
</div>
1363
1364
<div class="defun">
1365
— Constant: <b>AES_MAX_KEY_SIZE</b><var><a name="index-AES_005fMAX_005fKEY_005fSIZE-107"></a></var><br>
1366
</div>
1367
1368
<div class="defun">
1369
— Constant: <b>AES_KEY_SIZE</b><var><a name="index-AES_005fKEY_005fSIZE-108"></a></var><br>
1075
1370
<blockquote><p>Default AES key size, 32
1076
1371
</p></blockquote></div>
1077
1372
1078
1373
<div class="defun">
1079
— Function: void <b>aes_set_encrypt_key</b> (<var>struct aes_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-aes_005fset_005fencrypt_005fkey-77"></a></var><br>
1080
— Function: void <b>aes_set_decrypt_key</b> (<var>struct aes_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-aes_005fset_005fdecrypt_005fkey-78"></a></var><br>
1374
— Function: void <b>aes_set_encrypt_key</b> (<var>struct aes_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-aes_005fset_005fencrypt_005fkey-109"></a></var><br>
1375
— Function: void <b>aes_set_decrypt_key</b> (<var>struct aes_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-aes_005fset_005fdecrypt_005fkey-110"></a></var><br>
1081
1376
<blockquote><p>Initialize the cipher, for encryption or decryption, respectively.
1082
1377
</p></blockquote></div>
1083
1378
1084
1379
<div class="defun">
1085
— Function: void <b>aes_invert_key</b> (<var>struct aes_ctx *dst, const struct aes_ctx *src</var>)<var><a name="index-aes_005finvert_005fkey-79"></a></var><br>
1380
— Function: void <b>aes_invert_key</b> (<var>struct aes_ctx *dst, const struct aes_ctx *src</var>)<var><a name="index-aes_005finvert_005fkey-111"></a></var><br>
1086
1381
<blockquote><p>Given a context <var>src</var> initialized for encryption, initializes the
1087
1382
context struct <var>dst</var> for decryption, using the same key. If the same
1088
1383
context struct is passed for both <code>src</code> and <code>dst</code>, it is
1094
1389
</p></blockquote></div>
1095
1390
1096
1391
<div class="defun">
1097
— Function: void <b>aes_encrypt</b> (<var>struct aes_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-aes_005fencrypt-80"></a></var><br>
1392
— Function: void <b>aes_encrypt</b> (<var>struct aes_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-aes_005fencrypt-112"></a></var><br>
1098
1393
<blockquote><p>Encryption function. <var>length</var> must be an integral multiple of the
1099
1394
block size. If it is more than one block, the data is processed in ECB
1100
1395
mode. <code>src</code> and <code>dst</code> may be equal, but they must not overlap
1102
1397
</p></blockquote></div>
1103
1398
1104
1399
<div class="defun">
1105
— Function: void <b>aes_decrypt</b> (<var>struct aes_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-aes_005fdecrypt-81"></a></var><br>
1400
— Function: void <b>aes_decrypt</b> (<var>struct aes_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-aes_005fdecrypt-113"></a></var><br>
1106
1401
<blockquote><p>Analogous to <code>aes_encrypt</code>
1107
1402
</p></blockquote></div>
1108
1403
1138
1433
<p>Nettle defines ARCFOUR in <samp><span class="file"><nettle/arcfour.h></span></samp>.
1139
1434
1140
1435
<div class="defun">
1141
— Context struct: <b>struct arcfour_ctx</b><var><a name="index-struct-arcfour_005fctx-82"></a></var><br>
1436
— Context struct: <b>struct arcfour_ctx</b><var><a name="index-struct-arcfour_005fctx-114"></a></var><br>
1142
1437
</div>
1143
1438
1144
1439
<div class="defun">
1145
— Constant: <b>ARCFOUR_MIN_KEY_SIZE</b><var><a name="index-ARCFOUR_005fMIN_005fKEY_005fSIZE-83"></a></var><br>
1440
— Constant: <b>ARCFOUR_MIN_KEY_SIZE</b><var><a name="index-ARCFOUR_005fMIN_005fKEY_005fSIZE-115"></a></var><br>
1146
1441
<blockquote><p>Minimum key size, 1
1147
1442
</p></blockquote></div>
1148
1443
1149
1444
<div class="defun">
1150
— Constant: <b>ARCFOUR_MAX_KEY_SIZE</b><var><a name="index-ARCFOUR_005fMAX_005fKEY_005fSIZE-84"></a></var><br>
1445
— Constant: <b>ARCFOUR_MAX_KEY_SIZE</b><var><a name="index-ARCFOUR_005fMAX_005fKEY_005fSIZE-116"></a></var><br>
1151
1446
<blockquote><p>Maximum key size, 256
1152
1447
</p></blockquote></div>
1153
1448
1154
1449
<div class="defun">
1155
— Constant: <b>ARCFOUR_KEY_SIZE</b><var><a name="index-ARCFOUR_005fKEY_005fSIZE-85"></a></var><br>
1450
— Constant: <b>ARCFOUR_KEY_SIZE</b><var><a name="index-ARCFOUR_005fKEY_005fSIZE-117"></a></var><br>
1156
1451
<blockquote><p>Default ARCFOUR key size, 16
1157
1452
</p></blockquote></div>
1158
1453
1159
1454
<div class="defun">
1160
— Function: void <b>arcfour_set_key</b> (<var>struct arcfour_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-arcfour_005fset_005fkey-86"></a></var><br>
1455
— Function: void <b>arcfour_set_key</b> (<var>struct arcfour_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-arcfour_005fset_005fkey-118"></a></var><br>
1161
1456
<blockquote><p>Initialize the cipher. The same function is used for both encryption and
1162
1457
decryption.
1163
1458
</p></blockquote></div>
1164
1459
1165
1460
<div class="defun">
1166
— Function: void <b>arcfour_crypt</b> (<var>struct arcfour_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-arcfour_005fcrypt-87"></a></var><br>
1461
— Function: void <b>arcfour_crypt</b> (<var>struct arcfour_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-arcfour_005fcrypt-119"></a></var><br>
1167
1462
<blockquote><p>Encrypt some data. The same function is used for both encryption and
1168
1463
decryption. Unlike the block ciphers, this function modifies the
1169
1464
context, so you can split the data into arbitrary chunks and encrypt
1191
1486
standards.
1192
1487
1193
1488
<div class="defun">
1194
— Context struct: <b>struct arctwo_ctx</b><var><a name="index-struct-arctwo_005fctx-88"></a></var><br>
1489
— Context struct: <b>struct arctwo_ctx</b><var><a name="index-struct-arctwo_005fctx-120"></a></var><br>
1195
1490
</div>
1196
1491
1197
1492
<div class="defun">
1198
— Constant: <b>ARCTWO_BLOCK_SIZE</b><var><a name="index-ARCTWO_005fBLOCK_005fSIZE-89"></a></var><br>
1493
— Constant: <b>ARCTWO_BLOCK_SIZE</b><var><a name="index-ARCTWO_005fBLOCK_005fSIZE-121"></a></var><br>
1199
1494
<blockquote><p>The ARCTWO block-size, 8
1200
1495
</p></blockquote></div>
1201
1496
1202
1497
<div class="defun">
1203
— Constant: <b>ARCTWO_MIN_KEY_SIZE</b><var><a name="index-ARCTWO_005fMIN_005fKEY_005fSIZE-90"></a></var><br>
1204
</div>
1205
1206
<div class="defun">
1207
— Constant: <b>ARCTWO_MAX_KEY_SIZE</b><var><a name="index-ARCTWO_005fMAX_005fKEY_005fSIZE-91"></a></var><br>
1208
</div>
1209
1210
<div class="defun">
1211
— Constant: <b>ARCTWO_KEY_SIZE</b><var><a name="index-ARCTWO_005fKEY_005fSIZE-92"></a></var><br>
1498
— Constant: <b>ARCTWO_MIN_KEY_SIZE</b><var><a name="index-ARCTWO_005fMIN_005fKEY_005fSIZE-122"></a></var><br>
1499
</div>
1500
1501
<div class="defun">
1502
— Constant: <b>ARCTWO_MAX_KEY_SIZE</b><var><a name="index-ARCTWO_005fMAX_005fKEY_005fSIZE-123"></a></var><br>
1503
</div>
1504
1505
<div class="defun">
1506
— Constant: <b>ARCTWO_KEY_SIZE</b><var><a name="index-ARCTWO_005fKEY_005fSIZE-124"></a></var><br>
1212
1507
<blockquote><p>Default ARCTWO key size, 8
1213
1508
</p></blockquote></div>
1214
1509
1215
1510
<div class="defun">
1216
— Function: void <b>arctwo_set_key_ekb</b> (<var>struct arctwo_ctx *ctx, unsigned length, const uint8_t *key, unsigned ekb</var>)<var><a name="index-arctwo_005fset_005fkey_005fekb-93"></a></var><br>
1217
— Function: void <b>arctwo_set_key</b> (<var>struct arctwo_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-arctwo_005fset_005fkey-94"></a></var><br>
1218
— Function: void <b>arctwo_set_key_gutmann</b> (<var>struct arctwo_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-arctwo_005fset_005fkey_005fgutmann-95"></a></var><br>
1511
— Function: void <b>arctwo_set_key_ekb</b> (<var>struct arctwo_ctx *ctx, unsigned length, const uint8_t *key, unsigned ekb</var>)<var><a name="index-arctwo_005fset_005fkey_005fekb-125"></a></var><br>
1512
— Function: void <b>arctwo_set_key</b> (<var>struct arctwo_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-arctwo_005fset_005fkey-126"></a></var><br>
1513
— Function: void <b>arctwo_set_key_gutmann</b> (<var>struct arctwo_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-arctwo_005fset_005fkey_005fgutmann-127"></a></var><br>
1219
1514
<blockquote><p>Initialize the cipher. The same function is used for both encryption
1220
1515
and decryption. The first function is the most general one, which lets
1221
1516
you provide both the variable size key, and the desired effective key
1229
1524
</p></blockquote></div>
1230
1525
1231
1526
<div class="defun">
1232
— Function: void <b>arctwo_encrypt</b> (<var>struct arctwo_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-arctwo_005fencrypt-96"></a></var><br>
1527
— Function: void <b>arctwo_encrypt</b> (<var>struct arctwo_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-arctwo_005fencrypt-128"></a></var><br>
1233
1528
<blockquote><p>Encryption function. <var>length</var> must be an integral multiple of the
1234
1529
block size. If it is more than one block, the data is processed in ECB
1235
1530
mode. <code>src</code> and <code>dst</code> may be equal, but they must not
1237
1532
</p></blockquote></div>
1238
1533
1239
1534
<div class="defun">
1240
— Function: void <b>arctwo_decrypt</b> (<var>struct arctwo_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-arctwo_005fdecrypt-97"></a></var><br>
1535
— Function: void <b>arctwo_decrypt</b> (<var>struct arctwo_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-arctwo_005fdecrypt-129"></a></var><br>
1241
1536
<blockquote><p>Analogous to <code>arctwo_encrypt</code>
1242
1537
</p></blockquote></div>
1243
1538
1248
1543
has some weak keys. Nettle defines BLOWFISH in <samp><span class="file"><nettle/blowfish.h></span></samp>.
1249
1544
1250
1545
<div class="defun">
1251
— Context struct: <b>struct blowfish_ctx</b><var><a name="index-struct-blowfish_005fctx-98"></a></var><br>
1546
— Context struct: <b>struct blowfish_ctx</b><var><a name="index-struct-blowfish_005fctx-130"></a></var><br>
1252
1547
</div>
1253
1548
1254
1549
<div class="defun">
1255
— Constant: <b>BLOWFISH_BLOCK_SIZE</b><var><a name="index-BLOWFISH_005fBLOCK_005fSIZE-99"></a></var><br>
1550
— Constant: <b>BLOWFISH_BLOCK_SIZE</b><var><a name="index-BLOWFISH_005fBLOCK_005fSIZE-131"></a></var><br>
1256
1551
<blockquote><p>The BLOWFISH block-size, 8
1257
1552
</p></blockquote></div>
1258
1553
1259
1554
<div class="defun">
1260
— Constant: <b>BLOWFISH_MIN_KEY_SIZE</b><var><a name="index-BLOWFISH_005fMIN_005fKEY_005fSIZE-100"></a></var><br>
1555
— Constant: <b>BLOWFISH_MIN_KEY_SIZE</b><var><a name="index-BLOWFISH_005fMIN_005fKEY_005fSIZE-132"></a></var><br>
1261
1556
<blockquote><p>Minimum BLOWFISH key size, 8
1262
1557
</p></blockquote></div>
1263
1558
1264
1559
<div class="defun">
1265
— Constant: <b>BLOWFISH_MAX_KEY_SIZE</b><var><a name="index-BLOWFISH_005fMAX_005fKEY_005fSIZE-101"></a></var><br>
1560
— Constant: <b>BLOWFISH_MAX_KEY_SIZE</b><var><a name="index-BLOWFISH_005fMAX_005fKEY_005fSIZE-133"></a></var><br>
1266
1561
<blockquote><p>Maximum BLOWFISH key size, 56
1267
1562
</p></blockquote></div>
1268
1563
1269
1564
<div class="defun">
1270
— Constant: <b>BLOWFISH_KEY_SIZE</b><var><a name="index-BLOWFISH_005fKEY_005fSIZE-102"></a></var><br>
1565
— Constant: <b>BLOWFISH_KEY_SIZE</b><var><a name="index-BLOWFISH_005fKEY_005fSIZE-134"></a></var><br>
1271
1566
<blockquote><p>Default BLOWFISH key size, 16
1272
1567
</p></blockquote></div>
1273
1568
1274
1569
<div class="defun">
1275
— Function: int <b>blowfish_set_key</b> (<var>struct blowfish_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-blowfish_005fset_005fkey-103"></a></var><br>
1570
— Function: int <b>blowfish_set_key</b> (<var>struct blowfish_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-blowfish_005fset_005fkey-135"></a></var><br>
1276
1571
<blockquote><p>Initialize the cipher. The same function is used for both encryption and
1277
1572
decryption. Checks for weak keys, returning 1
1278
1573
for good keys and 0 for weak keys. Applications that don't care about
1283
1578
</p></blockquote></div>
1284
1579
1285
1580
<div class="defun">
1286
— Function: void <b>blowfish_encrypt</b> (<var>struct blowfish_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-blowfish_005fencrypt-104"></a></var><br>
1581
— Function: void <b>blowfish_encrypt</b> (<var>struct blowfish_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-blowfish_005fencrypt-136"></a></var><br>
1287
1582
<blockquote><p>Encryption function. <var>length</var> must be an integral multiple of the
1288
1583
block size. If it is more than one block, the data is processed in ECB
1289
1584
mode. <code>src</code> and <code>dst</code> may be equal, but they must not overlap
1291
1586
</p></blockquote></div>
1292
1587
1293
1588
<div class="defun">
1294
— Function: void <b>blowfish_decrypt</b> (<var>struct blowfish_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-blowfish_005fdecrypt-105"></a></var><br>
1589
— Function: void <b>blowfish_decrypt</b> (<var>struct blowfish_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-blowfish_005fdecrypt-137"></a></var><br>
1295
1590
<blockquote><p>Analogous to <code>blowfish_encrypt</code>
1296
1591
</p></blockquote></div>
1297
1592
1312
1607
256 bits. Nettle defines Camellia in <samp><span class="file"><nettle/camellia.h></span></samp>.
1313
1608
1314
1609
<div class="defun">
1315
— Context struct: <b>struct camellia_ctx</b><var><a name="index-struct-camellia_005fctx-106"></a></var><br>
1610
— Context struct: <b>struct camellia_ctx</b><var><a name="index-struct-camellia_005fctx-138"></a></var><br>
1316
1611
</div>
1317
1612
1318
1613
<div class="defun">
1319
— Constant: <b>CAMELLIA_BLOCK_SIZE</b><var><a name="index-CAMELLIA_005fBLOCK_005fSIZE-107"></a></var><br>
1614
— Constant: <b>CAMELLIA_BLOCK_SIZE</b><var><a name="index-CAMELLIA_005fBLOCK_005fSIZE-139"></a></var><br>
1320
1615
<blockquote><p>The CAMELLIA block-size, 16
1321
1616
</p></blockquote></div>
1322
1617
1323
1618
<div class="defun">
1324
— Constant: <b>CAMELLIA_MIN_KEY_SIZE</b><var><a name="index-CAMELLIA_005fMIN_005fKEY_005fSIZE-108"></a></var><br>
1325
</div>
1326
1327
<div class="defun">
1328
— Constant: <b>CAMELLIA_MAX_KEY_SIZE</b><var><a name="index-CAMELLIA_005fMAX_005fKEY_005fSIZE-109"></a></var><br>
1329
</div>
1330
1331
<div class="defun">
1332
— Constant: <b>CAMELLIA_KEY_SIZE</b><var><a name="index-CAMELLIA_005fKEY_005fSIZE-110"></a></var><br>
1619
— Constant: <b>CAMELLIA_MIN_KEY_SIZE</b><var><a name="index-CAMELLIA_005fMIN_005fKEY_005fSIZE-140"></a></var><br>
1620
</div>
1621
1622
<div class="defun">
1623
— Constant: <b>CAMELLIA_MAX_KEY_SIZE</b><var><a name="index-CAMELLIA_005fMAX_005fKEY_005fSIZE-141"></a></var><br>
1624
</div>
1625
1626
<div class="defun">
1627
— Constant: <b>CAMELLIA_KEY_SIZE</b><var><a name="index-CAMELLIA_005fKEY_005fSIZE-142"></a></var><br>
1333
1628
<blockquote><p>Default CAMELLIA key size, 32
1334
1629
</p></blockquote></div>
1335
1630
1336
1631
<div class="defun">
1337
— Function: void <b>camellia_set_encrypt_key</b> (<var>struct camellia_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-camellia_005fset_005fencrypt_005fkey-111"></a></var><br>
1338
— Function: void <b>camellia_set_decrypt_key</b> (<var>struct camellia_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-camellia_005fset_005fdecrypt_005fkey-112"></a></var><br>
1632
— Function: void <b>camellia_set_encrypt_key</b> (<var>struct camellia_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-camellia_005fset_005fencrypt_005fkey-143"></a></var><br>
1633
— Function: void <b>camellia_set_decrypt_key</b> (<var>struct camellia_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-camellia_005fset_005fdecrypt_005fkey-144"></a></var><br>
1339
1634
<blockquote><p>Initialize the cipher, for encryption or decryption, respectively.
1340
1635
</p></blockquote></div>
1341
1636
1342
1637
<div class="defun">
1343
— Function: void <b>camellia_invert_key</b> (<var>struct camellia_ctx *dst, const struct camellia_ctx *src</var>)<var><a name="index-camellia_005finvert_005fkey-113"></a></var><br>
1638
— Function: void <b>camellia_invert_key</b> (<var>struct camellia_ctx *dst, const struct camellia_ctx *src</var>)<var><a name="index-camellia_005finvert_005fkey-145"></a></var><br>
1344
1639
<blockquote><p>Given a context <var>src</var> initialized for encryption, initializes the
1345
1640
context struct <var>dst</var> for decryption, using the same key. If the same
1346
1641
context struct is passed for both <code>src</code> and <code>dst</code>, it is
1352
1647
</p></blockquote></div>
1353
1648
1354
1649
<div class="defun">
1355
— Function: void <b>camellia_crypt</b> (<var>struct camellia_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-camellia_005fcrypt-114"></a></var><br>
1650
— Function: void <b>camellia_crypt</b> (<var>struct camellia_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-camellia_005fcrypt-146"></a></var><br>
1356
1651
<blockquote><p>The same function is used for both encryption and decryption.
1357
1652
<var>length</var> must be an integral multiple of the block size. If it is
1358
1653
more than one block, the data is processed in ECB mode. <code>src</code> and
1366
1661
Nettle defines cast128 in <samp><span class="file"><nettle/cast128.h></span></samp>.
1367
1662
1368
1663
<div class="defun">
1369
— Context struct: <b>struct cast128_ctx</b><var><a name="index-struct-cast128_005fctx-115"></a></var><br>
1664
— Context struct: <b>struct cast128_ctx</b><var><a name="index-struct-cast128_005fctx-147"></a></var><br>
1370
1665
</div>
1371
1666
1372
1667
<div class="defun">
1373
— Constant: <b>CAST128_BLOCK_SIZE</b><var><a name="index-CAST128_005fBLOCK_005fSIZE-116"></a></var><br>
1668
— Constant: <b>CAST128_BLOCK_SIZE</b><var><a name="index-CAST128_005fBLOCK_005fSIZE-148"></a></var><br>
1374
1669
<blockquote><p>The CAST128 block-size, 8
1375
1670
</p></blockquote></div>
1376
1671
1377
1672
<div class="defun">
1378
— Constant: <b>CAST128_MIN_KEY_SIZE</b><var><a name="index-CAST128_005fMIN_005fKEY_005fSIZE-117"></a></var><br>
1673
— Constant: <b>CAST128_MIN_KEY_SIZE</b><var><a name="index-CAST128_005fMIN_005fKEY_005fSIZE-149"></a></var><br>
1379
1674
<blockquote><p>Minimum CAST128 key size, 5
1380
1675
</p></blockquote></div>
1381
1676
1382
1677
<div class="defun">
1383
— Constant: <b>CAST128_MAX_KEY_SIZE</b><var><a name="index-CAST128_005fMAX_005fKEY_005fSIZE-118"></a></var><br>
1678
— Constant: <b>CAST128_MAX_KEY_SIZE</b><var><a name="index-CAST128_005fMAX_005fKEY_005fSIZE-150"></a></var><br>
1384
1679
<blockquote><p>Maximum CAST128 key size, 16
1385
1680
</p></blockquote></div>
1386
1681
1387
1682
<div class="defun">
1388
— Constant: <b>CAST128_KEY_SIZE</b><var><a name="index-CAST128_005fKEY_005fSIZE-119"></a></var><br>
1683
— Constant: <b>CAST128_KEY_SIZE</b><var><a name="index-CAST128_005fKEY_005fSIZE-151"></a></var><br>
1389
1684
<blockquote><p>Default CAST128 key size, 16
1390
1685
</p></blockquote></div>
1391
1686
1392
1687
<div class="defun">
1393
— Function: void <b>cast128_set_key</b> (<var>struct cast128_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-cast128_005fset_005fkey-120"></a></var><br>
1688
— Function: void <b>cast128_set_key</b> (<var>struct cast128_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-cast128_005fset_005fkey-152"></a></var><br>
1394
1689
<blockquote><p>Initialize the cipher. The same function is used for both encryption and
1395
1690
decryption.
1396
1691
</p></blockquote></div>
1397
1692
1398
1693
<div class="defun">
1399
— Function: void <b>cast128_encrypt</b> (<var>struct cast128_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-cast128_005fencrypt-121"></a></var><br>
1694
— Function: void <b>cast128_encrypt</b> (<var>struct cast128_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-cast128_005fencrypt-153"></a></var><br>
1400
1695
<blockquote><p>Encryption function. <var>length</var> must be an integral multiple of the
1401
1696
block size. If it is more than one block, the data is processed in ECB
1402
1697
mode. <code>src</code> and <code>dst</code> may be equal, but they must not overlap
1404
1699
</p></blockquote></div>
1405
1700
1406
1701
<div class="defun">
1407
— Function: void <b>cast128_decrypt</b> (<var>struct cast128_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-cast128_005fdecrypt-122"></a></var><br>
1702
— Function: void <b>cast128_decrypt</b> (<var>struct cast128_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-cast128_005fdecrypt-154"></a></var><br>
1408
1703
<blockquote><p>Analogous to <code>cast128_encrypt</code>
1409
1704
</p></blockquote></div>
1410
1705
1426
1721
<p>DES also has some weak keys. Nettle defines DES in <samp><span class="file"><nettle/des.h></span></samp>.
1427
1722
1428
1723
<div class="defun">
1429
— Context struct: <b>struct des_ctx</b><var><a name="index-struct-des_005fctx-123"></a></var><br>
1724
— Context struct: <b>struct des_ctx</b><var><a name="index-struct-des_005fctx-155"></a></var><br>
1430
1725
</div>
1431
1726
1432
1727
<div class="defun">
1433
— Constant: <b>DES_BLOCK_SIZE</b><var><a name="index-DES_005fBLOCK_005fSIZE-124"></a></var><br>
1728
— Constant: <b>DES_BLOCK_SIZE</b><var><a name="index-DES_005fBLOCK_005fSIZE-156"></a></var><br>
1434
1729
<blockquote><p>The DES block-size, 8
1435
1730
</p></blockquote></div>
1436
1731
1437
1732
<div class="defun">
1438
— Constant: <b>DES_KEY_SIZE</b><var><a name="index-DES_005fKEY_005fSIZE-125"></a></var><br>
1733
— Constant: <b>DES_KEY_SIZE</b><var><a name="index-DES_005fKEY_005fSIZE-157"></a></var><br>
1439
1734
<blockquote><p>DES key size, 8
1440
1735
</p></blockquote></div>
1441
1736
1442
1737
<div class="defun">
1443
— Function: int <b>des_set_key</b> (<var>struct des_ctx *ctx, const uint8_t *key</var>)<var><a name="index-des_005fset_005fkey-126"></a></var><br>
1738
— Function: int <b>des_set_key</b> (<var>struct des_ctx *ctx, const uint8_t *key</var>)<var><a name="index-des_005fset_005fkey-158"></a></var><br>
1444
1739
<blockquote><p>Initialize the cipher. The same function is used for both encryption and
1445
1740
decryption. Parity bits are ignored. Checks for weak keys, returning 1
1446
1741
for good keys and 0 for weak keys. Applications that don't care about
1448
1743
</p></blockquote></div>
1449
1744
1450
1745
<div class="defun">
1451
— Function: void <b>des_encrypt</b> (<var>struct des_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-des_005fencrypt-127"></a></var><br>
1746
— Function: void <b>des_encrypt</b> (<var>struct des_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-des_005fencrypt-159"></a></var><br>
1452
1747
<blockquote><p>Encryption function. <var>length</var> must be an integral multiple of the
1453
1748
block size. If it is more than one block, the data is processed in ECB
1454
1749
mode. <code>src</code> and <code>dst</code> may be equal, but they must not overlap
1456
1751
</p></blockquote></div>
1457
1752
1458
1753
<div class="defun">
1459
— Function: void <b>des_decrypt</b> (<var>struct des_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-des_005fdecrypt-128"></a></var><br>
1754
— Function: void <b>des_decrypt</b> (<var>struct des_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-des_005fdecrypt-160"></a></var><br>
1460
1755
<blockquote><p>Analogous to <code>des_encrypt</code>
1461
1756
</p></blockquote></div>
1462
1757
1463
1758
<div class="defun">
1464
— Function: int <b>des_check_parity</b> (<var>unsigned length, const uint8_t *key</var>)<var>;<a name="index-des_005fcheck_005fparity-129"></a></var><br>
1759
— Function: int <b>des_check_parity</b> (<var>unsigned length, const uint8_t *key</var>)<var>;<a name="index-des_005fcheck_005fparity-161"></a></var><br>
1465
1760
<blockquote><p>Checks that the given key has correct, odd, parity. Returns 1 for
1466
1761
correct parity, and 0 for bad parity.
1467
1762
</p></blockquote></div>
1468
1763
1469
1764
<div class="defun">
1470
— Function: void <b>des_fix_parity</b> (<var>unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-des_005ffix_005fparity-130"></a></var><br>
1765
— Function: void <b>des_fix_parity</b> (<var>unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-des_005ffix_005fparity-162"></a></var><br>
1471
1766
<blockquote><p>Adjusts the parity bits to match DES's requirements. You need this
1472
1767
function if you have created a random-looking string by a key agreement
1473
1768
protocol, and want to use it as a DES key. <var>dst</var> and <var>src</var> may
1510
1805
<samp><span class="file"><nettle/des.h></span></samp>.
1511
1806
1512
1807
<div class="defun">
1513
— Context struct: <b>struct des3_ctx</b><var><a name="index-struct-des3_005fctx-131"></a></var><br>
1808
— Context struct: <b>struct des3_ctx</b><var><a name="index-struct-des3_005fctx-163"></a></var><br>
1514
1809
</div>
1515
1810
1516
1811
<div class="defun">
1517
— Constant: <b>DES3_BLOCK_SIZE</b><var><a name="index-DES3_005fBLOCK_005fSIZE-132"></a></var><br>
1812
— Constant: <b>DES3_BLOCK_SIZE</b><var><a name="index-DES3_005fBLOCK_005fSIZE-164"></a></var><br>
1518
1813
<blockquote><p>The DES3 block-size is the same as DES_BLOCK_SIZE, 8
1519
1814
</p></blockquote></div>
1520
1815
1521
1816
<div class="defun">
1522
— Constant: <b>DES3_KEY_SIZE</b><var><a name="index-DES3_005fKEY_005fSIZE-133"></a></var><br>
1817
— Constant: <b>DES3_KEY_SIZE</b><var><a name="index-DES3_005fKEY_005fSIZE-165"></a></var><br>
1523
1818
<blockquote><p>DES key size, 24
1524
1819
</p></blockquote></div>
1525
1820
1526
1821
<div class="defun">
1527
— Function: int <b>des3_set_key</b> (<var>struct des3_ctx *ctx, const uint8_t *key</var>)<var><a name="index-des3_005fset_005fkey-134"></a></var><br>
1822
— Function: int <b>des3_set_key</b> (<var>struct des3_ctx *ctx, const uint8_t *key</var>)<var><a name="index-des3_005fset_005fkey-166"></a></var><br>
1528
1823
<blockquote><p>Initialize the cipher. The same function is used for both encryption and
1529
1824
decryption. Parity bits are ignored. Checks for weak keys, returning 1
1530
1825
if all three keys are good keys, and 0 if one or more key is weak.
1536
1831
the parity bits before calling <code>des3_set_key</code>.
1537
1832
1538
1833
<div class="defun">
1539
— Function: void <b>des3_encrypt</b> (<var>struct des3_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-des3_005fencrypt-135"></a></var><br>
1834
— Function: void <b>des3_encrypt</b> (<var>struct des3_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-des3_005fencrypt-167"></a></var><br>
1540
1835
<blockquote><p>Encryption function. <var>length</var> must be an integral multiple of the
1541
1836
block size. If it is more than one block, the data is processed in ECB
1542
1837
mode. <code>src</code> and <code>dst</code> may be equal, but they must not overlap
1544
1839
</p></blockquote></div>
1545
1840
1546
1841
<div class="defun">
1547
— Function: void <b>des3_decrypt</b> (<var>struct des3_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-des3_005fdecrypt-136"></a></var><br>
1842
— Function: void <b>des3_decrypt</b> (<var>struct des3_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-des3_005fdecrypt-168"></a></var><br>
1548
1843
<blockquote><p>Analogous to <code>des_encrypt</code>
1549
1844
</p></blockquote></div>
1550
1845
1560
1855
functions as nice and harmless, but ciphers as dangerous munitions.
1561
1856
1562
1857
<p>Salsa20 uses the same idea, but with a new specialized hash function to
1563
mix key, block counter, and a couple of constants (input and output are
1564
the same size, making it not directly applicable for use as a general
1565
hash function). It's also designed for speed; on x86_64, it is currently
1566
the fastest cipher offered by nettle. It uses a block size of 512 bits
1567
(64 octets) and there are two specified key sizes, 128 and 256 bits (16
1568
and 32 octets).
1858
mix key, block counter, and a couple of constants. It's also designed
1859
for speed; on x86_64, it is currently the fastest cipher offered by
1860
nettle. It uses a block size of 512 bits (64 octets) and there are two
1861
specified key sizes, 128 and 256 bits (16 and 32 octets).
1862
1863
<p><strong>Caution:</strong> The hash function used in Salsa20 is <em>not</em>
1864
directly applicable for use as a general hash function. It's <em>not</em>
1865
collision resistant if arbitrary inputs are allowed, and furthermore,
1866
the input and output is of fixed size.
1569
1867
1570
1868
<p>When using Salsa20 to process a message, one specifies both a key and a
1571
1869
<dfn>nonce</dfn>, the latter playing a similar rƓle to the initialization
1578
1876
<samp><span class="file"><nettle/salsa20.h></span></samp>.
1579
1877
1580
1878
<div class="defun">
1581
— Context struct: <b>struct salsa20_ctx</b><var><a name="index-struct-salsa20_005fctx-137"></a></var><br>
1879
— Context struct: <b>struct salsa20_ctx</b><var><a name="index-struct-salsa20_005fctx-169"></a></var><br>
1582
1880
</div>
1583
1881
1584
1882
<div class="defun">
1585
— Constant: <b>SALSA20_MIN_KEY_SIZE</b><var><a name="index-SALSA20_005fMIN_005fKEY_005fSIZE-138"></a></var><br>
1586
— Constant: <b>SALSA20_MAX_KEY_SIZE</b><var><a name="index-SALSA20_005fMAX_005fKEY_005fSIZE-139"></a></var><br>
1883
— Constant: <b>SALSA20_MIN_KEY_SIZE</b><var><a name="index-SALSA20_005fMIN_005fKEY_005fSIZE-170"></a></var><br>
1884
— Constant: <b>SALSA20_MAX_KEY_SIZE</b><var><a name="index-SALSA20_005fMAX_005fKEY_005fSIZE-171"></a></var><br>
1587
1885
<blockquote><p>The two supported key sizes, 16 and 32 octets.
1588
1886
</p></blockquote></div>
1589
1887
1590
1888
<div class="defun">
1591
— Constant: <b>SALSA20_KEY_SIZE</b><var><a name="index-SALSA20_005fKEY_005fSIZE-140"></a></var><br>
1889
— Constant: <b>SALSA20_KEY_SIZE</b><var><a name="index-SALSA20_005fKEY_005fSIZE-172"></a></var><br>
1592
1890
<blockquote><p>Recommended key size, 32.
1593
1891
</p></blockquote></div>
1594
1892
1595
1893
<div class="defun">
1596
— Constant: <b>SALSA20_BLOCK_SIZE</b><var><a name="index-SALSA20_005fBLOCK_005fSIZE-141"></a></var><br>
1894
— Constant: <b>SALSA20_BLOCK_SIZE</b><var><a name="index-SALSA20_005fBLOCK_005fSIZE-173"></a></var><br>
1597
1895
<blockquote><p>Salsa20 block size, 64.
1598
1896
</p></blockquote></div>
1599
1897
1600
1898
<div class="defun">
1601
— Constant: <b>SALSA20_IV_SIZE</b><var><a name="index-SALSA20_005fIV_005fSIZE-142"></a></var><br>
1899
— Constant: <b>SALSA20_IV_SIZE</b><var><a name="index-SALSA20_005fIV_005fSIZE-174"></a></var><br>
1602
1900
<blockquote><p>Size of the <acronym>IV</acronym>, 8.
1603
1901
</p></blockquote></div>
1604
1902
1605
1903
<div class="defun">
1606
— Function: void <b>salsa20_set_key</b> (<var>struct salsa20_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-salsa20_005fset_005fkey-143"></a></var><br>
1904
— Function: void <b>salsa20_set_key</b> (<var>struct salsa20_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-salsa20_005fset_005fkey-175"></a></var><br>
1607
1905
<blockquote><p>Initialize the cipher. The same function is used for both encryption and
1608
1906
decryption. Before using the cipher, you <em>must</em> also call
1609
1907
<code>salsa20_set_iv</code>, see below.
1610
1908
</p></blockquote></div>
1611
1909
1612
1910
<div class="defun">
1613
— Function: void <b>salsa20_set_iv</b> (<var>struct salsa20_ctx *ctx, const uint8_t *iv</var>)<var><a name="index-salsa20_005fset_005fiv-144"></a></var><br>
1911
— Function: void <b>salsa20_set_iv</b> (<var>struct salsa20_ctx *ctx, const uint8_t *iv</var>)<var><a name="index-salsa20_005fset_005fiv-176"></a></var><br>
1614
1912
<blockquote><p>Sets the <acronym>IV</acronym>. It is always of size <code>SALSA20_IV_SIZE</code>, 8
1615
1913
octets. This function also initializes the block counter, setting it to
1616
1914
zero.
1617
1915
</p></blockquote></div>
1618
1916
1619
1917
<div class="defun">
1620
— Function: void <b>salsa20_crypt</b> (<var>struct salsa20_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-salsa20_005fcrypt-145"></a></var><br>
1918
— Function: void <b>salsa20_crypt</b> (<var>struct salsa20_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-salsa20_005fcrypt-177"></a></var><br>
1621
1919
<blockquote><p>Encrypts or decrypts the data of a message, using salsa20. When a
1622
1920
message is encrypted using a sequence of calls to <code>salsa20_crypt</code>,
1623
1921
all but the last call <em>must</em> use a length that is a multiple of
1634
1932
larger ones. Nettle defines SERPENT in <samp><span class="file"><nettle/serpent.h></span></samp>.
1635
1933
1636
1934
<div class="defun">
1637
— Context struct: <b>struct serpent_ctx</b><var><a name="index-struct-serpent_005fctx-146"></a></var><br>
1935
— Context struct: <b>struct serpent_ctx</b><var><a name="index-struct-serpent_005fctx-178"></a></var><br>
1638
1936
</div>
1639
1937
1640
1938
<div class="defun">
1641
— Constant: <b>SERPENT_BLOCK_SIZE</b><var><a name="index-SERPENT_005fBLOCK_005fSIZE-147"></a></var><br>
1939
— Constant: <b>SERPENT_BLOCK_SIZE</b><var><a name="index-SERPENT_005fBLOCK_005fSIZE-179"></a></var><br>
1642
1940
<blockquote><p>The SERPENT block-size, 16
1643
1941
</p></blockquote></div>
1644
1942
1645
1943
<div class="defun">
1646
— Constant: <b>SERPENT_MIN_KEY_SIZE</b><var><a name="index-SERPENT_005fMIN_005fKEY_005fSIZE-148"></a></var><br>
1944
— Constant: <b>SERPENT_MIN_KEY_SIZE</b><var><a name="index-SERPENT_005fMIN_005fKEY_005fSIZE-180"></a></var><br>
1647
1945
<blockquote><p>Minimum SERPENT key size, 16
1648
1946
</p></blockquote></div>
1649
1947
1650
1948
<div class="defun">
1651
— Constant: <b>SERPENT_MAX_KEY_SIZE</b><var><a name="index-SERPENT_005fMAX_005fKEY_005fSIZE-149"></a></var><br>
1949
— Constant: <b>SERPENT_MAX_KEY_SIZE</b><var><a name="index-SERPENT_005fMAX_005fKEY_005fSIZE-181"></a></var><br>
1652
1950
<blockquote><p>Maximum SERPENT key size, 32
1653
1951
</p></blockquote></div>
1654
1952
1655
1953
<div class="defun">
1656
— Constant: <b>SERPENT_KEY_SIZE</b><var><a name="index-SERPENT_005fKEY_005fSIZE-150"></a></var><br>
1954
— Constant: <b>SERPENT_KEY_SIZE</b><var><a name="index-SERPENT_005fKEY_005fSIZE-182"></a></var><br>
1657
1955
<blockquote><p>Default SERPENT key size, 32
1658
1956
</p></blockquote></div>
1659
1957
1660
1958
<div class="defun">
1661
— Function: void <b>serpent_set_key</b> (<var>struct serpent_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-serpent_005fset_005fkey-151"></a></var><br>
1959
— Function: void <b>serpent_set_key</b> (<var>struct serpent_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-serpent_005fset_005fkey-183"></a></var><br>
1662
1960
<blockquote><p>Initialize the cipher. The same function is used for both encryption and
1663
1961
decryption.
1664
1962
</p></blockquote></div>
1665
1963
1666
1964
<div class="defun">
1667
— Function: void <b>serpent_encrypt</b> (<var>struct serpent_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-serpent_005fencrypt-152"></a></var><br>
1965
— Function: void <b>serpent_encrypt</b> (<var>struct serpent_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-serpent_005fencrypt-184"></a></var><br>
1668
1966
<blockquote><p>Encryption function. <var>length</var> must be an integral multiple of the
1669
1967
block size. If it is more than one block, the data is processed in ECB
1670
1968
mode. <code>src</code> and <code>dst</code> may be equal, but they must not overlap
1672
1970
</p></blockquote></div>
1673
1971
1674
1972
<div class="defun">
1675
— Function: void <b>serpent_decrypt</b> (<var>struct serpent_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-serpent_005fdecrypt-153"></a></var><br>
1973
— Function: void <b>serpent_decrypt</b> (<var>struct serpent_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-serpent_005fdecrypt-185"></a></var><br>
1676
1974
<blockquote><p>Analogous to <code>serpent_encrypt</code>
1677
1975
</p></blockquote></div>
1678
1976
1682
1980
Nettle defines it in <samp><span class="file"><nettle/twofish.h></span></samp>.
1683
1981
1684
1982
<div class="defun">
1685
— Context struct: <b>struct twofish_ctx</b><var><a name="index-struct-twofish_005fctx-154"></a></var><br>
1983
— Context struct: <b>struct twofish_ctx</b><var><a name="index-struct-twofish_005fctx-186"></a></var><br>
1686
1984
</div>
1687
1985
1688
1986
<div class="defun">
1689
— Constant: <b>TWOFISH_BLOCK_SIZE</b><var><a name="index-TWOFISH_005fBLOCK_005fSIZE-155"></a></var><br>
1987
— Constant: <b>TWOFISH_BLOCK_SIZE</b><var><a name="index-TWOFISH_005fBLOCK_005fSIZE-187"></a></var><br>
1690
1988
<blockquote><p>The TWOFISH block-size, 16
1691
1989
</p></blockquote></div>
1692
1990
1693
1991
<div class="defun">
1694
— Constant: <b>TWOFISH_MIN_KEY_SIZE</b><var><a name="index-TWOFISH_005fMIN_005fKEY_005fSIZE-156"></a></var><br>
1992
— Constant: <b>TWOFISH_MIN_KEY_SIZE</b><var><a name="index-TWOFISH_005fMIN_005fKEY_005fSIZE-188"></a></var><br>
1695
1993
<blockquote><p>Minimum TWOFISH key size, 16
1696
1994
</p></blockquote></div>
1697
1995
1698
1996
<div class="defun">
1699
— Constant: <b>TWOFISH_MAX_KEY_SIZE</b><var><a name="index-TWOFISH_005fMAX_005fKEY_005fSIZE-157"></a></var><br>
1997
— Constant: <b>TWOFISH_MAX_KEY_SIZE</b><var><a name="index-TWOFISH_005fMAX_005fKEY_005fSIZE-189"></a></var><br>
1700
1998
<blockquote><p>Maximum TWOFISH key size, 32
1701
1999
</p></blockquote></div>
1702
2000
1703
2001
<div class="defun">
1704
— Constant: <b>TWOFISH_KEY_SIZE</b><var><a name="index-TWOFISH_005fKEY_005fSIZE-158"></a></var><br>
2002
— Constant: <b>TWOFISH_KEY_SIZE</b><var><a name="index-TWOFISH_005fKEY_005fSIZE-190"></a></var><br>
1705
2003
<blockquote><p>Default TWOFISH key size, 32
1706
2004
</p></blockquote></div>
1707
2005
1708
2006
<div class="defun">
1709
— Function: void <b>twofish_set_key</b> (<var>struct twofish_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-twofish_005fset_005fkey-159"></a></var><br>
2007
— Function: void <b>twofish_set_key</b> (<var>struct twofish_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-twofish_005fset_005fkey-191"></a></var><br>
1710
2008
<blockquote><p>Initialize the cipher. The same function is used for both encryption and
1711
2009
decryption.
1712
2010
</p></blockquote></div>
1713
2011
1714
2012
<div class="defun">
1715
— Function: void <b>twofish_encrypt</b> (<var>struct twofish_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-twofish_005fencrypt-160"></a></var><br>
2013
— Function: void <b>twofish_encrypt</b> (<var>struct twofish_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-twofish_005fencrypt-192"></a></var><br>
1716
2014
<blockquote><p>Encryption function. <var>length</var> must be an integral multiple of the
1717
2015
block size. If it is more than one block, the data is processed in ECB
1718
2016
mode. <code>src</code> and <code>dst</code> may be equal, but they must not overlap
1720
2018
</p></blockquote></div>
1721
2019
1722
2020
<div class="defun">
1723
— Function: void <b>twofish_decrypt</b> (<var>struct twofish_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-twofish_005fdecrypt-161"></a></var><br>
2021
— Function: void <b>twofish_decrypt</b> (<var>struct twofish_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-twofish_005fdecrypt-193"></a></var><br>
1724
2022
<blockquote><p>Analogous to <code>twofish_encrypt</code>
1725
2023
</p></blockquote></div>
1726
2024
1735
2033
<samp><span class="file"><nettle/nettle-meta.h></span></samp>.
1736
2034
1737
2035
<div class="defun">
1738
— Meta struct: <code>struct nettle_cipher</code><var> name context_size block_size key_size set_encrypt_key set_decrypt_key encrypt decrypt<a name="index-g_t_0040code_007bstruct-nettle_005fcipher_007d-162"></a></var><br>
2036
— Meta struct: <code>struct nettle_cipher</code><var> name context_size block_size key_size set_encrypt_key set_decrypt_key encrypt decrypt<a name="index-g_t_0040code_007bstruct-nettle_005fcipher_007d-194"></a></var><br>
1739
2037
<blockquote><p>The last four attributes are function pointers, of types
1740
2038
<code>nettle_set_key_func</code> and <code>nettle_crypt_func</code>. The first
1741
2039
argument to these functions is a <code>void *</code> pointer to a context
1743
2041
</p></blockquote></div>
1744
2042
1745
2043
<div class="defun">
1746
— Constant Struct: struct nettle_cipher <b>nettle_aes128</b><var><a name="index-nettle_005faes128-163"></a></var><br>
1747
— Constant Struct: struct nettle_cipher <b>nettle_aes192</b><var><a name="index-nettle_005faes192-164"></a></var><br>
1748
— Constant Struct: struct nettle_cipher <b>nettle_aes256</b><var><a name="index-nettle_005faes256-165"></a></var><br>
1749
1750
— Constant Struct: struct nettle_cipher <b>nettle_arctwo40;</b><var><a name="index-nettle_005farctwo40_003b-166"></a></var><br>
1751
— Constant Struct: struct nettle_cipher <b>nettle_arctwo64;</b><var><a name="index-nettle_005farctwo64_003b-167"></a></var><br>
1752
— Constant Struct: struct nettle_cipher <b>nettle_arctwo128;</b><var><a name="index-nettle_005farctwo128_003b-168"></a></var><br>
1753
— Constant Struct: struct nettle_cipher <b>nettle_arctwo_gutmann128;</b><var><a name="index-nettle_005farctwo_005fgutmann128_003b-169"></a></var><br>
1754
1755
— Constant Struct: struct nettle_cipher <b>nettle_arcfour128</b><var><a name="index-nettle_005farcfour128-170"></a></var><br>
1756
1757
— Constant Struct: struct nettle_cipher <b>nettle_camellia128</b><var><a name="index-nettle_005fcamellia128-171"></a></var><br>
1758
— Constant Struct: struct nettle_cipher <b>nettle_camellia192</b><var><a name="index-nettle_005fcamellia192-172"></a></var><br>
1759
— Constant Struct: struct nettle_cipher <b>nettle_camellia256</b><var><a name="index-nettle_005fcamellia256-173"></a></var><br>
1760
1761
— Constant Struct: struct nettle_cipher <b>nettle_cast128</b><var><a name="index-nettle_005fcast128-174"></a></var><br>
1762
1763
— Constant Struct: struct nettle_cipher <b>nettle_serpent128</b><var><a name="index-nettle_005fserpent128-175"></a></var><br>
1764
— Constant Struct: struct nettle_cipher <b>nettle_serpent192</b><var><a name="index-nettle_005fserpent192-176"></a></var><br>
1765
— Constant Struct: struct nettle_cipher <b>nettle_serpent256</b><var><a name="index-nettle_005fserpent256-177"></a></var><br>
1766
1767
— Constant Struct: struct nettle_cipher <b>nettle_twofish128</b><var><a name="index-nettle_005ftwofish128-178"></a></var><br>
1768
— Constant Struct: struct nettle_cipher <b>nettle_twofish192</b><var><a name="index-nettle_005ftwofish192-179"></a></var><br>
1769
— Constant Struct: struct nettle_cipher <b>nettle_twofish256</b><var><a name="index-nettle_005ftwofish256-180"></a></var><br>
1770
<blockquote>
1771
<p>Nettle includes such structs for all the <em>regular</em> ciphers, i.e.
1772
ones without weak keys or other oddities.
1773
1774
<p>Nettle also exports a list of all these ciphers without weak keys or
1775
other oddities. This list can be used to dynamically enumerate or
1776
search the supported algorithms:
1777
1778
— Constant Struct: struct nettle_cipher ** <b>nettle_ciphers</b><var><a name="index-nettle_005fciphers-181"></a></var><br>
1779
1780
</div>
2044
— Constant Struct: struct nettle_cipher <b>nettle_aes128</b><var><a name="index-nettle_005faes128-195"></a></var><br>
2045
— Constant Struct: struct nettle_cipher <b>nettle_aes192</b><var><a name="index-nettle_005faes192-196"></a></var><br>
2046
— Constant Struct: struct nettle_cipher <b>nettle_aes256</b><var><a name="index-nettle_005faes256-197"></a></var><br>
2047
2048
— Constant Struct: struct nettle_cipher <b>nettle_arctwo40</b><var><a name="index-nettle_005farctwo40-198"></a></var><br>
2049
— Constant Struct: struct nettle_cipher <b>nettle_arctwo64</b><var><a name="index-nettle_005farctwo64-199"></a></var><br>
2050
— Constant Struct: struct nettle_cipher <b>nettle_arctwo128</b><var><a name="index-nettle_005farctwo128-200"></a></var><br>
2051
— Constant Struct: struct nettle_cipher <b>nettle_arctwo_gutmann128</b><var><a name="index-nettle_005farctwo_005fgutmann128-201"></a></var><br>
2052
2053
— Constant Struct: struct nettle_cipher <b>nettle_arcfour128</b><var><a name="index-nettle_005farcfour128-202"></a></var><br>
2054
2055
— Constant Struct: struct nettle_cipher <b>nettle_camellia128</b><var><a name="index-nettle_005fcamellia128-203"></a></var><br>
2056
— Constant Struct: struct nettle_cipher <b>nettle_camellia192</b><var><a name="index-nettle_005fcamellia192-204"></a></var><br>
2057
— Constant Struct: struct nettle_cipher <b>nettle_camellia256</b><var><a name="index-nettle_005fcamellia256-205"></a></var><br>
2058
2059
— Constant Struct: struct nettle_cipher <b>nettle_cast128</b><var><a name="index-nettle_005fcast128-206"></a></var><br>
2060
2061
— Constant Struct: struct nettle_cipher <b>nettle_serpent128</b><var><a name="index-nettle_005fserpent128-207"></a></var><br>
2062
— Constant Struct: struct nettle_cipher <b>nettle_serpent192</b><var><a name="index-nettle_005fserpent192-208"></a></var><br>
2063
— Constant Struct: struct nettle_cipher <b>nettle_serpent256</b><var><a name="index-nettle_005fserpent256-209"></a></var><br>
2064
2065
— Constant Struct: struct nettle_cipher <b>nettle_twofish128</b><var><a name="index-nettle_005ftwofish128-210"></a></var><br>
2066
— Constant Struct: struct nettle_cipher <b>nettle_twofish192</b><var><a name="index-nettle_005ftwofish192-211"></a></var><br>
2067
— Constant Struct: struct nettle_cipher <b>nettle_twofish256</b><var><a name="index-nettle_005ftwofish256-212"></a></var><br>
2068
<blockquote><p>Nettle includes such structs for all the <em>regular</em> ciphers, i.e.
2069
ones without weak keys or other oddities.
2070
</p></blockquote></div>
2071
2072
<p>Nettle also exports a list of all these ciphers without weak keys or
2073
other oddities.
2074
2075
<div class="defun">
2076
— Constant Array: struct nettle_cipher ** <b>nettle_ciphers</b><var><a name="index-nettle_005fciphers-213"></a></var><br>
2077
<blockquote><p>This list can be used to dynamically enumerate or search the supported
2078
algorithms. NULL-terminated.
2079
</p></blockquote></div>
1781
2080
1782
2081
<div class="node">
1783
2082
<a name="Cipher-modes"></a>
1798
2097
Book mode, <acronym>ECB</acronym>) leaks information. Besides <acronym>ECB</acronym>,
1799
2098
Nettle provides three other modes of operation: Cipher Block Chaining
1800
2099
(<acronym>CBC</acronym>), Counter mode (<acronym>CTR</acronym>), and Galois/Counter mode
1801
(<acronym>gcm</acronym>). <acronym>CBC</acronym> is widely used, but there are a few
2100
(<acronym>GCM</acronym>). <acronym>CBC</acronym> is widely used, but there are a few
1802
2101
subtle issues of information leakage, see, e.g.,
1803
2102
<a href="http://www.kb.cert.org/vuls/id/958563"><acronym>SSH</acronym> <acronym>CBC</acronym> vulnerability</a>. <acronym>CTR</acronym> and <acronym>GCM</acronym>
1804
2103
were standardized more recently, and are believed to be more secure.
1824
2123
<!-- node-name, next, previous, up -->
1825
2124
<h4 class="subsection">6.3.1 Cipher Block Chaining</h4>
1826
2125
1827
<p><a name="index-Cipher-Block-Chaining-182"></a><a name="index-CBC-Mode-183"></a>
2126
<p><a name="index-Cipher-Block-Chaining-214"></a><a name="index-CBC-Mode-215"></a>
1828
2127
When using <acronym>CBC</acronym> mode, plaintext blocks are not encrypted
1829
2128
independently of each other, like in Electronic Cook Book mode. Instead,
1830
2129
when encrypting a block in <acronym>CBC</acronym> mode, the previous ciphertext
1852
2151
around.
1853
2152
1854
2153
<div class="defun">
1855
— Function: void <b>cbc_encrypt</b> (<var>void *ctx, nettle_crypt_func f, unsigned block_size, uint8_t *iv, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-cbc_005fencrypt-184"></a></var><br>
1856
— Function: void <b>cbc_decrypt</b> (<var>void *ctx, void </var>(<var>*f</var>)()<var>, unsigned block_size, uint8_t *iv, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-cbc_005fdecrypt-185"></a></var><br>
2154
— Function: void <b>cbc_encrypt</b> (<var>void *ctx, nettle_crypt_func f, unsigned block_size, uint8_t *iv, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-cbc_005fencrypt-216"></a></var><br>
2155
— Function: void <b>cbc_decrypt</b> (<var>void *ctx, void </var>(<var>*f</var>)()<var>, unsigned block_size, uint8_t *iv, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-cbc_005fdecrypt-217"></a></var><br>
1857
2156
<blockquote>
1858
2157
<p>Applies the encryption or decryption function <var>f</var> in <acronym>CBC</acronym>
1859
2158
mode. The final ciphertext block processed is copied into <var>iv</var>
1870
2169
<p>There are also some macros to help use these functions correctly.
1871
2170
1872
2171
<div class="defun">
1873
— Macro: <b>CBC_CTX</b> (<var>context_type, block_size</var>)<var><a name="index-CBC_005fCTX-186"></a></var><br>
2172
— Macro: <b>CBC_CTX</b> (<var>context_type, block_size</var>)<var><a name="index-CBC_005fCTX-218"></a></var><br>
1874
2173
<blockquote><p>Expands to
1875
2174
<pre class="example"> {
1876
2175
context_type ctx;
1888
2187
<pre class="example"> struct aes_cbc_ctx CBC_CTX (struct aes_ctx, AES_BLOCK_SIZE);
1889
2188
</pre>
1890
2189
<div class="defun">
1891
— Macro: <b>CBC_SET_IV</b> (<var>ctx, iv</var>)<var><a name="index-CBC_005fSET_005fIV-187"></a></var><br>
2190
— Macro: <b>CBC_SET_IV</b> (<var>ctx, iv</var>)<var><a name="index-CBC_005fSET_005fIV-219"></a></var><br>
1892
2191
<blockquote><p>First argument is a pointer to a context struct as defined by <code>CBC_CTX</code>,
1893
2192
and the second is a pointer to an Initialization Vector (IV) that is
1894
2193
copied into that context.
1895
2194
</p></blockquote></div>
1896
2195
1897
2196
<div class="defun">
1898
— Macro: <b>CBC_ENCRYPT</b> (<var>ctx, f, length, dst, src</var>)<var><a name="index-CBC_005fENCRYPT-188"></a></var><br>
1899
— Macro: <b>CBC_DECRYPT</b> (<var>ctx, f, length, dst, src</var>)<var><a name="index-CBC_005fDECRYPT-189"></a></var><br>
2197
— Macro: <b>CBC_ENCRYPT</b> (<var>ctx, f, length, dst, src</var>)<var><a name="index-CBC_005fENCRYPT-220"></a></var><br>
2198
— Macro: <b>CBC_DECRYPT</b> (<var>ctx, f, length, dst, src</var>)<var><a name="index-CBC_005fDECRYPT-221"></a></var><br>
1900
2199
<blockquote><p>A simpler way to invoke <code>cbc_encrypt</code> and <code>cbc_decrypt</code>. The
1901
2200
first argument is a pointer to a context struct as defined by
1902
2201
<code>CBC_CTX</code>, and the second argument is an encryption or decryption
1920
2219
<!-- node-name, next, previous, up -->
1921
2220
<h4 class="subsection">6.3.2 Counter mode</h4>
1922
2221
1923
<p><a name="index-Counter-Mode-190"></a><a name="index-CTR-Mode-191"></a>
2222
<p><a name="index-Counter-Mode-222"></a><a name="index-CTR-Mode-223"></a>
1924
2223
Counter mode (<acronym>CTR</acronym>) uses the block cipher as a keyed
1925
2224
pseudo-random generator. The output of the generator is XORed with the
1926
2225
data to be encrypted. It can be understood as a way to transform a block
1951
2250
the cipher output is truncated to <code>m</code> bytes.
1952
2251
1953
2252
<div class="defun">
1954
— Function: void <b>ctr_crypt</b> (<var>void *ctx, nettle_crypt_func f, unsigned block_size, uint8_t *ctr, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-ctr_005fcrypt-192"></a></var><br>
2253
— Function: void <b>ctr_crypt</b> (<var>void *ctx, nettle_crypt_func f, unsigned block_size, uint8_t *ctr, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-ctr_005fcrypt-224"></a></var><br>
1955
2254
<blockquote>
1956
2255
<p>Applies the encryption function <var>f</var> in <acronym>CTR</acronym> mode. Note that
1957
2256
for <acronym>CTR</acronym> mode, encryption and decryption is the same operation,
1966
2265
<p>Like for <acronym>CBC</acronym>, there are also a couple of helper macros.
1967
2266
1968
2267
<div class="defun">
1969
— Macro: <b>CTR_CTX</b> (<var>context_type, block_size</var>)<var><a name="index-CTR_005fCTX-193"></a></var><br>
2268
— Macro: <b>CTR_CTX</b> (<var>context_type, block_size</var>)<var><a name="index-CTR_005fCTX-225"></a></var><br>
1970
2269
<blockquote><p>Expands to
1971
2270
<pre class="example"> {
1972
2271
context_type ctx;
1976
2275
</blockquote></div>
1977
2276
1978
2277
<div class="defun">
1979
— Macro: <b>CTR_SET_COUNTER</b> (<var>ctx, iv</var>)<var><a name="index-CTR_005fSET_005fCOUNTER-194"></a></var><br>
2278
— Macro: <b>CTR_SET_COUNTER</b> (<var>ctx, iv</var>)<var><a name="index-CTR_005fSET_005fCOUNTER-226"></a></var><br>
1980
2279
<blockquote><p>First argument is a pointer to a context struct as defined by
1981
2280
<code>CTR_CTX</code>, and the second is a pointer to an initial counter that
1982
2281
is copied into that context.
1983
2282
</p></blockquote></div>
1984
2283
1985
2284
<div class="defun">
1986
— Macro: <b>CTR_CRYPT</b> (<var>ctx, f, length, dst, src</var>)<var><a name="index-CTR_005fCRYPT-195"></a></var><br>
2285
— Macro: <b>CTR_CRYPT</b> (<var>ctx, f, length, dst, src</var>)<var><a name="index-CTR_005fCRYPT-227"></a></var><br>
1987
2286
<blockquote><p>A simpler way to invoke <code>ctr_crypt</code>. The first argument is a
1988
2287
pointer to a context struct as defined by <code>CTR_CTX</code>, and the second
1989
2288
argument is an encryption function following Nettle's conventions. The
2002
2301
<!-- node-name, next, previous, up -->
2003
2302
<h4 class="subsection">6.3.3 Galois counter mode</h4>
2004
2303
2005
<p><a name="index-Galois-Counter-Mode-196"></a><a name="index-GCM-197"></a>
2304
<p><a name="index-Galois-Counter-Mode-228"></a><a name="index-GCM-229"></a>
2006
2305
Galois counter mode is the combination of counter mode with message
2007
2306
authentication based on universal hashing. The main objective of the
2008
2307
design is to provide high performance for hardware implementations,
2033
2332
<h5 class="subsubsection">6.3.3.1 General <acronym>GCM</acronym> interface</h5>
2034
2333
2035
2334
<div class="defun">
2036
— Context struct: <b>struct gcm_key</b><var><a name="index-struct-gcm_005fkey-198"></a></var><br>
2335
— Context struct: <b>struct gcm_key</b><var><a name="index-struct-gcm_005fkey-230"></a></var><br>
2037
2336
<blockquote><p>Message independent hash subkey, and related tables.
2038
2337
</p></blockquote></div>
2039
2338
2040
2339
<div class="defun">
2041
— Context struct: <b>struct gcm_ctx</b><var><a name="index-struct-gcm_005fctx-199"></a></var><br>
2340
— Context struct: <b>struct gcm_ctx</b><var><a name="index-struct-gcm_005fctx-231"></a></var><br>
2042
2341
<blockquote><p>Holds state corresponding to a particular message.
2043
2342
</p></blockquote></div>
2044
2343
2045
2344
<div class="defun">
2046
— Constant: <b>GCM_BLOCK_SIZE</b><var><a name="index-GCM_005fBLOCK_005fSIZE-200"></a></var><br>
2345
— Constant: <b>GCM_BLOCK_SIZE</b><var><a name="index-GCM_005fBLOCK_005fSIZE-232"></a></var><br>
2047
2346
<blockquote><p><acronym>GCM</acronym>'s block size, 16.
2048
2347
</p></blockquote></div>
2049
2348
2050
2349
<div class="defun">
2051
— Constant: <b>GCM_IV_SIZE</b><var><a name="index-GCM_005fIV_005fSIZE-201"></a></var><br>
2350
— Constant: <b>GCM_IV_SIZE</b><var><a name="index-GCM_005fIV_005fSIZE-233"></a></var><br>
2052
2351
<blockquote><p>Recommended size of the <acronym>IV</acronym>, 12. Other sizes are allowed.
2053
2352
</p></blockquote></div>
2054
2353
2055
2354
<div class="defun">
2056
— Function: void <b>gcm_set_key</b> (<var>struct gcm_key *key, void *cipher, nettle_crypt_func *f</var>)<var><a name="index-gcm_005fset_005fkey-202"></a></var><br>
2355
— Function: void <b>gcm_set_key</b> (<var>struct gcm_key *key, void *cipher, nettle_crypt_func *f</var>)<var><a name="index-gcm_005fset_005fkey-234"></a></var><br>
2057
2356
<blockquote><p>Initializes <var>key</var>. <var>cipher</var> gives a context struct for the
2058
2357
underlying cipher, which must have been previously initialized for
2059
2358
encryption, and <var>f</var> is the encryption function.
2060
2359
</p></blockquote></div>
2061
2360
2062
2361
<div class="defun">
2063
— Function: void <b>gcm_set_iv</b> (<var>struct gcm_ctx *ctx, const struct gcm_key *key, unsigned length, const uint8_t *iv</var>)<var><a name="index-gcm_005fset_005fiv-203"></a></var><br>
2362
— Function: void <b>gcm_set_iv</b> (<var>struct gcm_ctx *ctx, const struct gcm_key *key, unsigned length, const uint8_t *iv</var>)<var><a name="index-gcm_005fset_005fiv-235"></a></var><br>
2064
2363
<blockquote><p>Initializes <var>ctx</var> using the given <acronym>IV</acronym>. The <var>key</var>
2065
2364
argument is actually needed only if <var>length</var> differs from
2066
2365
<code>GCM_IV_SIZE</code>.
2067
2366
</p></blockquote></div>
2068
2367
2069
2368
<div class="defun">
2070
— Function: void <b>gcm_update</b> (<var>struct gcm_ctx *ctx, const struct gcm_key *key, unsigned length, const uint8_t *data</var>)<var><a name="index-gcm_005fupdate-204"></a></var><br>
2369
— Function: void <b>gcm_update</b> (<var>struct gcm_ctx *ctx, const struct gcm_key *key, unsigned length, const uint8_t *data</var>)<var><a name="index-gcm_005fupdate-236"></a></var><br>
2071
2370
<blockquote><p>Provides associated data to be authenticated. If used, must be called
2072
2371
before <code>gcm_encrypt</code> or <code>gcm_decrypt</code>. All but the last call
2073
2372
for each message <em>must</em> use a length that is a multiple of the
2075
2374
</p></blockquote></div>
2076
2375
2077
2376
<div class="defun">
2078
— Function: void <b>gcm_encrypt</b> (<var>struct gcm_ctx *ctx, const struct gcm_key *key void *cipher, nettle_crypt_func *f, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-gcm_005fencrypt-205"></a></var><br>
2079
— Function: void <b>gcm_decrypt</b> (<var>struct gcm_ctx *ctx, const struct gcm_key *key, void *cipher, nettle_crypt_func *f, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-gcm_005fdecrypt-206"></a></var><br>
2377
— Function: void <b>gcm_encrypt</b> (<var>struct gcm_ctx *ctx, const struct gcm_key *key void *cipher, nettle_crypt_func *f, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-gcm_005fencrypt-237"></a></var><br>
2378
— Function: void <b>gcm_decrypt</b> (<var>struct gcm_ctx *ctx, const struct gcm_key *key, void *cipher, nettle_crypt_func *f, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-gcm_005fdecrypt-238"></a></var><br>
2080
2379
<blockquote><p>Encrypts or decrypts the data of a message. <var>cipher</var> is the context
2081
2380
struct for the underlying cipher and <var>f</var> is the encryption function.
2082
2381
All but the last call for each message <em>must</em> use a length that is
2084
2383
</p></blockquote></div>
2085
2384
2086
2385
<div class="defun">
2087
— Function: void <b>gcm_digest</b> (<var>struct gcm_ctx *ctx, const struct gcm_key *key, void *cipher, nettle_crypt_func *f, unsigned length, uint8_t *digest</var>)<var><a name="index-gcm_005fdigest-207"></a></var><br>
2386
— Function: void <b>gcm_digest</b> (<var>struct gcm_ctx *ctx, const struct gcm_key *key, void *cipher, nettle_crypt_func *f, unsigned length, uint8_t *digest</var>)<var><a name="index-gcm_005fdigest-239"></a></var><br>
2088
2387
<blockquote><p>Extracts the message digest (also known “authentication tag”). This is
2089
2388
the final operation when processing a message. <var>length</var> is usually
2090
2389
equal to <code>GCM_BLOCK_SIZE</code>, but if you provide a smaller value,
2106
2405
<p>The following macros are defined.
2107
2406
2108
2407
<div class="defun">
2109
— Macro: <b>GCM_CTX</b> (<var>context_type</var>)<var><a name="index-GCM_005fCTX-208"></a></var><br>
2408
— Macro: <b>GCM_CTX</b> (<var>context_type</var>)<var><a name="index-GCM_005fCTX-240"></a></var><br>
2110
2409
<blockquote><p>This defines an all-in-one context struct, including the context of the
2111
2410
underlying cipher, the hash subkey, and the per-message state. It expands
2112
2411
to
2124
2423
<p>The following macros operate on context structs of this form.
2125
2424
2126
2425
<div class="defun">
2127
— Macro: <b>GCM_SET_KEY</b> (<var>ctx, set_key, encrypt, length, data</var>)<var><a name="index-GCM_005fSET_005fKEY-209"></a></var><br>
2426
— Macro: <b>GCM_SET_KEY</b> (<var>ctx, set_key, encrypt, length, data</var>)<var><a name="index-GCM_005fSET_005fKEY-241"></a></var><br>
2128
2427
<blockquote><p>First argument, <var>ctx</var>, is a context struct as defined
2129
2428
by <code>GCM_CTX</code>. <var>set_key</var> and <var>encrypt</var> are functions for
2130
2429
setting the encryption key and for encrypting data using the underlying
2132
2431
</p></blockquote></div>
2133
2432
2134
2433
<div class="defun">
2135
— Macro: <b>GCM_SET_IV</b> (<var>ctx, length, data</var>)<var><a name="index-GCM_005fSET_005fIV-210"></a></var><br>
2434
— Macro: <b>GCM_SET_IV</b> (<var>ctx, length, data</var>)<var><a name="index-GCM_005fSET_005fIV-242"></a></var><br>
2136
2435
<blockquote><p>First argument is a context struct as defined by
2137
2436
<code>GCM_CTX</code>. <var>length</var> and <var>data</var> give the initialization
2138
2437
vector (<acronym>IV</acronym>).
2139
2438
</p></blockquote></div>
2140
2439
2141
2440
<div class="defun">
2142
— Macro: <b>GCM_UPDATE</b> (<var>ctx, length, data</var>)<var><a name="index-GCM_005fUPDATE-211"></a></var><br>
2441
— Macro: <b>GCM_UPDATE</b> (<var>ctx, length, data</var>)<var><a name="index-GCM_005fUPDATE-243"></a></var><br>
2143
2442
<blockquote><p>Simpler way to call <code>gcm_update</code>. First argument is a context
2144
2443
struct as defined by <code>GCM_CTX</code>
2145
2444
</p></blockquote></div>
2146
2445
2147
2446
<div class="defun">
2148
— Macro: <b>GCM_ENCRYPT</b> (<var>ctx, encrypt, length, dst, src</var>)<var><a name="index-GCM_005fENCRYPT-212"></a></var><br>
2149
— Macro: <b>GCM_DECRYPT</b> (<var>ctx, encrypt, length, dst, src</var>)<var><a name="index-GCM_005fDECRYPT-213"></a></var><br>
2150
— Macro: <b>GCM_DIGEST</b> (<var>ctx, encrypt, length, digest</var>)<var><a name="index-GCM_005fDIGEST-214"></a></var><br>
2447
— Macro: <b>GCM_ENCRYPT</b> (<var>ctx, encrypt, length, dst, src</var>)<var><a name="index-GCM_005fENCRYPT-244"></a></var><br>
2448
— Macro: <b>GCM_DECRYPT</b> (<var>ctx, encrypt, length, dst, src</var>)<var><a name="index-GCM_005fDECRYPT-245"></a></var><br>
2449
— Macro: <b>GCM_DIGEST</b> (<var>ctx, encrypt, length, digest</var>)<var><a name="index-GCM_005fDIGEST-246"></a></var><br>
2151
2450
<blockquote><p>Simpler way to call <code>gcm_encrypt</code>, <code>gcm_decrypt</code> or
2152
2451
<code>gcm_digest</code>. First argument is a context struct as defined by
2153
2452
<code>GCM_CTX</code>. Second argument, <var>encrypt</var>, is a pointer to the
2160
2459
<acronym>AES</acronym> as the underlying cipher.
2161
2460
2162
2461
<div class="defun">
2163
— Context struct: <b>struct gcm_aes_ctx</b><var><a name="index-struct-gcm_005faes_005fctx-215"></a></var><br>
2462
— Context struct: <b>struct gcm_aes_ctx</b><var><a name="index-struct-gcm_005faes_005fctx-247"></a></var><br>
2164
2463
<blockquote><p>The context struct, defined using <code>GCM_CTX</code>.
2165
2464
</p></blockquote></div>
2166
2465
2167
2466
<div class="defun">
2168
— Function: void <b>gcm_aes_set_key</b> (<var>struct gcm_aes_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-gcm_005faes_005fset_005fkey-216"></a></var><br>
2467
— Function: void <b>gcm_aes_set_key</b> (<var>struct gcm_aes_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-gcm_005faes_005fset_005fkey-248"></a></var><br>
2169
2468
<blockquote><p>Initializes <var>ctx</var> using the given key. All valid <acronym>AES</acronym> key
2170
2469
sizes can be used.
2171
2470
</p></blockquote></div>
2172
2471
2173
2472
<div class="defun">
2174
— Function: void <b>gcm_aes_set_iv</b> (<var>struct gcm_aes_ctx *ctx, unsigned length, const uint8_t *iv</var>)<var><a name="index-gcm_005faes_005fset_005fiv-217"></a></var><br>
2473
— Function: void <b>gcm_aes_set_iv</b> (<var>struct gcm_aes_ctx *ctx, unsigned length, const uint8_t *iv</var>)<var><a name="index-gcm_005faes_005fset_005fiv-249"></a></var><br>
2175
2474
<blockquote><p>Initializes the per-message state, using the given <acronym>IV</acronym>.
2176
2475
</p></blockquote></div>
2177
2476
2178
2477
<div class="defun">
2179
— Function: void <b>gcm_aes_update</b> (<var>struct gcm_aes_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-gcm_005faes_005fupdate-218"></a></var><br>
2478
— Function: void <b>gcm_aes_update</b> (<var>struct gcm_aes_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-gcm_005faes_005fupdate-250"></a></var><br>
2180
2479
<blockquote><p>Provides associated data to be authenticated. If used, must be called
2181
2480
before <code>gcm_aes_encrypt</code> or <code>gcm_aes_decrypt</code>. All but the last call
2182
2481
for each message <em>must</em> use a length that is a multiple of the
2184
2483
</p></blockquote></div>
2185
2484
2186
2485
<div class="defun">
2187
— Function: void <b>gcm_aes_encrypt</b> (<var>struct gcm_aes_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-gcm_005faes_005fencrypt-219"></a></var><br>
2188
— Function: void <b>gcm_aes_decrypt</b> (<var>struct gcm_aes_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-gcm_005faes_005fdecrypt-220"></a></var><br>
2486
— Function: void <b>gcm_aes_encrypt</b> (<var>struct gcm_aes_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-gcm_005faes_005fencrypt-251"></a></var><br>
2487
— Function: void <b>gcm_aes_decrypt</b> (<var>struct gcm_aes_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-gcm_005faes_005fdecrypt-252"></a></var><br>
2189
2488
<blockquote><p>Encrypts or decrypts the data of a message. All but the last call for
2190
2489
each message <em>must</em> use a length that is a multiple of the block
2191
2490
size.
2193
2492
</blockquote></div>
2194
2493
2195
2494
<div class="defun">
2196
— Function: void <b>gcm_aes_digest</b> (<var>struct gcm_aes_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-gcm_005faes_005fdigest-221"></a></var><br>
2495
— Function: void <b>gcm_aes_digest</b> (<var>struct gcm_aes_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-gcm_005faes_005fdigest-253"></a></var><br>
2197
2496
<blockquote><p>Extracts the message digest (also known “authentication tag”). This is
2198
2497
the final operation when processing a message. <var>length</var> is usually
2199
2498
equal to <code>GCM_BLOCK_SIZE</code>, but if you provide a smaller value,
2203
2502
<div class="node">
2204
2503
<a name="Keyed-hash-functions"></a>
2205
2504
<p><hr>
2206
Next: <a rel="next" accesskey="n" href="#Public_002dkey-algorithms">Public-key algorithms</a>,
2505
Next: <a rel="next" accesskey="n" href="#Key-derivation-functions">Key derivation functions</a>,
2207
2506
Previous: <a rel="previous" accesskey="p" href="#Cipher-modes">Cipher modes</a>,
2208
2507
Up: <a rel="up" accesskey="u" href="#Reference">Reference</a>
2209
2508
2212
2511
<!-- node-name, next, previous, up -->
2213
2512
<h3 class="section">6.4 Keyed Hash Functions</h3>
2214
2513
2215
<p><a name="index-Keyed-Hash-Function-222"></a><a name="index-Message-Authentication-Code-223"></a><a name="index-MAC-224"></a>
2514
<p><a name="index-Keyed-Hash-Function-254"></a><a name="index-Message-Authentication-Code-255"></a><a name="index-MAC-256"></a>
2216
2515
A <dfn>keyed hash function</dfn>, or <dfn>Message Authentication Code</dfn>
2217
2516
(<acronym>MAC</acronym>) is a function that takes a key and a message, and
2218
2517
produces fixed size <acronym>MAC</acronym>. It should be hard to compute a
2270
2569
<acronym>HMAC-SHA512</acronym>. First, the abstract functions:
2271
2570
2272
2571
<div class="defun">
2273
— Function: void <b>hmac_set_key</b> (<var>void *outer, void *inner, void *state, const struct nettle_hash *H, unsigned length, const uint8_t *key</var>)<var><a name="index-hmac_005fset_005fkey-225"></a></var><br>
2572
— Function: void <b>hmac_set_key</b> (<var>void *outer, void *inner, void *state, const struct nettle_hash *H, unsigned length, const uint8_t *key</var>)<var><a name="index-hmac_005fset_005fkey-257"></a></var><br>
2274
2573
<blockquote><p>Initializes the three context structs from the key. The <var>outer</var> and
2275
2574
<var>inner</var> contexts corresponds to the subkeys <code>k_o</code> and
2276
2575
<code>k_i</code>. <var>state</var> is used for hashing the message, and is
2278
2577
</p></blockquote></div>
2279
2578
2280
2579
<div class="defun">
2281
— Function: void <b>hmac_update</b> (<var>void *state, const struct nettle_hash *H, unsigned length, const uint8_t *data</var>)<var><a name="index-hmac_005fupdate-226"></a></var><br>
2580
— Function: void <b>hmac_update</b> (<var>void *state, const struct nettle_hash *H, unsigned length, const uint8_t *data</var>)<var><a name="index-hmac_005fupdate-258"></a></var><br>
2282
2581
<blockquote><p>This function is called zero or more times to process the message.
2283
2582
Actually, <code>hmac_update(state, H, length, data)</code> is equivalent to
2284
2583
<code>H->update(state, length, data)</code>, so if you wish you can use the
2286
2585
</p></blockquote></div>
2287
2586
2288
2587
<div class="defun">
2289
— Function: void <b>hmac_digest</b> (<var>const void *outer, const void *inner, void *state, const struct nettle_hash *H, unsigned length, uint8_t *digest</var>)<var><a name="index-hmac_005fdigest-227"></a></var><br>
2588
— Function: void <b>hmac_digest</b> (<var>const void *outer, const void *inner, void *state, const struct nettle_hash *H, unsigned length, uint8_t *digest</var>)<var><a name="index-hmac_005fdigest-259"></a></var><br>
2290
2589
<blockquote><p>Extracts the <acronym>MAC</acronym> of the message, writing it to <var>digest</var>.
2291
2590
<var>outer</var> and <var>inner</var> are not modified. <var>length</var> is usually
2292
2591
equal to <code>H->digest_size</code>, but if you provide a smaller value,
2300
2599
functions correctly.
2301
2600
2302
2601
<div class="defun">
2303
— Macro: <b>HMAC_CTX</b> (<var>type</var>)<var><a name="index-HMAC_005fCTX-228"></a></var><br>
2602
— Macro: <b>HMAC_CTX</b> (<var>type</var>)<var><a name="index-HMAC_005fCTX-260"></a></var><br>
2304
2603
<blockquote><p>Expands to
2305
2604
<pre class="example"> {
2306
2605
type outer;
2320
2619
<pre class="example"> struct hmac_md5_ctx HMAC_CTX (struct md5_ctx);
2321
2620
</pre>
2322
2621
<div class="defun">
2323
— Macro: <b>HMAC_SET_KEY</b> (<var>ctx, H, length, key</var>)<var><a name="index-HMAC_005fSET_005fKEY-229"></a></var><br>
2622
— Macro: <b>HMAC_SET_KEY</b> (<var>ctx, H, length, key</var>)<var><a name="index-HMAC_005fSET_005fKEY-261"></a></var><br>
2324
2623
<blockquote><p><var>ctx</var> is a pointer to a context struct as defined by
2325
2624
<code>HMAC_CTX</code>, <var>H</var> is a pointer to a <code>const struct
2326
2625
nettle_hash</code> describing the underlying hash function (so it must match
2329
2628
</p></blockquote></div>
2330
2629
2331
2630
<div class="defun">
2332
— Macro: <b>HMAC_DIGEST</b> (<var>ctx, H, length, digest</var>)<var><a name="index-HMAC_005fDIGEST-230"></a></var><br>
2631
— Macro: <b>HMAC_DIGEST</b> (<var>ctx, H, length, digest</var>)<var><a name="index-HMAC_005fDIGEST-262"></a></var><br>
2333
2632
<blockquote><p><var>ctx</var> is a pointer to a context struct as defined by
2334
2633
<code>HMAC_CTX</code>, <var>H</var> is a pointer to a <code>const struct
2335
2634
nettle_hash</code> describing the underlying hash function. The last two
2348
2647
<h5 class="subsubsection">6.4.2.1 <acronym>HMAC-MD5</acronym></h5>
2349
2648
2350
2649
<div class="defun">
2351
— Context struct: <b>struct hmac_md5_ctx</b><var><a name="index-struct-hmac_005fmd5_005fctx-231"></a></var><br>
2650
— Context struct: <b>struct hmac_md5_ctx</b><var><a name="index-struct-hmac_005fmd5_005fctx-263"></a></var><br>
2352
2651
</div>
2353
2652
2354
2653
<div class="defun">
2355
— Function: void <b>hmac_md5_set_key</b> (<var>struct hmac_md5_ctx *ctx, unsigned key_length, const uint8_t *key</var>)<var><a name="index-hmac_005fmd5_005fset_005fkey-232"></a></var><br>
2654
— Function: void <b>hmac_md5_set_key</b> (<var>struct hmac_md5_ctx *ctx, unsigned key_length, const uint8_t *key</var>)<var><a name="index-hmac_005fmd5_005fset_005fkey-264"></a></var><br>
2356
2655
<blockquote><p>Initializes the context with the key.
2357
2656
</p></blockquote></div>
2358
2657
2359
2658
<div class="defun">
2360
— Function: void <b>hmac_md5_update</b> (<var>struct hmac_md5_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-hmac_005fmd5_005fupdate-233"></a></var><br>
2659
— Function: void <b>hmac_md5_update</b> (<var>struct hmac_md5_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-hmac_005fmd5_005fupdate-265"></a></var><br>
2361
2660
<blockquote><p>Process some more data.
2362
2661
</p></blockquote></div>
2363
2662
2364
2663
<div class="defun">
2365
— Function: void <b>hmac_md5_digest</b> (<var>struct hmac_md5_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-hmac_005fmd5_005fdigest-234"></a></var><br>
2664
— Function: void <b>hmac_md5_digest</b> (<var>struct hmac_md5_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-hmac_005fmd5_005fdigest-266"></a></var><br>
2366
2665
<blockquote><p>Extracts the <acronym>MAC</acronym>, writing it to <var>digest</var>. <var>length</var> may be smaller than
2367
2666
<code>MD5_DIGEST_SIZE</code>, in which case only the first <var>length</var>
2368
2667
octets of the <acronym>MAC</acronym> are written.
2374
2673
<h5 class="subsubsection">6.4.2.2 <acronym>HMAC-RIPEMD160</acronym></h5>
2375
2674
2376
2675
<div class="defun">
2377
— Context struct: <b>struct hmac_ripemd160_ctx</b><var><a name="index-struct-hmac_005fripemd160_005fctx-235"></a></var><br>
2676
— Context struct: <b>struct hmac_ripemd160_ctx</b><var><a name="index-struct-hmac_005fripemd160_005fctx-267"></a></var><br>
2378
2677
</div>
2379
2678
2380
2679
<div class="defun">
2381
— Function: void <b>hmac_ripemd160_set_key</b> (<var>struct hmac_ripemd160_ctx *ctx, unsigned key_length, const uint8_t *key</var>)<var><a name="index-hmac_005fripemd160_005fset_005fkey-236"></a></var><br>
2680
— Function: void <b>hmac_ripemd160_set_key</b> (<var>struct hmac_ripemd160_ctx *ctx, unsigned key_length, const uint8_t *key</var>)<var><a name="index-hmac_005fripemd160_005fset_005fkey-268"></a></var><br>
2382
2681
<blockquote><p>Initializes the context with the key.
2383
2682
</p></blockquote></div>
2384
2683
2385
2684
<div class="defun">
2386
— Function: void <b>hmac_ripemd160_update</b> (<var>struct hmac_ripemd160_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-hmac_005fripemd160_005fupdate-237"></a></var><br>
2685
— Function: void <b>hmac_ripemd160_update</b> (<var>struct hmac_ripemd160_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-hmac_005fripemd160_005fupdate-269"></a></var><br>
2387
2686
<blockquote><p>Process some more data.
2388
2687
</p></blockquote></div>
2389
2688
2390
2689
<div class="defun">
2391
— Function: void <b>hmac_ripemd160_digest</b> (<var>struct hmac_ripemd160_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-hmac_005fripemd160_005fdigest-238"></a></var><br>
2690
— Function: void <b>hmac_ripemd160_digest</b> (<var>struct hmac_ripemd160_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-hmac_005fripemd160_005fdigest-270"></a></var><br>
2392
2691
<blockquote><p>Extracts the <acronym>MAC</acronym>, writing it to <var>digest</var>. <var>length</var> may be smaller than
2393
2692
<code>RIPEMD160_DIGEST_SIZE</code>, in which case only the first <var>length</var>
2394
2693
octets of the <acronym>MAC</acronym> are written.
2400
2699
<h5 class="subsubsection">6.4.2.3 <acronym>HMAC-SHA1</acronym></h5>
2401
2700
2402
2701
<div class="defun">
2403
— Context struct: <b>struct hmac_sha1_ctx</b><var><a name="index-struct-hmac_005fsha1_005fctx-239"></a></var><br>
2702
— Context struct: <b>struct hmac_sha1_ctx</b><var><a name="index-struct-hmac_005fsha1_005fctx-271"></a></var><br>
2404
2703
</div>
2405
2704
2406
2705
<div class="defun">
2407
— Function: void <b>hmac_sha1_set_key</b> (<var>struct hmac_sha1_ctx *ctx, unsigned key_length, const uint8_t *key</var>)<var><a name="index-hmac_005fsha1_005fset_005fkey-240"></a></var><br>
2706
— Function: void <b>hmac_sha1_set_key</b> (<var>struct hmac_sha1_ctx *ctx, unsigned key_length, const uint8_t *key</var>)<var><a name="index-hmac_005fsha1_005fset_005fkey-272"></a></var><br>
2408
2707
<blockquote><p>Initializes the context with the key.
2409
2708
</p></blockquote></div>
2410
2709
2411
2710
<div class="defun">
2412
— Function: void <b>hmac_sha1_update</b> (<var>struct hmac_sha1_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-hmac_005fsha1_005fupdate-241"></a></var><br>
2711
— Function: void <b>hmac_sha1_update</b> (<var>struct hmac_sha1_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-hmac_005fsha1_005fupdate-273"></a></var><br>
2413
2712
<blockquote><p>Process some more data.
2414
2713
</p></blockquote></div>
2415
2714
2416
2715
<div class="defun">
2417
— Function: void <b>hmac_sha1_digest</b> (<var>struct hmac_sha1_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-hmac_005fsha1_005fdigest-242"></a></var><br>
2716
— Function: void <b>hmac_sha1_digest</b> (<var>struct hmac_sha1_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-hmac_005fsha1_005fdigest-274"></a></var><br>
2418
2717
<blockquote><p>Extracts the <acronym>MAC</acronym>, writing it to <var>digest</var>. <var>length</var> may be smaller than
2419
2718
<code>SHA1_DIGEST_SIZE</code>, in which case only the first <var>length</var>
2420
2719
octets of the <acronym>MAC</acronym> are written.
2426
2725
<h5 class="subsubsection">6.4.2.4 <acronym>HMAC-SHA256</acronym></h5>
2427
2726
2428
2727
<div class="defun">
2429
— Context struct: <b>struct hmac_sha256_ctx</b><var><a name="index-struct-hmac_005fsha256_005fctx-243"></a></var><br>
2728
— Context struct: <b>struct hmac_sha256_ctx</b><var><a name="index-struct-hmac_005fsha256_005fctx-275"></a></var><br>
2430
2729
</div>
2431
2730
2432
2731
<div class="defun">
2433
— Function: void <b>hmac_sha256_set_key</b> (<var>struct hmac_sha256_ctx *ctx, unsigned key_length, const uint8_t *key</var>)<var><a name="index-hmac_005fsha256_005fset_005fkey-244"></a></var><br>
2732
— Function: void <b>hmac_sha256_set_key</b> (<var>struct hmac_sha256_ctx *ctx, unsigned key_length, const uint8_t *key</var>)<var><a name="index-hmac_005fsha256_005fset_005fkey-276"></a></var><br>
2434
2733
<blockquote><p>Initializes the context with the key.
2435
2734
</p></blockquote></div>
2436
2735
2437
2736
<div class="defun">
2438
— Function: void <b>hmac_sha256_update</b> (<var>struct hmac_sha256_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-hmac_005fsha256_005fupdate-245"></a></var><br>
2737
— Function: void <b>hmac_sha256_update</b> (<var>struct hmac_sha256_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-hmac_005fsha256_005fupdate-277"></a></var><br>
2439
2738
<blockquote><p>Process some more data.
2440
2739
</p></blockquote></div>
2441
2740
2442
2741
<div class="defun">
2443
— Function: void <b>hmac_sha256_digest</b> (<var>struct hmac_sha256_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-hmac_005fsha256_005fdigest-246"></a></var><br>
2742
— Function: void <b>hmac_sha256_digest</b> (<var>struct hmac_sha256_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-hmac_005fsha256_005fdigest-278"></a></var><br>
2444
2743
<blockquote><p>Extracts the <acronym>MAC</acronym>, writing it to <var>digest</var>. <var>length</var> may be smaller than
2445
2744
<code>SHA256_DIGEST_SIZE</code>, in which case only the first <var>length</var>
2446
2745
octets of the <acronym>MAC</acronym> are written.
2452
2751
<h5 class="subsubsection">6.4.2.5 <acronym>HMAC-SHA512</acronym></h5>
2453
2752
2454
2753
<div class="defun">
2455
— Context struct: <b>struct hmac_sha512_ctx</b><var><a name="index-struct-hmac_005fsha512_005fctx-247"></a></var><br>
2754
— Context struct: <b>struct hmac_sha512_ctx</b><var><a name="index-struct-hmac_005fsha512_005fctx-279"></a></var><br>
2456
2755
</div>
2457
2756
2458
2757
<div class="defun">
2459
— Function: void <b>hmac_sha512_set_key</b> (<var>struct hmac_sha512_ctx *ctx, unsigned key_length, const uint8_t *key</var>)<var><a name="index-hmac_005fsha512_005fset_005fkey-248"></a></var><br>
2758
— Function: void <b>hmac_sha512_set_key</b> (<var>struct hmac_sha512_ctx *ctx, unsigned key_length, const uint8_t *key</var>)<var><a name="index-hmac_005fsha512_005fset_005fkey-280"></a></var><br>
2460
2759
<blockquote><p>Initializes the context with the key.
2461
2760
</p></blockquote></div>
2462
2761
2463
2762
<div class="defun">
2464
— Function: void <b>hmac_sha512_update</b> (<var>struct hmac_sha512_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-hmac_005fsha512_005fupdate-249"></a></var><br>
2763
— Function: void <b>hmac_sha512_update</b> (<var>struct hmac_sha512_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-hmac_005fsha512_005fupdate-281"></a></var><br>
2465
2764
<blockquote><p>Process some more data.
2466
2765
</p></blockquote></div>
2467
2766
2468
2767
<div class="defun">
2469
— Function: void <b>hmac_sha512_digest</b> (<var>struct hmac_sha512_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-hmac_005fsha512_005fdigest-250"></a></var><br>
2768
— Function: void <b>hmac_sha512_digest</b> (<var>struct hmac_sha512_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-hmac_005fsha512_005fdigest-282"></a></var><br>
2470
2769
<blockquote><p>Extracts the <acronym>MAC</acronym>, writing it to <var>digest</var>. <var>length</var> may be smaller than
2471
2770
<code>SHA512_DIGEST_SIZE</code>, in which case only the first <var>length</var>
2472
2771
octets of the <acronym>MAC</acronym> are written.
2476
2775
</p></blockquote></div>
2477
2776
2478
2777
<div class="node">
2778
<a name="Key-derivation-functions"></a>
2779
<p><hr>
2780
Next: <a rel="next" accesskey="n" href="#Public_002dkey-algorithms">Public-key algorithms</a>,
2781
Previous: <a rel="previous" accesskey="p" href="#Keyed-hash-functions">Keyed hash functions</a>,
2782
Up: <a rel="up" accesskey="u" href="#Reference">Reference</a>
2783
2784
</div>
2785
2786
<!-- node-name, next, previous, up -->
2787
<h3 class="section">6.5 Key derivation Functions</h3>
2788
2789
<p><a name="index-Key-Derivation-Function-283"></a><a name="index-Password-Based-Key-Derivation-Function-284"></a><a name="index-PKCS-_00235-285"></a><a name="index-KDF-286"></a><a name="index-PBKDF-287"></a>
2790
A <dfn>key derivation function</dfn> (<acronym>KDF</acronym>) is a function that from
2791
a given symmetric key derives other symmetric keys. A sub-class of KDFs
2792
is the <dfn>password-based key derivation functions</dfn> (<acronym>PBKDFs</acronym>),
2793
which take as input a password or passphrase, and its purpose is
2794
typically to strengthen it and protect against certain pre-computation
2795
attacks by using salting and expensive computation.
2796
2797
<h4 class="subsection">6.5.1 <acronym>PBKDF2</acronym></h4>
2798
2799
<p>The most well known PBKDF is the <code>PKCS #5 PBKDF2</code> described in
2800
<cite>RFC 2898</cite> which uses a pseudorandom function such as
2801
<acronym>HMAC-SHA1</acronym>.
2802
2803
<p>Nettle's <acronym>PBKDF2</acronym> functions are defined in
2804
<samp><span class="file"><nettle/pbkdf2.h></span></samp>. There is an abstract function that operate on
2805
any PRF implemented via the <code>nettle_hash_update_func</code>,
2806
<code>nettle_hash_digest_func</code> interfaces. There is also helper macros
2807
and concrete functions PBKDF2-HMAC-SHA1 and PBKDF2-HMAC-SHA256. First,
2808
the abstract function:
2809
2810
<div class="defun">
2811
— Function: void <b>pbkdf2</b> (<var>void *mac_ctx, nettle_hash_update_func *update, nettle_hash_digest_func *digest, unsigned digest_size, unsigned iterations, unsigned salt_length, const uint8_t *salt, unsigned length, uint8_t *dst</var>)<var><a name="index-pbkdf2-288"></a></var><br>
2812
<blockquote><p>Derive symmetric key from a password according to PKCS #5 PBKDF2. The
2813
PRF is assumed to have been initialized and this function will call the
2814
<var>update</var> and <var>digest</var> functions passing the <var>mac_ctx</var>
2815
context parameter as an argument in order to compute digest of size
2816
<var>digest_size</var>. Inputs are the salt <var>salt</var> of length
2817
<var>salt_length</var>, the iteration counter <var>iterations</var> (> 0), and the
2818
desired derived output length <var>length</var>. The output buffer is
2819
<var>dst</var> which must have room for at least <var>length</var> octets.
2820
</p></blockquote></div>
2821
2822
<p>Like for CBC and HMAC, there is a macro to help use the function
2823
correctly.
2824
2825
<div class="defun">
2826
— Macro: <b>PBKDF2</b> (<var>ctx, update, digest, digest_size, iterations, salt_length, salt, length, dst</var>)<var><a name="index-PBKDF2-289"></a></var><br>
2827
<blockquote><p><var>ctx</var> is a pointer to a context struct passed to the <var>update</var>
2828
and <var>digest</var> functions (of the types <code>nettle_hash_update_func</code>
2829
and <code>nettle_hash_digest_func</code> respectively) to implement the
2830
underlying PRF with digest size of <var>digest_size</var>. Inputs are the
2831
salt <var>salt</var> of length <var>salt_length</var>, the iteration counter
2832
<var>iterations</var> (> 0), and the desired derived output length
2833
<var>length</var>. The output buffer is <var>dst</var> which must have room for
2834
at least <var>length</var> octets.
2835
</p></blockquote></div>
2836
2837
<h4 class="subsection">6.5.2 Concrete <acronym>PBKDF2</acronym> functions</h4>
2838
2839
<p>Now we come to the specialized <acronym>PBKDF2</acronym> functions, which are
2840
easier to use than the general <acronym>PBKDF2</acronym> function.
2841
2842
<h5 class="subsubsection">6.5.2.1 <acronym>PBKDF2-HMAC-SHA1</acronym></h5>
2843
2844
<div class="defun">
2845
— Function: void <b>pbkdf2_hmac_sha1</b> (<var>unsigned key_length, const uint8_t *key, unsigned iterations, unsigned salt_length, const uint8_t *salt, unsigned length, uint8_t *dst</var>)<var><a name="index-pbkdf2_005fhmac_005fsha1-290"></a></var><br>
2846
<blockquote><p>PBKDF2 with HMAC-SHA1. Derive <var>length</var> bytes of key into buffer
2847
<var>dst</var> using the password <var>key</var> of length <var>key_length</var> and
2848
salt <var>salt</var> of length <var>salt_length</var>, with iteration counter
2849
<var>iterations</var> (> 0). The output buffer is <var>dst</var> which must have
2850
room for at least <var>length</var> octets.
2851
</p></blockquote></div>
2852
2853
<h5 class="subsubsection">6.5.2.2 <acronym>PBKDF2-HMAC-SHA256</acronym></h5>
2854
2855
<div class="defun">
2856
— Function: void <b>pbkdf2_hmac_sha256</b> (<var>unsigned key_length, const uint8_t *key, unsigned iterations, unsigned salt_length, const uint8_t *salt, unsigned length, uint8_t *dst</var>)<var><a name="index-pbkdf2_005fhmac_005fsha256-291"></a></var><br>
2857
<blockquote><p>PBKDF2 with HMAC-SHA256. Derive <var>length</var> bytes of key into buffer
2858
<var>dst</var> using the password <var>key</var> of length <var>key_length</var> and
2859
salt <var>salt</var> of length <var>salt_length</var>, with iteration counter
2860
<var>iterations</var> (> 0). The output buffer is <var>dst</var> which must have
2861
room for at least <var>length</var> octets.
2862
</p></blockquote></div>
2863
2864
<div class="node">
2479
2865
<a name="Public-key-algorithms"></a>
2480
2866
<a name="Public_002dkey-algorithms"></a>
2481
2867
<p><hr>
2482
2868
Next: <a rel="next" accesskey="n" href="#Randomness">Randomness</a>,
2483
Previous: <a rel="previous" accesskey="p" href="#Keyed-hash-functions">Keyed hash functions</a>,
2869
Previous: <a rel="previous" accesskey="p" href="#Key-derivation-functions">Key derivation functions</a>,
2484
2870
Up: <a rel="up" accesskey="u" href="#Reference">Reference</a>
2485
2871
2486
2872
</div>
2487
2873
2488
2874
<!-- node-name, next, previous, up -->
2489
<h3 class="section">6.5 Public-key algorithms</h3>
2875
<h3 class="section">6.6 Public-key algorithms</h3>
2490
2876
2491
2877
<p>Nettle uses <acronym>GMP</acronym>, the GNU bignum library, for all calculations
2492
2878
with large numbers. In order to use the public-key features of Nettle,
2502
2888
communicate, each <em>pair</em> needs a shared secret key known by nobody
2503
2889
else.
2504
2890
2505
<p><a name="index-Public-Key-Cryptography-251"></a><a name="index-One_002dway-function-252"></a>
2891
<p><a name="index-Public-Key-Cryptography-292"></a><a name="index-One_002dway-function-293"></a>
2506
2892
Public-key cryptography uses trapdoor one-way functions. A
2507
2893
<dfn>one-way function</dfn> is a function <code>F</code> such that it is easy to
2508
2894
compute the value <code>F(x)</code> for any <code>x</code>, but given a value
2572
2958
</div>
2573
2959
2574
2960
<!-- node-name, next, previous, up -->
2575
<h4 class="subsection">6.5.1 <acronym>RSA</acronym></h4>
2961
<h4 class="subsection">6.6.1 <acronym>RSA</acronym></h4>
2576
2962
2577
2963
<p>The <acronym>RSA</acronym> algorithm was the first practical digital signature
2578
2964
algorithm that was constructed. It was described 1978 in a paper by
2638
3024
computed, the operation returns true if and only if the result equals
2639
3025
<code>x</code>.
2640
3026
2641
<h4 class="subsection">6.5.2 Nettle's <acronym>RSA</acronym> support</h4>
3027
<h4 class="subsection">6.6.2 Nettle's <acronym>RSA</acronym> support</h4>
2642
3028
2643
3029
<p>Nettle represents <acronym>RSA</acronym> keys using two structures that contain
2644
3030
large numbers (of type <code>mpz_t</code>).
2645
3031
2646
3032
<div class="defun">
2647
— Context struct: <b>rsa_public_key</b><var> size n e<a name="index-rsa_005fpublic_005fkey-253"></a></var><br>
3033
— Context struct: <b>rsa_public_key</b><var> size n e<a name="index-rsa_005fpublic_005fkey-294"></a></var><br>
2648
3034
<blockquote><p><code>size</code> is the size, in octets, of the modulo, and is used internally.
2649
3035
<code>n</code> and <code>e</code> is the public key.
2650
3036
</p></blockquote></div>
2651
3037
2652
3038
<div class="defun">
2653
— Context struct: <b>rsa_private_key</b><var> size d p q a b c<a name="index-rsa_005fprivate_005fkey-254"></a></var><br>
3039
— Context struct: <b>rsa_private_key</b><var> size d p q a b c<a name="index-rsa_005fprivate_005fkey-295"></a></var><br>
2654
3040
<blockquote><p><code>size</code> is the size, in octets, of the modulo, and is used internally.
2655
3041
<code>d</code> is the secret exponent, but it is not actually used when
2656
3042
signing. Instead, the factors <code>p</code> and <code>q</code>, and the parameters
2662
3048
<p>Before use, these structs must be initialized by calling one of
2663
3049
2664
3050
<div class="defun">
2665
— Function: void <b>rsa_public_key_init</b> (<var>struct rsa_public_key *pub</var>)<var><a name="index-rsa_005fpublic_005fkey_005finit-255"></a></var><br>
2666
— Function: void <b>rsa_private_key_init</b> (<var>struct rsa_private_key *key</var>)<var><a name="index-rsa_005fprivate_005fkey_005finit-256"></a></var><br>
3051
— Function: void <b>rsa_public_key_init</b> (<var>struct rsa_public_key *pub</var>)<var><a name="index-rsa_005fpublic_005fkey_005finit-296"></a></var><br>
3052
— Function: void <b>rsa_private_key_init</b> (<var>struct rsa_private_key *key</var>)<var><a name="index-rsa_005fprivate_005fkey_005finit-297"></a></var><br>
2667
3053
<blockquote><p>Calls <code>mpz_init</code> on all numbers in the key struct.
2668
3054
</p></blockquote></div>
2669
3055
2671
3057
deallocated by calling one of
2672
3058
2673
3059
<div class="defun">
2674
— Function: void <b>rsa_public_key_clear</b> (<var>struct rsa_public_key *pub</var>)<var><a name="index-rsa_005fpublic_005fkey_005fclear-257"></a></var><br>
2675
— Function: void <b>rsa_private_key_clear</b> (<var>struct rsa_private_key *key</var>)<var><a name="index-rsa_005fprivate_005fkey_005fclear-258"></a></var><br>
3060
— Function: void <b>rsa_public_key_clear</b> (<var>struct rsa_public_key *pub</var>)<var><a name="index-rsa_005fpublic_005fkey_005fclear-298"></a></var><br>
3061
— Function: void <b>rsa_private_key_clear</b> (<var>struct rsa_private_key *key</var>)<var><a name="index-rsa_005fprivate_005fkey_005fclear-299"></a></var><br>
2676
3062
<blockquote><p>Calls <code>mpz_clear</code> on all numbers in the key struct.
2677
3063
</p></blockquote></div>
2678
3064
2685
3071
<p>When you have assigned values to the attributes of a key, you must call
2686
3072
2687
3073
<div class="defun">
2688
— Function: int <b>rsa_public_key_prepare</b> (<var>struct rsa_public_key *pub</var>)<var><a name="index-rsa_005fpublic_005fkey_005fprepare-259"></a></var><br>
2689
— Function: int <b>rsa_private_key_prepare</b> (<var>struct rsa_private_key *key</var>)<var><a name="index-rsa_005fprivate_005fkey_005fprepare-260"></a></var><br>
3074
— Function: int <b>rsa_public_key_prepare</b> (<var>struct rsa_public_key *pub</var>)<var><a name="index-rsa_005fpublic_005fkey_005fprepare-300"></a></var><br>
3075
— Function: int <b>rsa_private_key_prepare</b> (<var>struct rsa_private_key *key</var>)<var><a name="index-rsa_005fprivate_005fkey_005fprepare-301"></a></var><br>
2690
3076
<blockquote><p>Computes the octet size of the key (stored in the <code>size</code> attribute,
2691
3077
and may also do other basic sanity checks. Returns one if successful, or
2692
3078
zero if the key can't be used, for instance if the modulo is smaller
2706
3092
<p>Creation and verification of signatures is done with the following functions:
2707
3093
2708
3094
<div class="defun">
2709
— Function: int <b>rsa_md5_sign</b> (<var>const struct rsa_private_key *key, struct md5_ctx *hash, mpz_t signature</var>)<var><a name="index-rsa_005fmd5_005fsign-261"></a></var><br>
2710
— Function: int <b>rsa_sha1_sign</b> (<var>const struct rsa_private_key *key, struct sha1_ctx *hash, mpz_t signature</var>)<var><a name="index-rsa_005fsha1_005fsign-262"></a></var><br>
2711
— Function: int <b>rsa_sha256_sign</b> (<var>const struct rsa_private_key *key, struct sha256_ctx *hash, mpz_t signature</var>)<var><a name="index-rsa_005fsha256_005fsign-263"></a></var><br>
2712
— Function: int <b>rsa_sha512_sign</b> (<var>const struct rsa_private_key *key, struct sha512_ctx *hash, mpz_t signature</var>)<var><a name="index-rsa_005fsha512_005fsign-264"></a></var><br>
3095
— Function: int <b>rsa_md5_sign</b> (<var>const struct rsa_private_key *key, struct md5_ctx *hash, mpz_t signature</var>)<var><a name="index-rsa_005fmd5_005fsign-302"></a></var><br>
3096
— Function: int <b>rsa_sha1_sign</b> (<var>const struct rsa_private_key *key, struct sha1_ctx *hash, mpz_t signature</var>)<var><a name="index-rsa_005fsha1_005fsign-303"></a></var><br>
3097
— Function: int <b>rsa_sha256_sign</b> (<var>const struct rsa_private_key *key, struct sha256_ctx *hash, mpz_t signature</var>)<var><a name="index-rsa_005fsha256_005fsign-304"></a></var><br>
3098
— Function: int <b>rsa_sha512_sign</b> (<var>const struct rsa_private_key *key, struct sha512_ctx *hash, mpz_t signature</var>)<var><a name="index-rsa_005fsha512_005fsign-305"></a></var><br>
2713
3099
<blockquote><p>The signature is stored in <var>signature</var> (which must have been
2714
3100
<code>mpz_init</code>'ed earlier). The hash context is reset so that it can be
2715
3101
used for new messages. Returns one on success, or zero on failure.
2719
3105
</p></blockquote></div>
2720
3106
2721
3107
<div class="defun">
2722
— Function: int <b>rsa_md5_sign_digest</b> (<var>const struct rsa_private_key *key, const uint8_t *digest, mpz_t signature</var>)<var><a name="index-rsa_005fmd5_005fsign_005fdigest-265"></a></var><br>
2723
— Function: int <b>rsa_sha1_sign_digest</b> (<var>const struct rsa_private_key *key, const uint8_t *digest, mpz_t signature</var>)<var>;<a name="index-rsa_005fsha1_005fsign_005fdigest-266"></a></var><br>
2724
— Function: int <b>rsa_sha256_sign_digest</b> (<var>const struct rsa_private_key *key, const uint8_t *digest, mpz_t signature</var>)<var>;<a name="index-rsa_005fsha256_005fsign_005fdigest-267"></a></var><br>
2725
— Function: int <b>rsa_sha512_sign_digest</b> (<var>const struct rsa_private_key *key, const uint8_t *digest, mpz_t signature</var>)<var>;<a name="index-rsa_005fsha512_005fsign_005fdigest-268"></a></var><br>
3108
— Function: int <b>rsa_md5_sign_digest</b> (<var>const struct rsa_private_key *key, const uint8_t *digest, mpz_t signature</var>)<var><a name="index-rsa_005fmd5_005fsign_005fdigest-306"></a></var><br>
3109
— Function: int <b>rsa_sha1_sign_digest</b> (<var>const struct rsa_private_key *key, const uint8_t *digest, mpz_t signature</var>)<var>;<a name="index-rsa_005fsha1_005fsign_005fdigest-307"></a></var><br>
3110
— Function: int <b>rsa_sha256_sign_digest</b> (<var>const struct rsa_private_key *key, const uint8_t *digest, mpz_t signature</var>)<var>;<a name="index-rsa_005fsha256_005fsign_005fdigest-308"></a></var><br>
3111
— Function: int <b>rsa_sha512_sign_digest</b> (<var>const struct rsa_private_key *key, const uint8_t *digest, mpz_t signature</var>)<var>;<a name="index-rsa_005fsha512_005fsign_005fdigest-309"></a></var><br>
2726
3112
<blockquote><p>Creates a signature from the given hash digest. <var>digest</var> should
2727
3113
point to a digest of size <code>MD5_DIGEST_SIZE</code>,
2728
3114
<code>SHA1_DIGEST_SIZE</code>, or <code>SHA256_DIGEST_SIZE</code>, respectively. The
2731
3117
</p></blockquote></div>
2732
3118
2733
3119
<div class="defun">
2734
— Function: int <b>rsa_md5_verify</b> (<var>const struct rsa_public_key *key, struct md5_ctx *hash, const mpz_t signature</var>)<var><a name="index-rsa_005fmd5_005fverify-269"></a></var><br>
2735
— Function: int <b>rsa_sha1_verify</b> (<var>const struct rsa_public_key *key, struct sha1_ctx *hash, const mpz_t signature</var>)<var><a name="index-rsa_005fsha1_005fverify-270"></a></var><br>
2736
— Function: int <b>rsa_sha256_verify</b> (<var>const struct rsa_public_key *key, struct sha256_ctx *hash, const mpz_t signature</var>)<var><a name="index-rsa_005fsha256_005fverify-271"></a></var><br>
2737
— Function: int <b>rsa_sha512_verify</b> (<var>const struct rsa_public_key *key, struct sha512_ctx *hash, const mpz_t signature</var>)<var><a name="index-rsa_005fsha512_005fverify-272"></a></var><br>
3120
— Function: int <b>rsa_md5_verify</b> (<var>const struct rsa_public_key *key, struct md5_ctx *hash, const mpz_t signature</var>)<var><a name="index-rsa_005fmd5_005fverify-310"></a></var><br>
3121
— Function: int <b>rsa_sha1_verify</b> (<var>const struct rsa_public_key *key, struct sha1_ctx *hash, const mpz_t signature</var>)<var><a name="index-rsa_005fsha1_005fverify-311"></a></var><br>
3122
— Function: int <b>rsa_sha256_verify</b> (<var>const struct rsa_public_key *key, struct sha256_ctx *hash, const mpz_t signature</var>)<var><a name="index-rsa_005fsha256_005fverify-312"></a></var><br>
3123
— Function: int <b>rsa_sha512_verify</b> (<var>const struct rsa_public_key *key, struct sha512_ctx *hash, const mpz_t signature</var>)<var><a name="index-rsa_005fsha512_005fverify-313"></a></var><br>
2738
3124
<blockquote><p>Returns 1 if the signature is valid, or 0 if it isn't. In either case,
2739
3125
the hash context is reset so that it can be used for new messages.
2740
3126
</p></blockquote></div>
2741
3127
2742
3128
<div class="defun">
2743
— Function: int <b>rsa_md5_verify_digest</b> (<var>const struct rsa_public_key *key, const uint8_t *digest, const mpz_t signature</var>)<var><a name="index-rsa_005fmd5_005fverify_005fdigest-273"></a></var><br>
2744
— Function: int <b>rsa_sha1_verify_digest</b> (<var>const struct rsa_public_key *key, const uint8_t *digest, const mpz_t signature</var>)<var><a name="index-rsa_005fsha1_005fverify_005fdigest-274"></a></var><br>
2745
— Function: int <b>rsa_sha256_verify_digest</b> (<var>const struct rsa_public_key *key, const uint8_t *digest, const mpz_t signature</var>)<var><a name="index-rsa_005fsha256_005fverify_005fdigest-275"></a></var><br>
2746
— Function: int <b>rsa_sha512_verify_digest</b> (<var>const struct rsa_public_key *key, const uint8_t *digest, const mpz_t signature</var>)<var><a name="index-rsa_005fsha512_005fverify_005fdigest-276"></a></var><br>
3129
— Function: int <b>rsa_md5_verify_digest</b> (<var>const struct rsa_public_key *key, const uint8_t *digest, const mpz_t signature</var>)<var><a name="index-rsa_005fmd5_005fverify_005fdigest-314"></a></var><br>
3130
— Function: int <b>rsa_sha1_verify_digest</b> (<var>const struct rsa_public_key *key, const uint8_t *digest, const mpz_t signature</var>)<var><a name="index-rsa_005fsha1_005fverify_005fdigest-315"></a></var><br>
3131
— Function: int <b>rsa_sha256_verify_digest</b> (<var>const struct rsa_public_key *key, const uint8_t *digest, const mpz_t signature</var>)<var><a name="index-rsa_005fsha256_005fverify_005fdigest-316"></a></var><br>
3132
— Function: int <b>rsa_sha512_verify_digest</b> (<var>const struct rsa_public_key *key, const uint8_t *digest, const mpz_t signature</var>)<var><a name="index-rsa_005fsha512_005fverify_005fdigest-317"></a></var><br>
2747
3133
<blockquote><p>Returns 1 if the signature is valid, or 0 if it isn't. <var>digest</var> should
2748
3134
point to a digest of size <code>MD5_DIGEST_SIZE</code>,
2749
3135
<code>SHA1_DIGEST_SIZE</code>, or <code>SHA256_DIGEST_SIZE</code>, respectively.
2755
3141
<acronym>CRT</acronym> optimization.
2756
3142
2757
3143
<div class="defun">
2758
— Function: void <b>rsa_compute_root</b> (<var>struct rsa_private_key *key, mpz_t x, const mpz_t m</var>)<var><a name="index-rsa_005fcompute_005froot-277"></a></var><br>
3144
— Function: void <b>rsa_compute_root</b> (<var>struct rsa_private_key *key, mpz_t x, const mpz_t m</var>)<var><a name="index-rsa_005fcompute_005froot-318"></a></var><br>
2759
3145
<blockquote><p>Computes <code>x = m^d</code>, efficiently.
2760
3146
</p></blockquote></div>
2761
3147
2762
3148
<p>At last, how do you create new keys?
2763
3149
2764
3150
<div class="defun">
2765
— Function: int <b>rsa_generate_keypair</b> (<var>struct rsa_public_key *pub, struct rsa_private_key *key, void *random_ctx, nettle_random_func random, void *progress_ctx, nettle_progress_func progress, unsigned n_size, unsigned e_size</var>)<var>;<a name="index-rsa_005fgenerate_005fkeypair-278"></a></var><br>
3151
— Function: int <b>rsa_generate_keypair</b> (<var>struct rsa_public_key *pub, struct rsa_private_key *key, void *random_ctx, nettle_random_func random, void *progress_ctx, nettle_progress_func progress, unsigned n_size, unsigned e_size</var>)<var>;<a name="index-rsa_005fgenerate_005fkeypair-319"></a></var><br>
2766
3152
<blockquote><p>There are lots of parameters. <var>pub</var> and <var>key</var> is where the
2767
3153
resulting key pair is stored. The structs should be initialized, but you
2768
3154
don't need to call <code>rsa_public_key_prepare</code> or
2797
3183
</div>
2798
3184
2799
3185
<!-- node-name, next, previous, up -->
2800
<h4 class="subsection">6.5.3 Nettle's <acronym>DSA</acronym> support</h4>
3186
<h4 class="subsection">6.6.3 <acronym>DSA</acronym></h4>
2801
3187
2802
3188
<p>The <acronym>DSA</acronym> digital signature algorithm is more complex than
2803
3189
<acronym>RSA</acronym>. It was specified during the early 1990s, and in 1994 NIST
2914
3300
<code>k</code> (and <code>r</code>) for two different message, you leak your private
2915
3301
key.
2916
3302
2917
<h4 class="subsection">6.5.4 Nettle's <acronym>DSA</acronym> support</h4>
3303
<h4 class="subsection">6.6.4 Nettle's <acronym>DSA</acronym> support</h4>
2918
3304
2919
3305
<p>Like for <acronym>RSA</acronym>, Nettle represents <acronym>DSA</acronym> keys using two
2920
3306
structures, containing values of type <code>mpz_t</code>. For information on
2926
3312
<code>rsa_public_key_prepare</code> and <code>rsa_private_key_prepare</code>.
2927
3313
2928
3314
<div class="defun">
2929
— Context struct: <b>dsa_public_key</b><var> p q g y<a name="index-dsa_005fpublic_005fkey-279"></a></var><br>
3315
— Context struct: <b>dsa_public_key</b><var> p q g y<a name="index-dsa_005fpublic_005fkey-320"></a></var><br>
2930
3316
<blockquote><p>The public parameters described above.
2931
3317
</p></blockquote></div>
2932
3318
2933
3319
<div class="defun">
2934
— Context struct: <b>dsa_private_key</b><var> x<a name="index-dsa_005fprivate_005fkey-280"></a></var><br>
3320
— Context struct: <b>dsa_private_key</b><var> x<a name="index-dsa_005fprivate_005fkey-321"></a></var><br>
2935
3321
<blockquote><p>The private key <code>x</code>.
2936
3322
</p></blockquote></div>
2937
3323
2938
3324
<p>Before use, these structs must be initialized by calling one of
2939
3325
2940
3326
<div class="defun">
2941
— Function: void <b>dsa_public_key_init</b> (<var>struct dsa_public_key *pub</var>)<var><a name="index-dsa_005fpublic_005fkey_005finit-281"></a></var><br>
2942
— Function: void <b>dsa_private_key_init</b> (<var>struct dsa_private_key *key</var>)<var><a name="index-dsa_005fprivate_005fkey_005finit-282"></a></var><br>
3327
— Function: void <b>dsa_public_key_init</b> (<var>struct dsa_public_key *pub</var>)<var><a name="index-dsa_005fpublic_005fkey_005finit-322"></a></var><br>
3328
— Function: void <b>dsa_private_key_init</b> (<var>struct dsa_private_key *key</var>)<var><a name="index-dsa_005fprivate_005fkey_005finit-323"></a></var><br>
2943
3329
<blockquote><p>Calls <code>mpz_init</code> on all numbers in the key struct.
2944
3330
</p></blockquote></div>
2945
3331
2947
3333
deallocated by calling one of
2948
3334
2949
3335
<div class="defun">
2950
— Function: void <b>dsa_public_key_clear</b> (<var>struct dsa_public_key *pub</var>)<var><a name="index-dsa_005fpublic_005fkey_005fclear-283"></a></var><br>
2951
— Function: void <b>dsa_private_key_clear</b> (<var>struct dsa_private_key *key</var>)<var><a name="index-dsa_005fprivate_005fkey_005fclear-284"></a></var><br>
3336
— Function: void <b>dsa_public_key_clear</b> (<var>struct dsa_public_key *pub</var>)<var><a name="index-dsa_005fpublic_005fkey_005fclear-324"></a></var><br>
3337
— Function: void <b>dsa_private_key_clear</b> (<var>struct dsa_private_key *key</var>)<var><a name="index-dsa_005fprivate_005fkey_005fclear-325"></a></var><br>
2952
3338
<blockquote><p>Calls <code>mpz_clear</code> on all numbers in the key struct.
2953
3339
</p></blockquote></div>
2954
3340
2956
3342
initialized and cleared in the same way as the key structs.
2957
3343
2958
3344
<div class="defun">
2959
— Context struct: <b>dsa_signature</b><var> r s<a name="index-dsa_005fsignature-285"></a></var><br>
3345
— Context struct: <b>dsa_signature</b><var> r s<a name="index-dsa_005fsignature-326"></a></var><br>
2960
3346
</div>
2961
3347
2962
3348
<div class="defun">
2963
— Function: void <b>dsa_signature_init</b> (<var>struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsignature_005finit-286"></a></var><br>
2964
— Function: void <b>dsa_signature_clear</b> (<var>struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsignature_005fclear-287"></a></var><br>
3349
— Function: void <b>dsa_signature_init</b> (<var>struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsignature_005finit-327"></a></var><br>
3350
— Function: void <b>dsa_signature_clear</b> (<var>struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsignature_005fclear-328"></a></var><br>
2965
3351
<blockquote><p>You must call <code>dsa_signature_init</code> before creating or using a
2966
3352
signature, and call <code>dsa_signature_clear</code> when you are finished
2967
3353
with it.
2976
3362
of official test vectors and interoperability testing.
2977
3363
2978
3364
<div class="defun">
2979
— Function: int <b>dsa_sha1_sign</b> (<var>const struct dsa_public_key *pub, const struct dsa_private_key *key, void *random_ctx, nettle_random_func random, struct sha1_ctx *hash, struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha1_005fsign-288"></a></var><br>
2980
— Function: int <b>dsa_sha1_sign_digest</b> (<var>const struct dsa_public_key *pub, const struct dsa_private_key *key, void *random_ctx, nettle_random_func random, const uint8_t *digest, struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha1_005fsign_005fdigest-289"></a></var><br>
2981
— Function: int <b>dsa_sha256_sign</b> (<var>const struct dsa_public_key *pub, const struct dsa_private_key *key, void *random_ctx, nettle_random_func random, struct sha256_ctx *hash, struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha256_005fsign-290"></a></var><br>
2982
— Function: int <b>dsa_sha256_sign_digest</b> (<var>const struct dsa_public_key *pub, const struct dsa_private_key *key, void *random_ctx, nettle_random_func random, const uint8_t *digest, struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha256_005fsign_005fdigest-291"></a></var><br>
3365
— Function: int <b>dsa_sha1_sign</b> (<var>const struct dsa_public_key *pub, const struct dsa_private_key *key, void *random_ctx, nettle_random_func random, struct sha1_ctx *hash, struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha1_005fsign-329"></a></var><br>
3366
— Function: int <b>dsa_sha1_sign_digest</b> (<var>const struct dsa_public_key *pub, const struct dsa_private_key *key, void *random_ctx, nettle_random_func random, const uint8_t *digest, struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha1_005fsign_005fdigest-330"></a></var><br>
3367
— Function: int <b>dsa_sha256_sign</b> (<var>const struct dsa_public_key *pub, const struct dsa_private_key *key, void *random_ctx, nettle_random_func random, struct sha256_ctx *hash, struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha256_005fsign-331"></a></var><br>
3368
— Function: int <b>dsa_sha256_sign_digest</b> (<var>const struct dsa_public_key *pub, const struct dsa_private_key *key, void *random_ctx, nettle_random_func random, const uint8_t *digest, struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha256_005fsign_005fdigest-332"></a></var><br>
2983
3369
<blockquote><p>Creates a signature from the given hash context or digest.
2984
3370
<var>random_ctx</var> and <var>random</var> is a randomness generator.
2985
3371
<code>random(random_ctx, length, dst)</code> should generate <code>length</code>
2992
3378
needed. The functions are
2993
3379
2994
3380
<div class="defun">
2995
— Function: int <b>dsa_sha1_verify</b> (<var>const struct dsa_public_key *key, struct sha1_ctx *hash, const struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha1_005fverify-292"></a></var><br>
2996
— Function: int <b>dsa_sha1_verify_digest</b> (<var>const struct dsa_public_key *key, const uint8_t *digest, const struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha1_005fverify_005fdigest-293"></a></var><br>
2997
— Function: int <b>dsa_sha256_verify</b> (<var>const struct dsa_public_key *key, struct sha256_ctx *hash, const struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha256_005fverify-294"></a></var><br>
2998
— Function: int <b>dsa_sha256_verify_digest</b> (<var>const struct dsa_public_key *key, const uint8_t *digest, const struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha256_005fverify_005fdigest-295"></a></var><br>
3381
— Function: int <b>dsa_sha1_verify</b> (<var>const struct dsa_public_key *key, struct sha1_ctx *hash, const struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha1_005fverify-333"></a></var><br>
3382
— Function: int <b>dsa_sha1_verify_digest</b> (<var>const struct dsa_public_key *key, const uint8_t *digest, const struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha1_005fverify_005fdigest-334"></a></var><br>
3383
— Function: int <b>dsa_sha256_verify</b> (<var>const struct dsa_public_key *key, struct sha256_ctx *hash, const struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha256_005fverify-335"></a></var><br>
3384
— Function: int <b>dsa_sha256_verify_digest</b> (<var>const struct dsa_public_key *key, const uint8_t *digest, const struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha256_005fverify_005fdigest-336"></a></var><br>
2999
3385
<blockquote><p>Verifies a signature. Returns 1 if the signature is valid, otherwise 0.
3000
3386
</p></blockquote></div>
3001
3387
3003
3389
<acronym>RSA</acronym> function.
3004
3390
3005
3391
<div class="defun">
3006
— Function: int <b>dsa_generate_keypair</b> (<var>struct dsa_public_key *pub, struct dsa_private_key *key, void *random_ctx, nettle_random_func random, void *progress_ctx, nettle_progress_func progress, unsigned p_bits, unsigned q_bits</var>)<var><a name="index-dsa_005fgenerate_005fkeypair-296"></a></var><br>
3392
— Function: int <b>dsa_generate_keypair</b> (<var>struct dsa_public_key *pub, struct dsa_private_key *key, void *random_ctx, nettle_random_func random, void *progress_ctx, nettle_progress_func progress, unsigned p_bits, unsigned q_bits</var>)<var><a name="index-dsa_005fgenerate_005fkeypair-337"></a></var><br>
3007
3393
<blockquote><p><var>pub</var> and <var>key</var> is where the resulting key pair is stored. The
3008
3394
structs should be initialized before you call this function.
3009
3395
3047
3433
</div>
3048
3434
3049
3435
<!-- node-name, next, previous, up -->
3050
<h3 class="section">6.6 Randomness</h3>
3436
<h3 class="section">6.7 Randomness</h3>
3051
3437
3052
<p><a name="index-Randomness-297"></a>
3438
<p><a name="index-Randomness-338"></a>
3053
3439
A crucial ingredient in many cryptographic contexts is randomness: Let
3054
3440
<code>p</code> be a random prime, choose a random initialization vector
3055
3441
<code>iv</code>, a random key <code>k</code> and a random exponent <code>e</code>, etc. In
3096
3482
the seed correctly, then the conditional entropy is more than <code>n</code>
3097
3483
bits.
3098
3484
3099
<p><a name="index-Entropy-298"></a><a name="index-Conditional-entropy-299"></a>
3485
<p><a name="index-Entropy-339"></a><a name="index-Conditional-entropy-340"></a>
3100
3486
Let's look at an example. Say information about timing of received
3101
3487
network packets is used in the seeding process. If there is some random
3102
3488
network traffic going on, this will contribute some bits of entropy or
3218
3604
3219
3605
<p>The recommended generator to use is Yarrow, described below.
3220
3606
3221
<h4 class="subsection">6.6.1 Yarrow</h4>
3607
<h4 class="subsection">6.7.1 Yarrow</h4>
3222
3608
3223
3609
<p>Yarrow is a family of pseudo-randomness generators, designed for
3224
3610
cryptographic use, by John Kelsey, Bruce Schneier and Niels Ferguson.
3258
3644
<p>Nettle defines Yarrow-256 in <samp><span class="file"><nettle/yarrow.h></span></samp>.
3259
3645
3260
3646
<div class="defun">
3261
— Context struct: <b>struct yarrow256_ctx</b><var><a name="index-struct-yarrow256_005fctx-300"></a></var><br>
3647
— Context struct: <b>struct yarrow256_ctx</b><var><a name="index-struct-yarrow256_005fctx-341"></a></var><br>
3262
3648
</div>
3263
3649
3264
3650
<div class="defun">
3265
— Context struct: <b>struct yarrow_source</b><var><a name="index-struct-yarrow_005fsource-301"></a></var><br>
3651
— Context struct: <b>struct yarrow_source</b><var><a name="index-struct-yarrow_005fsource-342"></a></var><br>
3266
3652
<blockquote><p>Information about a single source.
3267
3653
</p></blockquote></div>
3268
3654
3269
3655
<div class="defun">
3270
— Constant: <b>YARROW256_SEED_FILE_SIZE</b><var><a name="index-YARROW256_005fSEED_005fFILE_005fSIZE-302"></a></var><br>
3656
— Constant: <b>YARROW256_SEED_FILE_SIZE</b><var><a name="index-YARROW256_005fSEED_005fFILE_005fSIZE-343"></a></var><br>
3271
3657
<blockquote><p>Recommanded size of the Yarrow-256 seed file.
3272
3658
</p></blockquote></div>
3273
3659
3274
3660
<div class="defun">
3275
— Function: void <b>yarrow256_init</b> (<var>struct yarrow256_ctx *ctx, unsigned nsources, struct yarrow_source *sources</var>)<var><a name="index-yarrow256_005finit-303"></a></var><br>
3661
— Function: void <b>yarrow256_init</b> (<var>struct yarrow256_ctx *ctx, unsigned nsources, struct yarrow_source *sources</var>)<var><a name="index-yarrow256_005finit-344"></a></var><br>
3276
3662
<blockquote><p>Initializes the yarrow context, and its <var>nsources</var> sources. It's
3277
3663
possible to call it with <var>nsources</var>=0 and <var>sources</var>=NULL, if
3278
3664
you don't need the update features.
3279
3665
</p></blockquote></div>
3280
3666
3281
3667
<div class="defun">
3282
— Function: void <b>yarrow256_seed</b> (<var>struct yarrow256_ctx *ctx, unsigned length, uint8_t *seed_file</var>)<var><a name="index-yarrow256_005fseed-304"></a></var><br>
3668
— Function: void <b>yarrow256_seed</b> (<var>struct yarrow256_ctx *ctx, unsigned length, uint8_t *seed_file</var>)<var><a name="index-yarrow256_005fseed-345"></a></var><br>
3283
3669
<blockquote><p>Seeds Yarrow-256 from a previous seed file. <var>length</var> should be at least
3284
3670
<code>YARROW256_SEED_FILE_SIZE</code>, but it can be larger.
3285
3671
3291
3677
</p></blockquote></div>
3292
3678
3293
3679
<div class="defun">
3294
— Function: int <b>yarrow256_update</b> (<var>struct yarrow256_ctx *ctx, unsigned source, unsigned entropy, unsigned length, const uint8_t *data</var>)<var><a name="index-yarrow256_005fupdate-305"></a></var><br>
3680
— Function: int <b>yarrow256_update</b> (<var>struct yarrow256_ctx *ctx, unsigned source, unsigned entropy, unsigned length, const uint8_t *data</var>)<var><a name="index-yarrow256_005fupdate-346"></a></var><br>
3295
3681
<blockquote><p>Updates the generator with data from source <var>SOURCE</var> (an index that
3296
3682
must be smaller than the number of sources). <var>entropy</var> is your
3297
3683
estimated lower bound for the entropy in the data, measured in bits.
3305
3691
</p></blockquote></div>
3306
3692
3307
3693
<div class="defun">
3308
— Function: void <b>yarrow256_random</b> (<var>struct yarrow256_ctx *ctx, unsigned length, uint8_t *dst</var>)<var><a name="index-yarrow256_005frandom-306"></a></var><br>
3694
— Function: void <b>yarrow256_random</b> (<var>struct yarrow256_ctx *ctx, unsigned length, uint8_t *dst</var>)<var><a name="index-yarrow256_005frandom-347"></a></var><br>
3309
3695
<blockquote><p>Generates <var>length</var> octets of output. The generator must be seeded
3310
3696
before you call this function.
3311
3697
3316
3702
</p></blockquote></div>
3317
3703
3318
3704
<div class="defun">
3319
— Function: int <b>yarrow256_is_seeded</b> (<var>struct yarrow256_ctx *ctx</var>)<var><a name="index-yarrow256_005fis_005fseeded-307"></a></var><br>
3705
— Function: int <b>yarrow256_is_seeded</b> (<var>struct yarrow256_ctx *ctx</var>)<var><a name="index-yarrow256_005fis_005fseeded-348"></a></var><br>
3320
3706
<blockquote><p>Returns 1 if the generator is seeded and ready to generate output,
3321
3707
otherwise 0.
3322
3708
</p></blockquote></div>
3323
3709
3324
3710
<div class="defun">
3325
— Function: unsigned <b>yarrow256_needed_sources</b> (<var>struct yarrow256_ctx *ctx</var>)<var><a name="index-yarrow256_005fneeded_005fsources-308"></a></var><br>
3711
— Function: unsigned <b>yarrow256_needed_sources</b> (<var>struct yarrow256_ctx *ctx</var>)<var><a name="index-yarrow256_005fneeded_005fsources-349"></a></var><br>
3326
3712
<blockquote><p>Returns the number of sources that must reach the threshold before a
3327
3713
slow reseed will happen. Useful primarily when the generator is unseeded.
3328
3714
</p></blockquote></div>
3329
3715
3330
3716
<div class="defun">
3331
— Function: void <b>yarrow256_fast_reseed</b> (<var>struct yarrow256_ctx *ctx</var>)<var><a name="index-yarrow256_005ffast_005freseed-309"></a></var><br>
3332
— Function: void <b>yarrow256_slow_reseed</b> (<var>struct yarrow256_ctx *ctx</var>)<var><a name="index-yarrow256_005fslow_005freseed-310"></a></var><br>
3717
— Function: void <b>yarrow256_fast_reseed</b> (<var>struct yarrow256_ctx *ctx</var>)<var><a name="index-yarrow256_005ffast_005freseed-350"></a></var><br>
3718
— Function: void <b>yarrow256_slow_reseed</b> (<var>struct yarrow256_ctx *ctx</var>)<var><a name="index-yarrow256_005fslow_005freseed-351"></a></var><br>
3333
3719
<blockquote><p>Causes a fast or slow reseed to take place immediately, regardless of the
3334
3720
current entropy estimates of the two pools. Use with care.
3335
3721
</p></blockquote></div>
3338
3724
keyboard input.
3339
3725
3340
3726
<div class="defun">
3341
— Context struct: <b>struct yarrow_key_event_ctx</b><var><a name="index-struct-yarrow_005fkey_005fevent_005fctx-311"></a></var><br>
3727
— Context struct: <b>struct yarrow_key_event_ctx</b><var><a name="index-struct-yarrow_005fkey_005fevent_005fctx-352"></a></var><br>
3342
3728
<blockquote><p>Information about recent key events.
3343
3729
</p></blockquote></div>
3344
3730
3345
3731
<div class="defun">
3346
— Function: void <b>yarrow_key_event_init</b> (<var>struct yarrow_key_event_ctx *ctx</var>)<var><a name="index-yarrow_005fkey_005fevent_005finit-312"></a></var><br>
3732
— Function: void <b>yarrow_key_event_init</b> (<var>struct yarrow_key_event_ctx *ctx</var>)<var><a name="index-yarrow_005fkey_005fevent_005finit-353"></a></var><br>
3347
3733
<blockquote><p>Initializes the context.
3348
3734
</p></blockquote></div>
3349
3735
3350
3736
<div class="defun">
3351
— Function: unsigned <b>yarrow_key_event_estimate</b> (<var>struct yarrow_key_event_ctx *ctx, unsigned key, unsigned time</var>)<var><a name="index-yarrow_005fkey_005fevent_005festimate-313"></a></var><br>
3737
— Function: unsigned <b>yarrow_key_event_estimate</b> (<var>struct yarrow_key_event_ctx *ctx, unsigned key, unsigned time</var>)<var><a name="index-yarrow_005fkey_005fevent_005festimate-354"></a></var><br>
3352
3738
<blockquote><p><var>key</var> is the id of the key (ASCII value, hardware key code, X
3353
3739
keysym, <small class="dots">...</small>, it doesn't matter), and <var>time</var> is the timestamp of
3354
3740
the event. The time must be given in units matching the resolution by
3372
3758
</div>
3373
3759
3374
3760
<!-- node-name, next, previous, up -->
3375
<h3 class="section">6.7 Ascii encoding</h3>
3761
<h3 class="section">6.8 Ascii encoding</h3>
3376
3762
3377
3763
<p>Encryption will transform your data from text into binary format, and that
3378
3764
may be a problem if you want, for example, to send the data as if it was
3406
3792
They are defined in <samp><span class="file"><nettle/base64.h></span></samp>.
3407
3793
3408
3794
<div class="defun">
3409
— Context struct: <b>struct base64_encode_ctx</b><var><a name="index-struct-base64_005fencode_005fctx-314"></a></var><br>
3795
— Context struct: <b>struct base64_encode_ctx</b><var><a name="index-struct-base64_005fencode_005fctx-355"></a></var><br>
3410
3796
</div>
3411
3797
3412
3798
<div class="defun">
3413
— Function: void <b>base64_encode_init</b> (<var>struct base64_encode_ctx *ctx</var>)<var><a name="index-base64_005fencode_005finit-315"></a></var><br>
3799
— Function: void <b>base64_encode_init</b> (<var>struct base64_encode_ctx *ctx</var>)<var><a name="index-base64_005fencode_005finit-356"></a></var><br>
3414
3800
<blockquote><p>Initializes a base64 context. This is necessary before starting an encoding
3415
3801
session.
3416
3802
</p></blockquote></div>
3417
3803
3418
3804
<div class="defun">
3419
— Function: unsigned <b>base64_encode_single</b> (<var>struct base64_encode_ctx *ctx, uint8_t *dst, uint8_t src</var>)<var><a name="index-base64_005fencode_005fsingle-316"></a></var><br>
3805
— Function: unsigned <b>base64_encode_single</b> (<var>struct base64_encode_ctx *ctx, uint8_t *dst, uint8_t src</var>)<var><a name="index-base64_005fencode_005fsingle-357"></a></var><br>
3420
3806
<blockquote><p>Encodes a single byte. Returns amount of output (always 1 or 2).
3421
3807
</p></blockquote></div>
3422
3808
3423
3809
<div class="defun">
3424
— Macro: <b>BASE64_ENCODE_LENGTH</b> (<var>length</var>)<var><a name="index-BASE64_005fENCODE_005fLENGTH-317"></a></var><br>
3810
— Macro: <b>BASE64_ENCODE_LENGTH</b> (<var>length</var>)<var><a name="index-BASE64_005fENCODE_005fLENGTH-358"></a></var><br>
3425
3811
<blockquote><p>The maximum number of output bytes when passing <var>length</var> input bytes
3426
3812
to <code>base64_encode_update</code>.
3427
3813
</p></blockquote></div>
3428
3814
3429
3815
<div class="defun">
3430
— Function: unsigned <b>base64_encode_update</b> (<var>struct base64_encode_ctx *ctx, uint8_t *dst, unsigned length, const uint8_t *src</var>)<var><a name="index-base64_005fencode_005fupdate-318"></a></var><br>
3816
— Function: unsigned <b>base64_encode_update</b> (<var>struct base64_encode_ctx *ctx, uint8_t *dst, unsigned length, const uint8_t *src</var>)<var><a name="index-base64_005fencode_005fupdate-359"></a></var><br>
3431
3817
<blockquote><p>After <var>ctx</var> is initialized, this function may be called to encode <var>length</var>
3432
3818
bytes from <var>src</var>. The result will be placed in <var>dst</var>, and the return value
3433
3819
will be the number of bytes generated. Note that <var>dst</var> must be at least of size
3435
3821
</p></blockquote></div>
3436
3822
3437
3823
<div class="defun">
3438
— Constant: <b>BASE64_ENCODE_FINAL_LENGTH</b><var><a name="index-BASE64_005fENCODE_005fFINAL_005fLENGTH-319"></a></var><br>
3824
— Constant: <b>BASE64_ENCODE_FINAL_LENGTH</b><var><a name="index-BASE64_005fENCODE_005fFINAL_005fLENGTH-360"></a></var><br>
3439
3825
<blockquote><p>The maximum amount of output from <code>base64_encode_final</code>.
3440
3826
</p></blockquote></div>
3441
3827
3442
3828
<div class="defun">
3443
— Function: unsigned <b>base64_encode_final</b> (<var>struct base64_encode_ctx *ctx, uint8_t *dst</var>)<var><a name="index-base64_005fencode_005ffinal-320"></a></var><br>
3829
— Function: unsigned <b>base64_encode_final</b> (<var>struct base64_encode_ctx *ctx, uint8_t *dst</var>)<var><a name="index-base64_005fencode_005ffinal-361"></a></var><br>
3444
3830
<blockquote><p>After calling base64_encode_update one or more times, this function
3445
3831
should be called to generate the final output bytes, including any
3446
3832
needed paddding. The return value is the number of output bytes
3448
3834
</p></blockquote></div>
3449
3835
3450
3836
<div class="defun">
3451
— Context struct: <b>struct base64_decode_ctx</b><var><a name="index-struct-base64_005fdecode_005fctx-321"></a></var><br>
3837
— Context struct: <b>struct base64_decode_ctx</b><var><a name="index-struct-base64_005fdecode_005fctx-362"></a></var><br>
3452
3838
</div>
3453
3839
3454
3840
<div class="defun">
3455
— Function: void <b>base64_decode_init</b> (<var>struct base64_decode_ctx *ctx</var>)<var><a name="index-base64_005fdecode_005finit-322"></a></var><br>
3841
— Function: void <b>base64_decode_init</b> (<var>struct base64_decode_ctx *ctx</var>)<var><a name="index-base64_005fdecode_005finit-363"></a></var><br>
3456
3842
<blockquote><p>Initializes a base64 decoding context. This is necessary before starting a decoding
3457
3843
session.
3458
3844
</p></blockquote></div>
3459
3845
3460
3846
<div class="defun">
3461
— Function: int <b>base64_decode_single</b> (<var>struct base64_decode_ctx *ctx, uint8_t *dst, uint8_t src</var>)<var><a name="index-base64_005fdecode_005fsingle-323"></a></var><br>
3847
— Function: int <b>base64_decode_single</b> (<var>struct base64_decode_ctx *ctx, uint8_t *dst, uint8_t src</var>)<var><a name="index-base64_005fdecode_005fsingle-364"></a></var><br>
3462
3848
<blockquote><p>Decodes a single byte (<var>src</var>) and stores the result in <var>dst</var>.
3463
3849
Returns amount of output (0 or 1), or -1 on errors.
3464
3850
</p></blockquote></div>
3465
3851
3466
3852
<div class="defun">
3467
— Macro: <b>BASE64_DECODE_LENGTH</b> (<var>length</var>)<var><a name="index-BASE64_005fDECODE_005fLENGTH-324"></a></var><br>
3853
— Macro: <b>BASE64_DECODE_LENGTH</b> (<var>length</var>)<var><a name="index-BASE64_005fDECODE_005fLENGTH-365"></a></var><br>
3468
3854
<blockquote><p>The maximum number of output bytes when passing <var>length</var> input bytes
3469
3855
to <code>base64_decode_update</code>.
3470
3856
</p></blockquote></div>
3471
3857
3472
3858
<div class="defun">
3473
— Function: void <b>base64_decode_update</b> (<var>struct base64_decode_ctx *ctx, unsigned *dst_length, uint8_t *dst, unsigned src_length, const uint8_t *src</var>)<var><a name="index-base64_005fdecode_005fupdate-325"></a></var><br>
3859
— Function: void <b>base64_decode_update</b> (<var>struct base64_decode_ctx *ctx, unsigned *dst_length, uint8_t *dst, unsigned src_length, const uint8_t *src</var>)<var><a name="index-base64_005fdecode_005fupdate-366"></a></var><br>
3474
3860
<blockquote><p>After <var>ctx</var> is initialized, this function may be called to decode <var>src_length</var>
3475
3861
bytes from <var>src</var>. <var>dst</var> should point to an area of size at least
3476
3862
BASE64_DECODE_LENGTH(<var>length</var>), and for sanity checking, <var>dst_length</var>
3480
3866
</p></blockquote></div>
3481
3867
3482
3868
<div class="defun">
3483
— Function: int <b>base64_decode_final</b> (<var>struct base64_decode_ctx *ctx</var>)<var><a name="index-base64_005fdecode_005ffinal-326"></a></var><br>
3869
— Function: int <b>base64_decode_final</b> (<var>struct base64_decode_ctx *ctx</var>)<var><a name="index-base64_005fdecode_005ffinal-367"></a></var><br>
3484
3870
<blockquote><p>Check that final padding is correct. Returns 1 on success, and 0 on
3485
3871
error.
3486
3872
</p></blockquote></div>
3490
3876
necessary for doing base16 encoding.
3491
3877
3492
3878
<div class="defun">
3493
— Function: void <b>base16_encode_single</b> (<var>uint8_t *dst, uint8_t src</var>)<var><a name="index-base16_005fencode_005fsingle-327"></a></var><br>
3879
— Function: void <b>base16_encode_single</b> (<var>uint8_t *dst, uint8_t src</var>)<var><a name="index-base16_005fencode_005fsingle-368"></a></var><br>
3494
3880
<blockquote><p>Encodes a single byte. Always stores two digits in <var>dst</var>[0] and <var>dst</var>[1].
3495
3881
</p></blockquote></div>
3496
3882
3497
3883
<div class="defun">
3498
— Macro: <b>BASE16_ENCODE_LENGTH</b> (<var>length</var>)<var><a name="index-BASE16_005fENCODE_005fLENGTH-328"></a></var><br>
3884
— Macro: <b>BASE16_ENCODE_LENGTH</b> (<var>length</var>)<var><a name="index-BASE16_005fENCODE_005fLENGTH-369"></a></var><br>
3499
3885
<blockquote><p>The number of output bytes when passing <var>length</var> input bytes to
3500
3886
<code>base16_encode_update</code>.
3501
3887
</p></blockquote></div>
3502
3888
3503
3889
<div class="defun">
3504
— Function: void <b>base16_encode_update</b> (<var>uint8_t *dst, unsigned length, const uint8_t *src</var>)<var><a name="index-base16_005fencode_005fupdate-329"></a></var><br>
3890
— Function: void <b>base16_encode_update</b> (<var>uint8_t *dst, unsigned length, const uint8_t *src</var>)<var><a name="index-base16_005fencode_005fupdate-370"></a></var><br>
3505
3891
<blockquote><p>Always stores BASE16_ENCODE_LENGTH(<var>length</var>) digits in <var>dst</var>.
3506
3892
</p></blockquote></div>
3507
3893
3508
3894
<div class="defun">
3509
— Context struct: <b>struct base16_decode_ctx</b><var><a name="index-struct-base16_005fdecode_005fctx-330"></a></var><br>
3895
— Context struct: <b>struct base16_decode_ctx</b><var><a name="index-struct-base16_005fdecode_005fctx-371"></a></var><br>
3510
3896
</div>
3511
3897
3512
3898
<div class="defun">
3513
— Function: void <b>base16_decode_init</b> (<var>struct base16_decode_ctx *ctx</var>)<var><a name="index-base16_005fdecode_005finit-331"></a></var><br>
3899
— Function: void <b>base16_decode_init</b> (<var>struct base16_decode_ctx *ctx</var>)<var><a name="index-base16_005fdecode_005finit-372"></a></var><br>
3514
3900
<blockquote><p>Initializes a base16 decoding context. This is necessary before starting a decoding
3515
3901
session.
3516
3902
</p></blockquote></div>
3517
3903
3518
3904
<div class="defun">
3519
— Function: int <b>base16_decode_single</b> (<var>struct base16_decode_ctx *ctx, uint8_t *dst, uint8_t src</var>)<var><a name="index-base16_005fdecode_005fsingle-332"></a></var><br>
3905
— Function: int <b>base16_decode_single</b> (<var>struct base16_decode_ctx *ctx, uint8_t *dst, uint8_t src</var>)<var><a name="index-base16_005fdecode_005fsingle-373"></a></var><br>
3520
3906
<blockquote><p>Decodes a single byte from <var>src</var> into <var>dst</var>. Returns amount of output (0 or 1), or -1 on errors.
3521
3907
</p></blockquote></div>
3522
3908
3523
3909
<div class="defun">
3524
— Macro: <b>BASE16_DECODE_LENGTH</b> (<var>length</var>)<var><a name="index-BASE16_005fDECODE_005fLENGTH-333"></a></var><br>
3910
— Macro: <b>BASE16_DECODE_LENGTH</b> (<var>length</var>)<var><a name="index-BASE16_005fDECODE_005fLENGTH-374"></a></var><br>
3525
3911
<blockquote><p>The maximum number of output bytes when passing <var>length</var> input bytes
3526
3912
to <code>base16_decode_update</code>.
3527
3913
</p></blockquote></div>
3528
3914
3529
3915
<div class="defun">
3530
— Function: int <b>base16_decode_update</b> (<var>struct base16_decode_ctx *ctx, unsigned *dst_length, uint8_t *dst, unsigned src_length, const uint8_t *src</var>)<var><a name="index-base16_005fdecode_005fupdate-334"></a></var><br>
3916
— Function: int <b>base16_decode_update</b> (<var>struct base16_decode_ctx *ctx, unsigned *dst_length, uint8_t *dst, unsigned src_length, const uint8_t *src</var>)<var><a name="index-base16_005fdecode_005fupdate-375"></a></var><br>
3531
3917
<blockquote><p>After <var>ctx</var> is initialized, this function may be called to decode <var>src_length</var>
3532
3918
bytes from <var>src</var>. <var>dst</var> should point to an area of size at least
3533
3919
BASE16_DECODE_LENGTH(<var>length</var>), and for sanity checking, <var>dst_length</var>
3537
3923
</p></blockquote></div>
3538
3924
3539
3925
<div class="defun">
3540
— Function: int <b>base16_decode_final</b> (<var>struct base16_decode_ctx *ctx</var>)<var><a name="index-base16_005fdecode_005ffinal-335"></a></var><br>
3926
— Function: int <b>base16_decode_final</b> (<var>struct base16_decode_ctx *ctx</var>)<var><a name="index-base16_005fdecode_005ffinal-376"></a></var><br>
3541
3927
<blockquote><p>Checks that the end of data is correct (i.e., an even number of
3542
3928
hexadecimal digits have been seen). Returns 1 on success, and 0 on
3543
3929
error.
3553
3939
</div>
3554
3940
3555
3941
<!-- node-name, next, previous, up -->
3556
<h3 class="section">6.8 Miscellaneous functions</h3>
3942
<h3 class="section">6.9 Miscellaneous functions</h3>
3557
3943
3558
3944
<div class="defun">
3559
— Function: uint8_t * <b>memxor</b> (<var>uint8_t *dst, const uint8_t *src, size_t n</var>)<var><a name="index-memxor-336"></a></var><br>
3945
— Function: uint8_t * <b>memxor</b> (<var>uint8_t *dst, const uint8_t *src, size_t n</var>)<var><a name="index-memxor-377"></a></var><br>
3560
3946
<blockquote><p>XORs the source area on top of the destination area. The interface
3561
3947
doesn't follow the Nettle conventions, because it is intended to be
3562
3948
similar to the ANSI-C <code>memcpy</code> function.
3573
3959
</div>
3574
3960
3575
3961
<!-- node-name, next, previous, up -->
3576
<h3 class="section">6.9 Compatibility functions</h3>
3962
<h3 class="section">6.10 Compatibility functions</h3>
3577
3963
3578
3964
<p>For convenience, Nettle includes alternative interfaces to some
3579
3965
algorithms, for compatibility with some other popular crypto toolkits.
3678
4064
<h2 class="unnumbered">Function and Concept Index</h2>
3679
4065
3680
4066
<ul class="index-cp" compact>
3681
<li><a href="#index-aes_005fdecrypt-81"><code>aes_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3682
<li><a href="#index-aes_005fencrypt-80"><code>aes_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3683
<li><a href="#index-aes_005finvert_005fkey-79"><code>aes_invert_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3684
<li><a href="#index-aes_005fset_005fdecrypt_005fkey-78"><code>aes_set_decrypt_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3685
<li><a href="#index-aes_005fset_005fencrypt_005fkey-77"><code>aes_set_encrypt_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3686
<li><a href="#index-arcfour_005fcrypt-87"><code>arcfour_crypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3687
<li><a href="#index-arcfour_005fset_005fkey-86"><code>arcfour_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3688
<li><a href="#index-arctwo_005fdecrypt-97"><code>arctwo_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3689
<li><a href="#index-arctwo_005fencrypt-96"><code>arctwo_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3690
<li><a href="#index-arctwo_005fset_005fkey-94"><code>arctwo_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3691
<li><a href="#index-arctwo_005fset_005fkey_005fekb-93"><code>arctwo_set_key_ekb</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3692
<li><a href="#index-arctwo_005fset_005fkey_005fgutmann-95"><code>arctwo_set_key_gutmann</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3693
<li><a href="#index-base16_005fdecode_005ffinal-335"><code>base16_decode_final</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
3694
<li><a href="#index-base16_005fdecode_005finit-331"><code>base16_decode_init</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
3695
<li><a href="#index-BASE16_005fDECODE_005fLENGTH-333"><code>BASE16_DECODE_LENGTH</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
3696
<li><a href="#index-base16_005fdecode_005fsingle-332"><code>base16_decode_single</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
3697
<li><a href="#index-base16_005fdecode_005fupdate-334"><code>base16_decode_update</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
3698
<li><a href="#index-BASE16_005fENCODE_005fLENGTH-328"><code>BASE16_ENCODE_LENGTH</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
3699
<li><a href="#index-base16_005fencode_005fsingle-327"><code>base16_encode_single</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
3700
<li><a href="#index-base16_005fencode_005fupdate-329"><code>base16_encode_update</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
3701
<li><a href="#index-base64_005fdecode_005ffinal-326"><code>base64_decode_final</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
3702
<li><a href="#index-base64_005fdecode_005finit-322"><code>base64_decode_init</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
3703
<li><a href="#index-BASE64_005fDECODE_005fLENGTH-324"><code>BASE64_DECODE_LENGTH</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
3704
<li><a href="#index-base64_005fdecode_005fsingle-323"><code>base64_decode_single</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
3705
<li><a href="#index-base64_005fdecode_005fupdate-325"><code>base64_decode_update</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
3706
<li><a href="#index-base64_005fencode_005ffinal-320"><code>base64_encode_final</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
3707
<li><a href="#index-base64_005fencode_005finit-315"><code>base64_encode_init</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
3708
<li><a href="#index-BASE64_005fENCODE_005fLENGTH-317"><code>BASE64_ENCODE_LENGTH</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
3709
<li><a href="#index-base64_005fencode_005fsingle-316"><code>base64_encode_single</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
3710
<li><a href="#index-base64_005fencode_005fupdate-318"><code>base64_encode_update</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
3711
<li><a href="#index-Block-Cipher-70">Block Cipher</a>: <a href="#Cipher-functions">Cipher functions</a></li>
3712
<li><a href="#index-blowfish_005fdecrypt-105"><code>blowfish_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3713
<li><a href="#index-blowfish_005fencrypt-104"><code>blowfish_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3714
<li><a href="#index-blowfish_005fset_005fkey-103"><code>blowfish_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3715
<li><a href="#index-camellia_005fcrypt-114"><code>camellia_crypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3716
<li><a href="#index-camellia_005finvert_005fkey-113"><code>camellia_invert_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3717
<li><a href="#index-camellia_005fset_005fdecrypt_005fkey-112"><code>camellia_set_decrypt_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3718
<li><a href="#index-camellia_005fset_005fencrypt_005fkey-111"><code>camellia_set_encrypt_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3719
<li><a href="#index-cast128_005fdecrypt-122"><code>cast128_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3720
<li><a href="#index-cast128_005fencrypt-121"><code>cast128_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3721
<li><a href="#index-cast128_005fset_005fkey-120"><code>cast128_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3722
<li><a href="#index-CBC-Mode-183">CBC Mode</a>: <a href="#CBC">CBC</a></li>
3723
<li><a href="#index-CBC_005fCTX-186"><code>CBC_CTX</code></a>: <a href="#CBC">CBC</a></li>
3724
<li><a href="#index-CBC_005fDECRYPT-189"><code>CBC_DECRYPT</code></a>: <a href="#CBC">CBC</a></li>
3725
<li><a href="#index-cbc_005fdecrypt-185"><code>cbc_decrypt</code></a>: <a href="#CBC">CBC</a></li>
3726
<li><a href="#index-CBC_005fENCRYPT-188"><code>CBC_ENCRYPT</code></a>: <a href="#CBC">CBC</a></li>
3727
<li><a href="#index-cbc_005fencrypt-184"><code>cbc_encrypt</code></a>: <a href="#CBC">CBC</a></li>
3728
<li><a href="#index-CBC_005fSET_005fIV-187"><code>CBC_SET_IV</code></a>: <a href="#CBC">CBC</a></li>
3729
<li><a href="#index-Cipher-69">Cipher</a>: <a href="#Cipher-functions">Cipher functions</a></li>
3730
<li><a href="#index-Cipher-Block-Chaining-182">Cipher Block Chaining</a>: <a href="#CBC">CBC</a></li>
4067
<li><a href="#index-aes_005fdecrypt-113"><code>aes_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4068
<li><a href="#index-aes_005fencrypt-112"><code>aes_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4069
<li><a href="#index-aes_005finvert_005fkey-111"><code>aes_invert_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4070
<li><a href="#index-aes_005fset_005fdecrypt_005fkey-110"><code>aes_set_decrypt_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4071
<li><a href="#index-aes_005fset_005fencrypt_005fkey-109"><code>aes_set_encrypt_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4072
<li><a href="#index-arcfour_005fcrypt-119"><code>arcfour_crypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4073
<li><a href="#index-arcfour_005fset_005fkey-118"><code>arcfour_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4074
<li><a href="#index-arctwo_005fdecrypt-129"><code>arctwo_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4075
<li><a href="#index-arctwo_005fencrypt-128"><code>arctwo_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4076
<li><a href="#index-arctwo_005fset_005fkey-126"><code>arctwo_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4077
<li><a href="#index-arctwo_005fset_005fkey_005fekb-125"><code>arctwo_set_key_ekb</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4078
<li><a href="#index-arctwo_005fset_005fkey_005fgutmann-127"><code>arctwo_set_key_gutmann</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4079
<li><a href="#index-base16_005fdecode_005ffinal-376"><code>base16_decode_final</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
4080
<li><a href="#index-base16_005fdecode_005finit-372"><code>base16_decode_init</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
4081
<li><a href="#index-BASE16_005fDECODE_005fLENGTH-374"><code>BASE16_DECODE_LENGTH</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
4082
<li><a href="#index-base16_005fdecode_005fsingle-373"><code>base16_decode_single</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
4083
<li><a href="#index-base16_005fdecode_005fupdate-375"><code>base16_decode_update</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
4084
<li><a href="#index-BASE16_005fENCODE_005fLENGTH-369"><code>BASE16_ENCODE_LENGTH</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
4085
<li><a href="#index-base16_005fencode_005fsingle-368"><code>base16_encode_single</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
4086
<li><a href="#index-base16_005fencode_005fupdate-370"><code>base16_encode_update</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
4087
<li><a href="#index-base64_005fdecode_005ffinal-367"><code>base64_decode_final</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
4088
<li><a href="#index-base64_005fdecode_005finit-363"><code>base64_decode_init</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
4089
<li><a href="#index-BASE64_005fDECODE_005fLENGTH-365"><code>BASE64_DECODE_LENGTH</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
4090
<li><a href="#index-base64_005fdecode_005fsingle-364"><code>base64_decode_single</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
4091
<li><a href="#index-base64_005fdecode_005fupdate-366"><code>base64_decode_update</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
4092
<li><a href="#index-base64_005fencode_005ffinal-361"><code>base64_encode_final</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
4093
<li><a href="#index-base64_005fencode_005finit-356"><code>base64_encode_init</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
4094
<li><a href="#index-BASE64_005fENCODE_005fLENGTH-358"><code>BASE64_ENCODE_LENGTH</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
4095
<li><a href="#index-base64_005fencode_005fsingle-357"><code>base64_encode_single</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
4096
<li><a href="#index-base64_005fencode_005fupdate-359"><code>base64_encode_update</code></a>: <a href="#Ascii-encoding">Ascii encoding</a></li>
4097
<li><a href="#index-Block-Cipher-102">Block Cipher</a>: <a href="#Cipher-functions">Cipher functions</a></li>
4098
<li><a href="#index-blowfish_005fdecrypt-137"><code>blowfish_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4099
<li><a href="#index-blowfish_005fencrypt-136"><code>blowfish_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4100
<li><a href="#index-blowfish_005fset_005fkey-135"><code>blowfish_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4101
<li><a href="#index-camellia_005fcrypt-146"><code>camellia_crypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4102
<li><a href="#index-camellia_005finvert_005fkey-145"><code>camellia_invert_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4103
<li><a href="#index-camellia_005fset_005fdecrypt_005fkey-144"><code>camellia_set_decrypt_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4104
<li><a href="#index-camellia_005fset_005fencrypt_005fkey-143"><code>camellia_set_encrypt_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4105
<li><a href="#index-cast128_005fdecrypt-154"><code>cast128_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4106
<li><a href="#index-cast128_005fencrypt-153"><code>cast128_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4107
<li><a href="#index-cast128_005fset_005fkey-152"><code>cast128_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4108
<li><a href="#index-CBC-Mode-215">CBC Mode</a>: <a href="#CBC">CBC</a></li>
4109
<li><a href="#index-CBC_005fCTX-218"><code>CBC_CTX</code></a>: <a href="#CBC">CBC</a></li>
4110
<li><a href="#index-CBC_005fDECRYPT-221"><code>CBC_DECRYPT</code></a>: <a href="#CBC">CBC</a></li>
4111
<li><a href="#index-cbc_005fdecrypt-217"><code>cbc_decrypt</code></a>: <a href="#CBC">CBC</a></li>
4112
<li><a href="#index-CBC_005fENCRYPT-220"><code>CBC_ENCRYPT</code></a>: <a href="#CBC">CBC</a></li>
4113
<li><a href="#index-cbc_005fencrypt-216"><code>cbc_encrypt</code></a>: <a href="#CBC">CBC</a></li>
4114
<li><a href="#index-CBC_005fSET_005fIV-219"><code>CBC_SET_IV</code></a>: <a href="#CBC">CBC</a></li>
4115
<li><a href="#index-Cipher-101">Cipher</a>: <a href="#Cipher-functions">Cipher functions</a></li>
4116
<li><a href="#index-Cipher-Block-Chaining-214">Cipher Block Chaining</a>: <a href="#CBC">CBC</a></li>
3731
4117
<li><a href="#index-Collision_002dresistant-3">Collision-resistant</a>: <a href="#Hash-functions">Hash functions</a></li>
3732
<li><a href="#index-Conditional-entropy-299">Conditional entropy</a>: <a href="#Randomness">Randomness</a></li>
3733
<li><a href="#index-Counter-Mode-190">Counter Mode</a>: <a href="#CTR">CTR</a></li>
3734
<li><a href="#index-CTR-Mode-191">CTR Mode</a>: <a href="#CTR">CTR</a></li>
3735
<li><a href="#index-CTR_005fCRYPT-195"><code>CTR_CRYPT</code></a>: <a href="#CTR">CTR</a></li>
3736
<li><a href="#index-ctr_005fcrypt-192"><code>ctr_crypt</code></a>: <a href="#CTR">CTR</a></li>
3737
<li><a href="#index-CTR_005fCTX-193"><code>CTR_CTX</code></a>: <a href="#CTR">CTR</a></li>
3738
<li><a href="#index-CTR_005fSET_005fCOUNTER-194"><code>CTR_SET_COUNTER</code></a>: <a href="#CTR">CTR</a></li>
3739
<li><a href="#index-des3_005fdecrypt-136"><code>des3_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3740
<li><a href="#index-des3_005fencrypt-135"><code>des3_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3741
<li><a href="#index-des3_005fset_005fkey-134"><code>des3_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3742
<li><a href="#index-des_005fcheck_005fparity-129"><code>des_check_parity</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3743
<li><a href="#index-des_005fdecrypt-128"><code>des_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3744
<li><a href="#index-des_005fencrypt-127"><code>des_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3745
<li><a href="#index-des_005ffix_005fparity-130"><code>des_fix_parity</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3746
<li><a href="#index-des_005fset_005fkey-126"><code>des_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3747
<li><a href="#index-dsa_005fgenerate_005fkeypair-296"><code>dsa_generate_keypair</code></a>: <a href="#DSA">DSA</a></li>
3748
<li><a href="#index-dsa_005fprivate_005fkey_005fclear-284"><code>dsa_private_key_clear</code></a>: <a href="#DSA">DSA</a></li>
3749
<li><a href="#index-dsa_005fprivate_005fkey_005finit-282"><code>dsa_private_key_init</code></a>: <a href="#DSA">DSA</a></li>
3750
<li><a href="#index-dsa_005fpublic_005fkey_005fclear-283"><code>dsa_public_key_clear</code></a>: <a href="#DSA">DSA</a></li>
3751
<li><a href="#index-dsa_005fpublic_005fkey_005finit-281"><code>dsa_public_key_init</code></a>: <a href="#DSA">DSA</a></li>
3752
<li><a href="#index-dsa_005fsha1_005fsign-288"><code>dsa_sha1_sign</code></a>: <a href="#DSA">DSA</a></li>
3753
<li><a href="#index-dsa_005fsha1_005fsign_005fdigest-289"><code>dsa_sha1_sign_digest</code></a>: <a href="#DSA">DSA</a></li>
3754
<li><a href="#index-dsa_005fsha1_005fverify-292"><code>dsa_sha1_verify</code></a>: <a href="#DSA">DSA</a></li>
3755
<li><a href="#index-dsa_005fsha1_005fverify_005fdigest-293"><code>dsa_sha1_verify_digest</code></a>: <a href="#DSA">DSA</a></li>
3756
<li><a href="#index-dsa_005fsha256_005fsign-290"><code>dsa_sha256_sign</code></a>: <a href="#DSA">DSA</a></li>
3757
<li><a href="#index-dsa_005fsha256_005fsign_005fdigest-291"><code>dsa_sha256_sign_digest</code></a>: <a href="#DSA">DSA</a></li>
3758
<li><a href="#index-dsa_005fsha256_005fverify-294"><code>dsa_sha256_verify</code></a>: <a href="#DSA">DSA</a></li>
3759
<li><a href="#index-dsa_005fsha256_005fverify_005fdigest-295"><code>dsa_sha256_verify_digest</code></a>: <a href="#DSA">DSA</a></li>
3760
<li><a href="#index-dsa_005fsignature_005fclear-287"><code>dsa_signature_clear</code></a>: <a href="#DSA">DSA</a></li>
3761
<li><a href="#index-dsa_005fsignature_005finit-286"><code>dsa_signature_init</code></a>: <a href="#DSA">DSA</a></li>
3762
<li><a href="#index-Entropy-298">Entropy</a>: <a href="#Randomness">Randomness</a></li>
3763
<li><a href="#index-Galois-Counter-Mode-196">Galois Counter Mode</a>: <a href="#GCM">GCM</a></li>
3764
<li><a href="#index-GCM-197">GCM</a>: <a href="#GCM">GCM</a></li>
3765
<li><a href="#index-gcm_005faes_005fdecrypt-220"><code>gcm_aes_decrypt</code></a>: <a href="#GCM">GCM</a></li>
3766
<li><a href="#index-gcm_005faes_005fdigest-221"><code>gcm_aes_digest</code></a>: <a href="#GCM">GCM</a></li>
3767
<li><a href="#index-gcm_005faes_005fencrypt-219"><code>gcm_aes_encrypt</code></a>: <a href="#GCM">GCM</a></li>
3768
<li><a href="#index-gcm_005faes_005fset_005fiv-217"><code>gcm_aes_set_iv</code></a>: <a href="#GCM">GCM</a></li>
3769
<li><a href="#index-gcm_005faes_005fset_005fkey-216"><code>gcm_aes_set_key</code></a>: <a href="#GCM">GCM</a></li>
3770
<li><a href="#index-gcm_005faes_005fupdate-218"><code>gcm_aes_update</code></a>: <a href="#GCM">GCM</a></li>
3771
<li><a href="#index-GCM_005fCTX-208"><code>GCM_CTX</code></a>: <a href="#GCM">GCM</a></li>
3772
<li><a href="#index-GCM_005fDECRYPT-213"><code>GCM_DECRYPT</code></a>: <a href="#GCM">GCM</a></li>
3773
<li><a href="#index-gcm_005fdecrypt-206"><code>gcm_decrypt</code></a>: <a href="#GCM">GCM</a></li>
3774
<li><a href="#index-GCM_005fDIGEST-214"><code>GCM_DIGEST</code></a>: <a href="#GCM">GCM</a></li>
3775
<li><a href="#index-gcm_005fdigest-207"><code>gcm_digest</code></a>: <a href="#GCM">GCM</a></li>
3776
<li><a href="#index-GCM_005fENCRYPT-212"><code>GCM_ENCRYPT</code></a>: <a href="#GCM">GCM</a></li>
3777
<li><a href="#index-gcm_005fencrypt-205"><code>gcm_encrypt</code></a>: <a href="#GCM">GCM</a></li>
3778
<li><a href="#index-GCM_005fSET_005fIV-210"><code>GCM_SET_IV</code></a>: <a href="#GCM">GCM</a></li>
3779
<li><a href="#index-gcm_005fset_005fiv-203"><code>gcm_set_iv</code></a>: <a href="#GCM">GCM</a></li>
3780
<li><a href="#index-GCM_005fSET_005fKEY-209"><code>GCM_SET_KEY</code></a>: <a href="#GCM">GCM</a></li>
3781
<li><a href="#index-gcm_005fset_005fkey-202"><code>gcm_set_key</code></a>: <a href="#GCM">GCM</a></li>
3782
<li><a href="#index-GCM_005fUPDATE-211"><code>GCM_UPDATE</code></a>: <a href="#GCM">GCM</a></li>
3783
<li><a href="#index-gcm_005fupdate-204"><code>gcm_update</code></a>: <a href="#GCM">GCM</a></li>
4118
<li><a href="#index-Conditional-entropy-340">Conditional entropy</a>: <a href="#Randomness">Randomness</a></li>
4119
<li><a href="#index-Counter-Mode-222">Counter Mode</a>: <a href="#CTR">CTR</a></li>
4120
<li><a href="#index-CTR-Mode-223">CTR Mode</a>: <a href="#CTR">CTR</a></li>
4121
<li><a href="#index-CTR_005fCRYPT-227"><code>CTR_CRYPT</code></a>: <a href="#CTR">CTR</a></li>
4122
<li><a href="#index-ctr_005fcrypt-224"><code>ctr_crypt</code></a>: <a href="#CTR">CTR</a></li>
4123
<li><a href="#index-CTR_005fCTX-225"><code>CTR_CTX</code></a>: <a href="#CTR">CTR</a></li>
4124
<li><a href="#index-CTR_005fSET_005fCOUNTER-226"><code>CTR_SET_COUNTER</code></a>: <a href="#CTR">CTR</a></li>
4125
<li><a href="#index-des3_005fdecrypt-168"><code>des3_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4126
<li><a href="#index-des3_005fencrypt-167"><code>des3_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4127
<li><a href="#index-des3_005fset_005fkey-166"><code>des3_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4128
<li><a href="#index-des_005fcheck_005fparity-161"><code>des_check_parity</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4129
<li><a href="#index-des_005fdecrypt-160"><code>des_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4130
<li><a href="#index-des_005fencrypt-159"><code>des_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4131
<li><a href="#index-des_005ffix_005fparity-162"><code>des_fix_parity</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4132
<li><a href="#index-des_005fset_005fkey-158"><code>des_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4133
<li><a href="#index-dsa_005fgenerate_005fkeypair-337"><code>dsa_generate_keypair</code></a>: <a href="#DSA">DSA</a></li>
4134
<li><a href="#index-dsa_005fprivate_005fkey_005fclear-325"><code>dsa_private_key_clear</code></a>: <a href="#DSA">DSA</a></li>
4135
<li><a href="#index-dsa_005fprivate_005fkey_005finit-323"><code>dsa_private_key_init</code></a>: <a href="#DSA">DSA</a></li>
4136
<li><a href="#index-dsa_005fpublic_005fkey_005fclear-324"><code>dsa_public_key_clear</code></a>: <a href="#DSA">DSA</a></li>
4137
<li><a href="#index-dsa_005fpublic_005fkey_005finit-322"><code>dsa_public_key_init</code></a>: <a href="#DSA">DSA</a></li>
4138
<li><a href="#index-dsa_005fsha1_005fsign-329"><code>dsa_sha1_sign</code></a>: <a href="#DSA">DSA</a></li>
4139
<li><a href="#index-dsa_005fsha1_005fsign_005fdigest-330"><code>dsa_sha1_sign_digest</code></a>: <a href="#DSA">DSA</a></li>
4140
<li><a href="#index-dsa_005fsha1_005fverify-333"><code>dsa_sha1_verify</code></a>: <a href="#DSA">DSA</a></li>
4141
<li><a href="#index-dsa_005fsha1_005fverify_005fdigest-334"><code>dsa_sha1_verify_digest</code></a>: <a href="#DSA">DSA</a></li>
4142
<li><a href="#index-dsa_005fsha256_005fsign-331"><code>dsa_sha256_sign</code></a>: <a href="#DSA">DSA</a></li>
4143
<li><a href="#index-dsa_005fsha256_005fsign_005fdigest-332"><code>dsa_sha256_sign_digest</code></a>: <a href="#DSA">DSA</a></li>
4144
<li><a href="#index-dsa_005fsha256_005fverify-335"><code>dsa_sha256_verify</code></a>: <a href="#DSA">DSA</a></li>
4145
<li><a href="#index-dsa_005fsha256_005fverify_005fdigest-336"><code>dsa_sha256_verify_digest</code></a>: <a href="#DSA">DSA</a></li>
4146
<li><a href="#index-dsa_005fsignature_005fclear-328"><code>dsa_signature_clear</code></a>: <a href="#DSA">DSA</a></li>
4147
<li><a href="#index-dsa_005fsignature_005finit-327"><code>dsa_signature_init</code></a>: <a href="#DSA">DSA</a></li>
4148
<li><a href="#index-Entropy-339">Entropy</a>: <a href="#Randomness">Randomness</a></li>
4149
<li><a href="#index-Galois-Counter-Mode-228">Galois Counter Mode</a>: <a href="#GCM">GCM</a></li>
4150
<li><a href="#index-GCM-229">GCM</a>: <a href="#GCM">GCM</a></li>
4151
<li><a href="#index-gcm_005faes_005fdecrypt-252"><code>gcm_aes_decrypt</code></a>: <a href="#GCM">GCM</a></li>
4152
<li><a href="#index-gcm_005faes_005fdigest-253"><code>gcm_aes_digest</code></a>: <a href="#GCM">GCM</a></li>
4153
<li><a href="#index-gcm_005faes_005fencrypt-251"><code>gcm_aes_encrypt</code></a>: <a href="#GCM">GCM</a></li>
4154
<li><a href="#index-gcm_005faes_005fset_005fiv-249"><code>gcm_aes_set_iv</code></a>: <a href="#GCM">GCM</a></li>
4155
<li><a href="#index-gcm_005faes_005fset_005fkey-248"><code>gcm_aes_set_key</code></a>: <a href="#GCM">GCM</a></li>
4156
<li><a href="#index-gcm_005faes_005fupdate-250"><code>gcm_aes_update</code></a>: <a href="#GCM">GCM</a></li>
4157
<li><a href="#index-GCM_005fCTX-240"><code>GCM_CTX</code></a>: <a href="#GCM">GCM</a></li>
4158
<li><a href="#index-GCM_005fDECRYPT-245"><code>GCM_DECRYPT</code></a>: <a href="#GCM">GCM</a></li>
4159
<li><a href="#index-gcm_005fdecrypt-238"><code>gcm_decrypt</code></a>: <a href="#GCM">GCM</a></li>
4160
<li><a href="#index-GCM_005fDIGEST-246"><code>GCM_DIGEST</code></a>: <a href="#GCM">GCM</a></li>
4161
<li><a href="#index-gcm_005fdigest-239"><code>gcm_digest</code></a>: <a href="#GCM">GCM</a></li>
4162
<li><a href="#index-GCM_005fENCRYPT-244"><code>GCM_ENCRYPT</code></a>: <a href="#GCM">GCM</a></li>
4163
<li><a href="#index-gcm_005fencrypt-237"><code>gcm_encrypt</code></a>: <a href="#GCM">GCM</a></li>
4164
<li><a href="#index-GCM_005fSET_005fIV-242"><code>GCM_SET_IV</code></a>: <a href="#GCM">GCM</a></li>
4165
<li><a href="#index-gcm_005fset_005fiv-235"><code>gcm_set_iv</code></a>: <a href="#GCM">GCM</a></li>
4166
<li><a href="#index-GCM_005fSET_005fKEY-241"><code>GCM_SET_KEY</code></a>: <a href="#GCM">GCM</a></li>
4167
<li><a href="#index-gcm_005fset_005fkey-234"><code>gcm_set_key</code></a>: <a href="#GCM">GCM</a></li>
4168
<li><a href="#index-GCM_005fUPDATE-243"><code>GCM_UPDATE</code></a>: <a href="#GCM">GCM</a></li>
4169
<li><a href="#index-gcm_005fupdate-236"><code>gcm_update</code></a>: <a href="#GCM">GCM</a></li>
4170
<li><a href="#index-gosthash94_005fdigest-87"><code>gosthash94_digest</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
4171
<li><a href="#index-gosthash94_005finit-85"><code>gosthash94_init</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
4172
<li><a href="#index-gosthash94_005fupdate-86"><code>gosthash94_update</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
3784
4173
<li><a href="#index-Hash-function-1">Hash function</a>: <a href="#Hash-functions">Hash functions</a></li>
3785
<li><a href="#index-HMAC_005fCTX-228"><code>HMAC_CTX</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3786
<li><a href="#index-HMAC_005fDIGEST-230"><code>HMAC_DIGEST</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3787
<li><a href="#index-hmac_005fdigest-227"><code>hmac_digest</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3788
<li><a href="#index-hmac_005fmd5_005fdigest-234"><code>hmac_md5_digest</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3789
<li><a href="#index-hmac_005fmd5_005fset_005fkey-232"><code>hmac_md5_set_key</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3790
<li><a href="#index-hmac_005fmd5_005fupdate-233"><code>hmac_md5_update</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3791
<li><a href="#index-hmac_005fripemd160_005fdigest-238"><code>hmac_ripemd160_digest</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3792
<li><a href="#index-hmac_005fripemd160_005fset_005fkey-236"><code>hmac_ripemd160_set_key</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3793
<li><a href="#index-hmac_005fripemd160_005fupdate-237"><code>hmac_ripemd160_update</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3794
<li><a href="#index-HMAC_005fSET_005fKEY-229"><code>HMAC_SET_KEY</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3795
<li><a href="#index-hmac_005fset_005fkey-225"><code>hmac_set_key</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3796
<li><a href="#index-hmac_005fsha1_005fdigest-242"><code>hmac_sha1_digest</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3797
<li><a href="#index-hmac_005fsha1_005fset_005fkey-240"><code>hmac_sha1_set_key</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3798
<li><a href="#index-hmac_005fsha1_005fupdate-241"><code>hmac_sha1_update</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3799
<li><a href="#index-hmac_005fsha256_005fdigest-246"><code>hmac_sha256_digest</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3800
<li><a href="#index-hmac_005fsha256_005fset_005fkey-244"><code>hmac_sha256_set_key</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3801
<li><a href="#index-hmac_005fsha256_005fupdate-245"><code>hmac_sha256_update</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3802
<li><a href="#index-hmac_005fsha512_005fdigest-250"><code>hmac_sha512_digest</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3803
<li><a href="#index-hmac_005fsha512_005fset_005fkey-248"><code>hmac_sha512_set_key</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3804
<li><a href="#index-hmac_005fsha512_005fupdate-249"><code>hmac_sha512_update</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3805
<li><a href="#index-hmac_005fupdate-226"><code>hmac_update</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3806
<li><a href="#index-Keyed-Hash-Function-222">Keyed Hash Function</a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3807
<li><a href="#index-MAC-224">MAC</a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3808
<li><a href="#index-md2_005fdigest-15"><code>md2_digest</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3809
<li><a href="#index-md2_005finit-13"><code>md2_init</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3810
<li><a href="#index-md2_005fupdate-14"><code>md2_update</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3811
<li><a href="#index-md4_005fdigest-21"><code>md4_digest</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3812
<li><a href="#index-md4_005finit-19"><code>md4_init</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3813
<li><a href="#index-md4_005fupdate-20"><code>md4_update</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3814
<li><a href="#index-md5_005fdigest-9"><code>md5_digest</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3815
<li><a href="#index-md5_005finit-7"><code>md5_init</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3816
<li><a href="#index-md5_005fupdate-8"><code>md5_update</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3817
<li><a href="#index-memxor-336"><code>memxor</code></a>: <a href="#Miscellaneous-functions">Miscellaneous functions</a></li>
3818
<li><a href="#index-Message-Authentication-Code-223">Message Authentication Code</a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4174
<li><a href="#index-HMAC_005fCTX-260"><code>HMAC_CTX</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4175
<li><a href="#index-HMAC_005fDIGEST-262"><code>HMAC_DIGEST</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4176
<li><a href="#index-hmac_005fdigest-259"><code>hmac_digest</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4177
<li><a href="#index-hmac_005fmd5_005fdigest-266"><code>hmac_md5_digest</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4178
<li><a href="#index-hmac_005fmd5_005fset_005fkey-264"><code>hmac_md5_set_key</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4179
<li><a href="#index-hmac_005fmd5_005fupdate-265"><code>hmac_md5_update</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4180
<li><a href="#index-hmac_005fripemd160_005fdigest-270"><code>hmac_ripemd160_digest</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4181
<li><a href="#index-hmac_005fripemd160_005fset_005fkey-268"><code>hmac_ripemd160_set_key</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4182
<li><a href="#index-hmac_005fripemd160_005fupdate-269"><code>hmac_ripemd160_update</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4183
<li><a href="#index-HMAC_005fSET_005fKEY-261"><code>HMAC_SET_KEY</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4184
<li><a href="#index-hmac_005fset_005fkey-257"><code>hmac_set_key</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4185
<li><a href="#index-hmac_005fsha1_005fdigest-274"><code>hmac_sha1_digest</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4186
<li><a href="#index-hmac_005fsha1_005fset_005fkey-272"><code>hmac_sha1_set_key</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4187
<li><a href="#index-hmac_005fsha1_005fupdate-273"><code>hmac_sha1_update</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4188
<li><a href="#index-hmac_005fsha256_005fdigest-278"><code>hmac_sha256_digest</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4189
<li><a href="#index-hmac_005fsha256_005fset_005fkey-276"><code>hmac_sha256_set_key</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4190
<li><a href="#index-hmac_005fsha256_005fupdate-277"><code>hmac_sha256_update</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4191
<li><a href="#index-hmac_005fsha512_005fdigest-282"><code>hmac_sha512_digest</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4192
<li><a href="#index-hmac_005fsha512_005fset_005fkey-280"><code>hmac_sha512_set_key</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4193
<li><a href="#index-hmac_005fsha512_005fupdate-281"><code>hmac_sha512_update</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4194
<li><a href="#index-hmac_005fupdate-258"><code>hmac_update</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4195
<li><a href="#index-KDF-286">KDF</a>: <a href="#Key-derivation-functions">Key derivation functions</a></li>
4196
<li><a href="#index-Key-Derivation-Function-283">Key Derivation Function</a>: <a href="#Key-derivation-functions">Key derivation functions</a></li>
4197
<li><a href="#index-Keyed-Hash-Function-254">Keyed Hash Function</a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4198
<li><a href="#index-MAC-256">MAC</a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
4199
<li><a href="#index-md2_005fdigest-63"><code>md2_digest</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
4200
<li><a href="#index-md2_005finit-61"><code>md2_init</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
4201
<li><a href="#index-md2_005fupdate-62"><code>md2_update</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
4202
<li><a href="#index-md4_005fdigest-69"><code>md4_digest</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
4203
<li><a href="#index-md4_005finit-67"><code>md4_init</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
4204
<li><a href="#index-md4_005fupdate-68"><code>md4_update</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
4205
<li><a href="#index-md5_005fdigest-57"><code>md5_digest</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
4206
<li><a href="#index-md5_005finit-55"><code>md5_init</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
4207
<li><a href="#index-md5_005fupdate-56"><code>md5_update</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
4208
<li><a href="#index-memxor-377"><code>memxor</code></a>: <a href="#Miscellaneous-functions">Miscellaneous functions</a></li>
4209
<li><a href="#index-Message-Authentication-Code-255">Message Authentication Code</a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
3819
4210
<li><a href="#index-One_002dway-2">One-way</a>: <a href="#Hash-functions">Hash functions</a></li>
3820
<li><a href="#index-One_002dway-function-252">One-way function</a>: <a href="#Public_002dkey-algorithms">Public-key algorithms</a></li>
3821
<li><a href="#index-Public-Key-Cryptography-251">Public Key Cryptography</a>: <a href="#Public_002dkey-algorithms">Public-key algorithms</a></li>
3822
<li><a href="#index-Randomness-297">Randomness</a>: <a href="#Randomness">Randomness</a></li>
3823
<li><a href="#index-ripemd160_005fdigest-27"><code>ripemd160_digest</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3824
<li><a href="#index-ripemd160_005finit-25"><code>ripemd160_init</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3825
<li><a href="#index-ripemd160_005fupdate-26"><code>ripemd160_update</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3826
<li><a href="#index-rsa_005fcompute_005froot-277"><code>rsa_compute_root</code></a>: <a href="#RSA">RSA</a></li>
3827
<li><a href="#index-rsa_005fgenerate_005fkeypair-278"><code>rsa_generate_keypair</code></a>: <a href="#RSA">RSA</a></li>
3828
<li><a href="#index-rsa_005fmd5_005fsign-261"><code>rsa_md5_sign</code></a>: <a href="#RSA">RSA</a></li>
3829
<li><a href="#index-rsa_005fmd5_005fsign_005fdigest-265"><code>rsa_md5_sign_digest</code></a>: <a href="#RSA">RSA</a></li>
3830
<li><a href="#index-rsa_005fmd5_005fverify-269"><code>rsa_md5_verify</code></a>: <a href="#RSA">RSA</a></li>
3831
<li><a href="#index-rsa_005fmd5_005fverify_005fdigest-273"><code>rsa_md5_verify_digest</code></a>: <a href="#RSA">RSA</a></li>
3832
<li><a href="#index-rsa_005fprivate_005fkey_005fclear-258"><code>rsa_private_key_clear</code></a>: <a href="#RSA">RSA</a></li>
3833
<li><a href="#index-rsa_005fprivate_005fkey_005finit-256"><code>rsa_private_key_init</code></a>: <a href="#RSA">RSA</a></li>
3834
<li><a href="#index-rsa_005fprivate_005fkey_005fprepare-260"><code>rsa_private_key_prepare</code></a>: <a href="#RSA">RSA</a></li>
3835
<li><a href="#index-rsa_005fpublic_005fkey_005fclear-257"><code>rsa_public_key_clear</code></a>: <a href="#RSA">RSA</a></li>
3836
<li><a href="#index-rsa_005fpublic_005fkey_005finit-255"><code>rsa_public_key_init</code></a>: <a href="#RSA">RSA</a></li>
3837
<li><a href="#index-rsa_005fpublic_005fkey_005fprepare-259"><code>rsa_public_key_prepare</code></a>: <a href="#RSA">RSA</a></li>
3838
<li><a href="#index-rsa_005fsha1_005fsign-262"><code>rsa_sha1_sign</code></a>: <a href="#RSA">RSA</a></li>
3839
<li><a href="#index-rsa_005fsha1_005fsign_005fdigest-266"><code>rsa_sha1_sign_digest</code></a>: <a href="#RSA">RSA</a></li>
3840
<li><a href="#index-rsa_005fsha1_005fverify-270"><code>rsa_sha1_verify</code></a>: <a href="#RSA">RSA</a></li>
3841
<li><a href="#index-rsa_005fsha1_005fverify_005fdigest-274"><code>rsa_sha1_verify_digest</code></a>: <a href="#RSA">RSA</a></li>
3842
<li><a href="#index-rsa_005fsha256_005fsign-263"><code>rsa_sha256_sign</code></a>: <a href="#RSA">RSA</a></li>
3843
<li><a href="#index-rsa_005fsha256_005fsign_005fdigest-267"><code>rsa_sha256_sign_digest</code></a>: <a href="#RSA">RSA</a></li>
3844
<li><a href="#index-rsa_005fsha256_005fverify-271"><code>rsa_sha256_verify</code></a>: <a href="#RSA">RSA</a></li>
3845
<li><a href="#index-rsa_005fsha256_005fverify_005fdigest-275"><code>rsa_sha256_verify_digest</code></a>: <a href="#RSA">RSA</a></li>
3846
<li><a href="#index-rsa_005fsha512_005fsign-264"><code>rsa_sha512_sign</code></a>: <a href="#RSA">RSA</a></li>
3847
<li><a href="#index-rsa_005fsha512_005fsign_005fdigest-268"><code>rsa_sha512_sign_digest</code></a>: <a href="#RSA">RSA</a></li>
3848
<li><a href="#index-rsa_005fsha512_005fverify-272"><code>rsa_sha512_verify</code></a>: <a href="#RSA">RSA</a></li>
3849
<li><a href="#index-rsa_005fsha512_005fverify_005fdigest-276"><code>rsa_sha512_verify_digest</code></a>: <a href="#RSA">RSA</a></li>
3850
<li><a href="#index-salsa20_005fcrypt-145"><code>salsa20_crypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3851
<li><a href="#index-salsa20_005fset_005fiv-144"><code>salsa20_set_iv</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3852
<li><a href="#index-salsa20_005fset_005fkey-143"><code>salsa20_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3853
<li><a href="#index-serpent_005fdecrypt-153"><code>serpent_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3854
<li><a href="#index-serpent_005fencrypt-152"><code>serpent_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3855
<li><a href="#index-serpent_005fset_005fkey-151"><code>serpent_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3856
<li><a href="#index-sha1_005fdigest-33"><code>sha1_digest</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3857
<li><a href="#index-sha1_005finit-31"><code>sha1_init</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3858
<li><a href="#index-sha1_005fupdate-32"><code>sha1_update</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3859
<li><a href="#index-sha224_005fdigest-45"><code>sha224_digest</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3860
<li><a href="#index-sha224_005finit-43"><code>sha224_init</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3861
<li><a href="#index-sha224_005fupdate-44"><code>sha224_update</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3862
<li><a href="#index-sha256_005fdigest-39"><code>sha256_digest</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3863
<li><a href="#index-sha256_005finit-37"><code>sha256_init</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3864
<li><a href="#index-sha256_005fupdate-38"><code>sha256_update</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3865
<li><a href="#index-sha384_005fdigest-57"><code>sha384_digest</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3866
<li><a href="#index-sha384_005finit-55"><code>sha384_init</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3867
<li><a href="#index-sha384_005fupdate-56"><code>sha384_update</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3868
<li><a href="#index-sha512_005fdigest-51"><code>sha512_digest</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3869
<li><a href="#index-sha512_005finit-49"><code>sha512_init</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3870
<li><a href="#index-sha512_005fupdate-50"><code>sha512_update</code></a>: <a href="#Hash-functions">Hash functions</a></li>
3871
<li><a href="#index-Stream-Cipher-71">Stream Cipher</a>: <a href="#Cipher-functions">Cipher functions</a></li>
3872
<li><a href="#index-twofish_005fdecrypt-161"><code>twofish_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3873
<li><a href="#index-twofish_005fencrypt-160"><code>twofish_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3874
<li><a href="#index-twofish_005fset_005fkey-159"><code>twofish_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
3875
<li><a href="#index-yarrow256_005ffast_005freseed-309"><code>yarrow256_fast_reseed</code></a>: <a href="#Randomness">Randomness</a></li>
3876
<li><a href="#index-yarrow256_005finit-303"><code>yarrow256_init</code></a>: <a href="#Randomness">Randomness</a></li>
3877
<li><a href="#index-yarrow256_005fis_005fseeded-307"><code>yarrow256_is_seeded</code></a>: <a href="#Randomness">Randomness</a></li>
3878
<li><a href="#index-yarrow256_005fneeded_005fsources-308"><code>yarrow256_needed_sources</code></a>: <a href="#Randomness">Randomness</a></li>
3879
<li><a href="#index-yarrow256_005frandom-306"><code>yarrow256_random</code></a>: <a href="#Randomness">Randomness</a></li>
3880
<li><a href="#index-yarrow256_005fseed-304"><code>yarrow256_seed</code></a>: <a href="#Randomness">Randomness</a></li>
3881
<li><a href="#index-yarrow256_005fslow_005freseed-310"><code>yarrow256_slow_reseed</code></a>: <a href="#Randomness">Randomness</a></li>
3882
<li><a href="#index-yarrow256_005fupdate-305"><code>yarrow256_update</code></a>: <a href="#Randomness">Randomness</a></li>
3883
<li><a href="#index-yarrow_005fkey_005fevent_005festimate-313"><code>yarrow_key_event_estimate</code></a>: <a href="#Randomness">Randomness</a></li>
3884
<li><a href="#index-yarrow_005fkey_005fevent_005finit-312"><code>yarrow_key_event_init</code></a>: <a href="#Randomness">Randomness</a></li>
4211
<li><a href="#index-One_002dway-function-293">One-way function</a>: <a href="#Public_002dkey-algorithms">Public-key algorithms</a></li>
4212
<li><a href="#index-Password-Based-Key-Derivation-Function-284">Password Based Key Derivation Function</a>: <a href="#Key-derivation-functions">Key derivation functions</a></li>
4213
<li><a href="#index-PBKDF-287">PBKDF</a>: <a href="#Key-derivation-functions">Key derivation functions</a></li>
4214
<li><a href="#index-PBKDF2-289"><code>PBKDF2</code></a>: <a href="#Key-derivation-functions">Key derivation functions</a></li>
4215
<li><a href="#index-pbkdf2-288"><code>pbkdf2</code></a>: <a href="#Key-derivation-functions">Key derivation functions</a></li>
4216
<li><a href="#index-pbkdf2_005fhmac_005fsha1-290"><code>pbkdf2_hmac_sha1</code></a>: <a href="#Key-derivation-functions">Key derivation functions</a></li>
4217
<li><a href="#index-pbkdf2_005fhmac_005fsha256-291"><code>pbkdf2_hmac_sha256</code></a>: <a href="#Key-derivation-functions">Key derivation functions</a></li>
4218
<li><a href="#index-PKCS-_00235-285">PKCS #5</a>: <a href="#Key-derivation-functions">Key derivation functions</a></li>
4219
<li><a href="#index-Public-Key-Cryptography-292">Public Key Cryptography</a>: <a href="#Public_002dkey-algorithms">Public-key algorithms</a></li>
4220
<li><a href="#index-Randomness-338">Randomness</a>: <a href="#Randomness">Randomness</a></li>
4221
<li><a href="#index-ripemd160_005fdigest-75"><code>ripemd160_digest</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
4222
<li><a href="#index-ripemd160_005finit-73"><code>ripemd160_init</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
4223
<li><a href="#index-ripemd160_005fupdate-74"><code>ripemd160_update</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
4224
<li><a href="#index-rsa_005fcompute_005froot-318"><code>rsa_compute_root</code></a>: <a href="#RSA">RSA</a></li>
4225
<li><a href="#index-rsa_005fgenerate_005fkeypair-319"><code>rsa_generate_keypair</code></a>: <a href="#RSA">RSA</a></li>
4226
<li><a href="#index-rsa_005fmd5_005fsign-302"><code>rsa_md5_sign</code></a>: <a href="#RSA">RSA</a></li>
4227
<li><a href="#index-rsa_005fmd5_005fsign_005fdigest-306"><code>rsa_md5_sign_digest</code></a>: <a href="#RSA">RSA</a></li>
4228
<li><a href="#index-rsa_005fmd5_005fverify-310"><code>rsa_md5_verify</code></a>: <a href="#RSA">RSA</a></li>
4229
<li><a href="#index-rsa_005fmd5_005fverify_005fdigest-314"><code>rsa_md5_verify_digest</code></a>: <a href="#RSA">RSA</a></li>
4230
<li><a href="#index-rsa_005fprivate_005fkey_005fclear-299"><code>rsa_private_key_clear</code></a>: <a href="#RSA">RSA</a></li>
4231
<li><a href="#index-rsa_005fprivate_005fkey_005finit-297"><code>rsa_private_key_init</code></a>: <a href="#RSA">RSA</a></li>
4232
<li><a href="#index-rsa_005fprivate_005fkey_005fprepare-301"><code>rsa_private_key_prepare</code></a>: <a href="#RSA">RSA</a></li>
4233
<li><a href="#index-rsa_005fpublic_005fkey_005fclear-298"><code>rsa_public_key_clear</code></a>: <a href="#RSA">RSA</a></li>
4234
<li><a href="#index-rsa_005fpublic_005fkey_005finit-296"><code>rsa_public_key_init</code></a>: <a href="#RSA">RSA</a></li>
4235
<li><a href="#index-rsa_005fpublic_005fkey_005fprepare-300"><code>rsa_public_key_prepare</code></a>: <a href="#RSA">RSA</a></li>
4236
<li><a href="#index-rsa_005fsha1_005fsign-303"><code>rsa_sha1_sign</code></a>: <a href="#RSA">RSA</a></li>
4237
<li><a href="#index-rsa_005fsha1_005fsign_005fdigest-307"><code>rsa_sha1_sign_digest</code></a>: <a href="#RSA">RSA</a></li>
4238
<li><a href="#index-rsa_005fsha1_005fverify-311"><code>rsa_sha1_verify</code></a>: <a href="#RSA">RSA</a></li>
4239
<li><a href="#index-rsa_005fsha1_005fverify_005fdigest-315"><code>rsa_sha1_verify_digest</code></a>: <a href="#RSA">RSA</a></li>
4240
<li><a href="#index-rsa_005fsha256_005fsign-304"><code>rsa_sha256_sign</code></a>: <a href="#RSA">RSA</a></li>
4241
<li><a href="#index-rsa_005fsha256_005fsign_005fdigest-308"><code>rsa_sha256_sign_digest</code></a>: <a href="#RSA">RSA</a></li>
4242
<li><a href="#index-rsa_005fsha256_005fverify-312"><code>rsa_sha256_verify</code></a>: <a href="#RSA">RSA</a></li>
4243
<li><a href="#index-rsa_005fsha256_005fverify_005fdigest-316"><code>rsa_sha256_verify_digest</code></a>: <a href="#RSA">RSA</a></li>
4244
<li><a href="#index-rsa_005fsha512_005fsign-305"><code>rsa_sha512_sign</code></a>: <a href="#RSA">RSA</a></li>
4245
<li><a href="#index-rsa_005fsha512_005fsign_005fdigest-309"><code>rsa_sha512_sign_digest</code></a>: <a href="#RSA">RSA</a></li>
4246
<li><a href="#index-rsa_005fsha512_005fverify-313"><code>rsa_sha512_verify</code></a>: <a href="#RSA">RSA</a></li>
4247
<li><a href="#index-rsa_005fsha512_005fverify_005fdigest-317"><code>rsa_sha512_verify_digest</code></a>: <a href="#RSA">RSA</a></li>
4248
<li><a href="#index-salsa20_005fcrypt-177"><code>salsa20_crypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4249
<li><a href="#index-salsa20_005fset_005fiv-176"><code>salsa20_set_iv</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4250
<li><a href="#index-salsa20_005fset_005fkey-175"><code>salsa20_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4251
<li><a href="#index-serpent_005fdecrypt-185"><code>serpent_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4252
<li><a href="#index-serpent_005fencrypt-184"><code>serpent_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4253
<li><a href="#index-serpent_005fset_005fkey-183"><code>serpent_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4254
<li><a href="#index-sha1_005fdigest-81"><code>sha1_digest</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
4255
<li><a href="#index-sha1_005finit-79"><code>sha1_init</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
4256
<li><a href="#index-sha1_005fupdate-80"><code>sha1_update</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
4257
<li><a href="#index-sha224_005fdigest-15"><code>sha224_digest</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4258
<li><a href="#index-sha224_005finit-13"><code>sha224_init</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4259
<li><a href="#index-sha224_005fupdate-14"><code>sha224_update</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4260
<li><a href="#index-sha256_005fdigest-9"><code>sha256_digest</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4261
<li><a href="#index-sha256_005finit-7"><code>sha256_init</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4262
<li><a href="#index-sha256_005fupdate-8"><code>sha256_update</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4263
<li><a href="#index-sha384_005fdigest-27"><code>sha384_digest</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4264
<li><a href="#index-sha384_005finit-25"><code>sha384_init</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4265
<li><a href="#index-sha384_005fupdate-26"><code>sha384_update</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4266
<li><a href="#index-sha3_005f224_005fdigest-33"><code>sha3_224_digest</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4267
<li><a href="#index-sha3_005f224_005finit-31"><code>sha3_224_init</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4268
<li><a href="#index-sha3_005f224_005fupdate-32"><code>sha3_224_update</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4269
<li><a href="#index-sha3_005f256_005fdigest-39"><code>sha3_256_digest</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4270
<li><a href="#index-sha3_005f256_005finit-37"><code>sha3_256_init</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4271
<li><a href="#index-sha3_005f256_005fupdate-38"><code>sha3_256_update</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4272
<li><a href="#index-sha3_005f384_005fdigest-45"><code>sha3_384_digest</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4273
<li><a href="#index-sha3_005f384_005finit-43"><code>sha3_384_init</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4274
<li><a href="#index-sha3_005f384_005fupdate-44"><code>sha3_384_update</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4275
<li><a href="#index-sha3_005f512_005fdigest-51"><code>sha3_512_digest</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4276
<li><a href="#index-sha3_005f512_005finit-49"><code>sha3_512_init</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4277
<li><a href="#index-sha3_005f512_005fupdate-50"><code>sha3_512_update</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4278
<li><a href="#index-sha512_005fdigest-21"><code>sha512_digest</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4279
<li><a href="#index-sha512_005finit-19"><code>sha512_init</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4280
<li><a href="#index-sha512_005fupdate-20"><code>sha512_update</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
4281
<li><a href="#index-Stream-Cipher-103">Stream Cipher</a>: <a href="#Cipher-functions">Cipher functions</a></li>
4282
<li><a href="#index-twofish_005fdecrypt-193"><code>twofish_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4283
<li><a href="#index-twofish_005fencrypt-192"><code>twofish_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4284
<li><a href="#index-twofish_005fset_005fkey-191"><code>twofish_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
4285
<li><a href="#index-yarrow256_005ffast_005freseed-350"><code>yarrow256_fast_reseed</code></a>: <a href="#Randomness">Randomness</a></li>
4286
<li><a href="#index-yarrow256_005finit-344"><code>yarrow256_init</code></a>: <a href="#Randomness">Randomness</a></li>
4287
<li><a href="#index-yarrow256_005fis_005fseeded-348"><code>yarrow256_is_seeded</code></a>: <a href="#Randomness">Randomness</a></li>
4288
<li><a href="#index-yarrow256_005fneeded_005fsources-349"><code>yarrow256_needed_sources</code></a>: <a href="#Randomness">Randomness</a></li>
4289
<li><a href="#index-yarrow256_005frandom-347"><code>yarrow256_random</code></a>: <a href="#Randomness">Randomness</a></li>
4290
<li><a href="#index-yarrow256_005fseed-345"><code>yarrow256_seed</code></a>: <a href="#Randomness">Randomness</a></li>
4291
<li><a href="#index-yarrow256_005fslow_005freseed-351"><code>yarrow256_slow_reseed</code></a>: <a href="#Randomness">Randomness</a></li>
4292
<li><a href="#index-yarrow256_005fupdate-346"><code>yarrow256_update</code></a>: <a href="#Randomness">Randomness</a></li>
4293
<li><a href="#index-yarrow_005fkey_005fevent_005festimate-354"><code>yarrow_key_event_estimate</code></a>: <a href="#Randomness">Randomness</a></li>
4294
<li><a href="#index-yarrow_005fkey_005fevent_005finit-353"><code>yarrow_key_event_init</code></a>: <a href="#Randomness">Randomness</a></li>
3885
4295
</ul><div class="footnote">
3886
4296
<hr>
3887
<a name="texinfo-footnotes-in-document"></a><h4>Footnotes</h4><p class="footnote"><small>[<a name="fn-1" href="#fnd-1">1</a>]</small> Actually, the computation is not done like this, it is
4297
<a name="texinfo-footnotes-in-document"></a><h4>Fotnoter</h4><p class="footnote"><small>[<a name="fn-1" href="#fnd-1">1</a>]</small> Actually, the computation is not done like this, it is
3888
4298
done more efficiently using <code>p</code>, <code>q</code> and the Chinese remainder
3889
4299
theorem (<acronym>CRT</acronym>). But the result is the same.</p>
3890
4300
Loggerhead is a web-based interface for Breezy
Version: 2.0.1