!ib      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a (c) 2013 Stefan Bhler MIT-style (see the file COPYING)stbuehler@web.de experimentalportableSafe7;N) is a generic  instance to calculate the  based on a   hides the  implementation.u is a class for keyed hash algorithms that take a key and a message to produce a digest. The most popular example is .5Digest size in bytes the keyed hash algorithm returnsNameInitialize state from a key"Add more message data to the state'Add more lazy message data to the state Produce final digest  [ is a class that hash algorithms will implement. generating a digest is a 3 step procedure: to create a new context to hash data to extract the final digestThe final digest has   bytes, and the algorithm uses   as internal block size. 2Block size in bytes the hash algorithm operates on /Digest size in bytes the hash algorithm returns Name of the hash algorithm0Initialize a new context for this hash algorithmNUpdate the context with bytestring, and return a new context with the updates.UUpdate the context with a lazy bytestring, and return a new context with the updates.'Finalize a context and return a digest.Use  6 for HMAC; can use a optimized variant or the default $ one!Helper to hash a single (strict) b in one step.Example: =untag (hash (fromString "abc") :: Tagged SHA256 B.ByteString)Untagged variant of ; takes a (possible c) typed   context as parameter.Example: .hash' (undefined :: SHA256) $ fromString "abc"Helper to hash a single (lazy) d in one step.Example: Auntag (hashLazy (fromString "abc") :: Tagged SHA256 L.ByteString)Untagged variant of ; takes a (possible c) typed   context as parameter.Example: 2hashLazy' (undefined :: SHA256) $ fromString "abc"Untagged variant of ; takes a (possible c) key typed value from a  instance as parameter.Get  from a Untagged variant of ; takes a (possible c) key typed value from a  instance as parameter.Get  from a  Initialize a  context from a keyUntagged variant of ; takes a (possible c) key typed value from a  instance as parameter.$Add more message data to the context)Add more lazy message data to the contextProduce final digest Helper to hash key and message in one stepExample: muntag (keyedHash (fromString "secretkey") (fromString "secret message") :: Tagged (HMAC SHA256) B.ByteString)!Untagged variant of  ; takes a (possible c) key typed value from a  instance as parameter.Example: \keyedHash' (undefined :: HMAC SHA256) (fromString "secretkey") (fromString "secret message")"Helper to hash key and lazy message in one stepExample: quntag (keyedHashLazy (fromString "secretkey") (fromString "secret message") :: Tagged (HMAC SHA256) B.ByteString)#Untagged variant of "; takes a (possible c) key typed value from a  instance as parameter.Example: `keyedHashLazy' (undefined :: HMAC SHA256) (fromString "secretkey") (fromString "secret message")$$# is the default implementation for  and initializes a 4 to calculate the HMAC for a message with the given key.Example: let c = untag (hmacInit (fromString "secretkey") :: Tagged SHA256 KeyedHash) in keyedHashFinalize $ keyedHashUpdate c (fromString "secret message")%Untagged variant of $; takes a (possible c) typed   context as parameter.Example: keyedHashFinalize $ flip keyedHashUpdate (fromString "secret message") $ hmacInit' (undefined :: SHA256) (fromString "secretkey")&calculate HMAC with a   for a key and messageExample: auntag (hmac (fromString "secretkey") (fromString "secret message") :: Tagged SHA256 B.ByteString)'Untagged variant of &; takes a (possible c) typed   context as parameter.Example: Rhmac' (undefined :: SHA256) (fromString "secretkey") (fromString "secret message")(calculate HMAC with a   for a key and lazy messageExample: euntag (hmacLazy (fromString "secretkey") (fromString "secret message") :: Tagged SHA256 B.ByteString))Untagged variant of (; takes a (possible c) typed   context as parameter.Example: VhmacLazy' (undefined :: SHA256) (fromString "secretkey") (fromString "secret message")-e key argument  !"#f$key argument %&key argument message argument '(key argument message argument )g7hijklmnopqrst  !"#$%&'()e   !"#f$%&'()g(c) 2013 Stefan Bhler MIT-style (see the file COPYING)stbuehler@web.de experimentalportableSafe  !"#  !"#(c) 2013 Stefan Bhler MIT-style (see the file COPYING)stbuehler@web.de experimentalportableSafe$%&'()$%&'() (c) 2013 Stefan Bhler MIT-style (see the file COPYING)stbuehler@web.de experimentalportableNoneuBRun action in IO monad with length and pointer to first byte of a bv Encode any w value in bytes x as big endian value.uvbytes argument value argument yxz{|}~uvuv(c) 2013 Stefan Bhler MIT-style (see the file COPYING)stbuehler@web.de experimentalportableNone357*1Start a CCM encryption with specified tag length t , length q# of the message length field and a 15-q bytes long nonceN. Fails if any parameter is invalid or the block cipher doesn't use a 16-byte .+1Start a CCM encryption with specified tag length t = 16 , length q = 3$ for the message length field and a 8 bytes long nonceN. Fails if any parameter is invalid or the block cipher doesn't use a 16-byte '. This are the parameters used for TLS.* tag length tlength q of the message length fieldcipher initialized with keynonce with length 15-q+cipher initialized with key8 byte nonce*+*+ *+ None ooo(c) 2013 Stefan Bhler MIT-style (see the file COPYING)stbuehler@web.de experimentalportableNone,,V is a member of the SHA3 family which outputs messages digests of 64 bytes (512 bits).--V is a member of the SHA3 family which outputs messages digests of 48 bytes (384 bits)...V is a member of the SHA3 family which outputs messages digests of 32 bytes (256 bits).//V is a member of the SHA3 family which outputs messages digests of 28 bytes (224 bits).00V is a member of the SHA2 family which outputs messages digests of 64 bytes (512 bits).11V is a member of the SHA2 family which outputs messages digests of 48 bytes (384 bits).22V is a member of the SHA2 family which outputs messages digests of 32 bytes (256 bits).33V is a member of the SHA2 family which outputs messages digests of 28 bytes (224 bits).44 is a hash function specified by NIST (The U.S. National Institute for Standards and Technology). It produces message digests of 20 bytes (160 bits).55 is a hash function designed by Hans Dobbertin, Antoon Bosselaers, and Bart Preneel, as a strengthened version of RIPEMD. It produces message digests of 20 bytes (160 bits).66q is a hash function of Ronald Rivest's, described in RFC 1321. It outputs message digests of 16 bytes (128 bits).77q is a hash function of Ronald Rivest's, described in RFC 1320. It outputs message digests of 16 bytes (128 bits).88q is a hash function of Ronald Rivest's, described in RFC 1319. It outputs message digests of 16 bytes (128 bits).9The GOST94 or GOST R 34.11-94 hash algorithm is a Soviet-era algorithm used in Russian government standards (see RFC 4357). It outputs message digests of 32 bytes (256 bits).V,-./012 3  4  56789 !"#$%&'()*+,-./0123456789:;<=>?@ABC ,-./0123456789 9876543210/.-,1,-./012 3  4  56789  !"#$%&'()*+,-./0123456789:;<=>?@ABC(c) 2013 Stefan Bhler MIT-style (see the file COPYING)stbuehler@web.de experimentalportableNone7 ::, is the 32-bit (4 byte) digest variant. See F for the  instance.;;, is the 32-bit (4 byte) digest variant. See F for the  instance.<<, is the 32-bit (4 byte) digest variant. See F for the  instance.==, is the 32-bit (4 byte) digest variant. See F for the  instance.>>C is a class of keyed hash algorithms that take an additional nonce. Keys for > are always 16 bytes; there are different digest sizes: 4, 8, 12 and 16 bytes (32, 64, 96 and 128 bits), and the variants are named after the digest length in bits.On initialization the nonce is set to 0; each finalize returns a new state with an incremented nonce. The nonce is interpreted as 16-byte (128-bit) big-endian integer (and for string shorter than 16 bytes padded with zeroes  on the left'; setting empty nonces is not allowed).?digest size in bytes@ umac name (UMAC ++ digest size in bits)A initialize a new context from a key with a zero nonceBset a nonce3; can be called anytime before producing the digestCappend message data to be hashedD append lazy message data to be hashedE?produce a digest, and return a new state with incremented nonceF The default  generated for UMAC o instances use a zero nonce; to set a different nonce you need to use this initialization function (or use the > interface).Once the UMAC lives as ) the nonce cannot be changed anymore, as  hides all internal state.5:DE;FG<HI=JKLMNOPQRST>?@Akey argument Bnonce argument Cmessage argument Dmessage argument EUVWXYFkey argument nonce argument Z[\]^_`abcdefghijk :;<=>?@ABCDEF >?@ABCDE=<;:F:DE;FG<HI=JKLMNOPQRST>?@ABCDEUVWXYFZ[\]^_`abcdefghijk None lmnopqrstuvwxyz{|}~lmnopqrstuvwxyz{|}~lmnopqrstuvwxyz{|}~ None34577pointer to new context, key length, (const) key pointer7      !"#$%&'-            !"#$%&'(c) 2013 Stefan Bhler MIT-style (see the file COPYING)stbuehler@web.de experimentalportableNone3457GG is the same as H2, but uses only 12 instead of 20 rounds in mixing.HH> is a fairly recent stream cipher designed by D. J. Bernstein.7Valid key sizes are 128 and 256 bits (16 and 32 bytes).Salsa20 uses a blocksize of 64 bytes internally; if crpyted input isn't aligned to 64 bytes it will pad it with 0 and store the encrypted padding to xor with future input data.%Each message also requires a 8-byte ((r) nonce (which is initialized to 0; you can use a message sequence number). Don't reuse a nonce with the same key.7Setting a nonce also resets the remaining padding data.II is a variant of the H1 stream cipher, both designed by D. J. Bernstein. Key size is 256 bits (32 bytes).I works similar to Hs; it could theoretically also support 128-bit keys, but there is no need for it as they share the same performance.ChaCha uses a blocksize of 64 bytes internally; if crpyted input isn't aligned to 64 bytes it will pad it with 0 and store the encrypted padding to xor with future input data.%Each message also requires a 8-byte ((r) nonce (which is initialized to 0; you can use a message sequence number). Don't reuse a nonce with the same key.7Setting a nonce also resets the remaining padding data.JJr are special stream ciphers that can encrypt many messages with the same key; setting a nonce restarts the cipher.oA good value for the nonce is a message/packet counter. Usually a nonce should not be reused with the same key.MM@ is a stream cipher, also known under the trade marked name RC4.(Valid key sizes are from 1 to 256 bytes.NN@ is another AES finalist, designed by Bruce Schneier and others.N uses a the same  and key sizes as \.) only supports the * mode for now.OOT is one of the AES finalists, designed by Ross Anderson, Eli Biham and Lars Knudsen.The  is 128 bits (16 bytes), and the valid key sizes are from 128 bits to 256 bits (16 to 32 bytes), although smaller bits are just padded with zeroes.) only supports the * mode for now.PP uses 3 Q keys k1 || k2 || k3R. Encryption first encrypts with k1, then decrypts with k2, then encrypts with k3.The  is the same as for Q~: 64 bits (8 bytes), and the keys are simply concatenated, forming a 24 byte key string (with 168 bits actually getting used).QQC is the old Data Encryption Standard, specified by NIST. It uses a 1 of 64 bits (8 bytes), and a key size of 56 bits.{The key is given as 8 bytes, as one bit per byte is used as a parity bit. The parity bit is ignored by this implementation.RRE is a block cipher specified in RFC 2144. It uses a 64 bit (8 bytes) ?, and a variable key size of 40 up to 128 bits (5 to 16 bytes).SS provides the same interface as V$, but is restricted to 256-bit keys.TT provides the same interface as V$, but is restricted to 192-bit keys.UU provides the same interface as V$, but is restricted to 128-bit keys.VCamellia is a block cipher developed by Mitsubishi and Nippon Telegraph and Telephone Corporation, described in RFC3713, and recommended by some Japanese and European authorities as an alternative to AES. The algorithm is patented (details see  3http://www.lysator.liu.se/~nisse/nettle/nettle.html).Camellia uses a the same  and key sizes as \.) only supports the * mode for now.WW9 is a block cipher designed by Bruce Schneier. It uses a S of 64 bits (8 bytes), and a variable key size from 64 to 448 bits (8 to 56 bytes).XXS (also known as the trade marked name RC2) is a block cipher specified in RFC 2268. The default + uses ekb = bit-length of the key; ]! allows to specify ekb manually. ^ uses  ekb = 1024 (the maximum).X/ uses keysizes from 1 to 128 bytes, and uses a  of 64 bits (8 bytes).YY provides the same interface as \$, but is restricted to 256-bit keys.ZZ provides the same interface as \$, but is restricted to 192-bit keys.[[ provides the same interface as \$, but is restricted to 128-bit keys.\\| is the generic cipher context for the AES cipher, supporting key sizes of 128, 196 and 256 bits (16, 24 and 32 bytes). The  is always 128 bits (16 bytes).) only supports the * mode for now.]#Initialize cipher with an explicit ekbA value (valid values from 1 to 1024, 0 meaning the same as 1024).^Initialize cipher with  ekb = 1024._Sets a ($ as 8-byte nonce (bigendian encoded)G,H-I.JKLM/N0O1P2Q3R4S5T6U7V8W9X:Y;Z<[=\>]^?_@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~GHIJKLMNOPQRSTUVWXYZ[\]^_\[ZYX]^WVUTSRQPNOJKL_MIHGzG,H-I.JKLM/N0O1P2Q3R4S5T6U7V8W9X:Y;Z<[=\>]^?_@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~(c) 2013 Stefan Bhler MIT-style (see the file COPYING)stbuehler@web.de experimentalportableNone357`bEncrypt plain text and create a verification tag for the encrypted text and some additional data. key and noncez must not be reused together. The returned tag is 16 bytes long, but may be shortened for verification (loosing security).akDecrypt cipher text and verify a (possible shortened) tag for the encrypted text and some additional data. key and nonce must not be reused together.`key (must be 32 bytes)nonce (must be 12 bytes)aad additional data to be verifiedplain data to encrypt returns (cipher, tag!) ciphertext and verification taga`a`a`a  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrsntp uvwxywxzwx{wx|wx}wx~wxwxwxwxwxwxwx qqqqqqq                        89:;<=>?@ABC D!E"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNFOGPHQIRSTUVWXYZ[\]^_`abcdefghijklmnopqr s t u v w x y z { | } ~                                                                                                                                                                    ! " # $ % & ' ( ) * + , -q./0102STUYZ[\]^_`abcdefgh3456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~nettl_4BX6nLUNv7m2vBns05sTRzCrypto.Nettle.HMACCrypto.Nettle.KeyedHashCrypto.Nettle.HashCrypto.Nettle.CCMCrypto.Nettle.UMACCrypto.Nettle.CiphersCrypto.Nettle.ChaChaPoly1305Crypto.Nettle.Hash.Types Nettle.Utils!Crypto.Nettle.Hash.ForeignImports$Crypto.Nettle.Ciphers.ForeignImportsCrypto.Nettle.Ciphers.InternalHMAC KeyedHashKeyedHashAlgorithmimplKeyedHashDigestSizeimplKeyedHashNameimplKeyedHashInitimplKeyedHashUpdateimplKeyedHashUpdateLazyimplKeyedHashFinalize HashAlgorithm hashBlockSizehashDigestSizehashNamehashInit hashUpdatehashUpdateLazy hashFinalizehashHMAChashhash'hashLazy hashLazy'keyedHashDigestSizekeyedHashDigestSize' keyedHashNamekeyedHashName' keyedHashInitkeyedHashInit'keyedHashUpdatekeyedHashUpdateLazykeyedHashFinalize keyedHash keyedHash' keyedHashLazykeyedHashLazy'hmacInit hmacInit'hmachmac'hmacLazy hmacLazy'ccmInit ccmInitTLSSHA3_512SHA3_384SHA3_256SHA3_224SHA512SHA384SHA256SHA224SHA1 RIPEMD160MD5MD4MD2 GOSTHASH94UMAC128UMAC96UMAC64UMAC32UMACumacDigestSizeumacNameumacInit umacSetNonce umacUpdateumacUpdateLazy umacFinalizeumacInitKeyedHashESTREAM_SALSA20SALSA20CHACHAStreamNonceCipherstreamNonceSizestreamSetNonceARCFOURTWOFISHSERPENTDES_EDE3DESCAST128 Camellia256 Camellia192 Camellia128CamelliaBLOWFISHARCTWOAES256AES192AES128AES arctwoInitEKBarctwoInitGutmannstreamSetNonceWord64chaChaPoly1305EncryptchaChaPoly1305Decryptbytes_6VWy06pWzJq9evDvK2d4w6Data.ByteString.Internal ByteStringbaseGHC.Err undefinedData.ByteString.Lazy.InternalpadZero$fKeyedHashAlgorithmHMACtagge_LsPQD6UphhxLXSI5S11irM Data.TaggedreproxytagWithunproxyproxy untagSelfwitnessasTaggedTypeOftagSelfuntagretagunTaggedTaggedwithByteStringPtr netEncodeGHC.RealIntegralGHC.WordWord8ghc-prim GHC.TypesWordGHC.PtrPtrFunPtrGHC.IOunsafeDupablePerformIO Data.FoldableforM_plusPtrcrypt_IMrRUT6N2z09Bx4xDg340cCrypto.Cipher.Types.Block blockSizeCCM CCM_HeaderCCM_EncCCM_Decccm_initccm_encodeAdditionalLengthpad_zero_makeIV ccm_start_iv ccm_tag_iv ccm_cryptccm_tag$fAEADModeImplcipherCCMNettleHashDigestNettleHashUpdateNettleHashInitc_umac128_digestc_umac128_updatec_umac128_set_noncec_umac128_set_keyc_umac96_digestc_umac96_updatec_umac96_set_noncec_umac96_set_keyc_umac64_digestc_umac64_updatec_umac64_set_noncec_umac64_set_keyc_umac32_digestc_umac32_updatec_umac32_set_noncec_umac32_set_keyc_gosthash94_digestc_gosthash94_updatec_gosthash94_init c_sha1_digest c_sha1_update c_sha1_initc_ripemd160_digestc_ripemd160_updatec_ripemd160_init c_md4_digest c_md4_update c_md4_init c_md2_digest c_md2_update c_md2_init c_md5_digest c_md5_update c_md5_initc_sha3_512_digestc_sha3_512_updatec_sha3_512_initc_sha3_384_digestc_sha3_384_updatec_sha3_384_initc_sha3_256_digestc_sha3_256_updatec_sha3_256_initc_sha3_224_digestc_sha3_224_updatec_sha3_224_initc_sha384_digestc_sha384_update c_sha384_initc_sha512_digestc_sha512_update c_sha512_initc_sha224_digestc_sha224_update c_sha224_initc_sha256_digestc_sha256_update c_sha256_initc_sha256_ctx_sizec_sha256_digest_sizec_sha256_block_sizec_sha224_ctx_sizec_sha224_digest_sizec_sha224_block_sizec_sha512_ctx_sizec_sha512_digest_sizec_sha512_block_sizec_sha384_ctx_sizec_sha384_digest_sizec_sha384_block_sizec_sha3_224_ctx_sizec_sha3_224_digest_sizec_sha3_224_block_sizec_sha3_256_ctx_sizec_sha3_256_digest_sizec_sha3_256_block_sizec_sha3_384_ctx_sizec_sha3_384_digest_sizec_sha3_384_block_sizec_sha3_512_ctx_sizec_sha3_512_digest_sizec_sha3_512_block_sizec_md5_ctx_sizec_md5_digest_sizec_md5_block_sizec_md2_ctx_sizec_md2_digest_sizec_md2_block_sizec_md4_ctx_sizec_md4_digest_sizec_md4_block_sizec_ripemd160_ctx_sizec_ripemd160_digest_sizec_ripemd160_block_sizec_sha1_ctx_sizec_sha1_digest_sizec_sha1_block_sizec_gosthash94_ctx_sizec_gosthash94_digest_sizec_gosthash94_block_sizec_umac32_ctx_sizec_umac32_digest_sizec_umac64_ctx_sizec_umac64_digest_sizec_umac96_ctx_sizec_umac96_digest_sizec_umac128_ctx_sizec_umac128_digest_size sha3_512_ctx sha3_384_ctx sha3_256_ctx sha3_224_ctx sha512_ctx sha384_ctx sha256_ctx sha224_ctxsha1_ctx ripemd160_ctxmd5_ctxmd4_ctxmd2_ctxgosthash94_ctxNettleHashAlgorithm nha_ctx_sizenha_block_sizenha_digest_sizenha_namenha_init nha_update nha_digestnha_ctxnha_CtxnettleHashBlockSizenettleHashDigestSizenettleHashNamenettleHashInitnettleHashUpdatenettleHashFinalize$fHashAlgorithmSHA3_512$fNettleHashAlgorithmSHA3_512$fHashAlgorithmSHA3_384$fNettleHashAlgorithmSHA3_384$fHashAlgorithmSHA3_256$fNettleHashAlgorithmSHA3_256$fHashAlgorithmSHA3_224$fNettleHashAlgorithmSHA3_224$fHashAlgorithmSHA512$fNettleHashAlgorithmSHA512$fHashAlgorithmSHA384$fNettleHashAlgorithmSHA384$fHashAlgorithmSHA256$fNettleHashAlgorithmSHA256$fHashAlgorithmSHA224$fNettleHashAlgorithmSHA224$fHashAlgorithmSHA1$fNettleHashAlgorithmSHA1$fHashAlgorithmRIPEMD160$fNettleHashAlgorithmRIPEMD160$fHashAlgorithmMD5$fNettleHashAlgorithmMD5$fHashAlgorithmMD4$fNettleHashAlgorithmMD4$fHashAlgorithmMD2$fNettleHashAlgorithmMD2$fHashAlgorithmGOSTHASH94$fNettleHashAlgorithmGOSTHASH94 umac128_ctx umac96_ctx umac64_ctx umac32_ctx NettleUMAC nu_ctx_sizenu_digest_size nu_set_key nu_set_nonce nu_update nu_digestnu_ctxnu_CtxumacKHDigestSize umacKHName umacKHInit umacKHUpdateumacKHFinalizenettleUmacDigestSizenettleUmacInitnettleUmacSetNoncenettleUmacUpdatenettleUmacUpdateLazynettleUmacFinalize$fKeyedHashAlgorithmUMAC128 $fUMACUMAC128$fNettleUMACUMAC128$fKeyedHashAlgorithmUMAC96 $fUMACUMAC96$fNettleUMACUMAC96$fKeyedHashAlgorithmUMAC64 $fUMACUMAC64$fNettleUMACUMAC64$fKeyedHashAlgorithmUMAC32 $fUMACUMAC32$fNettleUMACUMAC32 NettleGCMModeNettleBlockModeNettleCryptFuncc_chacha_poly1305_digestc_chacha_poly1305_decryptc_chacha_poly1305_encryptc_chacha_poly1305_updatec_chacha_poly1305_set_noncec_chacha_poly1305_set_keyc_salsa20r12_cryptc_salsa20_cryptc_salsa20_set_noncec_salsa20_set_keyc_chacha_cryptc_chacha_set_noncec_chacha_set_keyc_arcfour_cryptc_arcfour_set_keyp_twofish_decryptc_twofish_decryptp_twofish_encryptc_twofish_encryptc_twofish_set_keyp_serpent_decryptc_serpent_decryptp_serpent_encryptc_serpent_encryptc_serpent_set_keyp_des3_decryptc_des3_decryptp_des3_encryptc_des3_encryptc_des3_set_key p_des_decrypt c_des_decrypt p_des_encrypt c_des_encrypt c_des_set_keyp_cast128_decryptc_cast128_decryptp_cast128_encryptc_cast128_encryptc_cast5_set_keyp_camellia256_cryptc_camellia256_cryptc_hs_camellia256_initp_camellia192_cryptc_camellia192_cryptc_hs_camellia192_initp_camellia128_cryptc_camellia128_cryptc_hs_camellia128_initp_hs_camellia_decryptc_hs_camellia_decryptp_hs_camellia_encryptc_hs_camellia_encryptc_hs_camellia_initp_blowfish_decryptc_blowfish_decryptp_blowfish_encryptc_blowfish_encryptc_blowfish_set_keyp_arctwo_decryptc_arctwo_decryptp_arctwo_encryptc_arctwo_encryptc_arctwo_set_key_gutmannc_arctwo_set_key_ekbc_arctwo_set_keyp_aes256_decryptc_aes256_decryptp_aes256_encryptc_aes256_encryptc_hs_aes256_initp_aes192_decryptc_aes192_decryptp_aes192_encryptc_aes192_encryptc_hs_aes192_initp_aes128_decryptc_aes128_decryptp_aes128_encryptc_aes128_encryptc_hs_aes128_initp_hs_aes_decryptc_hs_aes_decryptp_hs_aes_encryptc_hs_aes_encrypt c_hs_aes_init c_gcm_digest c_gcm_decrypt c_gcm_encrypt c_gcm_update c_gcm_set_iv c_gcm_set_key c_ctr_crypt c_cfb_decrypt c_cfb_encrypt c_cbc_decrypt c_cbc_encryptc_gcm_ctx_sizec_gcm_key_sizec_hs_aes_ctx_sizec_hs_aes128_ctx_sizec_hs_aes128_ctx_encryptc_hs_aes128_ctx_decryptc_hs_aes192_ctx_sizec_hs_aes192_ctx_encryptc_hs_aes192_ctx_decryptc_hs_aes256_ctx_sizec_hs_aes256_ctx_encryptc_hs_aes256_ctx_decryptc_arctwo_ctx_sizec_blowfish_ctx_sizec_hs_camellia_ctx_sizec_hs_camellia128_ctx_sizec_hs_camellia128_ctx_encryptc_hs_camellia128_ctx_decryptc_hs_camellia192_ctx_sizec_hs_camellia192_ctx_encryptc_hs_camellia192_ctx_decryptc_hs_camellia256_ctx_sizec_hs_camellia256_ctx_encryptc_hs_camellia256_ctx_decryptc_cast128_ctx_sizec_des_ctx_sizec_des3_ctx_sizec_serpent_ctx_sizec_twofish_ctx_sizec_arcfour_ctx_sizec_chacha_ctx_sizec_salsa20_ctx_sizec_chacha_poly1305_ctx_size nc_cipherInit NettleGCMNettleBlockedStreamCiphernbsc_blockSizenbsc_IncompleteStatenbsc_incompleteStatenbsc_streamCombinenbsc_nonceSize nbsc_setNonceNettleStreamCiphernsc_streamCombine nsc_nonceSize nsc_setNonceNettleBlockCipher nbc_blockSizenbc_encrypt_ctx_offsetnbc_decrypt_ctx_offsetnbc_ecb_encryptnbc_ecb_decryptnbc_fun_encryptnbc_fun_decrypt NettleCipher nc_cipherNamenc_cipherKeySize nc_ctx_sizenc_ctxnc_Ctxnettle_cipherInitnettle_cipherInit'assert_blockSizenettle_ecbEncryptnettle_ecbDecryptnettle_cbcEncryptnettle_cbcDecryptnettle_cfbEncryptnettle_cfbDecryptnettle_ctrCombinenettle_streamCombinenettle_streamSetNoncenettle_blockedStreamCombinenettle_blockedStreamSetNoncenettle_gcm_aeadInit nettle_gcm_aeadStateAppendHeadernettle_gcm_aeadStateEncryptnettle_gcm_aeadStateDecryptnettle_gcm_aeadStateFinalizekey_init c_run_crypt blockmode_rungcm_init gcm_update gcm_crypt gcm_digest stream_cryptWord64aeadInitCrypto.Cipher.Types.BaseAEAD_GCM cipherInitword64BEwrap_chacha_set_keywrap_chacha_set_noncewrap_salsa20_set_keywrap_salsa20_set_nonce"$fStreamNonceCipherESTREAM_SALSA20$fStreamCipherESTREAM_SALSA20$fCipherESTREAM_SALSA20*$fNettleBlockedStreamCipherESTREAM_SALSA20$fNettleCipherESTREAM_SALSA20$fStreamNonceCipherSALSA20$fStreamCipherSALSA20$fCipherSALSA20"$fNettleBlockedStreamCipherSALSA20$fNettleCipherSALSA20$fStreamNonceCipherCHACHA$fStreamCipherCHACHA$fCipherCHACHA!$fNettleBlockedStreamCipherCHACHA$fNettleCipherCHACHA$fStreamCipherARCFOUR$fCipherARCFOUR$fNettleStreamCipherARCFOUR$fNettleCipherARCFOUR$fAEADModeImplTWOFISHNettleGCM$fBlockCipherTWOFISH$fCipherTWOFISH$fNettleBlockCipherTWOFISH$fNettleCipherTWOFISH$fAEADModeImplSERPENTNettleGCM$fBlockCipherSERPENT$fCipherSERPENT$fNettleBlockCipherSERPENT$fNettleCipherSERPENT$fAEADModeImplDES_EDE3NettleGCM$fBlockCipherDES_EDE3$fCipherDES_EDE3$fNettleBlockCipherDES_EDE3$fNettleCipherDES_EDE3$fAEADModeImplDESNettleGCM$fBlockCipherDES $fCipherDES$fNettleBlockCipherDES$fNettleCipherDES$fAEADModeImplCAST128NettleGCM$fBlockCipherCAST128$fCipherCAST128$fNettleBlockCipherCAST128$fNettleCipherCAST128"$fAEADModeImplCamellia256NettleGCM$fBlockCipherCamellia256$fCipherCamellia256$fNettleBlockCipherCamellia256$fNettleCipherCamellia256"$fAEADModeImplCamellia192NettleGCM$fBlockCipherCamellia192$fCipherCamellia192$fNettleBlockCipherCamellia192$fNettleCipherCamellia192"$fAEADModeImplCamellia128NettleGCM$fBlockCipherCamellia128$fCipherCamellia128$fNettleBlockCipherCamellia128$fNettleCipherCamellia128$fAEADModeImplCamelliaNettleGCM$fBlockCipherCamellia$fCipherCamellia$fNettleBlockCipherCamellia$fNettleCipherCamellia$fAEADModeImplBLOWFISHNettleGCM$fBlockCipherBLOWFISH$fCipherBLOWFISH$fNettleBlockCipherBLOWFISH$fNettleCipherBLOWFISH$fAEADModeImplARCTWONettleGCM$fBlockCipherARCTWO$fCipherARCTWO$fNettleBlockCipherARCTWO$fNettleCipherARCTWO$fAEADModeImplAES256NettleGCM$fBlockCipherAES256$fCipherAES256$fNettleBlockCipherAES256$fNettleCipherAES256$fAEADModeImplAES192NettleGCM$fBlockCipherAES192$fCipherAES192$fNettleBlockCipherAES192$fNettleCipherAES192$fAEADModeImplAES128NettleGCM$fBlockCipherAES128$fCipherAES128$fNettleBlockCipherAES128$fNettleCipherAES128$fAEADModeImplAESNettleGCM$fBlockCipherAES $fCipherAES$fNettleBlockCipherAES$fNettleCipherAES