úÎ6õ3_3      !"#$%&'()*+,-./012 Safe-InferredDPolicy for misordered packets. Notice StrictOrdering does not mean I every sequence numbered packet will be received, only that the sequence  number will always increase. +Errors that can be returned by the decoding/receicing operations. 3  3 Safe-Inferred 8A Bit Window is just an unpacked tuple of base and mask     None %A context useful for receiving data. #A context useful for sending data. DGiven at least 24 bytes of entropy, produce an out context that can 9 communicate with an identically initialized in context. CGiven at least 20 bytes of entropy, produce an in context that can : communicate with an identically initialized out context. 4GCM decrypt and verify ICV. Use an % to protect a message for transport.  Message format: [ctr, ct, tag]. 'This routine can throw an exception of  if the context being  used has expired. GGiven a message length, returns the number of bytes an encoded message  will consume. ;Given a package length, returns the number of bytes in the  underlying message. "encodePtr outCtx msg result msgLen will encode msgLen bytes at  location msg!, placing the result at location result. The buffer  pointed to by result must be at least encBytes msgLen bytes large, $ the actual package will be exactly encBytes msgLen in size. decodePtr inCtx pkg msg pkgLen$ decrypts and verifies a package at  location pkg of size pkgLen&. The resulting message is placed at  location msg7 and its size is returned along with a new context (or  error). Use an  6 to decrypt a message, verifying the ICV and sequence C number. Unlike sending, receiving is more likely to result in an . exceptional condition and thus it returns an 5 value. Message format: [ctr, ct, tag].  678AES GCM Counter (IV) Salt  Plaintext 9AES GCM Counter (IV) Salt Plaintext buffer Plaintext length ,ciphertext buffer (at least encBytes large) 4AES GCM Counter (IV) Salt  Ciphertext Ciphertext length Tag  Tag length Plaintext result ptr (at least  large) :AES GCM Counter (IV) Salt  Ciphertext Tag  !"#$"  !"#$'   $#!"  67894: !"#$None %>A connection is a secure bidirectional communication channel. *address of remote +=Send a datagram, first encrypting it, using the given secure  connection. -%Sends a message over the connection. .IBlocks till it receives a valid message, placing the resulting plaintext E in the provided buffer. If the incoming message is larger that the J provided buffer then the message is truncated. This process also incurs  an additional copy. 07Expands the provided 128 (or more) bit secret into two  keys to create a connection. ex: accept ent 3134 17Expands the provided 128 (or more) bit secret into two  keys to create a connection. 2Close a connection ;3We use a word32 to indicate the size of a datagram <=>%&'()*?+,@-.ABC/0DE12;%&'()*+,-./012%&'()*+,-.012/<>=%&'()*?+,@-.ABC/0DE12;F      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLM commsec-0.3.1Network.CommSec.TypesNetwork.CommSec.BitWindowNetwork.CommSec.PackageNetwork.CommSec SequenceMode SequentialStrictOrderingAllowOutOfOrder CommSecError BadPadding InvalidICV DuplicateSeq OldContext BitWindow zeroWindowupdateBitWindow InContext InSequentialInStrictseqValIn bitWindowsaltIninKey OutContextOutaesCtrsaltOutoutKey newOutContext newInContextencodeencBytesdecBytes encodePtr decodePtrdecodepeekBEpokeBEpokeBE32peekBE32 ConnectionConninCtxoutCtxsocket socketAddrsendrecvsendPtrrecvPtr expandSecretacceptconnectclose$fExceptionCommSecError decryptGCMPtrbase Data.EitherEithergTagLengCtrSize encryptGCM encryptGCMPtr decryptGCM sizeTagLenRecvResErrGoodpMVarretryOn recvPtrOfSz recvBytesPtr sendBytesPtrdoAccept doConnect