úÎ<Ž:‹      Safe-InferredMichael SnoymanBSD3%Michael Snoyman <michael@snoyman.com>StableportableNone 3LGThe initialization vector used by AES. Must be exactly 16 bytes long.ÿThe keys used to store the cookies. We have an AES key used to encrypt the cookie and a Skein-MAC-512-256 key used verify the authencity and integrity of the cookie. The AES key must have exactly 32 bytes (256 bits) while Skein-MAC-512-256 must have 64 bytes (512 bits). See also  and  .AES key with 32 bytes.vSkein-MAC key. Instead of storing the key data, we store a partially applied function for calculating the MAC (see ).*Construct an initialization vector from a ). Fails if there isn't exactly 16 bytes.8Randomly construct a fresh initialization vector. You MUST NOT reuse initialization vectors.The default key file. Simply calls  .#Get a key from the given text file.cIf the file does not exist or is corrupted a random key will be generated and stored in that file./Get the key from the named environment variable®Assumes the value is a Base64-encoded string. If the variable is not set, a random key will be generated, set in the environment, and the Base64-encoded version printed on devstdout.Generate a random . Besides the , the  ByteString passed to  4 is returned so that it can be saved for later use. Generate a random ~, set a Base64-encoded version of it in the given environment variable, then return it. Also prints the generated string to devstdout. Initializes a  from a random a. Fails if there isn't exactly 96 bytes (256 bits for AES and 512 bits for Skein-MAC-512-512).ÓNote that the input string is assumed to be uniformly chosen from the set of all 96-byte strings. In other words, each byte should be chosen from the set of all byte values (0-255) with the same probability.xIn particular, this function does not do any kind of key stretching. You should never feed it a password, for example.It's highly recommended to feed initKey only with values generated by ,, unless you really know what you're doing. Same as  @, however randomly generates the initialization vector for you. ¤Encrypt (AES-CTR), authenticate (Skein-MAC-512-256) and encode (Base64) the given cookie data. The returned byte string is ready to be used in a response header. ÐDecode (Base64), verify the integrity and authenticity (Skein-MAC-512-256) and decrypt (AES-CTR) the given encoded cookie data. Returns the original serialized cookie data. Fails if the data is corrupted.%Construct initial state of the CPRNG.7Reseed the CPRNG with new entropy from the system pool.IORefg that keeps the current state of the CPRNG. Yep, global state. Used in thread-safe was only, though.‹Construct a new 16-byte IV using our CPRNG. Forks another thread to reseed the CPRNG should its usage count reach a hardcoded threshold.ÿ7How many IVs should be generated before reseeding the CPRNG. This number depends basically on how paranoid you are. We think 100.000 is a good compromise: larger numbers give only a small performance advantage, while it still is a small number since we only generate 1.5 MiB of random data between reseeds.Dummy  instance.# File name where key is stored.The actual key. Name of the environment variableThe actual key. Key of the server.'New, random initialization vector (see ).Serialized cookie data.7Encoded cookie data to be given to the client browser. Key of the server.)Encoded cookie data given by the browser.Serialized cookie data.!"#$%&     !"#$%&'      !"#$%&'()*+,-.clientsession-0.9.1Web.ClientSessionSystem.LookupEnvIVKeymkIVrandomIVdefaultKeyFile getDefaultKeygetKey getKeyEnv randomKey randomKeyEnvinitKey encryptIOencryptdecrypt lookupEnvaesKeymacKey skein-1.0.9 Crypto.Skein skeinMAC'bytestring-0.10.4.0Data.ByteString.Internal ByteStringaesSeed aesReseedaesRefaesRNG threshold $fShowKeybaseGHC.ShowShowAESStateAStkeyRaw unsafeMkIVunIV $fSerializeIV$fShowIV$fOrdIV$fEqIV$fSerializeKey$fEqKey