function(mixed_void:void)|zero _get_setter(object o, string varname)
Get a setter for the variable named varname in object o.
Returns a Setter()->`()() for the variable if it exists,
and UNDEFINED otherwise.
object_variablep()
mapping(string:mixed) _take_over_initial_predefines()
Returns a mapping containing the set of predefined macros. These are typically the macros defined via the -D option when starting Pike.
This function is typically called by the MasterObject at
initialization, and may only be called once. After it has been called,
cpp() will start calling CompilationHandler->get_predefines() to
retrieve the set of predefined macros.
[cpp()], CompilationHandler->get_predefines()
Prototype class for Concurrent.Future.
Concurrent.Future, Promise
__generic__ mixed ValueType = mixed
Future(< ValueType >) delay(int|float seconds)
Future(< ValueType >) filter(function(ValueType, __unknown__ ... :bool) fun, mixed ... extra)
ValueType get()
zero|ValueType get()
Backend get_backend()
Future(< mixed >) map(function(ValueType, __unknown__ ... :mixed) fun, mixed ... extra)
Future(< mixed >) map_with(function(ValueType, __unknown__ ... :Future(< mixed >)) fun, mixed ... extra)
Future(< ValueType >) on_await(function(mixed, function(mixed, __unknown__ ... :void)|void:void) cb)
Future(< ValueType >) on_failure(function(mixed, __unknown__ ... :void) cb, mixed ... extra)
Future(< ValueType >) on_success(function(ValueType, __unknown__ ... :void) cb, mixed ... extra)
Promise promise_factory()
array(function(mixed, __unknown__ ... :void)) query_failure_callbacks()
array(function(ValueType, __unknown__ ... :void)) query_success_callbacks()
Future(< mixed >) recover(function(mixed, __unknown__ ... :mixed) fun, mixed ... extra)
Future(< mixed >) recover_with(function(mixed, __unknown__ ... :Future(< mixed >)) fun, mixed ... extra)
void set_backend(Backend backend)
Future(< mixed >) then(function(ValueType, __unknown__ ... :mixed)|void onfullfillment, function(mixed, __unknown__ ... :mixed)|void onrejected, mixed ... extra)
Future(< mixed >) thencatch(function(mixed, __unknown__ ... :mixed) onrejected, mixed ... extra)
Future(< ValueType >) timeout(int|float seconds)
Future(< mixed >) transform(function(ValueType, __unknown__ ... :Future(< mixed >)) fun, function(mixed, __unknown__ ... :Future(< mixed >)) fun, mixed ... extra)
Future(< mixed >) transform(function(ValueType, __unknown__ ... :mixed) fun, function(mixed, __unknown__ ... :mixed) fun, mixed ... extra)
Future(< ValueType >) wait()
array(Future(< mixed >)) zip(array(Future(< mixed >)) others)
array(Future(< mixed >)) zip(Future(< mixed >) ... others)
This class is used to implement the low-level aspects of Val.Null.
This class should typically not be used directly. Use
Val.Null instead.
This class was previously available as Sql.Null. Any such use
should be replaced with Val.Null.
Replaced by Val.Null.
Val.Null, Val.null
constant int Builtin.Null.is_sql_null
SQL Null marker.
Replaced by is_val_null.
constant int Builtin.Null.is_val_null
Nonzero recognition constant.
string encode_json()
Defined for use with Standards.JSON.encode, so that it
formats NULL as null.
This class is used to implement the low-level aspects of Val.Pointer.
This class should typically not be used directly. Use
Val.Pointer instead.
Val.Pointer
Prototype class for Concurrent.Promise.
Concurrent.Promise, Future
__generic__ mixed ValueType = mixed
inherit Future(< ValueType >) : Future
Promise(< ValueType >) failure(mixed value, int|void try)
Future(< ValueType >) future()
Promise(< ValueType >) success(ValueType value, int|void try)
Promise(< ValueType >) try_failure(mixed value)
Promise(< ValueType >) try_success(ValueType value)
Internal class for implementing setters.
This class is used by _get_setter().
_get_setter()
void res = Builtin.Setter()()
Set the variable for the setter to val.
This is the function returned by _get_setter().
Used to prototype the master object.
void _main(array(string) argv, array(string) env)
object cast_to_object(string oname, string current_file)
program cast_to_program(string pname, string current_file, object|void handler)
void compile_error(string file, int line, string err)
void compile_warning(string file, int line, string warn)
string decode_charset(string data, string charset)
string describe_backtrace(object|array trace, int|void line_width)
void handle_error(array|object trace)
mixed handle_import(string what, string|void current_file, object|void handler)
string handle_include(string f, string current_file, bool local_include)
program handle_inherit(string pname, string current_file, object|void handler)
string read_include(string path)
mixed resolv(string identifier, string|void current_file, object|void handler)
void werror(string fmt, mixed ... args)
void write(string fmt, mixed ... args)
This is an internal class used by __automap__().
It may show up during module dumping or in backtraces and the like.
It should in normal circumstances never be used directly.
__automap__(), map()
Builtin.automap_marker Builtin.automap_marker(array arr, int depth)
arrArray that __automap__() is to loop over.
depthRecursion depth of arr where the loop will be.
Low-level modules.
This module contains various base classes that are intended to be inherited and/or used from C-code.
Some of the base classes are:
__builtin.Nettle.BlockCipher
Base class for block cipher algorithms.
__builtin.Sql.Connection
Base class for connections to SQL servers. It is a generic interface on top of which the DB server specific implement their specifics.
__builtin.Stack (aka ADT.LowLevelStack)
Simple stack implementation.
inherit _static_modules.Builtin : Builtin
Base class for AE (Authenticated Encryption) algorithms.
AE algorithms behave like a combination of a Cipher and
a HMAC.
Note that no actual AE algorithm is implemented in the base class. They are implemented in classes that inherit this class.
AEAD
inherit __builtin.Nettle.Cipher : Cipher
State res = __builtin.Nettle.AE()()
Calling `() will return a State object.
int(0..) digest_size()
Returns the size of a hash digest.
This is the context for a single incrementally updated AE cipher.
Most of the functions here are only prototypes, and need to be overrided via inherit.
inherit Cipher::State : State
string(8bit) digest(int|void length)
Generates a digest, and resets the hashing contents.
lengthIf the length argument is provided, the digest is truncated to the given length.
The digest.
int(0..) digest_size()
Returns the size of a hash digest.
Base class for AEAD (Authenticated Encryption with Associated Data) algorithms.
AEAD algorithms behave like a combination of a Cipher and
a HMAC.
Note that no actual AEAD algorithm is implemented in the base class. They are implemented in classes that inherit this class.
AE
inherit __builtin.Nettle.AE : AE
inherit __builtin.Nettle.__Hash : __Hash
State res = __builtin.Nettle.AEAD()()
Calling `() will return a State object.
This is the context for a single incrementally updated AEAD cipher.
Most of the functions here are only prototypes, and need to be overrided via inherit.
inherit Cipher::State : State
inherit __Hash::State : State
Base class for block cipher algorithms.
Implements some common convenience functions, and prototypes.
It also implements operating modes other than ECB.
Note that no actual cipher algorithm is implemented in the base class. They are implemented in classes that inherit this class.
inherit .Cipher : Cipher
Implementation of Counter Mode (CTR). Works as a wrapper for the cipher algorithm in the parent module.
This cipher mode works like a stream cipher with a block size >= 1. This means that the same key and initialization vector (aka counter) should never be reused, since a simple xor would reveal information about the plain text. It also means that it should never be used without a suiteable Message Authentication Code (MAC).
predef::Nettle.BlockCipher.CBC, predef::Nettle.BlockCipher.CCM,
predef::Nettle.BlockCipher.GCM, MAC
inherit .Cipher : Cipher
string(7bit) name()
Returns the name of the base cipher extended with ".CTR".
The state for the embedded algorithm
inherit ::this_program : this_program
Mixin class for block cipher algorithms that have a 16 byte block size.
Implements some common convenience functions, and prototypes.
Note that no actual cipher algorithm is implemented in the base class. They are implemented in classes that (indirectly) inherit this class.
Base class for cipher algorithms.
Implements some common convenience functions, and prototypes.
Note that no actual cipher algorithm is implemented
in the base class. They are implemented in classes
that inherit (usually via predef::Nettle.Cipher) this class.
predef::Nettle.Cipher, Crypto.Cipher
State res = __builtin.Nettle.Cipher()()
Calling `() will return a State object.
int(0..) block_size()
The block size of the cipher (1 for stream ciphers).
string decrypt(string(8bit) key, string(8bit) data)
Works as a shortcut for obj->set_decrypt_key(key)->crypt(data)
string encrypt(string(8bit) key, string(8bit) data)
Works as a shortcut for obj->set_encrypt_key(key)->crypt(data)
int(0..) key_size()
The recommended key size for the cipher.
string(7bit) name()
Returns a human readable name for the algorithm.
This is the context for a single incrementally updated cipher.
Most of the functions here are only prototypes, and need to be overrided via inherit.
int(0..) block_size()
The block size of the cipher (1 for stream ciphers).
Defaults to just returning global::block_size().
string(8bit) crypt(string(8bit) data)
Encrypts or decrypts data, using the current key. Neither the
input nor output data is automatically memory scrubbed,
unless String.secure has been called on them.
dataFor block ciphers, data must be an integral number of blocks.
The encrypted or decrypted data.
int(0..) key_size()
The actual key size for this cipher.
Defaults to just returning global::key_size().
string(8bit) make_key()
Generate a key by calling random_string and initialize the
object for encryption with that key.
The generated key.
set_encrypt_key
string(7bit) name()
Returns a human readable name for the algorithm.
Defaults to just returning global::name().
this_program set_decrypt_key(string(8bit) key, void|int force)
Initializes the object for decryption.
set_encrypt_key, crypt
this_program set_encrypt_key(string(8bit) key, void|int force)
Initializes the object for encryption.
set_decrypt_key, crypt
Base class for Elliptic Curve Definitions.
Crypto.ECC.Curve, Nettle.ECC_Curve
string(7bit) jose_name()
Return the JOSE name of the Curve (if any).
The default implementation returns UNDEFINED.
extern string(7bit) name()
Return the name of the Curve.
string(8bit)|Gmp.mpz new_scalar(function(int(0..):string(8bit)) rnd)
Generate a new scalar suitable for use as an ECDSA private key or as an ECDH secret factor.
Returns the scalar in the preferred representation for the Curve.
extern int size()
Return the size in bits of a single coordinate on the curve.
Base class for a point on an elliptic curve.
__builtin.Nettle.ECC_Curve.Point __builtin.Nettle.ECC_Curve.Point()
__builtin.Nettle.ECC_Curve.Point __builtin.Nettle.ECC_Curve.Point(Point p)
__builtin.Nettle.ECC_Curve.Point __builtin.Nettle.ECC_Curve.Point(mapping(string(7bit):int|Gmp.mpz|string(8bit)) p)
__builtin.Nettle.ECC_Curve.Point __builtin.Nettle.ECC_Curve.Point(mapping(string(7bit):string(7bit)) jwk)
__builtin.Nettle.ECC_Curve.Point __builtin.Nettle.ECC_Curve.Point(Gmp.mpz|int x, Gmp.mpz|int y)
__builtin.Nettle.ECC_Curve.Point __builtin.Nettle.ECC_Curve.Point(Stdio.Buffer|string(8bit) data)
Initialize the object and optionally also select a point on the curve.
The point on the curve can be selected via either via specifying the two coordinates explicitly, or via
| A |
| A mapping with integer coordinates |
| A mapping representing a JWK for the |
| A mapping with coordinates |
| The ANSI x9.62 representation of the |
Throws errors if the point isn't on the Curve.
string encode()
Serialize the Point.
The default implementation serializes according to ANSI x9.62 encoding #4 (uncompressed point format).
global::this_program get_curve()
Get the Crypto.ECC.Curve that this Point belongs to.
extern Gmp.mpz|string(8bit) get_x()
extern Gmp.mpz|string(8bit) get_y()
Get the coordinates for the curve in the preferred representation.
Gmp.mpz get_x_num()
Get the numeric representation of the x coordinate.
string(8bit) get_x_str()
Get the canonic string representation of the x coordinate.
Gmp.mpz get_y_num()
Get the numeric representation of the y coordinate.
string(8bit) get_y_str()
Get the canonic string representation of the y coordinate.
extern void set(Gmp.mpz|int x, Gmp.mpz|int y)
variant void set(string(8bit) x, string(8bit) y)
Set a new coordinate on the Curve for the Point.
Some curves (eg Crypto.ECC.Curve25519 do not support
numeric coordinates); on the other hand the SECP curves
prefer numeric coordinates.
Base class for hash algorithms.
Implements common meta functions, such as key expansion algoritms and convenience functions.
Note that no actual hash algorithm is implemented in the base class. They are implemented in classes that inherit this class.
inherit .__Hash : __Hash
protected constantstring __builtin.Nettle.Hash.hmac_jwa_id
JWS algorithm id (if any) for the HMAC sub-module. Overloaded by the actual implementations.
string(8bit) P_hash(string(8bit) password, string(8bit) salt, int rounds, int bytes)
This is the Password-Based Key Derivation Function used in TLS.
passwordThe prf secret.
saltThe prf seed.
roundsIgnored.
bytesThe number of bytes to generate.
State res = __builtin.Nettle.Hash()()
Calling `() will return a State object.
string(7bit) crypt_hash(string(8bit) password, string(8bit) salt, int(0..) rounds)
Password hashing function in crypt_md5()-style.
Implements the algorithm described in http://www.akkadia.org/drepper/SHA-crypt.txt.
This is the algorithm used by crypt(2) in
methods $5$ (SHA256) and $6$ (SHA512).
See crypt_hash_pike() for details.
In Pike 8.0.1876 and earlier this function generated incompatible
hashes for passwords that had a length that was a power of 2.
See crypt_hash_pike() for details.
crypt_md5(), crypt_hash_pike()
string(7bit) crypt_hash_pike(string(8bit) password, string(8bit) salt, int(0..) rounds)
Password hashing function in crypt_md5()-style.
Almost implements the algorithm described in http://www.akkadia.org/drepper/SHA-crypt.txt.
This function is provided for compatibility with hashes generated by Pike 8.0.1876 and earlier.
It differs from crypt_hash() for passwords that
have a length that is a power of 2 (phase 11).
Do not use unless you know what you are doing!
crypt_md5(), crypt_hash()
string(7bit) crypt_pbkdf2(string(8bit) password, string(7bit) salt, int rounds)
crypt()-style function using pbkdf2().
Compatible with PassLib and Phpass password hashing schemes
"pbdkf2", "pbdkf2-sha256" and "pbdkf2-sha512".
This function is provided for interoperability with
password hashes provided from PassLib and/or Phpass.
It is not recommended for use for new code, as this
is not the indended use for the pbkdf2 algorithm.
pbkdf2(), Crypto.Password.hash(), Crypto.Password.verify()
string(7bit) crypt_php(string(8bit) password, string(7bit) salt, int(0..)|void rounds)
Password hashing PHP Portable Hash-style.
passwordPassword to hash.
salt7 bit string of length 8 or 9. The first character may encode
the exponent for the number of rounds if rounds is 0.
roundsNumber of rounds. Defaults to taking the value from the salt
if the salt has length 9, otherwise defaults to
1<<19.
This algorithm used with Crypto.MD5 is the one used
for PHP Portable Hashes (aka "$P$" and "$H$").
Used with Crypto.SHA1 it should be compatible with
hashes from Escher CMS (aka "$Q$").
Used with Crypto.SHA512 it should be compatible with
hashes from Drupal (aka "$S$").
crypt_hash(), Crypto.Password
string(8bit)|zero eme_oaep_decode(string(8bit) message, string(8bit)|void label, function(string(8bit), int(0..):string(8bit))|void mgf)
Decode an EME-OAEP encoded string.
messageMessage to decode.
labelLabel that was used when the message was encoded.
Defaults to "".
mgfMask generation function to use. Defaults to mgf1().
Returns the decoded message on success, and 0 (zero)
on failure.
The decoder attempts to take a constant amount of time on failure.
eme_oaep_encode(), RFC 3447 section 7.1.2
string(8bit)|zero eme_oaep_encode(string(8bit) message, int(1..) bytes, string(8bit) seed, string(8bit)|void label, function(string(8bit), int(0..):string(8bit))|void mgf)
This is the encoding algorithm used in RSAES-OAEP (RFC 3447 section 7.1.1).
messageMessage to encode.
bytesNumber of bytes of destination encoding.
seedA string of random bytes at least digest_size() long.
labelAn optional encoding label. Defaults to "".
mgfThe mask generation function to use. Defaults to mgf1().
Returns the encoded string on success and 0 (zero)
on failure (typically too few bytes to represent the result).
eme_oaep_decode()
string(8bit)|zero emsa_pss_encode(string(8bit) message, int(1..) bits, string(8bit)|void salt, function(string(8bit), int(0..):string(8bit))|void mgf)
This is the signature digest algorithm used in RSASSA-PSS (RFC 3447 section 9.1.1).
messageMessage to sign.
bitsNumber of bits in result.
saltRandom string to salt the signature. Defaults to the empty string.
mgfMask generation function to use.
Defaults to mgf1().
Returns the signature digest on success and 0 (zero)
on failure (typically too few bits to represent the result).
emsa_pss_verify(), mgf1().
bool emsa_pss_verify(string(8bit) message, string(8bit) sign, int(1..) bits, int(0..)|void saltlen, function(string(8bit), int(0..):string(8bit))|void mgf)
This is the algorithm used to verify in RSASSA-PSS (RFC 3447 section 9.1.2).
messageMessage that was signed.
signSignature digest to verify.
bitsNumber of significant bits in sign.
saltlenLength of the salt used.
mgfMask generation function to use.
Defaults to mgf1().
Returns 1 on success and 0 (zero) on failure.
emsa_pss_verify(), mgf1().
string(8bit) hash(string(8bit) data)
Works as a (possibly faster) shortcut for e.g.
State(data)->digest(), where State is the hash state
class corresponding to this Hash.
dataString to hash.
Stdio.File, State()->update() and State()->digest().
variant string(8bit) hash(Stdio.File|Stdio.Buffer|String.Buffer|System.Memory source, int(0..)|void bytes)
Works as a (possibly faster) shortcut for e.g. State(
obj->read() )->digest(), where State is the hash state class
corresponding to this Hash.
sourceObject to read some data to hash from.
bytesThe number of bytes of the source object that should be
hashed. Zero and negative values are ignored and the whole file
is hashed. Support for negative values is deprecated.
Stdio.File, Stdio.Buffer, String.Buffer, System.Memory
int hotp(string(8bit) secret, int factor, int(1..)|void length)
HMAC-Based One-Time Password as defined by RFC 4226.
Can be used to implement the RFC 6238 Time-Based One-Time
Password Algorithm by giving the factor
(time()-T0)/X. Specifically for Google Authenticator this
is Crypto.SHA1.hotp(secret,time()/30), using an 80 bit
secret.
secretA shared secret between both parties. Typically the same size as the hash output.
factorA moving factor. Defined in RFC 4226 to be a counter synchronized between both parties.
lengthThe maximum number of digits of the one-time password. Defaults to 6. Note that the result is usually 0-padded to this length for user display purposes.
string(8bit) mgf1(string(8bit) seed, int(0..) bytes)
This is the mask generation function MFG1 from RFC 3447 appendix B.2.1.
seedSeed from which the mask is to be generated.
bytesLength of output.
Returns a pseudo-random string of length bytes.
This function is compatible with the mask generation functions defined in PKCS #1, IEEE 1363-2000 and ANSI X9.44.
string(8bit) openssl_pbkdf(string(8bit) password, string(8bit) salt, int rounds, int bytes)
Password Based Key Derivation Function from OpenSSL.
This when used with Crypto.MD5 and a single round
is the function used to derive the key to encrypt
Standards.PEM body data.
Derived from OpenSSL. Is there any proper specification?
It seems to be related to PBKDF1 from RFC 2898.
pbkdf1(), pbkdf2(), crypt_password()
string(8bit) pbkdf1(string(8bit) password, string(8bit) salt, int rounds, int bytes)
Password Based Key Derivation Function #1 from RFC 2898. This method is compatible with the one from PKCS#5 v1.5.
passwordsaltPassword and salt for the keygenerator.
roundsThe number of iterations to rehash the input.
bytesThe number of bytes of output. Note that this has an upper limit of the size of a single digest.
Returns the derived key.
RFC 2898 does not recommend this function for anything else than compatibility with existing applications, due to the limits in the length of the generated keys.
hkdf(), pbkdf2(), openssl_pbkdf(), crypt_password()
string(8bit) pbkdf2(string(8bit) password, string(8bit) salt, int rounds, int bytes)
Password Based Key Derivation Function #2 from RFC 2898, PKCS#5 v2.0.
passwordsaltPassword and salt for the keygenerator.
roundsThe number of iterations to rehash the input.
bytesThe number of bytes of output.
Returns the derived key.
hkdf(), pbkdf1(), openssl_pbkdf(), crypt_password()
string(8bit) pkcs_digest(object|string(8bit) s)
Make a PKCS-1 digest info block with the message s.
Standards.PKCS.build_digestinfo()
HMAC-based Extract-and-Expand Key Derivation Function, HKDF,
RFC 5869. This is very similar to pbkdf2, with a few
important differences. HKDF can use an "info" string that binds a
generated password to a specific use or application (e.g. port
number or cipher suite). It does not however support multiple
rounds of hashing to add computational cost to brute force
attacks.
__builtin.Nettle.Hash.HKDF __builtin.Nettle.Hash.HKDF(string(8bit) password, string(8bit)|void salt)
Initializes the HKDF object with a RFC 5869 2.2 HKDF-Extract(salt, IKM) call.
string(8bit) expand(string(8bit) info, int bytes)
This is similar to the RFC 5869 2.3 HKDF-Expand(PRK, info, L) function, but PRK is taken from the object.
string(8bit) extract(string(8bit) password)
This is similar to the RFC 5869 2.2 HKDF-Extract(salt, IKM) function, but the salt is the previously generated PRK.
SCRAM, defined by RFC 5802.
This implements both the client- and the serverside. You normally run either the server or the client, but if you would run both (use a separate client and a separate server object!), the sequence would be:
client_1 -> server_1 -> server_2 -> client_2 ->
server_3 -> client_3
If you are a client, you must use the client_* methods; if you are
a server, you must use the server_* methods.
You cannot mix both client and server methods in a single object.
This implementation does not pretend to support the full protocol. Most notably optional extension arguments are not supported (yet).
client_1, server_1
string(7bit) client_1(void|string username)
Client-side step 1 in the SCRAM handshake.
usernameThe username to feed to the server. Some servers already received the username through an alternate channel (usually during the hash-function selection handshake), in which case it should be omitted here.
The client-first request to send to the server.
client_2
string(7bit)|zero client_2(string(8bit) line, string pass)
Client-side step 2 in the SCRAM handshake.
lineThe received server-first challenge from the server.
passThe password to feed to the server.
The client-final response to send to the server. If the response is null, the server sent something unacceptable or unparseable.
client_3
bool client_3(string(8bit) line)
Final client-side step in the SCRAM handshake. If we get this far, the server has already verified that we supplied the correct credentials. If this step fails, it means the server does not have our credentials at all and is an imposter.
lineThe received server-final verification response.
True if the server is valid, false if the server is invalid.
string|zero server_1(string(8bit) line)
Server-side step 1 in the SCRAM handshake.
lineThe received client-first request from the client.
The username specified by the client. Returns null if the response could not be parsed.
server_2
string(7bit) server_2(string(8bit) salt, int iters)
Server-side step 2 in the SCRAM handshake.
saltThe salt corresponding to the username that has been specified earlier.
itersThe number of iterations the hashing algorithm should perform to compute the authentication hash.
The server-first challenge to send to the client.
server_3
string(7bit)|zero server_3(string(8bit) line, string(8bit) salted_password)
Final server-side step in the SCRAM handshake.
lineThe received client-final challenge and response from the client.
salted_passwordThe salted (using the salt provided earlier) password belonging to the specified username.
The server-final response to send to the client. If the response is null, the client did not supply the correct credentials or the response was unparseable.
HMAC (Hashing for Message Authenticity Control) for the hash
algorithm. Typically used as
e.g. Crypto.SHA256.HMAC(key)(data) or
Crypto.SHA256.HMAC(key)->update(data)->update(more_data)->digest().
Crypto.HMAC
inherit .MAC : MAC
State res = __builtin.Nettle.Hash()()
Returns a new State object initialized with a password,
and optionally block size b. Block size defaults to the hash
function block size.
int(0) iv_size()
HMAC has no modifiable iv.
string(7bit) jwa()
JWS algorithm identifier (if any, otherwise 0).
int(0..) key_size()
Returns the block size of the encapsulated hash.
Other key sizes are allowed, and will be expanded/compressed to this size.
The HMAC hash state.
inherit ::this_program : this_program
string(8bit) res = __builtin.Nettle.Hash.HMAC.State()()
Hashes the text according to the HMAC algorithm and returns
the hash value.
This works as a combined update() and digest().
__builtin.Nettle.Hash.HMAC.State __builtin.Nettle.Hash.HMAC.State(string(8bit) passwd, int(1..)|void b)
passwdThe secret password (K).
bBlock size. Must be larger than or equal to the digest_size().
Defaults to the block_size().
string(8bit) digest_info(string(8bit) text)
Hashes the text according to the HMAC algorithm and returns
the hash value as a PKCS-1 digestinfo block.
mapping(string(7bit):string(7bit))|zero jwk(bool|void private_key)
Generate a JWK-style mapping of the object.
private_keyIgnored.
Returns a JWK-style mapping on success, and 0 (zero)
on failure.
create(), Web.encode_jwk(), RFC 7517 section 4, RFC 7518 section 6.4
this_program set_iv(string(8bit) iv)
HMAC does not have a modifiable iv.
Base class for Message Authentication Codes (MAC)s.
These are hashes that have been extended with a secret key.
inherit .__Hash : __Hash
protected constantstring __builtin.Nettle.MAC.mac_jwa_id
JWS algorithm id (if any). Overloaded by the actual implementations.
Never access this value directly. Use jwa().
jwa()
int(0..) iv_size()
Returns the size of the iv/nonce (if any).
Some MACs like eg Crypto.SHA1.HMAC have fixed ivs,
in which case this function will return 0.
string(7bit) jwa()
JWS algorithm identifier (if any, otherwise 0).
int(0..) key_size()
Returns the recomended size of the key.
The state for the MAC.
inherit ::this_program : this_program
__builtin.Nettle.MAC.State __builtin.Nettle.MAC.State(string key)
keyThe secret key for the hash.
int(0..) iv_size()
Returns the size of the iv/nonce (if any).
Some MACs like eg Crypto.SHA1.HMAC have fixed ivs,
in which case this function will return 0.
array(mapping(string(7bit):string(7bit)|int)|string(8bit))|zero jose_decode(string(7bit) jws)
Verify and decode a JOSE JWS MAC signed value.
jwsA JSON Web Signature as returned by jose_sign().
Returns 0 (zero) on failure, and an array
| Array | |
| The JOSE header. |
| The signed message. |
on success.
jose_sign(), RFC 7515 section 3.5
string(7bit)|zero jose_sign(string(8bit) message, mapping(string(7bit):string(7bit)|int)|void headers)
Signs the message with a JOSE JWS MAC signature.
messageMessage to sign.
headersJOSE headers to use. Typically a mapping with a single element
"typ".
Returns the signature on success, and 0 (zero)
on failure (typically that JOSE doesn't support this MAC).
jose_decode(), RFC 7515
int(0..) key_size()
Returns the recomended size of the key.
Base class for cryptographic signature algorithms.
Typical classes implementing this API are Crypto.RSA, Crypto.DSA and
Crypto.ECC.Curve.ECDSA.
bool equal(__builtin.Nettle.Sign from, mixed x)
Check whether two objects are equivalent.
This includes checking both the public and private keys.
public_key_equal()
array(mapping(string(7bit):string(7bit)|int)|string(8bit))|zero jose_decode(string(7bit) jws)
Verify and decode a JOSE JWS signed value.
jwsA JSON Web Signature as returned by jose_sign().
Returns 0 (zero) on failure, and an array
| Array | |
| The JOSE header. |
| The signed message. |
The default implementation returns 0 for all parameters,
and can thus serve as a fallback for signature algorithms that
don't support or aren't supported by JWS (eg Crypto.DSA).
jose_sign(), pkcs_verify(), RFC 7515
string(7bit)|zero jose_sign(string(8bit) message, mapping(string(7bit):string(7bit)|int)|void headers, .Hash|void h)
Signs the message with a JOSE JWS signature using hash
algorithm h and JOSE headers headers.
messageMessage to sign.
headersJOSE headers to use. Typically a mapping with a single element
"typ".
hHash algorithm to use. Valid hashes depend on the signature algorithm. The default value depends on the signature algorithm.
Returns the signature on success, and 0 (zero)
on failure (typically that either the hash algorithm
is invalid for this signature algorithm),
The default implementation returns 0 for all parameters,
and can thus serve as a fallback for signature algorithms that
don't support or aren't supported by JWS (eg Crypto.DSA).
jose_decode(), pkcs_sign(), RFC 7515
mapping(string(7bit):string(7bit))|zero jwk(bool|void private_key)
Generate a JOSE JWK mapping representation of the object.
private_keyIf true, include private fields in the result.
Returns a mapping as per RFC 7517 section 4 on success,
and 0 (zero) on failure (typically that
the object isn't initialized properly, or that
it isn't supported by JWK).
Web.encode_jwk(), Web.decode_jwk(), RFC 7517 section 4
string(8bit)|zero jwk_thumbprint(.Hash h)
Generate a JOSE JWK Thumbprint of the object.
hHash algorithm to use.
Returns the thumbprint (ie hash of the public fields) on success,
and 0 (zero) on failure (typically that the object isn't
initialized properly, or that it isn't supported by JWK).
A typical use for this function is to generate a kid (key ID) value (cf RFC 7638 section 1.
jwk(), RFC 7638
int(0..) key_size()
Returns the number of bits in the private key.
string(7bit) name()
Returns the printable name of the signing algorithm.
Sequence|zero pkcs_algorithm_identifier()
Returns the PKCS-1 AlgorithmIdentifier.
Sequence pkcs_public_key()
Creates a SubjectPublicKeyInfo ASN.1 sequence for the object. See RFC 5280 section 4.1.2.7.
string(8bit) pkcs_sign(string(8bit) message, .Hash h)
Signs the message with a PKCS-1 signature using hash algorithm
h.
Sequence|zero pkcs_signature_algorithm_id(.Hash hash)
Returns the PKCS-1 algorithm identifier for the signing algorithm with the provided hash algorithm.
bool pkcs_verify(string(8bit) message, .Hash h, string(8bit) sign)
Verify PKCS-1 signature sign of message message using hash
algorithm h.
bool public_key_equal(this_program other)
Check whether the public key is the same in two objects.
This function differs from _equal() in that only the
public key is regarded, and that it only needs to regard
objects implementing Crypto.Sign.
_equal()
Base class for hash algorithms.
Note that no actual hash algorithm is implemented in the base class. They are implemented in classes that inherit this class.
int(1..) block_size()
Returns the internal block size of the hash algorithm.
int(0..) digest_size()
Returns the size of a hash digest.
string(7bit) name()
Returns a human readable name for the algorithm.
This is the context for a single incrementally updated hash.
Most of the functions here are only prototypes, and need to be overrided via inherit.
int(1..) block_size()
Returns the internal block size of the hash algorithm.
__builtin.Nettle.__Hash.State __builtin.Nettle.__Hash.State(string(8bit)|void data)
Create the new context, and optionally add some initial data to hash.
The default implementation calls update() with data if any,
so there's usually no reason to override this function, since
overriding update() should be sufficient.
string(8bit) digest(int|void length)
Generates a digest, and resets the hashing contents.
lengthIf the length argument is provided, the digest is truncated to the given length.
The digest.
int(0..) digest_size()
Returns the size of a hash digest.
this_program init(string(8bit)|void data)
Reset the context, and optionally add some initial data to the hash.
string(7bit) name()
Returns a human readable name for the algorithm.
this_program update(string(8bit) data)
Add some more data to hash.
Generic base classes for the Sql interfaces.
constant string __builtin.Sql.QUERY_OPTION_CHARSET
Field to set in the query bindings mapping to set a character set for just the current query. Only supported by some databases.
ZeroWrapper __builtin.Sql.zero_arg
Instance of ZeroWrapper used by Connection()->handle_extraargs().
The promise result class; it will contain the results of a query.
Promise, Connection.promise_query()
final int __builtin.Sql.FutureResult.affected_rows
The number of affected rows.
final mapping(string:mixed)|zero __builtin.Sql.FutureResult.bindings
The parameter bindings belonging to the query.
final array(mixed)|zero __builtin.Sql.FutureResult.data
The returned raw unadorned records, all typed data.
Once get() has been accessed, data
will point to the same adorned records.
Sql.Connection->big_typed_query()
final array(mapping(string:mixed))|zero __builtin.Sql.FutureResult.fields
The description of the fields in a record.
final string|zero __builtin.Sql.FutureResult.query
The SQL query.
final string|mixed __builtin.Sql.FutureResult.status_command_complete
The status of the completed command.
If the command is still in progress, the value is null.
If an error has occurred, it contains the backtrace of that error.
final array(mapping(string:mixed)) get()
The returned labeled records, all typed data.
Sql.Connection->query(), data
This class is the base class for promise based SQL queries.
future() will return a future which carries FutureResult
objects to contain the result of the query.
FutureResult, Connection.promise_query()
inherit Concurrent.Promise : Promise
final this_program discard_records(int(-1..) over)
overDiscard any records over this number. -1 means do not discard
any records (default).
final this_program max_records(int(-1..) max)
maxIf the query returns more than this number of records, fail the
future. -1 means no maximum (default).
final this_program min_records(int(0..) min)
minIf the query returns less than this number of records, fail the
future. Defaults to 0.
Wrapper to handle conversion of zero to NULL in
Connection()->handle_extraargs().
zero
string sprintf(string format, ... __builtin.Sql.ZeroWrapper arg ... )
Returns the following:
| If |
| If |
Otherwise it formats a 0 (zero).
object _static_modules
This is an object containing the classes for all static (ie non-dynamic) C-modules.
In a typic Pike with support for dynamic modules the contained module classes are:
Builtin
Gmp
_Stdio
_math
_system
If the Pike binary lacks support for dynamic modules, all C-modules will show up here.