4c60a42003-11-07Martin Nilsson <!doctype html><html><head><title>Pike Reference Manual</title> <meta charset='utf-8'></head>
43893c2021-10-20Henrik Grubbström (Grubba) <body><dl><dt><h1 class='header'>21. Cryptography</h1></dt><dd></dd> <dt><a name='21.1'></a> <h2 class='header'>21.1. Password hashing</h2></dt> <dd> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span> <span class='homogen--name'><b>crypt</b></span> </dt> <dd><p><code><code class='datatype'>string(46..122)</code> <b><span class='method'>crypt</span>(</b><code class='datatype'>string(1..255)</code> <code class='argument'>password</code><b>)</b></code><br> <code><code class='datatype'>bool</code> <b><span class='method'>crypt</span>(</b><code class='datatype'>string(1..255)</code> <code class='argument'>input_password</code>, <code class='datatype'>string(46..122)</code> <code class='argument'>crypted_password</code><b>)</b></code><br> <code><code class='datatype'>string(46..122)</code> <b><span class='method'>crypt</span>(</b><b>)</b></code></p></dd> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>This function crypts and verifies a short string (only the first 8 characters are significant).</p> <p> The first syntax crypts the string <code>password</code> into something that is hopefully hard to decrypt.</p> <p> The second syntax is used to verify <code>typed_password</code> against <code>crypted_password</code>, and returns <code class='expr'>1</code> if they match, and <code class='expr'>0</code> (zero) otherwise.</p> <p> The third syntax generates a random string and then crypts it, creating a string useful as a password.</p> </dd> <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>Note that strings containing null characters will only be processed up until the null character.</p> </dd></dl> <dl><dt><h2 class='header'>Module <b class='ms datatype'>Crypto.Password</b></h2>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Password handling.</p> <p> This module handles generation and verification of password hashes.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>See also</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p><code>verify()</code>, <code>hash()</code>, <code>crypt()</code></p>
5a2c0a2021-05-12Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Method</span> <span class='homogen--name'><b>hash</b></span>
5a2c0a2021-05-12Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>string(7bit)</code> <b><span class='method'>hash</span>(</b><code class='datatype'>string(8bit)</code> <code class='argument'>password</code>, <code class='datatype'>string(7bit)</code>|<code class='datatype'>void</code> <code class='argument'>scheme</code>, <code class='datatype'>int(0..)</code>|<code class='datatype'>void</code> <code class='argument'>rounds</code><b>)</b></code></p></dd>
5a2c0a2021-05-12Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Generate a hash of <code>password</code> suitable for <code>verify()</code>.</p> </dd> <dt class='head--doc'><span id='p-password'></span>Parameter <code class='parameter'>password</code></dt> <dd></dd><dd class='body--doc'><p>Password to hash.</p> </dd> <dt class='head--doc'><span id='p-scheme'></span>Parameter <code class='parameter'>scheme</code></dt> <dd></dd><dd class='body--doc'><p>Password hashing scheme. If not specified the strongest available will be used.</p> <p> If an unsupported scheme is specified an error will be thrown.</p> <p> Supported schemes are:</p> <p> Crypt(3C)-style:</p> <table class='box'><tr><td><code><code class='key'>UNDEFINED</code></code></td><td rowspan='3'><p>Use the strongest crypt(3C)-style hash that is supported.</p> </td></tr> <tr><td><code><code class='key'>"crypt"</code></code></td></tr> <tr><td><code><code class='key'>"{crypt}"</code></code></td></tr> <tr><td><code><code class='key'>"6"</code></code></td><td rowspan='2'><p><code>SHA512.crypt_hash()</code> with 96 bits of salt and a default of <code class='expr'>5000</code> rounds.</p> </td></tr> <tr><td><code><code class='key'>"$6$"</code></code></td></tr> <tr><td><code><code class='key'>"5"</code></code></td><td rowspan='2'><p><code>SHA256.crypt_hash()</code> with 96 bits of salt and a default of <code class='expr'>5000</code> rounds.</p> </td></tr> <tr><td><code><code class='key'>"$5$"</code></code></td></tr> <tr><td><code><code class='key'>"3"</code></code></td><td rowspan='2'><p>The NTLM MD4 hash.</p> </td></tr> <tr><td><code><code class='key'>"NT"</code></code></td></tr> <tr><td><code><code class='key'>"2"</code></code></td><td rowspan='10'><p><code>Nettle.bcrypt()</code> with 128 bits of salt and a default of <code class='expr'>1024</code> rounds.</p> </td></tr> <tr><td><code><code class='key'>"2a"</code></code></td></tr> <tr><td><code><code class='key'>"2b"</code></code></td></tr> <tr><td><code><code class='key'>"2x"</code></code></td></tr> <tr><td><code><code class='key'>"2y"</code></code></td></tr> <tr><td><code><code class='key'>"$2$"</code></code></td></tr> <tr><td><code><code class='key'>"$2a$"</code></code></td></tr> <tr><td><code><code class='key'>"$2b$"</code></code></td></tr> <tr><td><code><code class='key'>"$2x$"</code></code></td></tr> <tr><td><code><code class='key'>"$2y$"</code></code></td></tr> <tr><td><code><code class='key'>"1"</code></code></td><td rowspan='2'><p><code>MD5.crypt_hash()</code> with 48 bits of salt and <code class='expr'>1000</code> rounds.</p> </td></tr> <tr><td><code><code class='key'>"$1$"</code></code></td></tr> <tr><td><code><code class='key'>"sha1"</code></code></td><td><p><code>SHA1.HMAC.crypt_hash()</code> with 48 bits of salt and a default of <code class='expr'>480000</code> rounds.</p> </td></tr> <tr><td><code><code class='key'>"P"</code></code></td><td rowspan='4'><p><code>MD5.crypt_php()</code> with 48 bits of salt and a default of <code class='expr'>1&lt;&lt;19</code> rounds. The specified number of rounds will be rounded up to the closest power of <code class='expr'>2</code>.</p> </td></tr> <tr><td><code><code class='key'>"$P$"</code></code></td></tr> <tr><td><code><code class='key'>"H"</code></code></td></tr> <tr><td><code><code class='key'>"$H$"</code></code></td></tr> <tr><td><code><code class='key'>"U$P$"</code></code></td><td><p>Same as <code class='expr'>"$P$"</code>, the supplied <code>password</code> is assumed to have already been passed through <code>MD5.hash()</code> once. Typically used to upgrade unsalted <code>MD5</code>-password databases.</p> </td></tr> <tr><td><code><code class='key'>"Q"</code></code></td><td rowspan='2'><p>Same as <code class='expr'>"$P$"</code>, but with <code>SHA1.crypt_php()</code>.</p> </td></tr> <tr><td><code><code class='key'>"$Q$"</code></code></td></tr> <tr><td><code><code class='key'>"S"</code></code></td><td rowspan='2'><p>Same as <code class='expr'>"$S$"</code>, but with <code>SHA512.crypt_php()</code>.</p> </td></tr> <tr><td><code><code class='key'>"$S$"</code></code></td></tr> <tr><td><code><code class='key'>"pbkdf2"</code></code></td><td rowspan='2'><p><code>SHA1.pbkdf2()</code>.</p> </td></tr> <tr><td><code><code class='key'>"$pbkdf2$"</code></code></td></tr> <tr><td><code><code class='key'>"pbkdf2-sha256"</code></code></td><td rowspan='2'><p><code>SHA256.pbkdf2()</code>.</p> </td></tr> <tr><td><code><code class='key'>"$pbkdf2-sha256$"</code></code></td></tr> <tr><td><code><code class='key'>"pbkdf2-sha512"</code></code></td><td rowspan='2'><p><code>SHA512.pbkdf2()</code>.</p> </td></tr> <tr><td><code><code class='key'>"$pbkdf2-sha512$"</code></code></td></tr> <tr><td><code><code class='key'>""</code></code></td><td><p><code>predef::crypt()</code> with 12 bits of salt.</p> </td></tr> </table><p>LDAP (<b><a href='http://pike.lysator.liu.se/rfc2307.xml'>RFC 2307</a></b>)-style. Don't use these if you can avoid it, since they are suspectible to attacks. In particular avoid the unsalted variants at all costs:</p> <table class='box'><tr><td><code><code class='key'>"ssha"</code></code></td><td rowspan='2'><p><code>SHA1.hash()</code> with 96 bits of salt appended to the password.</p> </td></tr> <tr><td><code><code class='key'>"{ssha}"</code></code></td></tr> <tr><td><code><code class='key'>"smd5"</code></code></td><td rowspan='2'><p><code>MD5.hash()</code> with 96 bits of salt appended to the password.</p> </td></tr> <tr><td><code><code class='key'>"{smd5}"</code></code></td></tr> <tr><td><code><code class='key'>"sha"</code></code></td><td rowspan='2'><p><code>SHA1.hash()</code> without any salt.</p> </td></tr> <tr><td><code><code class='key'>"{sha}"</code></code></td></tr> <tr><td><code><code class='key'>"md5"</code></code></td><td rowspan='2'><p><code>MD5.hash()</code> without any salt.</p> </td></tr> <tr><td><code><code class='key'>"{md5}"</code></code></td></tr> </table> </dd> <dt class='head--doc'><span id='p-rounds'></span>Parameter <code class='parameter'>rounds</code></dt> <dd></dd><dd class='body--doc'><p>The number of rounds to use in parameterized schemes. If not specified the scheme specific default will be used.</p> </dd> <dt class='head--doc'>Returns</dt> <dd class='body--doc'><p>Returns a string suitable for <code>verify()</code>. This means that the hashes will be prepended with the suitable markers.</p> </dd> <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>Note that the availability of <code>SHA512</code> depends on the version of <code>Nettle</code> that Pike has been compiled with.</p> </dd> <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>This function was added in Pike 7.8.755.</p>
5a2c0a2021-05-12Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>See also</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p><code>verify()</code>, <code>predef::crypt()</code>, <code>Nettle.crypt_md5()</code>, <code>Nettle.Hash()-&gt;crypt_hash()</code></p>
5a2c0a2021-05-12Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Method</span> <span class='homogen--name'><b>verify</b></span>
5a2c0a2021-05-12Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>int</code> <b><span class='method'>verify</span>(</b><code class='datatype'>string(8bit)</code> <code class='argument'>password</code>, <code class='datatype'>string(7bit)</code> <code class='argument'>hash</code><b>)</b></code></p></dd> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Verify a password against a hash.</p> <p> This function attempts to support most common
c6b62b2022-06-18Henrik Grubbström (Grubba)  password hashing schemes.</p> </dd> <dt class='head--doc'><span id='p-password'></span>Parameter <code class='parameter'>password</code></dt> <dd></dd><dd class='body--doc'><p>Binary password. This is typically is typically a textual string normalized according to <code class='expr'>string_to_utf8(Unicode.normalize(raw_password,&nbsp;"NFC"))</code>, but some operating systems (eg MacOS X) may have other conventions.</p> </dd> <dt class='head--doc'><span id='p-hash'></span>Parameter <code class='parameter'>hash</code></dt> <dd></dd><dd class='body--doc'><p>The <code>hash</code> can be on any of the following formats.</p>
43893c2021-10-20Henrik Grubbström (Grubba) <p> LDAP-style (<b><a href='http://pike.lysator.liu.se/rfc2307.xml'>RFC 2307</a></b>) hashes:</p> <table class='box'><tr><td><code><code class='key'>"{SHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXX"</code></code></td><td><p>The <code class='expr'>XXX</code> string is taken to be a <code>MIME.encode_base64</code> <code>SHA1</code> hash of the password. Source: OpenLDAP FAQ <a href='http://www.openldap.org/faq/data/cache/347.html'>http://www.openldap.org/faq/data/cache/347.html</a>.</p> </td></tr> <tr><td><code><code class='key'>"{SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"</code></code></td><td><p>The <code class='expr'>XXX</code> string is taken to be a <code>MIME.encode_base64</code> string in which the first 20 chars are an <code>SHA1</code> hash and the remaining chars the salt. The input for the hash is the password concatenated with the salt. Source: OpenLDAP FAQ <a href='http://www.openldap.org/faq/data/cache/347.html'>http://www.openldap.org/faq/data/cache/347.html</a>.</p> </td></tr> <tr><td><code><code class='key'>"{MD5}XXXXXXXXXXXXXXXXXXXXXXXX"</code></code></td><td><p>The <code class='expr'>XXX</code> string is taken to be a <code>MIME.encode_base64</code> <code>MD5</code> hash of the password. Source: OpenLDAP FAQ <a href='http://www.openldap.org/faq/data/cache/418.html'>http://www.openldap.org/faq/data/cache/418.html</a>.</p> </td></tr> <tr><td><code><code class='key'>"{SMD5}XXXXXXXXXXXXXXXXXXXXXXXXXXXX"</code></code></td><td><p>The <code class='expr'>XXX</code> string is taken to be a <code>MIME.encode_base64</code> string in which the first 16 chars are an <code>MD5</code> hash and the remaining chars the salt. The input for the hash is the password concatenated with the salt. Source: OpenLDAP FAQ <a href='http://www.openldap.org/faq/data/cache/418.html'>http://www.openldap.org/faq/data/cache/418.html</a>.</p> </td></tr> <tr><td><code><code class='key'>"{CRYPT}XXXXXXXXXXXXX"</code></code></td><td><p>The <code class='expr'>XX</code> string is taken to be a crypt(3C)-style hash. This is the same thing as passing the <code class='expr'>XXX</code> string without any preceding method name within <code class='expr'>{...}</code>. I.e. it's interpreted according to the crypt-style hashes below.</p> </td></tr> </table><p>Crypt-style hashes:</p> <table class='box'><tr><td><code><code class='key'>"$6$SSSSSSSSSSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"</code></code></td><td><p>The string is interpreted according to the "Unix crypt using SHA-256 and SHA-512" standard Version 0.4 2008-4-3, where <code class='expr'>SSSSSSSSSSSSSSSS</code> is up to 16 characters of salt, and the string <code class='expr'>XXX</code> the result of <code>SHA512.crypt_hash()</code> with <code class='expr'>5000</code> rounds. Source: Unix crypt using SHA-256 and SHA-512 <a href='http://www.akkadia.org/drepper/SHA-crypt.txt'>http://www.akkadia.org/drepper/SHA-crypt.txt</a></p> </td></tr> <tr><td><code><code class='key'>"$6$rounds=RR$SSSSSSSSSSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"</code></code></td><td><p>This is the same algorithm as the one above, but with the number of rounds specified by <code class='expr'>RR</code> in decimal. Note that the number of rounds is clamped to be within <code class='expr'>1000</code> and <code class='expr'>999999999</code> (inclusive). Source: Unix crypt using SHA-256 and SHA-512 <a href='http://www.akkadia.org/drepper/SHA-crypt.txt'>http://www.akkadia.org/drepper/SHA-crypt.txt</a></p> </td></tr> <tr><td><code><code class='key'>"$5$SSSSSSSSSSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"</code></code></td><td><p>The string is interpreted according to the "Unix crypt using SHA-256 and SHA-512" standard Version 0.4 2008-4-3, where <code class='expr'>SSSSSSSSSSSSSSSS</code> is up to 16 characters of salt, and the string <code class='expr'>XXX</code> the result of <code>SHA256.crypt_hash()</code> with <code class='expr'>5000</code> rounds. Source: Unix crypt using SHA-256 and SHA-512 <a href='http://www.akkadia.org/drepper/SHA-crypt.txt'>http://www.akkadia.org/drepper/SHA-crypt.txt</a></p> </td></tr> <tr><td><code><code class='key'>"$5$rounds=RR$SSSSSSSSSSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"</code></code></td><td><p>This is the same algorithm as the one above, but with the number of rounds specified by <code class='expr'>RR</code> in decimal. Note that the number of rounds is clamped to be within <code class='expr'>1000</code> and <code class='expr'>999999999</code> (inclusive). Source: Unix crypt using SHA-256 and SHA-512 <a href='http://www.akkadia.org/drepper/SHA-crypt.txt'>http://www.akkadia.org/drepper/SHA-crypt.txt</a></p> </td></tr> <tr><td><code><code class='key'>"$3$$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"</code></code></td><td><p>This is interpreted as the NT LANMANAGER (NTLM) password hash. It is a hex representation of MD4 of the password.</p> </td></tr> <tr><td><code><code class='key'>"$1$SSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"</code></code></td><td><p>The string is interpreted according to the GNU libc2 extension of <code class='expr'>crypt(3C)</code> where <code class='expr'>SSSSSSSS</code> is up to 8 chars of salt and the <code class='expr'>XXX</code> string is an <code>MD5</code>-based hash created from the password and the salt. Source: GNU libc <a href='http://www.gnu.org/software/libtool/manual/libc/crypt.html'>http://www.gnu.org/software/libtool/manual/libc/crypt.html</a>.</p> </td></tr> <tr><td><code><code class='key'>"$sha1$RRRRR$SSSSSSSS$XXXXXXXXXXXXXXXXXXXX"</code></code></td><td><p>The string is interpreted as a NetBSD-style <code>SHA1.HMAC.crypt_hash()</code> (aka <tt>crypt_sha1(3C)</tt>), where <code class='expr'>RRRRR</code> is the number of rounds (default 480000), <code class='expr'>SSSSSSSS</code> is a <code>MIME.crypt64()</code> encoded salt. and the <code class='expr'>XXX</code> string is an <code>SHA1.HMAC</code>-based hash created from the password and the salt.</p> </td></tr> <tr><td><code><code class='key'>"$P$RSSSSSSSSXXXXXXXXXXXXXXXXXXXXXX"</code></code></td><td><p>The string is interpreted as a PHPass' Portable Hash password hash, where <code class='expr'>R</code> is an encoding of the 2-logarithm of the number of rounds, <code class='expr'>SSSSSSSS</code> is a salt of 8 characters, and <code class='expr'>XXX</code> is similarily the <code>MIME.encode_crypt64</code> of running <code>MD5.hash()</code> repeatedly on the password and the salt.</p> </td></tr> <tr><td><code><code class='key'>"$H$RSSSSSSSS.XXXXXXXXXXXXXXXXXXXXXX"</code></code></td><td><p>Same as <code class='expr'>"$P$"</code> above. Used by phpBB3.</p> </td></tr> <tr><td><code><code class='key'>"U$P$RSSSSSSSSXXXXXXXXXXXXXXXXXXXXXX"</code></code></td><td><p>This is handled as a Drupal upgraded PHPass Portable Hash password. The password is run once through <code>MD5.hash()</code>, and then passed along to the <code class='expr'>"$P$"</code>-handler above.</p> </td></tr> <tr><td><code><code class='key'>"$Q$RSSSSSSSSXXXXXXXXXXXXXXXXXXXXXX"</code></code></td><td><p>The string is interpreted as a PHPass' Portable Hash password hash, where the base hashing alorithm has been switched to <code>SHA1</code>. This method is apparently used by some versions of Escher CMS.</p> </td></tr> <tr><td><code><code class='key'>"$S$RSSSSSSSSXXXXXXXXXXXXXXXXXXXXXX"</code></code></td><td><p>The string is interpreted as a PHPass' Portable Hash password hash, where the base hashing alorithm has been switched to <code>SHA256</code>. This method is apparently used by some versions of Drupal.</p> </td></tr>
c6b62b2022-06-18Henrik Grubbström (Grubba) <tr><td><code><code class='key'>"$pbkdf2$RRRRR$SSSSS$XXXXXXXXXXXXX"</code></code></td><td><p>The string is interpreted as <code>SHA1.crypt_pbkdf2()</code>.</p> </td></tr> <tr><td><code><code class='key'>"$pbkdf2-sha256$RRRRR$SSSSS$XXXXXXXXXXXXX"</code></code></td><td><p>The string is interpreted as <code>SHA256.crypt_pbkdf2()</code>.</p> </td></tr> <tr><td><code><code class='key'>"$pbkdf2-sha512$RRRRR$SSSSS$XXXXXXXXXXXXX"</code></code></td><td><p>The string is interpreted as <code>SHA512.crypt_pbkdf2()</code>.</p> </td></tr> <tr><td><code><code class='key'>"pbkdf2_sha256$RRRRR$SSSSS$XXXXXXXXXXXXX"</code></code></td><td><p>The string is interpreted as the Django variant of <code>SHA256.crypt_pbkdf2()</code>. This differs from the standard variant (<code class='expr'>"$pbkdf2-sha256$"</code>) in that the hash is encoded with plain <code>MIME.encode_base64()</code> (ie including padding (<code class='expr'>'='</code>) and plus (<code class='expr'>'+'</code>) characters).</p> </td></tr>
43893c2021-10-20Henrik Grubbström (Grubba) <tr><td><code><code class='key'>"XXXXXXXXXXXXX"</code></code></td><td><p>The <code class='expr'>XXX</code> string (which doesn't begin with <code class='expr'>"{"</code>) is taken to be a password hashed using the classic unix <code class='expr'>crypt(3C)</code> function. If the string contains only chars from the set <code class='expr'>[a-zA-Z0-9./]</code> it uses DES and the first two characters as salt, but other alternatives may be possible depending on the <code class='expr'>crypt(3C)</code> implementation in the operating system.</p> </td></tr> <tr><td><code><code class='key'>""</code></code></td><td><p>The empty password hash matches all passwords.</p> </td></tr> </table> </dd> <dt class='head--doc'>Returns</dt> <dd class='body--doc'><p>Returns <code class='expr'>1</code> on success, and <code class='expr'>0</code> (zero) otherwise.</p> </dd> <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>This function was added in Pike 7.8.755.</p>
5a2c0a2021-05-12Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>See also</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p><code>hash()</code>, <code>predef::crypt()</code></p>
5a2c0a2021-05-12Henrik Grubbström (Grubba) </dd></dl>
43893c2021-10-20Henrik Grubbström (Grubba) </dd></dl></dd> <dt><a name='21.2'></a> <h2 class='header'>21.2. Kerberos and GSSAPI</h2></dt> <dd><dl><dt><h2 class='header'>Module <b class='ms datatype'>GSSAPI</b></h2>
32f88f2020-06-10Henrik Grubbström (Grubba) </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>This is pike glue for GSS-API ver 2 as specified in <b><a href='http://pike.lysator.liu.se/rfc2743.xml'>RFC 2743</a></b>.</p> <p> GSS-API is used to authenticate users and servers, and optionally also to encrypt communication between them. The API is generic and can be used without any knowledge of the actual implementation of these security services, which is typically provided by the operating system.</p> <p> The most common implementation at the time of writing is Kerberos, which means that the main benefit of this API is to allow clients and servers to authenticate each other using Kerberos, thereby making single sign-on possible in a Kerberized environment.</p> <p> All functions in this module that wrap GSS-API routines may throw <code>GSSAPI.Error</code>, and by default they do so for all such errors. Only in some special cases do they return when a GSS-API error has happened, and this is then noted in the documentation.</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba)  <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Constant</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>INITIATE</b></span><br>
7393ca2019-08-17Henrik Grubbström (Grubba) <span class='homogen--type'>Constant</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>ACCEPT</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>BOTH</b></span><br>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>INITIATE</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>ACCEPT</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>BOTH</code></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Flags for indicating how a <code>GSSAPI.Cred</code> object may be used:</p> <dl class='group--doc'><dt>INITIATE</dt> <dd><p>The credential can only be used to initiate security contexts (i.e. using <code>GSSAPI.InitContext</code>).</p> </dd> <dt>ACCEPT</dt> <dd><p>The credential can only be used to accept security contexts (i.e. using <code>GSSAPI.AcceptContext</code>).</p> </dd> <dt>BOTH</dt> <dd><p>The credential may be used both to initiate or accept security contexts.</p> </dd> </dl></dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba)  <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Constant</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>DELEG_FLAG</b></span><br>
7393ca2019-08-17Henrik Grubbström (Grubba) <span class='homogen--type'>Constant</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>MUTUAL_FLAG</b></span><br>
7393ca2019-08-17Henrik Grubbström (Grubba) <span class='homogen--type'>Constant</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>REPLAY_FLAG</b></span><br>
7393ca2019-08-17Henrik Grubbström (Grubba) <span class='homogen--type'>Constant</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>SEQUENCE_FLAG</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>CONF_FLAG</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>INTEG_FLAG</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>ANON_FLAG</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>PROT_READY_FLAG</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>TRANS_FLAG</b></span><br>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>DELEG_FLAG</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>MUTUAL_FLAG</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>REPLAY_FLAG</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>SEQUENCE_FLAG</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>CONF_FLAG</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>INTEG_FLAG</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>ANON_FLAG</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>PROT_READY_FLAG</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>TRANS_FLAG</code></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Bitfield flags returned by e.g. <code>GSSAPI.Context.services</code> to denote various services that are available in the context.</p> <p> Brief descriptions of the flags:</p> <dl class='group--doc'><dt>GSSAPI.DELEG_FLAG</dt> <dd><p>Delegation. See <b><a href='http://pike.lysator.liu.se/rfc2743.xml#1.2.9'>RFC 2743 section 1.2.9</a></b>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>GSSAPI.MUTUAL_FLAG</dt> <dd><p>Mutual authentication (actually, acceptor authentication). See <b><a href='http://pike.lysator.liu.se/rfc2743.xml#1.1.1.3'>RFC 2743 section 1.1.1.3</a></b> and <b><a href='http://pike.lysator.liu.se/rfc2743.xml#1.2.5'>RFC 2743 section 1.2.5</a></b>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>GSSAPI.REPLAY_FLAG</dt> <dd><p>Per-message replay detection. See <b><a href='http://pike.lysator.liu.se/rfc2743.xml#1.2.3'>RFC 2743 section 1.2.3</a></b>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>GSSAPI.SEQUENCE_FLAG</dt> <dd><p>Per-message sequencing. See <b><a href='http://pike.lysator.liu.se/rfc2743.xml#1.2.3'>RFC 2743 section 1.2.3</a></b>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>GSSAPI.CONF_FLAG</dt> <dd><p>Per-message confidentiality. See <b><a href='http://pike.lysator.liu.se/rfc2743.xml#1.2.2'>RFC 2743 section 1.2.2</a></b>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>GSSAPI.INTEG_FLAG</dt> <dd><p>Per-message integrity. See <b><a href='http://pike.lysator.liu.se/rfc2743.xml#1.2.2'>RFC 2743 section 1.2.2</a></b>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>GSSAPI.ANON_FLAG</dt> <dd><p>Anonymous authentication. See <b><a href='http://pike.lysator.liu.se/rfc2743.xml#1.2.5'>RFC 2743 section 1.2.5</a></b>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>GSSAPI.PROT_READY_FLAG</dt> <dd><p>Might be set before the context establishment has finished, to denote that per-message protection already is available. See <b><a href='http://pike.lysator.liu.se/rfc2743.xml#1.2.7'>RFC 2743 section 1.2.7</a></b>. Is always set in <code>GSSAPI.Context</code> and derived classes when the context is established.</p> </dd> <dt>GSSAPI.TRANS_FLAG</dt> <dd><p>The context can be transferred between processes using <code>GSSAPI.Context.export</code>. See <b><a href='http://pike.lysator.liu.se/rfc2743.xml#1.2.10'>RFC 2743 section 1.2.10</a></b>.</p> </dd> </dl></dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba)  <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Constant</span> <span class='homogen--name'><b>BAD_MECH</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>BAD_NAME</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>BAD_NAMETYPE</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>BAD_BINDINGS</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>BAD_STATUS</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>BAD_SIG</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>NO_CRED</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>NO_CONTEXT</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>DEFECTIVE_TOKEN</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>DEFECTIVE_CREDENTIAL</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>CREDENTIALS_EXPIRED</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>CONTEXT_EXPIRED</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>FAILURE</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>BAD_QOP</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>UNAUTHORIZED</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>UNAVAILABLE</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>DUPLICATE_ELEMENT</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>NAME_NOT_MN</b></span><br>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>BAD_MECH</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>BAD_NAME</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>BAD_NAMETYPE</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>BAD_BINDINGS</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>BAD_STATUS</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>BAD_SIG</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>NO_CRED</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>NO_CONTEXT</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>DEFECTIVE_TOKEN</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>DEFECTIVE_CREDENTIAL</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>CREDENTIALS_EXPIRED</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>CONTEXT_EXPIRED</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>FAILURE</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>BAD_QOP</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>UNAUTHORIZED</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>UNAVAILABLE</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>DUPLICATE_ELEMENT</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>NAME_NOT_MN</code></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Constants for routine errors in major status codes like <code>GSSAPI.Error.major_status</code>. See <b><a href='http://pike.lysator.liu.se/rfc2743.xml#1.2.1.1'>RFC 2743 section 1.2.1.1</a></b>. Note that major status codes have to be masked with <code>GSSAPI.ERROR_MASK</code> before comparison with these.</p> <p> Brief descriptions of the flags:</p> <dl class='group--doc'><dt>GSSAPI.BAD_BINDINGS</dt> <dd><p>Channel binding mismatch.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>GSSAPI.BAD_MECH</dt> <dd><p>Unsupported mechanism requested.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>GSSAPI.BAD_NAME</dt> <dd><p>Invalid name provided.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>GSSAPI.BAD_NAMETYPE</dt> <dd><p>Name of unsupported type provided.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>GSSAPI.BAD_STATUS</dt> <dd><p>Invalid input status selector.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>GSSAPI.BAD_MIC</dt> <dd><p>Token had invalid integrity check.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>GSSAPI.CONTEXT_EXPIRED</dt> <dd><p>Specified security context expired.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>GSSAPI.CREDENTIALS_EXPIRED</dt> <dd><p>Expired credentials detected.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>GSSAPI.DEFECTIVE_CREDENTIAL</dt> <dd><p>Defective credential detected.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>GSSAPI.DEFECTIVE_TOKEN</dt> <dd><p>Defective token detected.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>GSSAPI.FAILURE</dt> <dd><p>Failure, unspecified at GSS-API level. <code>GSSAPI.Error.minor_status</code> should provide further details.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>GSSAPI.NO_CONTEXT</dt> <dd><p>No valid security context specified.</p> </dd> <dt>GSSAPI.NO_CRED</dt> <dd><p>No valid credentials provided.</p> </dd> <dt>GSSAPI.BAD_QOP</dt> <dd><p>Unsupported QOP value.</p> </dd> <dt>GSSAPI.UNAUTHORIZED</dt> <dd><p>Operation unauthorized.</p> </dd> <dt>GSSAPI.UNAVAILABLE</dt> <dd><p>Operation unavailable.</p> </dd> <dt>GSSAPI.DUPLICATE_ELEMENT</dt> <dd><p>Duplicate credential element requested.</p> </dd> <dt>GSSAPI.NAME_NOT_MN</dt> <dd><p>Name contains multi-mechanism elements.</p> </dd> </dl></dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba)  <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Constant</span> <span class='homogen--name'><b>CONTINUE_NEEDED</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>DUPLICATE_TOKEN</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>OLD_TOKEN</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>UNSEQ_TOKEN</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>GAP_TOKEN</b></span><br>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>CONTINUE_NEEDED</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>DUPLICATE_TOKEN</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>OLD_TOKEN</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>UNSEQ_TOKEN</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>GAP_TOKEN</code></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Bitfield flags for informatory codes in major status codes like <code>GSSAPI.Error.major_status</code>. See <b><a href='http://pike.lysator.liu.se/rfc2743.xml#1.2.1.1'>RFC 2743 section 1.2.1.1</a></b>. Any combination of these might optionally be combined with one routine error constant to form a major status code.</p> <p> Brief descriptions of the flags:</p> <dl class='group--doc'><dt>GSSAPI.CONTINUE_NEEDED</dt> <dd><p>Continuation call to routine required.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>GSSAPI.DUPLICATE_TOKEN</dt> <dd><p>Duplicate per-message token detected.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>GSSAPI.OLD_TOKEN</dt> <dd><p>Timed-out per-message token detected.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>GSSAPI.UNSEQ_TOKEN</dt> <dd><p>Reordered (early) per-message token detected.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>GSSAPI.GAP_TOKEN</dt> <dd><p>Skipped predecessor token(s) detected.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) </dl></dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba)  <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Constant</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>ERROR_MASK</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>ERROR_MASK</code></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Bitfield mask for the routine error part of major status codes like <code>GSSAPI.Error.major_status</code>. After applying this mask, the status values may be compared to any of the routine error constants.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Constant</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>INFO_MASK</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>constant</code> <code class='datatype'>int</code> GSSAPI.<code class='constant'>INFO_MASK</code></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Bitfield mask for the informatory part of major status codes like <code>GSSAPI.Error.major_status</code>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Constant</span> <span class='homogen--name'><b>NT_HOSTBASED_SERVICE</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>NT_USER_NAME</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>NT_MACHINE_UID_NAME</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>NT_STRING_UID_NAME</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>NT_ANONYMOUS</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>NT_EXPORT_NAME</b></span><br> <span class='homogen--type'>Constant</span> <span class='homogen--name'><b>KRB5_NT_PRINCIPAL_NAME</b></span><br>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>constant</code> <code class='datatype'>string</code> GSSAPI.<code class='constant'>NT_HOSTBASED_SERVICE</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>string</code> GSSAPI.<code class='constant'>NT_USER_NAME</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>string</code> GSSAPI.<code class='constant'>NT_MACHINE_UID_NAME</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>string</code> GSSAPI.<code class='constant'>NT_STRING_UID_NAME</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>string</code> GSSAPI.<code class='constant'>NT_ANONYMOUS</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>string</code> GSSAPI.<code class='constant'>NT_EXPORT_NAME</code></code><br> <code><code class='datatype'>constant</code> <code class='datatype'>string</code> GSSAPI.<code class='constant'>KRB5_NT_PRINCIPAL_NAME</code></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>OIDs on dotted-decimal form for the GSS-API mechanism-independent name types, and some selected mechanism-specific ones:</p> <dl class='group--doc'><dt>NT_HOSTBASED_SERVICE</dt> <dd><p>Name type for a service associated with a host computer. The syntax is <tt>service@hostname</tt> where the <tt>@hostname</tt> part may be omitted for the local host. See <b><a href='http://pike.lysator.liu.se/rfc2743.xml#4.1'>RFC 2743 section 4.1</a></b>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>NT_USER_NAME</dt> <dd><p>Name type for a named user on a local system. The syntax is <tt>username</tt>. See <b><a href='http://pike.lysator.liu.se/rfc2743.xml#4.2'>RFC 2743 section 4.2</a></b>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>NT_MACHINE_UID_NAME</dt> <dd><p>Name type for a numeric user identifier corresponding to a user on a local system. The string representing a name of this type should contain a locally-significant user ID, represented in host byte order. See <b><a href='http://pike.lysator.liu.se/rfc2743.xml#4.3'>RFC 2743 section 4.3</a></b>.</p>
4a0b9d2019-08-28Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>NT_STRING_UID_NAME</dt> <dd><p>Name type for a string of digits representing the numeric user identifier of a user on a local system. This name type is similar to the Machine UID Form, except that the buffer contains a string representing the user ID. See <b><a href='http://pike.lysator.liu.se/rfc2743.xml#4.4'>RFC 2743 section 4.4</a></b>.</p>
4a0b9d2019-08-28Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>NT_ANONYMOUS</dt> <dd><p>Name type to identify anonymous names. See <b><a href='http://pike.lysator.liu.se/rfc2743.xml#4.5'>RFC 2743 section 4.5</a></b>.</p>
4a0b9d2019-08-28Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>NT_EXPORT_NAME</dt> <dd><p>Name type for the Mechanism-Independent Exported Name Object type, which is the type of the names returned by <code>GSSAPI.Name.export</code>. See <b><a href='http://pike.lysator.liu.se/rfc2743.xml#4.7'>RFC 2743 section 4.7</a></b>.</p>
4a0b9d2019-08-28Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt>KRB5_NT_PRINCIPAL_NAME</dt> <dd><p>Name type for a Kerberos principal. See <b><a href='http://pike.lysator.liu.se/rfc1964.xml#2.1.1'>RFC 1964 section 2.1.1</a></b>.</p>
4a0b9d2019-08-28Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) </dl></dd></dl>
4a0b9d2019-08-28Henrik Grubbström (Grubba) 
1a4bba2021-06-07Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>describe_services</b></span>
1a4bba2021-06-07Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>string</code> <b><span class='method'>describe_services</span>(</b><code class='datatype'>int</code> <code class='argument'>services</code><b>)</b></code></p></dd>
1a4bba2021-06-07Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Returns a string that compactly describes the given <code>services</code>, which is taken as a bitfield of <tt>GSSAPI.*_FLAG</tt> flags.</p> <p> The returned string contains capitalized names for the flags reminiscent of the <code>GSSAPI.*_FLAG</code> constants, separated by <code class='expr'>"|"</code>.</p>
1a4bba2021-06-07Henrik Grubbström (Grubba) </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>indicate_mechs</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>multiset</code>(<code class='datatype'>string</code>) <b><span class='method'>indicate_mechs</span>(</b><b>)</b></code></p></dd> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Returns the OIDs for the available mechanism in the GSS-API implementation. The OIDs are returned on dotted-decimal form.</p> <p> This wraps <tt>GSS_Indicate_mechs</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.4.2'>RFC 2743 section 2.4.2</a></b>.</p> </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba)  <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>major_status_messages</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>array</code>(<code class='datatype'>string</code>) <b><span class='method'>major_status_messages</span>(</b><code class='datatype'>int</code> <code class='argument'>major_status</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Given a major status code like <code>GSSAPI.Error.major_status</code> (or more commonly <code>GSSAPI.Context.last_major_status</code> in this case), returns an array containing messages for all the status values in it. The returned string(s) presumably don't end with linefeeds.</p> <p> This wraps <tt>GSS_Display_status</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.4.1'>RFC 2743 section 2.4.1</a></b>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Method</span> <span class='homogen--name'><b>minor_status_messages</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>array</code>(<code class='datatype'>string</code>) <b><span class='method'>minor_status_messages</span>(</b><code class='datatype'>int</code> <code class='argument'>minor_status</code>, <code class='datatype'>void</code>|<code class='datatype'>string</code> <code class='argument'>mech</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Given a mechanism-specific minor status code like <code>GSSAPI.Error.minor_status</code>, returns an array containing messages for all the status values in it. The returned string(s) presumably don't end with linefeeds.</p> <p> This wraps <tt>GSS_Display_status</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.4.1'>RFC 2743 section 2.4.1</a></b>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-minor_status'></span>Parameter <code class='parameter'>minor_status</code></dt> <dd></dd><dd class='body--doc'><p>The mechanism-specific minor status.</p> </dd> <dt class='head--doc'><span id='p-mech'></span>Parameter <code class='parameter'>mech</code></dt> <dd></dd><dd class='body--doc'><p>The mechanism that produced the status code. If this is zero or left out, a system default mechanism is used.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl>
99eac22021-07-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>names_for_mech</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>multiset</code>(<code class='datatype'>string</code>) <b><span class='method'>names_for_mech</span>(</b><code class='datatype'>string</code> <code class='argument'>mech</code><b>)</b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba) 
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Returns the OIDs for the name types that the given <code>mech</code> supports. Both <code>mech</code> and the returned OID strings are on dotted-decimal form.</p> <p> This wraps <tt>GSS_Inquire_names_for_mech</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.4.12'>RFC 2743 section 2.4.12</a></b>.</p> </dd></dl> <dl><dt><h2 class='header'>Class <b class='ms datatype'>GSSAPI.AcceptContext</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Variant of <code>Context</code> which is used on the acceptor side.</p> </dd></dl>
99eac22021-07-20Henrik Grubbström (Grubba) 
7393ca2019-08-17Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Method</span> <span class='homogen--name'><b>accept</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>string</code> <b><span class='method'>accept</span>(</b><code class='datatype'>string</code> <code class='argument'>remote_token</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Accepts a remotely initiated security context.</p> <p> This wraps <tt>GSS_Accept_sec_context</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.2.2'>RFC 2743 section 2.2.2</a></b>.</p> <p> The underlying mechanism might require several tokens to be passed back and forth to establish the context. If <code>is_established</code> returns zero after a call to this function then the caller must wait for a token from the remote peer to feed as <code>remote_token</code> in another call to this function.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-remote_token'></span>Parameter <code class='parameter'>remote_token</code></dt> <dd></dd><dd class='body--doc'><p>A token from the remote peer, as returned by a call to <code>GSSAPI.InitContext.init</code> or some other <tt>GSS_Init_sec_context</tt> wrapper.</p> </dd> <dt class='head--doc'>Returns</dt> <dd class='body--doc'><p>If a string is returned then it must be passed to the remote peer which will feed it to <code>GSSAPI.InitContext.init</code> or some other <tt>GSS_Init_sec_context</tt> wrapper. An empty string is never returned.</p> <p> Zero is returned if there is no token to send to the remote peer. Note that <code>is_established</code> might still return zero in that case, meaning more remote tokens are necessary.</p> </dd> <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>This function might block on network connections to remote authentication servers.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>create</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='object'>GSSAPI.AcceptContext</span> <span class='class'>GSSAPI.AcceptContext</span><b>(</b><code class='datatype'>void</code>|<code class='object unresolved'>Cred</code> <code class='argument'>cred</code>, <code class='datatype'>void</code>|<code class='datatype'>int</code> <code class='argument'>required_services</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Creates a context for acceptor use. This function only accepts parameters to be used later during the <code>accept</code> call. If there are semantic problems with them, such as if the credentials are stale, then they will be signalled later by <code>accept</code>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-cred'></span>Parameter <code class='parameter'>cred</code></dt> <dd></dd><dd class='body--doc'><p>Credentials for the identity this context claims. The credentials for the default principal (if any) is used if zero or left out.</p> </dd> <dt class='head--doc'><span id='p-required_services'></span>Parameter <code class='parameter'>required_services</code></dt> <dd></dd><dd class='body--doc'><p>Bitfield of <tt>GSSAPI.*_FLAG</tt> flags specifying all services that must be provided in the context. If the context fail to provide any of them then it is closed and a <code>GSSAPI.MissingServicesError</code> is thrown.</p> <p> <code>GSSAPI.PROT_READY_FLAG</code> is ignored in this parameter. The fact that a user calls a per-message function indicates that this service is required at that point, and a <code>GSSAPI.MissingServicesError</code> is thrown if it isn't.</p> </dd> <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>Channel bindings (<b><a href='http://pike.lysator.liu.se/rfc2743.xml#1.1.6'>RFC 2743 section 1.1.6</a></b>) are not yet implemented since that feature appear to not be in much active use, and its format is not completely specified (<b><a href='http://pike.lysator.liu.se/rfc2744.xml#3.11'>RFC 2744 section 3.11</a></b>).</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl>
9b13162019-11-02Tobias S. Josefowitz <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>delegated_cred</b></span>
9b13162019-11-02Tobias S. Josefowitz </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Cred</code> <b><span class='method'>delegated_cred</span>(</b><b>)</b></code></p></dd> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Returns the delegated credentials from the initiator if the delegation (c.f. <code>GSSAPI.DELEG_FLAG</code>) service is in use.</p> </dd></dl>
9b13162019-11-02Tobias S. Josefowitz 
99eac22021-07-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>Context</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='datatype'>inherit Context</span> : <span class='inherit'>Context</span></code></p></dd> </dl> </dd></dl><dl><dt><h2 class='header'>Class <b class='ms datatype'>GSSAPI.Context</b></h2> </dt><dd><dl class='group--doc'>
99eac22021-07-20Henrik Grubbström (Grubba) <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Class representing a security context; see <b><a href='http://pike.lysator.liu.se/rfc2743.xml#1.1.3'>RFC 2743 section 1.1.3</a></b> The user usually instantiates one of the two inheriting classes <code>GSSAPI.InitContext</code> or <code>GSSAPI.AcceptContext</code>, based on whether the context should act as initiator or acceptor for the connection. This class is instantiated directly for imported contexts.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>If a <code>Context</code> object for a partly or completely established context is destructed, <tt>GSS_Delete_sec_context</tt> (<b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.2.3'>RFC 2743 section 2.2.3</a></b>) is called. That function might do blocking network I/O, which due to pike's object management might occur essentially anytime in any thread if the object isn't explicitly destructed. To avoid that, it's strongly recommended to call <code>delete</code> in contexts that are no longer used.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>create</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='object'>GSSAPI.Context</span> <span class='class'>GSSAPI.Context</span><b>(</b><code class='datatype'>string</code> <code class='argument'>interprocess_token</code>, <code class='datatype'>void</code>|<code class='datatype'>int</code> <code class='argument'>required_services</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Creates a context by importing an inter-process token.</p> <p> This wraps <tt>GSS_Import_sec_context</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.2.9'>RFC 2743 section 2.2.9</a></b>.</p> </dd> <dt class='head--doc'><span id='p-interprocess_token'></span>Parameter <code class='parameter'>interprocess_token</code></dt> <dd></dd><dd class='body--doc'><p>The inter-process token which has been created by <code>export</code> or some other <tt>GSS_Export_sec_context</tt> wrapper.</p> </dd> <dt class='head--doc'><span id='p-required_services'></span>Parameter <code class='parameter'>required_services</code></dt> <dd></dd><dd class='body--doc'><p>Bitfield of <tt>GSSAPI.*_FLAG</tt> flags specifying all services that must be provided in the context. If the context fail to provide any of them then it is closed and a <code>GSSAPI.MissingServicesError</code> is thrown.</p> <p> <code>GSSAPI.PROT_READY_FLAG</code> is ignored in this parameter. The fact that a user calls a per-message function indicates that this service is required at that point, and a <code>GSSAPI.MissingServicesError</code> is thrown if it isn't.</p> </dd> <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>It is not possible to retrieve delegated credentials from an imported context. That is a GSS-API limitation.</p> </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba) 
9b13162019-11-02Tobias S. Josefowitz <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>delete</b></span>
9b13162019-11-02Tobias S. Josefowitz </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>void</code> <b><span class='method'>delete</span>(</b><b>)</b></code></p></dd>
9b13162019-11-02Tobias S. Josefowitz  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Frees the resources for the context, provided it is in use. Does nothing otherwise.</p> <p> This wraps <tt>GSS_Delete_sec_context</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.2.3'>RFC 2743 section 2.2.3</a></b>.</p> </dd> <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>This function might block on network connections to remote authentication servers.</p> </dd> <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>In compliance with recommendations in GSS-API v2, the optional output token is never used in the call to <tt>GSS_Delete_sec_context</tt>.</p>
9b13162019-11-02Tobias S. Josefowitz </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>export</b></span>
9b13162019-11-02Tobias S. Josefowitz </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>string</code> <b><span class='method'>export</span>(</b><b>)</b></code></p></dd>
9b13162019-11-02Tobias S. Josefowitz  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Exports this context so that it can be imported in another process, providing the inter-process context transfer service is available (c.f. <code>GSSAPI.TRANS_FLAG</code>).</p> <p> This wraps <tt>GSS_Export_sec_context</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.2.8'>RFC 2743 section 2.2.8</a></b>.</p> <p> The returned string is intended to be fed to <code>GSSAPI.Context.create</code> (or some other <tt>GSS_Import_sec_context</tt> wrapper) in the receiving process.</p> <p> This operation frees the context in this object.</p>
9b13162019-11-02Tobias S. Josefowitz </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Method</span> <span class='homogen--name'><b>get_mic</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>string</code> <b><span class='method'>get_mic</span>(</b><code class='datatype'>string</code> <code class='argument'>message</code>, <code class='datatype'>void</code>|<code class='datatype'>int</code> <code class='argument'>qop</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Calculates and returns a MIC (message integrity checksum) for the given message that allows the receiver to verify its origin and integrity through <code>verify_mic</code> or some other <tt>GSS_VerifyMIC</tt> wrapper.</p> <p> This wraps <tt>GSS_GetMIC</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.3.1'>RFC 2743 section 2.3.1</a></b>.</p> <p> This function requires that the context is established, or that the early per-message protection service is available (c.f. <code>GSSAPI.PROT_READY_FLAG</code>. If not, a <code>GSSAPI.MissingServicesError</code> is thrown (but the context is not closed).</p> </dd> <dt class='head--doc'><span id='p-message'></span>Parameter <code class='parameter'>message</code></dt> <dd></dd><dd class='body--doc'><p>The message for which the MIC is to be calculated. It may be of zero length.</p> </dd> <dt class='head--doc'><span id='p-qop'></span>Parameter <code class='parameter'>qop</code></dt> <dd></dd><dd class='body--doc'><p>The quality of protection. This is a mechanism-specific value that lets the user direct how the underlying mechanism calculates the MIC. See <b><a href='http://pike.lysator.liu.se/rfc2743.xml#1.2.4'>RFC 2743 section 1.2.4</a></b>.</p> <p> Zero or left out means use the default method.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>is_established</b></span><br> <span class='homogen--type'>Method</span> <span class='homogen--name'><b>services</b></span><br> <span class='homogen--type'>Method</span> <span class='homogen--name'><b>locally_initiated</b></span><br> <span class='homogen--type'>Method</span> <span class='homogen--name'><b>source_name</b></span><br> <span class='homogen--type'>Method</span> <span class='homogen--name'><b>target_name</b></span><br> <span class='homogen--type'>Method</span> <span class='homogen--name'><b>lifetime</b></span><br> <span class='homogen--type'>Method</span> <span class='homogen--name'><b>mech</b></span><br>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>int</code> <b><span class='method'>is_established</span>(</b><b>)</b></code><br> <code><code class='datatype'>int</code> <b><span class='method'>services</span>(</b><b>)</b></code><br> <code><code class='datatype'>int</code> <b><span class='method'>locally_initiated</span>(</b><b>)</b></code><br> <code><code class='object unresolved'>Name</code> <b><span class='method'>source_name</span>(</b><b>)</b></code><br> <code><code class='object unresolved'>Name</code> <b><span class='method'>target_name</span>(</b><b>)</b></code><br> <code><code class='datatype'>int(0..)</code> <b><span class='method'>lifetime</span>(</b><b>)</b></code><br> <code><code class='datatype'>string</code> <b><span class='method'>mech</span>(</b><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Functions to query various properties about the context.</p> <p> These wrap <tt>GSS_Inquire_context</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.2.6'>RFC 2743 section 2.2.6</a></b>.</p> <dl class='group--doc'><dt>is_established()</dt> <dd><p>Returns nonzero as soon as the context has been established. That means no further rounds through <code>GSSAPI.InitContext.init</code> or <code>GSSAPI.AcceptContext.accept</code>, that the remote peer is authenticated as required, and that the set of available services is complete (see <code>services</code>).</p> </dd> <dt>services()</dt> <dd><p>Returns a bitfield of <tt>GSSAPI.*_FLAG</tt> flags for the services that the context (currently) provides. This field is complete only when the context establishment has finished, i.e. when <code>is_established</code> returns nonzero.</p> <p> See also <code>GSSAPI.describe_services</code>.</p> </dd> <dt>locally_initiated()</dt> <dd><p>Returns nonzero if the context is an initiator, zero if it is an acceptor. (This is mainly useful in imported contexts.)</p> </dd> <dt>source_name()</dt> <dd><p>Returns the name of the context initiator. The name is always an MN. Returns an anonymous name if used on the acceptor side and the anonymous authentication service (c.f. <code>GSSAPI.ANON_FLAG</code>) was used.</p> </dd> <dt>target_name()</dt> <dd><p>Returns the name of the context acceptor. If a name is returned then it is always an MN.</p> <p> Zero is returned on the initiator side if the initiator didn't specify a target name and the acceptor did not authenticate itself (should never happen if mutual authentication (c.f. <code>GSSAPI.MUTUAL_FLAG</code>) is a required service).</p> <p> The returned object is not necessarily the same one as was passed to <code>GSSAPI.InitContext.create</code>, even though they are likely to compare as equal (they might not be equal if the passed name wasn't an MN).</p> </dd> <dt>lifetime()</dt> <dd><p>Returns the validity lifetime left for the context. Returns zero if the context has expired, or <code>Int.inf</code> if there is no time limit (in older pikes without <code>Int.inf</code> a large positive integer is returned instead).</p> </dd> <dt>mech()</dt> <dd><p>Returns the mechanism that provides the context. The returned value is its OID on dotted-decimal form.</p> </dd> </dl><p>These functions don't throw errors if the context is missing or not completely established, even though they might not be able to query the proper values then (GSS-API implementations are known to not be completely reliable in handling these queries for partly established contexts). The functions instead return zero.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>last_confidential</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>int</code> <b><span class='method'>last_confidential</span>(</b><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Returns nonzero if the last call to <code>wrap</code> or <code>unwrap</code> provided confidentiality for the message, i.e. if <code>wrap</code> encrypted it or if <code>unwrap</code> decrypted it. Zero is returned otherwise.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>last_major_status</b></span><br> <span class='homogen--type'>Method</span> <span class='homogen--name'><b>last_minor_status</b></span><br>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>int</code> <b><span class='method'>last_major_status</span>(</b><b>)</b></code><br> <code><code class='datatype'>int</code> <b><span class='method'>last_minor_status</span>(</b><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Returns the major and minor status codes from the last operation that called a GSS-API routine, with the exception of those that wrap <tt>GSS_Inquire_context</tt>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl>
99eac22021-07-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>last_qop</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>int</code> <b><span class='method'>last_qop</span>(</b><b>)</b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Returns the quality of protection provided by the last call to <code>verify_mic</code> or <code>unwrap</code>.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl>
32f88f2020-06-10Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>process_token</b></span>
32f88f2020-06-10Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>void</code> <b><span class='method'>process_token</span>(</b><code class='datatype'>string</code> <code class='argument'>remote_token</code><b>)</b></code></p></dd>
32f88f2020-06-10Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Passes the given <code>remote_token</code> to the mechanism.</p> <p> This wraps <tt>GSS_Process_context_token</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.2.4'>RFC 2743 section 2.2.4</a></b>.</p> <p> This is used for tokens that are received outside the handshaking between <tt>GSS_Init_sec_context</tt> (<code>GSSAPI.InitContext.init</code>) and <tt>GSS_Accept_sec_context</tt> (<code>GSSAPI.AcceptContext.accept</code>).</p> <p> An example is when <code>GSSAPI.InitContext.init</code> returns a final token and flags the context as established, but the acceptor context detects an error and sends a failure token back. That token is processed using this function since <code>GSSAPI.InitContext.init</code> doesn't handle any more tokens by then.</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>Note</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>This function might change context state.</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>This function might block on network connections to remote authentication servers. However, if the remote token is the result of <tt>GSS_Delete_sec_context</tt> on the remote side then it will not block.</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>required_services</b></span>
32f88f2020-06-10Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>int</code> <b><span class='method'>required_services</span>(</b><code class='datatype'>void</code>|<code class='datatype'>int</code> <code class='argument'>services</code><b>)</b></code></p></dd>
32f88f2020-06-10Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Gets and optionally sets the set of services that must be provided in the context. The returned and given value is a bitfield of the <tt>GSSAPI.*_FLAG</tt> constants.</p> <p> This is mainly useful to change the per-message service flags that <code>verify_mic</code> and <code>unwrap</code> use to decide whether a condition is an error or not.</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-services'></span>Parameter <code class='parameter'>services</code></dt> <dd></dd><dd class='body--doc'><p>New set of required services. If this is not given then the set is not changed.</p> <p> If the context is established and <code>services</code> contain a service which isn't currently provided then the context is closed and a <code>GSSAPI.MissingServicesError</code> is thrown immediately.</p> <p> <code>GSSAPI.PROT_READY_FLAG</code> is ignored in this parameter.</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'>Returns</dt> <dd class='body--doc'><p>Returns the current set of required services (after setting them to <code>services</code>, if provided).</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'>See also</dt> <dd class='body--doc'><p><code>GSSAPI.describe_services</code></p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>unwrap</b></span>
32f88f2020-06-10Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>string</code> <b><span class='method'>unwrap</span>(</b><code class='datatype'>string</code> <code class='argument'>message</code>, <code class='datatype'>void</code>|<code class='datatype'>int</code> <code class='argument'>accept_encrypted_only</code><b>)</b></code></p></dd>
32f88f2020-06-10Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Verifies the origin and integrity of the given message using the MIC included in it, and also decrypts the message if it was encrypted. The message has been calculated by the sender using <code>wrap</code> or some other <tt>GSS_Wrap</tt> wrapper.</p> <p> This wraps <tt>GSS_Unwrap</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.3.4'>RFC 2743 section 2.3.4</a></b>.</p> <p> This function requires that the context is established, or that the early per-message protection service is available (c.f. <code>GSSAPI.PROT_READY_FLAG</code>. If not, a <code>GSSAPI.MissingServicesError</code> is thrown (but the context is not closed).</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-message'></span>Parameter <code class='parameter'>message</code></dt> <dd></dd><dd class='body--doc'><p>The message to be unwrapped.</p> </dd> <dt class='head--doc'><span id='p-accept_encrypted_only'></span>Parameter <code class='parameter'>accept_encrypted_only</code></dt> <dd></dd><dd class='body--doc'><p>If this is nonzero then it is an error if <code>message</code> isn't encrypted, and zero is returned in that case (the status returned by <code>last_major_status</code> will still indicate success, though).</p> </dd> <dt class='head--doc'>Returns</dt> <dd class='body--doc'><p>Zero is returned if the verification fails with <code>GSSAPI.DEFECTIVE_TOKEN</code> or <code>GSSAPI.BAD_MIC</code>.</p> <p> Zero is also returned if <code>message</code> isn't encrypted and <code>accept_encrypted_only</code> is set.</p> <p> Otherwise the message is successfully decrypted (provided it was encrypted to begin with), and its origin and integrity checks out, but it might still be considered wrong depending on whether the replay detection or sequencing services are required (see <code>required_services</code>):</p> <p> If replay detection (c.f. <code>GSSAPI.REPLAY_FLAG</code>) is required then zero is returned if the message is duplicated (<code>GSSAPI.DUPLICATE_TOKEN</code>) or old (<code>GSSAPI.OLD_TOKEN</code>).</p> <p> If sequencing (c.f. <code>GSSAPI.SEQUENCE_FLAG</code>) is required then in addition to the replay detection conditions, zero is also returned if the message is out of sequence (<code>GSSAPI.UNSEQ_TOKEN</code> or <code>GSSAPI.GAP_TOKEN</code>).</p> <p> Otherwise the unwrapped message is returned, which is valid according to the currently required services (note however that requiring the confidentiality service does not imply that an error is signalled whenever an unencrypted message is received - see instead <code>accept_encrypted_only</code> above).</p> </dd> <dt class='head--doc'>Throws</dt> <dd class='body--doc'><p>Any GSS-API errors except <code>GSSAPI.DEFECTIVE_TOKEN</code> and <code>GSSAPI.BAD_MIC</code> are thrown.</p> </dd> <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>This function sets the value returned by <code>last_confidential</code> and <code>last_qop</code>.</p> </dd> <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>Even if the message is considered valid by the return value, <code>last_major_status</code> may be called to check for the informatory codes mentioned above.</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd></dl>
99eac22021-07-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>verify_mic</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>int</code> <b><span class='method'>verify_mic</span>(</b><code class='datatype'>string</code> <code class='argument'>message</code>, <code class='datatype'>string</code> <code class='argument'>mic</code><b>)</b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Verifies the origin and integrity of the given <code>message</code> using the given <code>mic</code>, which has been calculated by the sender using <code>get_mic</code> or some other <tt>GSS_GetMIC</tt> wrapper.</p> <p> This wraps <tt>GSS_VerifyMIC</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.3.2'>RFC 2743 section 2.3.2</a></b>.</p> <p> This function requires that the context is established, or that the early per-message protection service is available (c.f. <code>GSSAPI.PROT_READY_FLAG</code>. If not, a <code>GSSAPI.MissingServicesError</code> is thrown (but the context is not closed).</p> </dd> <dt class='head--doc'>Returns</dt> <dd class='body--doc'><p>Zero is returned if the verification fails with <code>GSSAPI.DEFECTIVE_TOKEN</code> or <code>GSSAPI.BAD_MIC</code>.</p> <p> Otherwise the message origin and integrity checks out, but it might still be considered wrong depending on whether the replay detection or sequencing services are required (see <code>required_services</code>):</p> <p> If replay detection (c.f. <code>GSSAPI.REPLAY_FLAG</code>) is required then zero is returned if the message is duplicated (<code>GSSAPI.DUPLICATE_TOKEN</code>) or old (<code>GSSAPI.OLD_TOKEN</code>).</p> <p> If sequencing (c.f. <code>GSSAPI.SEQUENCE_FLAG</code>) is required then in addition to the replay detection conditions, zero is also returned if the message is out of sequence (<code>GSSAPI.UNSEQ_TOKEN</code> or <code>GSSAPI.GAP_TOKEN</code>).</p> <p> Otherwise nonzero is returned to indicate that the message is valid according to the currently required services.</p> </dd> <dt class='head--doc'>Throws</dt> <dd class='body--doc'><p>Any GSS-API errors except <code>GSSAPI.DEFECTIVE_TOKEN</code> and <code>GSSAPI.BAD_MIC</code> are thrown.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>Note</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>This function sets the value returned by <code>last_qop</code>.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>Regardless whether the message is considered valid or not by the return value, <code>last_major_status</code> may be called to check for routine errors or the informatory codes mentioned above.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>wrap</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>string</code> <b><span class='method'>wrap</span>(</b><code class='datatype'>string</code> <code class='argument'>message</code>, <code class='datatype'>void</code>|<code class='datatype'>int</code> <code class='argument'>encrypt</code>, <code class='datatype'>void</code>|<code class='datatype'>int</code> <code class='argument'>qop</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Calculates a MIC (message integrity checksum) for the given message, and returns it together with the message, which is optionally encrypted. The returned value can be verified and (if applicable) decrypted by the receiver using <code>unwrap</code> or some other <tt>GSS_Unwrap</tt> wrapper.</p> <p> This wraps <tt>GSS_Wrap</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.3.3'>RFC 2743 section 2.3.3</a></b>.</p> <p> This function requires that the context is established, or that the early per-message protection service is available (c.f. <code>GSSAPI.PROT_READY_FLAG</code>. If not, a <code>GSSAPI.MissingServicesError</code> is thrown (but the context is not closed).</p> </dd> <dt class='head--doc'><span id='p-message'></span>Parameter <code class='parameter'>message</code></dt> <dd></dd><dd class='body--doc'><p>The message to be wrapped. It may be of zero length.</p> </dd> <dt class='head--doc'><span id='p-encrypt'></span>Parameter <code class='parameter'>encrypt</code></dt> <dd></dd><dd class='body--doc'><p>Set to nonzero to request that the message is encrypted. Otherwise only a MIC is calculated and the returned value contains the unencrypted message.</p> <p> If this is set and the confidentiality service (c.f. <code>GSSAPI.CONF_FLAG</code>) is required then the returned value is always encrypted. Otherwise it might not be encrypted anyway, and a call to <code>last_confidential</code> will tell if it is or not.</p> </dd> <dt class='head--doc'><span id='p-qop'></span>Parameter <code class='parameter'>qop</code></dt> <dd></dd><dd class='body--doc'><p>The quality of protection. This is a mechanism-specific value that lets the user direct how the underlying mechanism calculates the MIC. See <b><a href='http://pike.lysator.liu.se/rfc2743.xml#1.2.4'>RFC 2743 section 1.2.4</a></b>.</p> <p> Zero or left out means use the default method.</p> </dd> <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>This function sets the value returned by <code>last_confidential</code>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>See also</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p><code>wrap_size_limit</code></p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>wrap_size_limit</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>int(0..)</code> <b><span class='method'>wrap_size_limit</span>(</b><code class='datatype'>int(0..)</code> <code class='argument'>output_size</code>, <code class='datatype'>int</code> <code class='argument'>encrypt</code>, <code class='datatype'>void</code>|<code class='datatype'>int</code> <code class='argument'>qop</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Returns the maximum size of an input string to <code>wrap</code> that would produce no more than <code>output_size</code> bytes in the resulting output.</p> <p> This wraps <tt>GSS_Wrap_size_limit</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.2.7'>RFC 2743 section 2.2.7</a></b>.</p> <p> <code>with_confidentiality</code> and <code>qop</code> are the same as in the call to <code>wrap</code>.</p> </dd></dl> </dd></dl><dl><dt><h2 class='header'>Class <b class='ms datatype'>GSSAPI.Cred</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Objects of this class hold one or more credentials that the current process can use to assert identities; see <b><a href='http://pike.lysator.liu.se/rfc2743.xml#1.1.1'>RFC 2743 section 1.1.1</a></b>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>If a <code>Cred</code> object is destructed, <tt>GSS_Release_cred</tt> (<b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.1.2'>RFC 2743 section 2.1.2</a></b>) is called. The RFC doesn't preclude that that function might do blocking network I/O, which due to pike's object management might occur essentially anytime in any thread if the object isn't explicitly destructed. To avoid that, it's recommended to call <code>release</code> in credential objects that are no longer used.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>name</b></span><br> <span class='homogen--type'>Method</span> <span class='homogen--name'><b>cred_usage</b></span><br> <span class='homogen--type'>Method</span> <span class='homogen--name'><b>mechs</b></span><br> <span class='homogen--type'>Method</span> <span class='homogen--name'><b>lifetime</b></span><br> <span class='homogen--type'>Method</span> <span class='homogen--name'><b>init_lifetime</b></span><br> <span class='homogen--type'>Method</span> <span class='homogen--name'><b>accept_lifetime</b></span><br>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>GSSAPI.Name</code> <b><span class='method'>name</span>(</b><code class='datatype'>void</code>|<code class='datatype'>string</code> <code class='argument'>mech</code><b>)</b></code><br> <code><code class='datatype'>int</code> <b><span class='method'>cred_usage</span>(</b><code class='datatype'>void</code>|<code class='datatype'>string</code> <code class='argument'>mech</code><b>)</b></code><br> <code><code class='datatype'>multiset</code>(<code class='datatype'>string</code>) <b><span class='method'>mechs</span>(</b><b>)</b></code><br> <code><code class='datatype'>int(0..)</code>|<code class='object unresolved'>Int.inf</code> <b><span class='method'>lifetime</span>(</b><b>)</b></code><br> <code><code class='datatype'>int(0..)</code>|<code class='object unresolved'>Int.inf</code> <b><span class='method'>init_lifetime</span>(</b><code class='datatype'>string</code> <code class='argument'>mech</code><b>)</b></code><br> <code><code class='datatype'>int(0..)</code>|<code class='object unresolved'>Int.inf</code> <b><span class='method'>accept_lifetime</span>(</b><code class='datatype'>string</code> <code class='argument'>mech</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Functions to query various properties about the credentials.</p> <p> These wrap <tt>GSS_Inquire_cred</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.1.3'>RFC 2743 section 2.1.3</a></b> if <code>mech</code> is not given, and <tt>GSS_Inquire_cred_by_mech</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.1.5'>RFC 2743 section 2.1.5</a></b> otherwise.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-mech'></span>Parameter <code class='parameter'>mech</code></dt> <dd></dd><dd class='body--doc'><p>If this is given then the credential for that specific mechanism is queried. <code>mech</code> contains the OID of the mechanism on dotted-decimal form.</p> <p> Some of the query functions can only be used for a specific mechanism, in which case <code>mech</code> is required. Some can only be used on the credentials in general, and the <code>mech</code> argument is not applicable. Some can be used both ways, and then <code>mech</code> is optional.</p> <dl class='group--doc'><dd><p><tt>name (void|string mech)</tt> Returns the name of the identity that the credential(s) assert. If <code>mech</code> is given then the returned name is a Mechanism Name (MN).</p> <p> The returned <code>GSSAPI.Name</code> object is always a newly created one, even though it typically compares as equal with the ones given to <code>acquire</code> or <code>add</code>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><tt>cred_usage (void|string mech)</tt> Returns how the credential(s) may be used, one of <code>GSSAPI.INITIATE</code>, <code>GSSAPI.ACCEPT</code> or <code>GSSAPI.BOTH</code>.</p> <p> If <code>mech</code> is not given then the returned usage value reflects the union of the capabilities in all credentials.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><tt>mechs()</tt> Returns the set of mechanisms supported by the credential. The returned value is a multiset of strings with OIDs on dotted-decimal form.</p> </dd> <dd><p><tt>lifetime()</tt> Returns the shortest validity lifetime left in any of the mechanisms that are part of the credentials, for either initiator or acceptor use.</p> <p> Returns zero if some part of the credentials has expired.</p> <p> Returns <code>Int.inf</code> if there is no time limit (in older pikes without <code>Int.inf</code> a large positive integer is returned instead).</p> </dd> <dd><p><tt>init_lifetime (string mech)</tt> Returns the validity lifetime left for initiator use.</p> <p> Returns zero if the credential has expired for this use or if its usage is <code>GSSAPI.ACCEPT</code>.</p> <p> Returns <code>Int.inf</code> if there is no time limit (in older pikes without <code>Int.inf</code> a large positive integer is returned instead).</p> </dd> <dd><p><tt>accept_lifetime (string mech)</tt> Returns the validity lifetime left for acceptor use.</p> <p> Returns zero if the credential has expired for this use or if its usage is <code>GSSAPI.INITIATE</code>.</p> <p> Returns <code>Int.inf</code> if there is no time limit (in older pikes without <code>Int.inf</code> a large positive integer is returned instead).</p> </dd> </dl> </dd> <dt class='head--doc'>Note</dt> <dd class='body--doc'><p><b><a href='http://pike.lysator.liu.se/rfc2743.xml'>RFC 2743</a></b> doesn't preclude that these functions might block on network connections to remote authentication servers.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl>
99eac22021-07-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>acquire</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>void</code> <b><span class='method'>acquire</span>(</b><code class='object unresolved'>Name</code>|<code class='datatype'>string</code> <code class='argument'>name</code>, <code class='datatype'>int</code> <code class='argument'>cred_usage</code>, <code class='datatype'>void</code>|<code class='datatype'>multiset</code>(<code class='datatype'>string</code>) <code class='argument'>desired_mechs</code>, <code class='datatype'>void</code>|<code class='datatype'>int(0..)</code> <code class='argument'>desired_time</code><b>)</b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Acquire initial credentials for this object. It is an error if it already has some credentials.</p> <p> This wraps <tt>GSS_Acquire_cred</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.1.1'>RFC 2743 section 2.1.1</a></b>.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-name'></span>Parameter <code class='parameter'>name</code></dt> <dd></dd><dd class='body--doc'><p>The name of the identity for which credentials should be acquired. It is up to the GSS-API implementation to check whether the running process is authorized to act on behalf of this identity.</p> <p> This can be either a <code>GSSAPI.Name</code> object or a string. In the latter case, the string is converted to a GSS-API name according to a mechanism-specific default printable syntax, i.e. just like if it would be given as the sole argument to <code>GSSAPI.Name.create</code>.</p> <p> If this is zero then credentials for the default principal (if any) are retrieved.</p> </dd> <dt class='head--doc'><span id='p-cred_usage'></span>Parameter <code class='parameter'>cred_usage</code></dt> <dd></dd><dd class='body--doc'><p>Specifies how the credential will be used. One of <code>GSSAPI.INITIATE</code>, <code>GSSAPI.ACCEPT</code> or <code>GSSAPI.BOTH</code>.</p> </dd> <dt class='head--doc'><span id='p-desired_mechs'></span>Parameter <code class='parameter'>desired_mechs</code></dt> <dd></dd><dd class='body--doc'><p>The mechanisms that the credentials should cover, as a multiset containing their OIDs on dotted-decimal form. If zero or left out then a default set provided by the GSS-API implementation is used.</p> <p> It is an error to pass an empty multiset.</p> </dd> <dt class='head--doc'><span id='p-desired_time'></span>Parameter <code class='parameter'>desired_time</code></dt> <dd></dd><dd class='body--doc'><p>Number of seconds the credentials should remain valid. The GSS-API implementation may return credentials that are valid both longer and shorter than this. Zero or left out means use the maximum permitted time.</p> </dd> <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>This function might block on network connections to remote authentication servers.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>add</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>void</code> <b><span class='method'>add</span>(</b><code class='object unresolved'>Name</code>|<code class='datatype'>string</code> <code class='argument'>name</code>, <code class='datatype'>int</code> <code class='argument'>cred_usage</code>, <code class='datatype'>string</code> <code class='argument'>desired_mech</code>, <code class='datatype'>void</code>|<code class='datatype'>int(0..)</code>|<code class='datatype'>array</code>(<code class='datatype'>int(0..)</code>) <code class='argument'>desired_time</code><b>)</b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Adds another credential element to this object. If this object has no credentials already then it will get the default credentials in addition to this specified one.</p> <p> This wraps <tt>GSS_Add_cred</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.1.4'>RFC 2743 section 2.1.4</a></b>.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-name'></span>Parameter <code class='parameter'>name</code></dt> <dd></dd><dd class='body--doc'><p>The name of the identity for which a credential should be acquired. It is up to the GSS-API implementation to check whether the running process has sufficient privileges to act on behalf of this identity.</p> <p> This can be either a <code>GSSAPI.Name</code> object or a string. In the latter case, the string is converted to a GSS-API name according to a mechanism-specific default printable syntax, i.e. just like if it would be given as the sole argument to <code>GSSAPI.Name.create</code>.</p> <p> If this is zero then a credential for the default principal (if any) are retrieved.</p> </dd> <dt class='head--doc'><span id='p-cred_usage'></span>Parameter <code class='parameter'>cred_usage</code></dt> <dd></dd><dd class='body--doc'><p>Specifies how the credential will be used. One of <code>GSSAPI.INITIATE</code>, <code>GSSAPI.ACCEPT</code> or <code>GSSAPI.BOTH</code>.</p> </dd> <dt class='head--doc'><span id='p-desired_mech'></span>Parameter <code class='parameter'>desired_mech</code></dt> <dd></dd><dd class='body--doc'><p>The mechanism that the credential should cover, as an OID on dotted-decimal form.</p> </dd> <dt class='head--doc'><span id='p-desired_time'></span>Parameter <code class='parameter'>desired_time</code></dt> <dd></dd><dd class='body--doc'><p>Number of seconds the credential should remain valid. The GSS-API implementation may return a credential that is valid both longer and shorter than this. Zero or left out means use the maximum permitted time.</p> <p> This can also be an array containing two elements. In that case the first element applies to the credential when it is used to initiate contexts, and the second element applies to use for acceptor contexts.</p> </dd> <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>This function might block on network connections to remote authentication servers.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>release</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>void</code> <b><span class='method'>release</span>(</b><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Frees the resources for the credential.</p> <p> This wraps <tt>GSS_Release_cred</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.1.2'>RFC 2743 section 2.1.2</a></b>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>This function might block on network connections to remote authentication servers.</p> </dd></dl> </dd></dl><dl><dt><h2 class='header'>Class <b class='ms datatype'>GSSAPI.Error</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Error object used for GSS-API errors.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>create</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='object'>GSSAPI.Error</span> <span class='class'>GSSAPI.Error</span><b>(</b><code class='datatype'>void</code>|<code class='datatype'>int</code> <code class='argument'>major</code>, <code class='datatype'>void</code>|<code class='datatype'>int</code> <code class='argument'>minor</code>, <code class='datatype'>void</code>|<code class='datatype'>string</code> <code class='argument'>mech</code>, <code class='datatype'>void</code>|<code class='datatype'>string</code> <code class='argument'>message</code>, <code class='datatype'>void</code>|<code class='datatype'>array</code> <code class='argument'>backtrace</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba) 
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-major'></span>Parameter <code class='parameter'>major</code></dt> <dd></dd><dd class='body--doc'><p>Initial value for <code>major_status</code>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-minor'></span>Parameter <code class='parameter'>minor</code></dt> <dd></dd><dd class='body--doc'><p>Initial value for <code>minor_status</code>.</p> </dd> <dt class='head--doc'><span id='p-mech'></span>Parameter <code class='parameter'>mech</code></dt> <dd></dd><dd class='body--doc'><p>Object identifier on dotted-decimal form for the mechanism that <code>minor</code> applies to.</p> </dd> <dt class='head--doc'><span id='p-message'></span>Parameter <code class='parameter'>message</code></dt> <dd></dd><dd class='body--doc'><p>Error message. This is prepended to the message generated from <code>major_status</code> and/or <code>minor_status</code>. <code class='expr'>":&nbsp;"</code> is inserted in between.</p> </dd> <dt class='head--doc'><span id='p-backtrace'></span>Parameter <code class='parameter'>backtrace</code></dt> <dd></dd><dd class='body--doc'><p>Backtrace. The current backtrace for the calling function is used if left out.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>Generic</b></span> </dt> <dd><p><code><span class='datatype'>inherit Error.Generic</span> : <span class='inherit'>Generic</span></code></p></dd> </dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>major_status</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>int</code> GSSAPI.Error.<b><span class='variable'>major_status</span></b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>The major status code. This is a bitwise OR of one routine error code and zero or more supplementary error info bits.</p> <p> See <b><a href='http://pike.lysator.liu.se/rfc2743.xml#1.2.1.1'>RFC 2743 section 1.2.1.1</a></b> and <b><a href='http://pike.lysator.liu.se/rfc2744.xml#3.9.1'>RFC 2744 section 3.9.1</a></b>. Note that the calling errors mentioned in <b><a href='http://pike.lysator.liu.se/rfc2744.xml'>RFC 2744</a></b> are never thrown.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>See also</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p><code>major_status_messages</code></p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>major_status_messages</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>array</code>(<code class='datatype'>string</code>) <b><span class='method'>major_status_messages</span>(</b><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Returns an array containing messages for all the status values in <code>major_status</code>. See <code>GSSAPI.major_status_messages</code> for further details.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>minor_status</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>int</code> GSSAPI.Error.<b><span class='variable'>minor_status</span></b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>The minor status code specific for the mechanism.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>See also</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p><code>minor_status_messages</code>, <code>minor_status_mech</code></p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>minor_status_mech</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
4447642022-06-01Martin Nilsson <dd><p><code><code class='datatype'>string</code>|<code class='datatype'>zero</code> <b><span class='method'>minor_status_mech</span>(</b><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Returns the OID for the mechanism that is used to interpret the minor status, or zero if no mechanism has been set. It is returned on dotted-decimal form.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>minor_status_messages</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>array</code>(<code class='datatype'>string</code>) <b><span class='method'>minor_status_messages</span>(</b><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Returns an array containing messages for all the status values in <code>minor_status</code>. See <code>GSSAPI.minor_status_messages</code> for further details.</p> </dd></dl> </dd></dl><dl><dt><h2 class='header'>Class <b class='ms datatype'>GSSAPI.InitContext</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Variant of <code>Context</code> which is used on the initiator side.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl>
c9b57f2020-11-09Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>create</b></span>
c9b57f2020-11-09Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='object'>GSSAPI.InitContext</span> <span class='class'>GSSAPI.InitContext</span><b>(</b><code class='datatype'>void</code>|<code class='object unresolved'>Cred</code> <code class='argument'>cred</code>, <code class='datatype'>void</code>|<code class='object unresolved'>Name</code>|<code class='datatype'>string</code> <code class='argument'>target_name</code>, <code class='datatype'>void</code>|<code class='datatype'>string</code> <code class='argument'>mech</code>, <code class='datatype'>void</code>|<code class='datatype'>int</code> <code class='argument'>required_services</code>, <code class='datatype'>void</code>|<code class='datatype'>int</code> <code class='argument'>desired_services</code>, <code class='datatype'>void</code>|<code class='datatype'>int(0..)</code> <code class='argument'>desired_time</code><b>)</b></code></p></dd>
c9b57f2020-11-09Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Creates a context for initiator use. This function only accepts parameters to be used later during the <code>init</code> call. If there are semantic problems with them, such as if the credentials are stale or the mechanism isn't supported, then they will be signalled later by <code>init</code>.</p>
c9b57f2020-11-09Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-cred'></span>Parameter <code class='parameter'>cred</code></dt> <dd></dd><dd class='body--doc'><p>Credentials for the identity this context claims. The credentials for the default principal (if any) is used if zero or left out.</p>
c9b57f2020-11-09Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-target_name'></span>Parameter <code class='parameter'>target_name</code></dt> <dd></dd><dd class='body--doc'><p>The name of the target.</p> <p> This can be either a <code>GSSAPI.Name</code> object or a string. In the latter case, the string is converted to a GSS-API name according to a mechanism-specific default printable syntax, i.e. just like if it would be given as the sole argument to <code>GSSAPI.Name.create</code>.</p> <p> Some mechanisms support unnamed targets (as allowed in GSS-API v2, update 1) and in such cases this may be zero or left out.</p>
c9b57f2020-11-09Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-mech'></span>Parameter <code class='parameter'>mech</code></dt> <dd></dd><dd class='body--doc'><p>The mechanism to use. It is given as an OID on dotted-decimal form. The GSS-API implementation chooses this using system settings if it's zero or left out, which is the recommended way.</p>
c9b57f2020-11-09Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-required_services'></span>Parameter <code class='parameter'>required_services</code></dt> <dd></dd><dd class='body--doc'><p>Bitfield of <tt>GSSAPI.*_FLAG</tt> flags specifying all services that must be provided in the context. If the context fail to provide any of them then it is closed and a <code>GSSAPI.MissingServicesError</code> is thrown.</p> <p> <code>GSSAPI.PROT_READY_FLAG</code> is ignored in this parameter. The fact that a user calls a per-message function indicates that this service is required at that point, and a <code>GSSAPI.MissingServicesError</code> is thrown if it isn't.</p>
c9b57f2020-11-09Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-desired_services'></span>Parameter <code class='parameter'>desired_services</code></dt> <dd></dd><dd class='body--doc'><p>Bitfield of <tt>GSSAPI.*_FLAG</tt> flags specifying the context services that are wanted but not required. I.e. errors won't be thrown if any of these aren't provided. The services specified in <code>required_services</code> are implicit, so they need not be repeated here.</p> <p> <code>GSSAPI.PROT_READY_FLAG</code> is ignored in this parameter.</p> </dd> <dt class='head--doc'><span id='p-desired_time'></span>Parameter <code class='parameter'>desired_time</code></dt> <dd></dd><dd class='body--doc'><p>The desired context validity time in seconds. Zero or left out means use the default.</p> </dd> <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>Channel bindings (<b><a href='http://pike.lysator.liu.se/rfc2743.xml#1.1.6'>RFC 2743 section 1.1.6</a></b>) are not yet implemented since that feature appear to not be in much active use, and its format is not completely specified (<b><a href='http://pike.lysator.liu.se/rfc2744.xml#3.11'>RFC 2744 section 3.11</a></b>).</p>
c9b57f2020-11-09Henrik Grubbström (Grubba) </dd></dl>
43893c2021-10-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>Context</b></span> </dt> <dd><p><code><span class='datatype'>inherit Context</span> : <span class='inherit'>Context</span></code></p></dd> </dl>
7393ca2019-08-17Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>init</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>string</code> <b><span class='method'>init</span>(</b><code class='datatype'>void</code>|<code class='datatype'>string</code> <code class='argument'>remote_token</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Initiates a security context to send to a remote peer.</p> <p> This wraps <tt>GSS_Init_sec_context</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.2.1'>RFC 2743 section 2.2.1</a></b>.</p> <p> The underlying mechanism might require several tokens to be passed back and forth to establish the context. If <code>is_established</code> returns zero after a call to this function then the caller must wait for a token from the remote peer to feed as <code>remote_token</code> in another call to this function.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-remote_token'></span>Parameter <code class='parameter'>remote_token</code></dt> <dd></dd><dd class='body--doc'><p>A token from the remote peer, as returned by a call to <code>GSSAPI.AcceptContext.accept</code> (or some other <tt>GSS_Accept_sec_context</tt> wrapper) in it. This is zero or left out on the initial call, but used later if the remote peer sends back tokens to process as part of the context establishment.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>Returns</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>If a string is returned then it must be passed to the remote peer which will feed it to <code>GSSAPI.AcceptContext.accept</code> or some other <tt>GSS_Accept_sec_context</tt> wrapper. An empty string is never returned.</p> <p> Zero is returned if there is no token to send to the remote peer. Note that <code>is_established</code> might still return zero in that case, meaning more remote tokens are necessary.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>Note</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>This function might block on network connections to remote authentication servers.</p> </dd></dl> </dd></dl><dl><dt><h2 class='header'>Class <b class='ms datatype'>GSSAPI.MissingServicesError</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Error object used when one or more required services are missing in a <code>GSSAPI.Context</code> object.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>create</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='object'>GSSAPI.MissingServicesError</span> <span class='class'>GSSAPI.MissingServicesError</span><b>(</b><code class='datatype'>void</code>|<code class='datatype'>int</code> <code class='argument'>missing_services</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba) 
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-missing_services'></span>Parameter <code class='parameter'>missing_services</code></dt> <dd></dd><dd class='body--doc'><p>Initial value for <code>services</code>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl>
9b13162019-11-02Tobias S. Josefowitz <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>Generic</b></span>
9b13162019-11-02Tobias S. Josefowitz </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='datatype'>inherit Error.Generic</span> : <span class='inherit'>Generic</span></code></p></dd> </dl>
9b13162019-11-02Tobias S. Josefowitz  <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>services</b></span>
9b13162019-11-02Tobias S. Josefowitz </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>int</code> GSSAPI.MissingServicesError.<b><span class='variable'>services</span></b></code></p></dd>
9b13162019-11-02Tobias S. Josefowitz  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Bitfield of <tt>GSSAPI.*_FLAG</tt> flags for the missing services that caused the error.</p> </dd> <dt class='head--doc'>See also</dt> <dd class='body--doc'><p><code>GSSAPI.describe_services</code></p> </dd></dl> </dd></dl><dl><dt><h2 class='header'>Class <b class='ms datatype'>GSSAPI.Name</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>An object of this class contains a name on the internal form which is required by the GSS-API functions. See <b><a href='http://pike.lysator.liu.se/rfc2743.xml#1.1.5'>RFC 2743 section 1.1.5</a></b>.</p>
9b13162019-11-02Tobias S. Josefowitz </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>__hash</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>int</code> <b><span class='method'>hash_value</span>(</b> <span class='class'>GSSAPI.Name</span> <span class='argument'>arg</span> <b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Tries to export the name (see <code>export</code>) and if that succeeds returns a hash made from the exported name string. Otherwise a normal hash based on this object is returned.</p> <p> This means that mechanism names (MNs) can be used as indices in mappings without getting duplicate entries for the same identity.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>`==</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>int</code> res = <code class='class'>GSSAPI.Name()</code>&#32;==&#32;<code class='class'>other</code></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Returns true if <code>other</code> is a <code>GSSAPI.Name</code> which contains a name that refers to the same identity as this one.</p> <p> This wraps <tt>GSS_Compare_name</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.4.3'>RFC 2743 section 2.4.3</a></b>.</p> <p> If either <code>GSSAPI.Name</code> object is uninitialized or contains an anonymous identity then they are considered different, unless it is the very same <code>GSSAPI.Name</code> object (that is an inherent pike behavior).</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'>Throws</dt> <dd class='body--doc'><p>An error is thrown if the names are incomparable, or if either of them are ill-formed.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl>
99eac22021-07-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>canonicalize</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Name</code> <b><span class='method'>canonicalize</span>(</b><code class='datatype'>string</code> <code class='argument'>mech</code><b>)</b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Returns a <code>GSSAPI.Name</code> containing the canonical mechanism name (MN) of this name. The mechanism is given as a dotted-decimal OID in <code>mech</code>.</p> <p> This wraps <tt>GSS_Canonicalize_name</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.4.14'>RFC 2743 section 2.4.14</a></b>.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>Note</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>This function might block on network connections to remote authentication servers.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl>
32f88f2020-06-10Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>create</b></span>
32f88f2020-06-10Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='object'>GSSAPI.Name</span> <span class='class'>GSSAPI.Name</span><b>(</b><code class='datatype'>string</code> <code class='argument'>name</code>, <code class='datatype'>void</code>|<code class='datatype'>string</code> <code class='argument'>name_type</code><b>)</b></code></p></dd> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>This wraps <tt>GSS_Import_name</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.4.5'>RFC 2743 section 2.4.5</a></b>.</p> </dd> <dt class='head--doc'><span id='p-name'></span>Parameter <code class='parameter'>name</code></dt> <dd></dd><dd class='body--doc'><p>A name on string form (a contiguous string name in GSS-API parlance).</p> </dd> <dt class='head--doc'><span id='p-name_type'></span>Parameter <code class='parameter'>name_type</code></dt> <dd></dd><dd class='body--doc'><p>The OID on dotted-decimal form for the type of the name in <code>name</code>. If left out, <code>name</code> is parsed according to a mechanism-specific default printable syntax.</p> </dd> <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>If <code>name</code> is the result of <code>export</code> or a similar function then <code>name_type</code> should be <code>GSSAPI.NT_EXPORT_NAME</code>.</p> </dd></dl>
32f88f2020-06-10Henrik Grubbström (Grubba)  <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>display_name</b></span><br> <span class='homogen--type'>Method</span> <span class='homogen--name'><b>display_name_type</b></span><br>
32f88f2020-06-10Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>string</code> <b><span class='method'>display_name</span>(</b><b>)</b></code><br> <code><code class='datatype'>string</code> <b><span class='method'>display_name_type</span>(</b><b>)</b></code></p></dd>
32f88f2020-06-10Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p><code>display_name</code> returns a representation of the name for display purposes, and <code>display_name_type</code> returns an OID on dotted-decimal form for the type of that name.</p> <p> If no type was given to <code>create</code> then <code>display_name_type</code> might return zero.</p> <p> This wraps <tt>GSS_Display_name</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.4.4'>RFC 2743 section 2.4.4</a></b>.</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>See also</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>The <tt>GSSAPI.NT_*</tt> constants.</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>export</b></span>
32f88f2020-06-10Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>string</code> <b><span class='method'>export</span>(</b><code class='datatype'>void</code>|<code class='datatype'>string</code> <code class='argument'>mech</code><b>)</b></code></p></dd>
32f88f2020-06-10Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Returns the name on the exported format. If <code>mech</code> isn't given then the name has to be a mechanism name (MN). If <code>mech</code> is given then the name is canonicalized according to that mechanism before being exported (see <code>canonicalize</code>).</p> <p> This wraps <tt>GSS_Export_name</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.4.15'>RFC 2743 section 2.4.15</a></b>.</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>This function might block on network connections to remote authentication servers if <code>mech</code> is specified.</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd></dl>
99eac22021-07-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>mechs</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>multiset</code>(<code class='datatype'>string</code>) <b><span class='method'>mechs</span>(</b><b>)</b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Returns the OIDs for the mechanisms that might be able to process this name. The returned OID strings are on dotted-decimal form.</p> <p> This wraps <tt>GSS_Inquire_mechs_for_name</tt> according to <b><a href='http://pike.lysator.liu.se/rfc2743.xml#2.4.13'>RFC 2743 section 2.4.13</a></b>.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>Some older GSS-API v2 implementations lack this funcion.</p> </dd></dl> </dd></dl></dd></dl></dd> <dt><a name='21.3'></a> <h2 class='header'>21.3. Cryptographic primitives</h2></dt> <dd><dl><dt><h2 class='header'>Module <b class='ms datatype'>Crypto</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Various cryptographic classes and functions.</p> <dl class='group--doc'><dt>Hash modules</dt> <dd><p>These are based on the <code>Nettle.Hash</code> API. Examples include <code>MD5</code>, <code>SHA1</code>, <code>SHA256</code> and <code>SHA3_256</code>.</p> </dd> <dt>Cipher modules</dt> <dd><p>These are based on the <code>Nettle.Cipher</code> API. Examples include <code>AES</code>, <code>Arcfour</code>, <code>DES</code>, <code>DES3</code>, <code>CAMELLIA</code>.</p> <p> The <code>Substitution</code> program is compatible with <code>Cipher.State</code>.</p> <p> Also conforming to the API are several helper modules such as <code>Buffer</code>, <code>predef::Nettle.BlockCipher.CBC</code>, <code>predef::Nettle.BlockCipher16.GCM</code> and <code>Pipe</code>.</p> </dd> <dt>Message Authentication Code modules (MACs)</dt> <dd><p><code>MAC</code> algorithms are provided as sub-modules to their corresponding <code>Hash</code> or <code>Cipher</code> module. Examples include <code>SHA1.HMAC</code> and <code>AES.UMAC32</code>.</p> </dd> <dt>Authenticated Encryption with Associated Data modules (AEADs)</dt> <dd><p><code>AEAD</code>s combine ciphers with authentication codes, and may optionally also take into account some associated data that is provided out of band. This API is compatible with both <code>Cipher</code> and <code>Hash</code>. AEADs are provided as sub-modules to their corresponding ciphers. Examples include <code>AES.CCM</code>, <code>AES.GCM</code> and <code>CAMELLIA.EAX</code>.</p> </dd> </dl><p>As the cryptographic services offered from this module aren't necessarily used for security applications, none of the strings input or output are marked as secure. That is up to the caller.</p> </dd> <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>Most of the APIs in this module work on 8 bit binary strings unless otherwise noted. For conversions to and from hexadecimal notation <code>String.string2hex()</code> and <code>String.hex2string()</code> may be of interest.</p> </dd> <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>This module is only available if Pike has been compiled with <code>Nettle</code> enabled (this is the default).</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>make_crypt_md5</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
e6ea1a2022-11-05Martin Nilsson <dd><p><code><code class='datatype'>string(8bit)</code> <b><span class='method'>make_crypt_md5</span>(</b><code class='datatype'>string(8bit)</code> <code class='argument'>password</code>, <code class='datatype'>string(8bit)</code>|<code class='datatype'>void</code> <code class='argument'>salt</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Hashes a <code>password</code> together with a <code>salt</code> with the crypt_md5 algorithm and returns the result.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>See also</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p><code>verify_crypt_md5</code></p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>rot13</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>string(8bit)</code> <b><span class='method'>rot13</span>(</b><code class='datatype'>string(8bit)</code> <code class='argument'>data</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Convenience function that accesses the crypt function of a substitution object keyed to perform standard ROT13 (de)ciphering.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>siphash24</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>int</code> <b><span class='method'>siphash24</span>(</b><code class='datatype'>string</code> <code class='argument'>data</code>, <code class='datatype'>void</code>|<code class='datatype'>int</code> <code class='argument'>key</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Hashes a string, with an optional key, to a 64 bit integer using the siphash-2-4 algorithm. Currently the 64 bit <code>key</code> parameter is used both for the high and low part of the 128 bit key.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl>
32f88f2020-06-10Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>verify_crypt_md5</b></span>
32f88f2020-06-10Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>bool</code> <b><span class='method'>verify_crypt_md5</span>(</b><code class='datatype'>string(8bit)</code> <code class='argument'>password</code>, <code class='datatype'>string(7bit)</code> <code class='argument'>hash</code><b>)</b></code></p></dd>
32f88f2020-06-10Henrik Grubbström (Grubba) 
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Verifies the <code>password</code> against the crypt_md5 hash.</p> </dd> <dt class='head--doc'>Throws</dt> <dd class='body--doc'><p>May throw an exception if the hash value is bad.</p> </dd> <dt class='head--doc'>See also</dt> <dd class='body--doc'><p><code>make_crypt_md5</code></p> </dd></dl> <dl><dt><h2 class='header'>Class <b class='ms datatype'>Crypto.AE</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Abstract class for AE algorithms.</p> </dd></dl> <hr />
7393ca2019-08-17Henrik Grubbström (Grubba) <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>AE</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='datatype'>inherit __builtin.Nettle.AE</span> : <span class='inherit'>AE</span></code></p></dd> </dl> </dd></dl><dl><dt><h2 class='header'>Class <b class='ms datatype'>Crypto.AEAD</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Abstract class for AEAD algorithms.</p> </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba) 
43893c2021-10-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>AEAD</b></span> </dt> <dd><p><code><span class='datatype'>inherit Nettle.AEAD</span> : <span class='inherit'>AEAD</span></code></p></dd> </dl> </dd></dl><dl><dt><h2 class='header'>Class <b class='ms datatype'>Crypto.BlockCipher</b></h2> </dt><dd><dl class='group--doc'>
7393ca2019-08-17Henrik Grubbström (Grubba) <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Abstract class for block cipher algorithms. Contains some tools useful for all block ciphers.</p> <p> Contains the <code>CBC</code> submodule.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl>
43893c2021-10-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>BlockCipher</b></span> </dt> <dd><p><code><span class='datatype'>inherit Nettle.BlockCipher</span> : <span class='inherit'>BlockCipher</span></code></p></dd> </dl> </dd></dl><dl><dt><h2 class='header'>Class <b class='ms datatype'>Crypto.BlockCipher16</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Abstract class for block cipher algorithms with a 16 byte block size. Contains some tools useful for all such block ciphers.</p> <p> Contains the <code>GCM</code> submodule.</p> </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba)  <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>BlockCipher16</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='datatype'>inherit Nettle.BlockCipher16</span> : <span class='inherit'>BlockCipher16</span></code></p></dd> </dl> </dd></dl><dl><dt><h2 class='header'>Class <b class='ms datatype'>Crypto.BufferedCipher</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Abstract class for block cipher meta algorithms.</p> <p> Contains the <code>Buffer</code> submodule.</p> </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba) 
43893c2021-10-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>BufferedCipher</b></span> </dt> <dd><p><code><span class='datatype'>inherit Nettle.BufferedCipher</span> : <span class='inherit'>BufferedCipher</span></code></p></dd> </dl> </dd></dl><dl><dt><h2 class='header'>Class <b class='ms datatype'>Crypto.Cipher</b></h2> </dt><dd><dl class='group--doc'>
7393ca2019-08-17Henrik Grubbström (Grubba) <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Abstract class for crypto algorithms. Contains some tools useful for all ciphers.</p> </dd> <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>Typically only inherited directly by stream ciphers.</p>
069f622021-07-02Tobias S. Josefowitz </dd> <dt class='head--doc'>Note</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>It is however convenient for typing as it contains the minimum base level API for a cipher.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>See also</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p><code>BufferedCipher</code>, <code>BlockCipher</code>, <code>BlockCipher16</code></p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl>
99eac22021-07-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>Cipher</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='datatype'>inherit Nettle.Cipher</span> : <span class='inherit'>Cipher</span></code></p></dd> </dl> </dd></dl><dl><dt><h2 class='header'>Class <b class='ms datatype'>Crypto.HMAC</b></h2> </dt><dd><dl class='group--doc'>
99eac22021-07-20Henrik Grubbström (Grubba) <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>HMAC, defined by <b><a href='http://pike.lysator.liu.se/rfc2104.xml'>RFC 2104</a></b>.</p>
56ae7c2022-09-17Henrik Grubbström (Grubba) <p> Backward-compatibility implementation. New code should use <code>Crypto.Hash.HMAC</code>.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl>
9b13162019-11-02Tobias S. Josefowitz <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>`()</b></span>
9b13162019-11-02Tobias S. Josefowitz </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Crypto.MAC.State</code> res = <code class='class'>Crypto.HMAC()</code>()</code></p></dd>
9b13162019-11-02Tobias S. Josefowitz  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Calling the HMAC object with a password returns a new object that can perform the actual HMAC hashing. E.g. doing a HMAC hash with MD5 and the password <code class='expr'>"bar"</code> of the string <code class='expr'>"foo"</code> would require the code <code class='expr'>Crypto.HMAC(Crypto.MD5)("bar")("foo")</code>.</p>
9b13162019-11-02Tobias S. Josefowitz </dd></dl>
32f88f2020-06-10Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>create</b></span>
32f88f2020-06-10Henrik Grubbström (Grubba) </dt>
56ae7c2022-09-17Henrik Grubbström (Grubba) <dd><p><code><span class='object'>Crypto.HMAC</span> <span class='class'>Crypto.HMAC</span><b>(</b><code class='object unresolved'>.Hash</code> <code class='argument'>h</code>, <code class='datatype'>int(1..)</code>|<code class='datatype'>void</code> <code class='argument'>b</code><b>)</b></code></p></dd>
32f88f2020-06-10Henrik Grubbström (Grubba) 
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-h'></span>Parameter <code class='parameter'>h</code></dt> <dd></dd><dd class='body--doc'><p>The hash object on which the HMAC object should base its operations. Typical input is <code>Crypto.MD5</code>.</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-b'></span>Parameter <code class='parameter'>b</code></dt> <dd></dd><dd class='body--doc'><p>The block size of one compression block, in octets. Defaults to block_size() of <code>h</code>.</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>pkcs_digest</b></span>
32f88f2020-06-10Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>string(8bit)</code> <b><span class='method'>pkcs_digest</span>(</b><code class='datatype'>string(8bit)</code> <code class='argument'>s</code><b>)</b></code></p></dd>
32f88f2020-06-10Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Makes a PKCS-1 digestinfo block with the message <code>s</code>.</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>See also</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p><code>Standards.PKCS.Signature.build_digestinfo</code></p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd></dl>
99eac22021-07-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>raw_hash</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>string(8bit)</code> <b><span class='method'>raw_hash</span>(</b><code class='datatype'>string(8bit)</code> <code class='argument'>s</code><b>)</b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Calls the hash function given to <code>create</code> and returns the hash value of <code>s</code>.</p> </dd></dl> </dd></dl><dl><dt><h2 class='header'>Class <b class='ms datatype'>Crypto.Hash</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Abstract class for hash algorithms. Contains some tools useful for all hashes.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>Hash</b></span> </dt> <dd><p><code><span class='datatype'>inherit Nettle.Hash</span> : <span class='inherit'>Hash</span></code></p></dd> </dl> </dd></dl><dl><dt><h2 class='header'>Class <b class='ms datatype'>Crypto.MAC</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Abstract class for Message Authentication Code (MAC) algorithms. Contains some tools useful for all MACs.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>MAC</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='datatype'>inherit Nettle.MAC</span> : <span class='inherit'>MAC</span></code></p></dd> </dl> </dd></dl><dl><dt><h2 class='header'>Class <b class='ms datatype'>Crypto.Pipe</b></h2> </dt><dd><dl class='group--doc'>
7393ca2019-08-17Henrik Grubbström (Grubba) <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>A wrapper class that connects several cipher algorithms into one algorithm. E.g. triple DES can be emulated with <code class='expr'>Crypto.Pipe(Crypto.DES,&nbsp;Crypto.DES,&nbsp;Crypto.DES)</code>.</p> </dd></dl></dd></dl><dl><dt><h2 class='header'>Class <b class='ms datatype'>Crypto.Sign</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Abstract class for signature algorithms. Contains some tools useful for all signatures.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl>
99eac22021-07-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>`()</b></span> </dt> <dd><p><code><code class='object unresolved'>State</code> res = <code class='class'>Crypto.Sign()</code>()</code></p></dd> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Calling `() will return a <code>State</code> object.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>name</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>string(7bit)</code> <b><span class='method'>name</span>(</b><b>)</b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Returns the printable name of the signing algorithm.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl>
43893c2021-10-20Henrik Grubbström (Grubba) <dl><dt><h2 class='header'>Class <b class='ms datatype'>Crypto.Sign.State</b></h2> </dt><dd>
99eac22021-07-20Henrik Grubbström (Grubba) 
32f88f2020-06-10Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>Sign</b></span>
32f88f2020-06-10Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='datatype'>inherit __builtin.Nettle.Sign</span> : <span class='inherit'>Sign</span></code></p></dd> </dl> </dd></dl></dd></dl><dl><dt><h2 class='header'>Class <b class='ms datatype'>Crypto.Substitution</b></h2> </dt><dd><dl class='group--doc'>
32f88f2020-06-10Henrik Grubbström (Grubba) <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Implements a simple substitution crypto, ie. one of the first crypto systems ever invented and thus one of the least secure ones available.</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Method</span> <span class='homogen--name'><b>decrypt</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>string(8bit)</code> <b><span class='method'>decrypt</span>(</b><code class='datatype'>string(8bit)</code> <code class='argument'>c</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Decrypts the cryptogram <code>c</code>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Method</span> <span class='homogen--name'><b>encrypt</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>string(8bit)</code> <b><span class='method'>encrypt</span>(</b><code class='datatype'>string(8bit)</code> <code class='argument'>m</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Encrypts the message <code>m</code>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>filter</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
e6ea1a2022-11-05Martin Nilsson <dd><p><code><code class='datatype'>string</code> <b><span class='method'>filter</span>(</b><code class='datatype'>string</code> <code class='argument'>m</code>, <code class='datatype'>multiset</code>(<code class='datatype'>int</code>)|<code class='datatype'>void</code> <code class='argument'>save</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Removes characters not in the encryption key or in the <code>save</code> multiset from the message <code>m</code>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl>
99eac22021-07-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>set_ACA_K1_key</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
e6ea1a2022-11-05Martin Nilsson <dd><p><code><code class='object unresolved'>this_program</code> <b><span class='method'>set_ACA_K1_key</span>(</b><code class='datatype'>string</code> <code class='argument'>key</code>, <code class='datatype'>void</code>|<code class='datatype'>int</code> <code class='argument'>offset</code>, <code class='datatype'>array</code>(<code class='datatype'>string</code>)|<code class='datatype'>void</code> <code class='argument'>alphabet</code><b>)</b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Sets the key according to ACA K1 key generation. The plaintext alphabet is prepended with a keyword <code>key</code> that shifts the alphabet positions compared to the cryptogram alphabet. The plaintext alphabet is then reduced with the characters in the keyword. It is also optionally rotated <code>offset</code> number of steps.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>set_ACA_K2_key</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
e6ea1a2022-11-05Martin Nilsson <dd><p><code><code class='object unresolved'>this_program</code> <b><span class='method'>set_ACA_K2_key</span>(</b><code class='datatype'>string</code> <code class='argument'>key</code>, <code class='datatype'>void</code>|<code class='datatype'>int</code> <code class='argument'>offset</code>, <code class='datatype'>array</code>(<code class='datatype'>string</code>)|<code class='datatype'>void</code> <code class='argument'>alphabet</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Sets the key according to ACA K2 key generation. The cryptogram alphabet is prepended with a keyword <code>key</code> that shifts the alphabet positions compared to the plaintext alphabet. The cryptogram alphabet is then reduced with the characters in the keyword. It is als optionally reotated <code>offset</code> number of steps.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl>
99eac22021-07-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>set_ACA_K3_key</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
e6ea1a2022-11-05Martin Nilsson <dd><p><code><code class='object unresolved'>this_program</code> <b><span class='method'>set_ACA_K3_key</span>(</b><code class='datatype'>string</code> <code class='argument'>key</code>, <code class='datatype'>int</code> <code class='argument'>offset</code>, <code class='datatype'>array</code>(<code class='datatype'>string</code>)|<code class='datatype'>void</code> <code class='argument'>alphabet</code><b>)</b></code></p></dd>
43893c2021-10-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Sets the key according to ACA K3 key generation. Both the plaintext and the cryptogram alphabets are prepended with a keyword <code>key</code>, which characters are removed from the rest of the alphabet. The plaintext alphabet is then rotated <code>offset</code> number of steps.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>set_ACA_K4_key</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
e6ea1a2022-11-05Martin Nilsson <dd><p><code><code class='object unresolved'>this_program</code> <b><span class='method'>set_ACA_K4_key</span>(</b><code class='datatype'>string</code> <code class='argument'>key1</code>, <code class='datatype'>string</code> <code class='argument'>key2</code>, <code class='datatype'>void</code>|<code class='datatype'>int</code> <code class='argument'>offset</code>, <code class='datatype'>array</code>(<code class='datatype'>string</code>)|<code class='datatype'>void</code> <code class='argument'>alphabet</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Sets the key according to ACA K4 key generation. Both the plaintext and the cryptogram alphabets are prepended with the keywords <code>key1</code> and <code>key2</code>. The plaintext alphabet is then rotated <code>offset</code> number of steps.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>set_key</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>this_program</code> <b><span class='method'>set_key</span>(</b><code class='datatype'>mapping</code>(<code class='datatype'>string</code>:<code class='datatype'>string</code>|<code class='datatype'>array</code>(<code class='datatype'>string</code>)) <code class='argument'>key</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Sets the encryption and decryption key. The decryption key is derived from the encryption <code>key</code> by reversing the mapping. If one index maps to an array of strings, one element from the array will be chosen at random in such substitution.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'>Throws</dt> <dd class='body--doc'><p>An error is thrown if the encryption key can not be made reversible.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl>
99eac22021-07-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>set_null_chars</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>this_program</code> <b><span class='method'>set_null_chars</span>(</b><code class='datatype'>int</code>|<code class='datatype'>float</code> <code class='argument'>p</code>, <code class='datatype'>array</code>(<code class='datatype'>string</code>) <code class='argument'>chars</code><b>)</b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Set null characters (fillers). Characters from <code>chars</code> will be inserted into the output stream with a probability <code>p</code>.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-p'></span>Parameter <code class='parameter'>p</code></dt> <dd></dd><dd class='body--doc'><p>A float between 0.0 and 1.0 or an integer between 0 and 100.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-chars'></span>Parameter <code class='parameter'>chars</code></dt> <dd></dd><dd class='body--doc'><p>An array of one character strings.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl>
32f88f2020-06-10Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>set_rot_key</b></span>
32f88f2020-06-10Henrik Grubbström (Grubba) </dt>
e6ea1a2022-11-05Martin Nilsson <dd><p><code><code class='object unresolved'>this_program</code> <b><span class='method'>set_rot_key</span>(</b><code class='datatype'>int(1..)</code>|<code class='datatype'>void</code> <code class='argument'>steps</code>, <code class='datatype'>void</code>|<code class='datatype'>array</code>(<code class='datatype'>string</code>) <code class='argument'>alphabet</code><b>)</b></code></p></dd>
32f88f2020-06-10Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Sets the key to a ROT substitution system. <code>steps</code> defaults to 13 and <code>alphabet</code> defaults to A-Z, i.e. this function defaults to set the substitution crypto to be ROT13. If no alphabet is given the key will be case insensitive, e.g. the key will really be two ROT13 alphabets, one a-z and one A-Z, used simultaneously.</p> </dd></dl> </dd></dl><dl><dt><h2 class='header'>Module <b class='ms datatype'>Crypto.AES</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>AES (American Encryption Standard) is a quite new block cipher, specified by NIST as a replacement for the older DES standard. The standard is the result of a competition between cipher designers. The winning design, also known as RIJNDAEL, was constructed by Joan Daemen and Vincent Rijnmen.</p> <p> Like all the AES candidates, the winning design uses a block size of 128 bits, or 16 octets, and variable key-size, 128, 192 and 256 bits (16, 24 and 32 octets) being the allowed key sizes. It does not have any weak keys.</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd></dl>
43893c2021-10-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>AES</b></span> </dt> <dd><p><code><span class='datatype'>inherit Nettle.AES</span> : <span class='inherit'>AES</span></code></p></dd> </dl> <dl><dt><h2 class='header'>Module <b class='ms datatype'>Crypto.AES.POLY1305</b></h2> </dt><dd>
32f88f2020-06-10Henrik Grubbström (Grubba) 
99eac22021-07-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>`()</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='modifier'>protected</code> <code class='object unresolved'>State</code> <b><span class='method'>`()</span>(</b><code class='datatype'>string(8bit)</code> <code class='argument'>password</code><b>)</b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Get a POLY1305 <code>State</code> object initialized with a password.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl>
32f88f2020-06-10Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>POLY1305_AES</b></span>
32f88f2020-06-10Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='datatype'>inherit Nettle.POLY1305_AES</span> : <span class='inherit'>POLY1305_AES</span></code></p></dd> </dl> </dd></dl><dl><dt><h2 class='header'>Module <b class='ms datatype'>Crypto.AES.UMAC128</b></h2> </dt><dd><dl class='group--doc'>
32f88f2020-06-10Henrik Grubbström (Grubba) <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>UMAC is a familty of message digest functions based on universal hashing and <code>AES</code> that is specified in <b><a href='http://pike.lysator.liu.se/rfc4418.xml'>RFC 4418</a></b>. They differ mainly in the size of the resulting digest.</p> <p> <code>UMAC128</code> outputs a digest of 128 bits or 16 octets.</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>See also</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p><code>UMAC32</code>, <code>UMAC64</code>, <code>UMAC96</code></p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>`()</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='modifier'>protected</code> <code class='object unresolved'>State</code> <b><span class='method'>`()</span>(</b><code class='datatype'>string(8bit)</code> <code class='argument'>password</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Get a UMAC128 <code>State</code> object initialized with a password.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>UMAC128_AES</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='datatype'>inherit Nettle.UMAC128_AES</span> : <span class='inherit'>UMAC128_AES</span></code></p></dd> </dl> </dd></dl><dl><dt><h2 class='header'>Module <b class='ms datatype'>Crypto.AES.UMAC32</b></h2> </dt><dd><dl class='group--doc'>
7393ca2019-08-17Henrik Grubbström (Grubba) <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>UMAC is a familty of message digest functions based on universal hashing and <code>AES</code> that is specified in <b><a href='http://pike.lysator.liu.se/rfc4418.xml'>RFC 4418</a></b>. They differ mainly in the size of the resulting digest.</p> <p> <code>UMAC32</code> outputs a digest of 32 bits or 4 octets.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>See also</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p><code>UMAC64</code>, <code>UMAC96</code>, <code>UMAC128</code></p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl>
32f88f2020-06-10Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>`()</b></span>
32f88f2020-06-10Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='modifier'>protected</code> <code class='object unresolved'>State</code> <b><span class='method'>`()</span>(</b><code class='datatype'>string(8bit)</code> <code class='argument'>password</code><b>)</b></code></p></dd>
32f88f2020-06-10Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Get a UMAC32 <code>State</code> object initialized with a password.</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>UMAC32_AES</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='datatype'>inherit Nettle.UMAC32_AES</span> : <span class='inherit'>UMAC32_AES</span></code></p></dd> </dl> </dd></dl><dl><dt><h2 class='header'>Module <b class='ms datatype'>Crypto.AES.UMAC64</b></h2> </dt><dd><dl class='group--doc'>
7393ca2019-08-17Henrik Grubbström (Grubba) <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>UMAC is a familty of message digest functions based on universal hashing and <code>AES</code> that is specified in <b><a href='http://pike.lysator.liu.se/rfc4418.xml'>RFC 4418</a></b>. They differ mainly in the size of the resulting digest.</p> <p> <code>UMAC64</code> outputs a digest of 64 bits or 8 octets.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>See also</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p><code>UMAC32</code>, <code>UMAC96</code>, <code>UMAC128</code></p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>`()</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='modifier'>protected</code> <code class='object unresolved'>State</code> <b><span class='method'>`()</span>(</b><code class='datatype'>string(8bit)</code> <code class='argument'>password</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Get a UMAC64 <code>State</code> object initialized with a password.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl>
32f88f2020-06-10Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>UMAC64_AES</b></span>
32f88f2020-06-10Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='datatype'>inherit Nettle.UMAC64_AES</span> : <span class='inherit'>UMAC64_AES</span></code></p></dd> </dl> </dd></dl><dl><dt><h2 class='header'>Module <b class='ms datatype'>Crypto.AES.UMAC96</b></h2> </dt><dd><dl class='group--doc'>
32f88f2020-06-10Henrik Grubbström (Grubba) <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>UMAC is a familty of message digest functions based on universal hashing and <code>AES</code> that is specified in <b><a href='http://pike.lysator.liu.se/rfc4418.xml'>RFC 4418</a></b>. They differ mainly in the size of the resulting digest.</p> <p> <code>UMAC96</code> outputs a digest of 96 bits or 12 octets.</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>See also</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p><code>UMAC32</code>, <code>UMAC64</code>, <code>UMAC128</code></p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>`()</b></span>
32f88f2020-06-10Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='modifier'>protected</code> <code class='object unresolved'>State</code> <b><span class='method'>`()</span>(</b><code class='datatype'>string(8bit)</code> <code class='argument'>password</code><b>)</b></code></p></dd>
32f88f2020-06-10Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Get a UMAC96 <code>State</code> object initialized with a password.</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>UMAC96_AES</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='datatype'>inherit Nettle.UMAC96_AES</span> : <span class='inherit'>UMAC96_AES</span></code></p></dd> </dl> </dd></dl></dd></dl><dl><dt><h2 class='header'>Module <b class='ms datatype'>Crypto.Arcfour</b></h2> </dt><dd><dl class='group--doc'>
7393ca2019-08-17Henrik Grubbström (Grubba) <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Arcfour is a stream cipher, also known under the trade marked name RC4, and it is one of the fastest ciphers around. A problem is that the key setup of Arcfour is quite weak, you should never use keys with structure, keys that are ordinary passwords, or sequences of keys like <code class='expr'>"secret:1"</code>, <code class='expr'>"secret:2"</code>, ..... If you have keys that don't look like random bit strings, and you want to use Arcfour, always hash the key before feeding it to Arcfour.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>ARCFOUR</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='datatype'>inherit Nettle.ARCFOUR</span> : <span class='inherit'>ARCFOUR</span></code></p></dd> </dl> </dd></dl><dl><dt><h2 class='header'>Module <b class='ms datatype'>Crypto.Arctwo</b></h2> </dt><dd><dl class='group--doc'>
7393ca2019-08-17Henrik Grubbström (Grubba) <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Arctwo is a block cipher, also known under the trade marked name RC2.</p> <p> The cipher is quite weak, and should not be used for new software.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>ARCTWO</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='datatype'>inherit Nettle.ARCTWO</span> : <span class='inherit'>ARCTWO</span></code></p></dd> </dl> </dd></dl><dl><dt><h2 class='header'>Module <b class='ms datatype'>Crypto.Blowfish</b></h2> </dt><dd><dl class='group--doc'>
7393ca2019-08-17Henrik Grubbström (Grubba) <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>BLOWFISH is a block cipher designed by Bruce Schneier. It uses a block size of 64 bits (8 octets), and a variable key size, up to 448 bits. It has some weak keys.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl>
43893c2021-10-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>BLOWFISH</b></span> </dt> <dd><p><code><span class='datatype'>inherit Nettle.BLOWFISH</span> : <span class='inherit'>BLOWFISH</span></code></p></dd> </dl> </dd></dl><dl><dt><h2 class='header'>Module <b class='ms datatype'>Crypto.CAST</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>CAST-128 is a block cipher, specified in <b><a href='http://pike.lysator.liu.se/rfc2144.xml'>RFC 2144</a></b>. It uses a 64 bit (8 octets) block size, and a variable key size of up to 128 bits.</p> </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba)  <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>CAST128</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='datatype'>inherit Nettle.CAST128</span> : <span class='inherit'>CAST128</span></code></p></dd> </dl> </dd></dl><dl><dt><h2 class='header'>Module <b class='ms datatype'>Crypto.Camellia</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>The Camellia 128-bit block cipher.</p> </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba) 
43893c2021-10-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>CAMELLIA</b></span> </dt> <dd><p><code><span class='datatype'>inherit Nettle.CAMELLIA</span> : <span class='inherit'>CAMELLIA</span></code></p></dd> </dl> </dd></dl><dl><dt><h2 class='header'>Module <b class='ms datatype'>Crypto.ChaCha20</b></h2> </dt><dd><dl class='group--doc'>
7393ca2019-08-17Henrik Grubbström (Grubba) <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>ChaCha20 is a stream cipher by D. J. Bernstein.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
99eac22021-07-20Henrik Grubbström (Grubba) <dt class='head--doc'>Note</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>This module is not available in all versions of Nettle.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>CHACHA</b></span> </dt> <dd><p><code><span class='datatype'>inherit Nettle.CHACHA</span> : <span class='inherit'>CHACHA</span></code></p></dd> </dl> <dl><dt><h2 class='header'>Module <b class='ms datatype'>Crypto.ChaCha20.POLY1305</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>This is an <code>AEAD</code> cipher consisting of the <code>CHACHA</code> cipher and a <code>MAC</code> based on the POLY1305 algorithm.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>Note</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Note that this is an <code>AEAD</code> cipher, while <code>AES.POLY1305</code> (aka POLY1305-AES) is a <code>MAC</code>.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>Note</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Note also that the POLY1305 algorithm used here is NOT identical to the one in the <code>AES.POLY1305</code> <code>MAC</code>. The iv/nonce handling differs.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>Note</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>This module is not available in all versions of Nettle.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl>
43893c2021-10-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>CHACHA_POLY1305</b></span> </dt> <dd><p><code><span class='datatype'>inherit Nettle.CHACHA_POLY1305</span> : <span class='inherit'>CHACHA_POLY1305</span></code></p></dd> </dl> </dd></dl></dd></dl><dl><dt><h2 class='header'>Module <b class='ms datatype'>Crypto.Checksum</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Some non-cryptographic checksums.</p> </dd></dl>
99eac22021-07-20Henrik Grubbström (Grubba)  <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>adler32</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>int(0..)</code> <b><span class='method'>adler32</span>(</b><code class='datatype'>string(8bit)</code> <code class='argument'>data</code>, <code class='datatype'>void</code>|<code class='datatype'>int(0..)</code> <code class='argument'>seed</code><b>)</b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>This function calculates the Adler-32 Cyclic Redundancy Check.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-seed'></span>Parameter <code class='parameter'>seed</code></dt> <dd></dd><dd class='body--doc'><p>Can be fed with the result of the previous invocation to chain on new data. Defaults to zero on virgin runs.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>crc32</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>int(0..)</code> <b><span class='method'>crc32</span>(</b><code class='datatype'>string(8bit)</code> <code class='argument'>data</code>, <code class='datatype'>void</code>|<code class='datatype'>int(0..)</code> <code class='argument'>seed</code><b>)</b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>This function calculates the standard ISO3309 Cyclic Redundancy Check.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-seed'></span>Parameter <code class='parameter'>seed</code></dt> <dd></dd><dd class='body--doc'><p>Can be fed with the result of the previous invocation to chain on new data. Defaults to zero on virgin runs.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>crc32c</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>int(0..)</code> <b><span class='method'>crc32c</span>(</b><code class='datatype'>string(8bit)</code> <code class='argument'>data</code>, <code class='datatype'>void</code>|<code class='datatype'>int(0..)</code> <code class='argument'>seed</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>This function calculates the Castagnoli CRC, CRC32C. Hardware optimized on Intel CPUs with SSE 4.2.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-seed'></span>Parameter <code class='parameter'>seed</code></dt> <dd></dd><dd class='body--doc'><p>Can be fed with the result of the previous invocation to chain on new data. Defaults to zero on virgin runs.</p> </dd></dl> </dd></dl><dl><dt><h2 class='header'>Module <b class='ms datatype'>Crypto.DES</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>DES is the old Data Encryption Standard, specified by NIST. It uses a block size of 64 bits (8 octets), and a key size of 56 bits. However, the key bits are distributed over 8 octets, where the least significant bit of each octet is used for parity. A common way to use DES is to generate 8 random octets in some way, then set the least significant bit of each octet to get odd parity, and initialize DES with the resulting key.</p> <p> The key size of DES is so small that keys can be found by brute force, using specialized hardware or lots of ordinary work stations in parallel. One shouldn't be using plain DES at all today, if one uses DES at all one should be using <code>DES3</code> or "triple DES".</p> <p> DES also has some weak keys.</p> </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>DES</b></span> </dt> <dd><p><code><span class='datatype'>inherit Nettle.DES</span> : <span class='inherit'>DES</span></code></p></dd> </dl> </dd></dl><dl><dt><h2 class='header'>Module <b class='ms datatype'>Crypto.DES3</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>The inadequate key size of <code>DES</code> has already been mentioned. One way to increase the key size is to pipe together several DES boxes with independent keys. It turns out that using two DES ciphers is not as secure as one might think, even if the key size of the combination is a respectable 112 bits.</p> <p> The standard way to increase DES's key size is to use three DES boxes. The mode of operation is a little peculiar: the middle DES box is wired in the reverse direction. To encrypt a block with DES3, you encrypt it using the first 56 bits of the key, then decrypt it using the middle 56 bits of the key, and finally encrypt it again using the last 56 bits of the key. This is known as "ede" triple-DES, for "encrypt-decrypt-encrypt".</p> <p> The "ede" construction provides some backward compatibility, as you get plain single DES simply by feeding the same key to all three boxes. That should help keeping down the gate count, and the price, of hardware circuits implementing both plain DES and DES3.</p> <p> DES3 has a key size of 168 bits, but just like plain DES, useless parity bits are inserted, so that keys are represented as 24 octets (192 bits). As a 112 bit key is large enough to make brute force attacks impractical, some applications uses a "two-key" variant of triple-DES. In this mode, the same key bits are used for the first and the last DES box in the pipe, while the middle box is keyed independently. The two-key variant is believed to be secure, i.e. there are no known attacks significantly better than brute force.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl>
43893c2021-10-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>DES3</b></span> </dt> <dd><p><code><span class='datatype'>inherit Nettle.DES3</span> : <span class='inherit'>DES3</span></code></p></dd> </dl> </dd></dl><dl><dt><h2 class='header'>Module <b class='ms datatype'>Crypto.DH</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Diffie-Hellman key-exchange related stuff.</p> </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba)  <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>FFDHE2048</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Parameters</code> Crypto.DH.<b><span class='variable'>FFDHE2048</span></b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Finite Field Diffie-Hellman 2048</p> <p> From <b><a href='http://pike.lysator.liu.se/rfc7919.xml#A.1'>RFC 7919 appendix A.1</a></b>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl>
99eac22021-07-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>FFDHE2432</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Parameters</code> Crypto.DH.<b><span class='variable'>FFDHE2432</span></b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Finite Field Diffie-Hellman 2432</p> <p> Mentioned in Negotiated FF-DHE for TLS draft 06, March 2015, Section 2.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>FFDHE3072</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Parameters</code> Crypto.DH.<b><span class='variable'>FFDHE3072</span></b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Finite Field Diffie-Hellman 3072</p> <p> From <b><a href='http://pike.lysator.liu.se/rfc7919.xml#A.2'>RFC 7919 appendix A.2</a></b>.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>FFDHE4096</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Parameters</code> Crypto.DH.<b><span class='variable'>FFDHE4096</span></b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Finite Field Diffie-Hellman 4096</p> <p> From <b><a href='http://pike.lysator.liu.se/rfc7919.xml#A.3'>RFC 7919 appendix A.3</a></b>.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>FFDHE6144</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Parameters</code> Crypto.DH.<b><span class='variable'>FFDHE6144</span></b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Finite Field Diffie-Hellman 6144</p> <p> From <b><a href='http://pike.lysator.liu.se/rfc7919.xml#A.4'>RFC 7919 appendix A.4</a></b>.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>FFDHE8192</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Parameters</code> Crypto.DH.<b><span class='variable'>FFDHE8192</span></b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Finite Field Diffie-Hellman 8192</p> <p> From <b><a href='http://pike.lysator.liu.se/rfc7919.xml#A.5'>RFC 7919 appendix A.5</a></b>.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>MODPGroup1</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Parameters</code> Crypto.DH.<b><span class='variable'>MODPGroup1</span></b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>MODP Group 1 (768 bit) (aka First Oakley Group (aka ORM96 group 1)).</p> <p> <b><a href='http://pike.lysator.liu.se/rfc2409.xml#6.1'>RFC 2409 section 6.1</a></b></p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>Not allowed for use with FIPS 140.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>MODPGroup14</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Parameters</code> Crypto.DH.<b><span class='variable'>MODPGroup14</span></b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>MODP Group 14 (2048 bit).</p> <p> <b><a href='http://pike.lysator.liu.se/rfc3526.xml#3'>RFC 3526 section 3</a></b></p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>MODPGroup15</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Parameters</code> Crypto.DH.<b><span class='variable'>MODPGroup15</span></b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>MODP Group 15 (3072 bit).</p> <p> <b><a href='http://pike.lysator.liu.se/rfc3526.xml#4'>RFC 3526 section 4</a></b></p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>MODPGroup16</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Parameters</code> Crypto.DH.<b><span class='variable'>MODPGroup16</span></b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>MODP Group 16 (4096 bit).</p> <p> <b><a href='http://pike.lysator.liu.se/rfc3526.xml#5'>RFC 3526 section 5</a></b></p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>MODPGroup17</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Parameters</code> Crypto.DH.<b><span class='variable'>MODPGroup17</span></b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>MODP Group 17 (6144 bit).</p> <p> <b><a href='http://pike.lysator.liu.se/rfc3526.xml#6'>RFC 3526 section 6</a></b></p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>MODPGroup18</b></span> </dt> <dd><p><code><code class='object unresolved'>Parameters</code> Crypto.DH.<b><span class='variable'>MODPGroup18</span></b></code></p></dd> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>MODP Group 18 (8192 bit).</p> <p> <b><a href='http://pike.lysator.liu.se/rfc3526.xml#7'>RFC 3526 section 7</a></b></p> </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>MODPGroup2</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Parameters</code> Crypto.DH.<b><span class='variable'>MODPGroup2</span></b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>MODP Group 2 (1024 bit) (aka Second Oakley Group (aka ORM96 group 2)).</p> <p> <b><a href='http://pike.lysator.liu.se/rfc2409.xml#6.2'>RFC 2409 section 6.2</a></b></p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd> <dt class='head--doc'>Note</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Not allowed for use with FIPS 140.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl>
32f88f2020-06-10Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>MODPGroup22</b></span>
32f88f2020-06-10Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Parameters</code> Crypto.DH.<b><span class='variable'>MODPGroup22</span></b></code></p></dd>
32f88f2020-06-10Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>MODP Group 22 (1024-bit with 160-bit Subgroup).</p> <p> <b><a href='http://pike.lysator.liu.se/rfc5114.xml#2.1'>RFC 5114 section 2.1</a></b></p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd></dl>
4a0b9d2019-08-28Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>MODPGroup23</b></span>
4a0b9d2019-08-28Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Parameters</code> Crypto.DH.<b><span class='variable'>MODPGroup23</span></b></code></p></dd>
4a0b9d2019-08-28Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>MODP Group 23 (2048-bit with 224-bit Subgroup).</p> <p> <b><a href='http://pike.lysator.liu.se/rfc5114.xml#2.2'>RFC 5114 section 2.2</a></b></p>
4a0b9d2019-08-28Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>MODPGroup24</b></span>
4a0b9d2019-08-28Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Parameters</code> Crypto.DH.<b><span class='variable'>MODPGroup24</span></b></code></p></dd>
4a0b9d2019-08-28Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>MODP Group 24 (2048-bit with 256-bit Subgroup).</p> <p> <b><a href='http://pike.lysator.liu.se/rfc5114.xml#2.3'>RFC 5114 section 2.3</a></b></p>
4a0b9d2019-08-28Henrik Grubbström (Grubba) </dd></dl>
d9bc6a2020-11-29Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>MODPGroup5</b></span>
d9bc6a2020-11-29Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Parameters</code> Crypto.DH.<b><span class='variable'>MODPGroup5</span></b></code></p></dd>
d9bc6a2020-11-29Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>MODP Group 5 (1536 bit).</p> <p> <b><a href='http://pike.lysator.liu.se/rfc3526.xml#2'>RFC 3526 section 2</a></b></p>
d9bc6a2020-11-29Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'>Note</dt> <dd class='body--doc'><p>Not allowed for use with FIPS 140.</p> </dd></dl> <dl><dt><h2 class='header'>Class <b class='ms datatype'>Crypto.DH.Parameters</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Diffie-Hellman parameters.</p>
d9bc6a2020-11-29Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>create</b></span>
d9bc6a2020-11-29Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='object'>Crypto.DH.Parameters</span> <span class='class'>Crypto.DH.Parameters</span><b>(</b><code class='object unresolved'>this_program</code> <code class='argument'>other</code><b>)</b></code></p></dd>
d9bc6a2020-11-29Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Initialize the set of Diffie-Hellman parameters.</p>
d9bc6a2020-11-29Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-other'></span>Parameter <code class='parameter'>other</code></dt> <dd></dd><dd class='body--doc'><p>Copy the parameters from this object.</p>
d9bc6a2020-11-29Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>create</b></span>
d9bc6a2020-11-29Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='object'>Crypto.DH.Parameters</span> <span class='class'>Crypto.DH.Parameters</span><b>(</b><code class='object unresolved'>DSA_State</code> <code class='argument'>dsa</code><b>)</b></code></p></dd>
d9bc6a2020-11-29Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Initialize the set of Diffie-Hellman parameters.</p>
d9bc6a2020-11-29Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-dsa'></span>Parameter <code class='parameter'>dsa</code></dt> <dd></dd><dd class='body--doc'><p>Copy the parameters from this object.</p>
d9bc6a2020-11-29Henrik Grubbström (Grubba) </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>create</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='object'>Crypto.DH.Parameters</span> <span class='class'>Crypto.DH.Parameters</span><b>(</b><code class='object unresolved'>Gmp.mpz</code>|<code class='datatype'>int</code> <code class='argument'>p</code>, <code class='object unresolved'>Gmp.mpz</code>|<code class='datatype'>int</code>|<code class='datatype'>void</code> <code class='argument'>g</code>, <code class='object unresolved'>Gmp.mpz</code>|<code class='datatype'>int</code>|<code class='datatype'>void</code> <code class='argument'>q</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Initialize the set of Diffie-Hellman parameters.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-p'></span>Parameter <code class='parameter'>p</code></dt> <dd></dd><dd class='body--doc'><p>The prime for the group.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-g'></span>Parameter <code class='parameter'>g</code></dt> <dd></dd><dd class='body--doc'><p>The generator for the group. Defaults to <code class='expr'>2</code>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--doc'><span id='p-q'></span>Parameter <code class='parameter'>q</code></dt> <dd></dd><dd class='body--doc'><p>The order of the group. Defaults to <code class='expr'>(p-1)/2</code>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>g</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Gmp.mpz</code> Crypto.DH.Parameters.<b><span class='variable'>g</span></b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Generator.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>generate_keypair</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>array</code>(<code class='object unresolved'>Gmp.mpz</code>) <b><span class='method'>generate_keypair</span>(</b><code class='datatype'>function</code>(<code class='datatype'>int(0..)</code>:<code class='datatype'>string(8bit)</code>) <code class='argument'>rnd</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Generate a Diffie-Hellman key pair.</p> </dd> <dt class='head--doc'>Returns</dt> <dd class='body--doc'><p>Returns the following array:</p> <table class='box'><tr><td colspan='2'>Array</td></tr> <tr><td><code><code class='object unresolved'>Gmp.mpz</code> <code class='key'>0</code></code></td><td><p>The generated public key.</p> </td></tr> <tr><td><code><code class='object unresolved'>Gmp.mpz</code> <code class='key'>1</code></code></td><td><p>The corresponding private key.</p> </td></tr> </table>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>DH_Params</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='datatype'>inherit Nettle.DH_Params</span> : <span class='inherit'>DH_Params</span></code></p></dd> </dl>
7393ca2019-08-17Henrik Grubbström (Grubba)  <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>p</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Gmp.mpz</code> Crypto.DH.Parameters.<b><span class='variable'>p</span></b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Prime.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Variable</span> <span class='homogen--name'><b>q</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Gmp.mpz</code> Crypto.DH.Parameters.<b><span class='variable'>q</span></b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Subgroup size.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>validate</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>bool</code> <b><span class='method'>validate</span>(</b><code class='datatype'>int(0..)</code> <code class='argument'>effort</code><b>)</b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Validate that the DH Parameters doesn't have obvious security weaknesses. It will first attempt to verify the prime <code>p</code> using Donald Knuth's probabilistic primality test with provided <code>effort</code>. This has a chance of pow(0.25,effort) to produce a false positive. An <code>effort</code> of 0 skipps this step. The second test verifies that <code>g</code> is of high order.</p> </dd></dl> </dd></dl></dd></dl><dl><dt><h2 class='header'>Module <b class='ms datatype'>Crypto.DSA</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>The Digital Signature Algorithm DSA is part of the NIST Digital Signature Standard DSS, FIPS-186 (1993).</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>`()</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='modifier'>protected</code> <code class='object unresolved'>State</code> <b><span class='method'>`()</span>(</b><b>)</b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Calling `() will return a <code>State</code> object.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'>
43893c2021-10-20Henrik Grubbström (Grubba) <dt class='head--type'><span class='homogen--type'>Inherit</span> <span class='homogen--name'><b>Sign</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><span class='datatype'>inherit Crypto.Sign</span> : <span class='inherit'>Sign</span></code></p></dd> </dl>
7393ca2019-08-17Henrik Grubbström (Grubba)  <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>name</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>string(8bit)</code> <b><span class='method'>name</span>(</b><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Returns the string <code class='expr'>"DSA"</code>.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl>
43893c2021-10-20Henrik Grubbström (Grubba) <dl><dt><h2 class='header'>Class <b class='ms datatype'>Crypto.DSA.State</b></h2> </dt><dd>
7393ca2019-08-17Henrik Grubbström (Grubba) 
99eac22021-07-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>_equal</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='datatype'>bool</code> <b><span class='method'>equal</span>(</b><span class='class'>Crypto.DSA.State</span> <span class='argument'>from</span>, <code class='datatype'>mixed</code> <code class='argument'>other</code><b>)</b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Compares the keys of this DSA object with something other.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>generate_key</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='modifier'>variant</code> <code class='object unresolved'>this_program</code> <b><span class='method'>generate_key</span>(</b><b>)</b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Generates a public/private key pair. Needs the public parameters p, q and g set, through one of <code>set_public_key</code>, <code>generate_key(int,int)</code> or <code>generate_key(params)</code>.</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl>
7393ca2019-08-17Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>generate_key</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='modifier'>variant</code> <code class='object unresolved'>this_program</code> <b><span class='method'>generate_key</span>(</b><code class='datatype'>int</code> <code class='argument'>p_bits</code>, <code class='datatype'>int</code> <code class='argument'>q_bits</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Generates DSA parameters (p, q, g) and key (x, y). Depending on Nettle version <code>q_bits</code> can be 160, 224 and 256 bits. 160 works for all versions.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>generate_key</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='modifier'>variant</code> <code class='object unresolved'>this_program</code> <b><span class='method'>generate_key</span>(</b><code class='object unresolved'>.DH.Parameters</code> <code class='argument'>params</code><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Generates a public/private key pair with the specified finite field diffie-hellman parameters.</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>get_g</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Gmp.mpz</code>|<code class='datatype'>zero</code> <b><span class='method'>get_g</span>(</b><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Returns the DSA generator (g).</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>get_p</b></span>
7393ca2019-08-17Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Gmp.mpz</code>|<code class='datatype'>zero</code> <b><span class='method'>get_p</span>(</b><b>)</b></code></p></dd>
7393ca2019-08-17Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Returns the DSA modulo (p).</p>
7393ca2019-08-17Henrik Grubbström (Grubba) </dd></dl>
99eac22021-07-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>get_q</b></span>
99eac22021-07-20Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Gmp.mpz</code>|<code class='datatype'>zero</code> <b><span class='method'>get_q</span>(</b><b>)</b></code></p></dd>
99eac22021-07-20Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Returns the DSA group order (q).</p>
99eac22021-07-20Henrik Grubbström (Grubba) </dd></dl>
32f88f2020-06-10Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>get_x</b></span>
32f88f2020-06-10Henrik Grubbström (Grubba) </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Gmp.mpz</code>|<code class='datatype'>zero</code> <b><span class='method'>get_x</span>(</b><b>)</b></code></p></dd>
32f88f2020-06-10Henrik Grubbström (Grubba)  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Returns the DSA private key (x).</p>
32f88f2020-06-10Henrik Grubbström (Grubba) </dd></dl>
9b13162019-11-02Tobias S. Josefowitz <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span class='homogen--name'><b>get_y</b></span>
9b13162019-11-02Tobias S. Josefowitz </dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd><p><code><code class='object unresolved'>Gmp.mpz</code>|<code class='datatype'>zero</code> <b><span class='method'>get_y</span>(</b><b>)</b></code></p></dd>
9b13162019-11-02Tobias S. Josefowitz  <dt class='head--doc'>Description</dt>
43893c2021-10-20Henrik Grubbström (Grubba) <dd class='body--doc'><p>Returns the DSA public key (y).</p>
9b13162019-11-02Tobias S. Josefowitz </dd></dl>
99eac22021-07-20Henrik Grubbström (Grubba) <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
43893c2021-10-20Henrik Grubbström (Grubba) <span