-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Cryptographic numbers: functions and algorithms
--   
--   Cryptographic numbers: functions and algorithms
@package crypto-numbers
@version 0.2.7


-- | fast serialization primitives for integer
module Crypto.Number.Serialize

-- | i2osp converts a positive integer into a byte string
i2osp :: Integer -> ByteString

-- | os2ip converts a byte string into a positive integer
os2ip :: ByteString -> Integer

-- | just like i2osp, but take an extra parameter for size. if the number
--   is too big to fit in <tt>len bytes, nothing is returned otherwise the
--   number is padded with 0 to fit the </tt>len required.
--   
--   FIXME: use unsafeCreate to fill the bytestring
i2ospOf :: Int -> Integer -> Maybe ByteString

-- | just like i2ospOf except that it doesn't expect a failure: i.e. an
--   integer larger than the number of output bytes requested
--   
--   for example if you just took a modulo of the number that represent the
--   size (example the RSA modulo n).
i2ospOf_ :: Int -> Integer -> ByteString

-- | returns the number of bytes to store an integer with i2osp
--   
--   with integer-simple, this function is really slow.
lengthBytes :: Integer -> Int


module Crypto.Number.Polynomial
data Monomial
Monomial :: {-# UNPACK #-} !Int -> !Integer -> Monomial
data Polynomial
toList :: Polynomial -> [Monomial]
fromList :: [Monomial] -> Polynomial
addPoly :: Polynomial -> Polynomial -> Polynomial
subPoly :: Polynomial -> Polynomial -> Polynomial
mulPoly :: Polynomial -> Polynomial -> Polynomial
squarePoly :: Polynomial -> Polynomial
expPoly :: Polynomial -> Integer -> Polynomial
divPoly :: Polynomial -> Polynomial -> (Polynomial, Polynomial)
negPoly :: Polynomial -> Polynomial
instance GHC.Classes.Eq Crypto.Number.Polynomial.Polynomial
instance GHC.Classes.Eq Crypto.Number.Polynomial.Monomial
instance GHC.Classes.Ord Crypto.Number.Polynomial.Monomial
instance GHC.Show.Show Crypto.Number.Polynomial.Monomial
instance GHC.Show.Show Crypto.Number.Polynomial.Polynomial


module Crypto.Number.ModArithmetic

-- | Compute the modular exponentiation of base^exponant using algorithms
--   design to avoid side channels and timing measurement
--   
--   Modulo need to be odd otherwise the normal fast modular exponentiation
--   is used.
--   
--   When used with integer-simple, this function is not different from
--   expFast, and thus provide the same unstudied and dubious timing and
--   side channels claims.
--   
--   with GHC 7.10, the powModSecInteger is missing from integer-gmp (which
--   is now integer-gmp2), so is has the same security as old ghc version.
expSafe :: Integer -> Integer -> Integer -> Integer

-- | Compute the modular exponentiation of base^exponant using the fastest
--   algorithm without any consideration for hiding parameters.
--   
--   Use this function when all the parameters are public, otherwise
--   <a>expSafe</a> should be prefered.
expFast :: Integer -> Integer -> Integer -> Integer

-- | exponentiation_rtl_binary computes modular exponentiation as b^e mod m
--   using the right-to-left binary exponentiation algorithm (HAC 14.79)
exponentiation_rtl_binary :: Integer -> Integer -> Integer -> Integer

-- | exponentiation computes modular exponentiation as b^e mod m using
--   repetitive squaring.
exponentiation :: Integer -> Integer -> Integer -> Integer
exponantiation_rtl_binary :: Integer -> Integer -> Integer -> Integer
exponantiation :: Integer -> Integer -> Integer -> Integer

-- | inverse computes the modular inverse as in g^(-1) mod m
inverse :: Integer -> Integer -> Maybe Integer

-- | Compute the modular inverse of 2 coprime numbers. This is equivalent
--   to inverse except that the result is known to exists.
--   
--   if the numbers are not defined as coprime, this function will raise a
--   CoprimesAssertionError.
inverseCoprimes :: Integer -> Integer -> Integer
instance GHC.Show.Show Crypto.Number.ModArithmetic.CoprimesAssertionError
instance GHC.Exception.Exception Crypto.Number.ModArithmetic.CoprimesAssertionError


module Crypto.Number.Generate

-- | generate a positive integer x, s.t. 0 &lt;= x &lt; m
--   
--   Note that depending on m value, the number distribution generated by
--   this function is not necessarily uniform.
generateMax :: CPRG g => g -> Integer -> (Integer, g)

-- | generate a number between the inclusive bound [low,high].
generateBetween :: CPRG g => g -> Integer -> Integer -> (Integer, g)

-- | generate a positive integer of a specific size in bits. the number of
--   bits need to be multiple of 8. It will always returns an integer that
--   is close to 2^(1+bits/8) by setting the 2 highest bits to 1.
generateOfSize :: CPRG g => g -> Int -> (Integer, g)


module Crypto.Number.Basic

-- | sqrti returns two integer (l,b) so that l &lt;= sqrt i &lt;= b the
--   implementation is quite naive, use an approximation for the first
--   number and use a dichotomy algorithm to compute the bound relatively
--   efficiently.
sqrti :: Integer -> (Integer, Integer)

-- | get the extended GCD of two integer using integer divMod
--   
--   gcde <tt>a</tt> <tt>b</tt> find (x,y,gcd(a,b)) where ax + by = d
gcde :: Integer -> Integer -> (Integer, Integer, Integer)

-- | get the extended GCD of two integer using the extended binary
--   algorithm (HAC 14.61) get (x,y,d) where d = gcd(a,b) and x,y
--   satisfying ax + by = d
gcde_binary :: Integer -> Integer -> (Integer, Integer, Integer)

-- | check if a list of integer are all even
areEven :: [Integer] -> Bool
log2 :: Integer -> Int


-- | This module provides basic arithmetic operations over F₂m. Performance
--   is not optimal and it doesn't provide protection against timing
--   attacks. The <tt>m</tt> parameter is implicitly derived from the
--   irreducible polynomial where applicable.
module Crypto.Number.F2m

-- | Addition over F₂m. This is just a synonym of <a>xor</a>.
addF2m :: Integer -> Integer -> Integer

-- | Multiplication over F₂m.
--   
--   n1 * n2 (in F(2^m))
mulF2m :: BinaryPolynomial -> Integer -> Integer -> Integer

-- | Squaring over F₂m. TODO: This is still slower than <tt>mulF2m</tt>.
squareF2m :: BinaryPolynomial -> Integer -> Integer

-- | Binary polynomial reduction modulo using long division algorithm.
modF2m :: Integer -> Integer -> Integer

-- | Inversion of @n over F₂m using extended Euclidean algorithm.
--   
--   If @n doesn't have an inverse, Nothing is returned.
invF2m :: BinaryPolynomial -> Integer -> Maybe Integer

-- | Division over F₂m. If the dividend doesn't have an inverse it returns
--   <a>Nothing</a>.
--   
--   Compute n1 / n2
divF2m :: BinaryPolynomial -> Integer -> Integer -> Maybe Integer


module Crypto.Number.Prime

-- | generate a prime number of the required bitsize
generatePrime :: CPRG g => g -> Int -> (Integer, g)

-- | generate a prime number of the form 2p+1 where p is also prime. it is
--   also knowed as a Sophie Germaine prime or safe prime.
--   
--   The number of safe prime is significantly smaller to the number of
--   prime, as such it shouldn't be used if this number is supposed to be
--   kept safe.
generateSafePrime :: CPRG g => g -> Int -> (Integer, g)

-- | returns if the number is probably prime. first a list of small primes
--   are implicitely tested for divisibility, then a fermat primality test
--   is used with arbitrary numbers and then the Miller Rabin algorithm is
--   used with an accuracy of 30 recursions
isProbablyPrime :: CPRG g => g -> Integer -> (Bool, g)

-- | find a prime from a starting point with no specific property.
findPrimeFrom :: CPRG g => g -> Integer -> (Integer, g)

-- | find a prime from a starting point where the property hold.
findPrimeFromWith :: CPRG g => g -> (g -> Integer -> (Bool, g)) -> Integer -> (Integer, g)

-- | Test naively is integer is prime. while naive, we skip even number and
--   stop iteration at i &gt; sqrt(n)
primalityTestNaive :: Integer -> Bool

-- | Miller Rabin algorithm return if the number is probably prime or
--   composite. the tries parameter is the number of recursion, that
--   determines the accuracy of the test.
primalityTestMillerRabin :: CPRG g => g -> Int -> Integer -> (Bool, g)

-- | Probabilitic Test using Fermat primility test. Beware of Carmichael
--   numbers that are Fermat liars, i.e. this test is useless for them.
--   always combines with some other test.
primalityTestFermat :: Int -> Integer -> Integer -> Bool

-- | Test is two integer are coprime to each other
isCoprime :: Integer -> Integer -> Bool
