umU&]      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~         !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\5SafeQThis class captures all types that have some sort of description attached to it.%Short name that describes the object.Longer descriptionNone:<=DRIn a cryptographic setting, naive equality checking dangerous. This class is the timing safe way of doing equality checking. The recommended method of defining equality checking for cryptographically sensitive data is as follows. Define an instance of .)Make use of the above instance to define ] instance as follows. data SomeSensitiveType = ... instance Equality SomeSensitiveType where eq a b = ... instance Eq SomeSensitiveType where (==) a b = a === bAn opaque type that captures the result of a comparison. The monoid instances allows us to combine the results of two equality comparisons in a timing independent manner. We have the following properties. gisSuccessful mempty = True isSuccessful (r `mappend` s) = isSuccessful r && isSuccessful s9Checks whether a given equality comparison is successful.9Check whether two values are equal using the timing safe 0 function. Use this function when defining the ]% instance for a Sensitive data type.9Timing independent equality checks for vector of values. Do not] use this to check the equality of two general vectors in a timing independent manner (use   instead) because: 0They do not work for vectors of unequal lengths,#They do not work for empty vectors.tThe use case is for defining equality of data types which have fixed size vector quantities in it. Like for example import Data.Vector.Unboxed newtype Sha1 = Sha1 (Vector (BE Word32)) instance Eq Sha1 where (==) (Sha1 g) (Sha1 h) = oftenCorrectEqVector g h Timing independent equality checks for vectors. If you know that the vectors are not empty and of equal length, you may use the slightly faster ^Vector of Results._MVector for Results.`abc defghijk^_l `a defghijk^b_clSafeDR MThe DH (Diffie-Hellman) typeclass provides an interface for key exchanges.  I represents the secret generated by each party & known only to itself.  + represents the token generated from the  $ which is sent to the other party.  ] represents the common secret generated by both parties from the respective public tokens. R takes the generator of the group and a secret and generates the public token. } takes the generator of the group, secret of one party and public token of the other party and generates the shared secret.     None9;<=A monadic arrow field.WA field where the underlying arrow is the (->). This is normally what we call a field.vA field on the space is a function from the points in the space to some value. Here we define it for a general arrow.dThe twisted functor is essentially a generalisation of semi-direct product to applicative functors."The generalisation of distributivity to applicative functors. This generalisation is what allows us to capture applicative functors like parsers. For an applicative functor, and a monoid acting uniformly on it, we say that the action is distributive if the following laws are satisfied: vm <<.>> (pure a) = pure a -- pure values are stoic m <<.>> (a <*> b) = (m <<.>> a) <*> (m <<.>> b) -- distThe semidirect product Space " Monoid. For monoids acting on monoidal spaces distributively the semi-direct product is itself a monoid. It turns out that data serialisers can essentially seen as a semidirect product.jA left-monoid action on a monoidal-space, i.e. the space on which the monoid acts is itself a monoid, is  distributive if it satisfies the law: 'a <.> p <> q = (a <.> p) <> (a <.> q).)The above law implies that every element m is a monoid homomorphism.PUniform action of a monoid on a functor. The laws that should be satisfied are: p1 <<.>> fx = fx (a <> b) <<.>> fx = a . (b <<.>> fx) m <<.>> fmap f u = fmap f (m <<.>> u) -- acts uniformly A monoid mx acting on the left of a space. Think of a left action as a multiplication with the monoid. It should satisfy the law: k1 <.> p = p -- identity a <> b <.> p = a <.> b <.> p -- successive displacements?An alternate symbol for <> more useful in the additive context.LFrom the an element of semi-direct product Space " Monoid return the point.UFrom the an element of semi-direct product Space " Monoid return the monoid element. !Get the underlying functor value.! Get the underlying monoid value.";Compute the value of a field at a given point in the space.# Lift a monadic action to FieldM.$3Runs a monadic field at a given point in the space.&:The action on the space translates to the action on field. !"#$%&'() !"#$ !"$# !"#$%&'()555None 9;<=I++Type safe lengths/offsets in units of bits.-,Type safe lengths/offsets in units of bytes./In cryptographic settings, we need to measure pointer offsets and buffer sizes in different units. To avoid errors due to unit conversions, we distinguish between different length units at the type level. This type class capturing such types, i.e. types that stand of length units.0"Express the length units in bytes.13The pointer type used by all cryptographic library.2RA type whose only purpose in this universe is to provide alignment safe pointers.m;Some common PTR functions abstracted over type safe length.3!Express the length units in bits.4Express length unit src in terms of length unit dest rounding upwards.5Express length unit src in terms of length unit dest rounding downwards.6A length unit u/ is usually a multiple of bytes. The function 6 is like n : the value byteQuotRem bytes is a tuple (x,r), where x is bytes expressed in the unit u with r being the reminder.7Function similar to 6 but returns only the quotient.8Function similar to 6 but works with bits instead.9Function similar to 8 but returns only the quotient.; Similar to o+ but returns the length in type safe units.<The expression allocaBuffer l action% allocates a local buffer of length l# and passes it on to the IO action action. No explicit freeing of the memory is required as the memory is allocated locally and freed once the action finishes. It is better to use this function than pe as it does type safe scaling. This function also ensure that the allocated buffer is word aligned.=This function allocates a chunk of "secure" memory of a given size and runs the action. The memory (1) exists for the duration of the action (2) will not be swapped during that time and (3) will be wiped clean and deallocated when the action terminates either directly or indirectly via errors. While this is mostly secure, there can be strange situations in multi-threaded application where the memory is not wiped out. For example if you run a crypto-sensitive action inside a child thread and the main thread gets exists, then the child thread is killed (due to the demonic nature of haskell threads) immediately and might not give it chance to wipe the memory clean. This is a problem inherent to how the bracket( combinator works inside a child thread.'TODO: File this insecurity in the wiki.>:Creates a memory of given size. It is better to use over q as it uses typesafe length.? A version of r, which works for any type safe length units.@Copy between pointers.AMove between pointers.B6Sets the given number of Bytes to the specified value.s,The most interesting monoidal action for us.#*t+,-./012uvwmxy3456789:;< buffer lengththe action to run=> buffer length?@DestSrcNumber of Bytes to copyADestSrcNumber of Bytes to copyBTargetValue byte to setNumber of bytes to setsz{*+,-./0123456789:;<=>?@AB*t+,-./012uvwmxy3456789:;<=>?@ABsz{ None:C A typesafe length for BytestringD A type safe version of replicateECopy the bytestring to the crypto buffer. This operation leads to undefined behaviour if the crypto pointer points to an area smaller than the size of the byte string.F Similar to E but takes an additional input n which is the number of bytes (expressed in type safe length units) to transfer. This operation leads to undefined behaviour if either the bytestring is shorter than n7 or the crypto pointer points to an area smaller than n.G3Works directly on the pointer associated with the |M. This function should only read and not modify the contents of the pointer.H(Get the value from the bytestring using }.IThe IO action createFrom n cptr" creates a bytestring by copying n bytes from the pointer cptr.CDE The source.The destination.Flength of data to be copiedThe source byte string The bufferGHICDEFGHICDEFGHI!None  09;<=DIR J$Big endian version of the word type wK'Little endian version of the word type wL5This class is the starting point of an endian agnostic interface to basic cryptographic data types. Endianness only matters when we first load the data from the buffer or when we finally write the data out. Any multi-byte type that are meant to be serialised should define and instance of this class. The N and M9 should takes care of the appropriate endian conversion.M<Store the given value at the locating pointed by the pointerN8Load the value from the location pointed by the pointer.OStore the given value as the n8-th element of the array pointed by the crypto pointer.PdStore the given value at an offset from the crypto pointer. The offset is given in type safe units.Q Load the n4-th value of an array pointed by the crypto pointer.RALoad from a given offset. The offset is given in type safe units.S%Convert to the little endian variant.T#Convert to the big endian variants.(J~KLMNO.the pointer to the first element of the arraythe index of the arraythe value to storeP the pointer.the absolute offset in type safe length units.value to storeQ.the pointer to the first element of the arraythe index of the arrayR the pointer the offsetST JKLMNOPQRST J~KLMNOPQRST"None69:; UA binary encoding format is something for which there is a 1:1 correspondence with bytestrings. We also insist that it is an instance of 9, so that it can be easily included in source code, and ', so that it can be easily printed out.XThe type class X- captures all the types can be encoding into |.YConvert stuff to bytestringZ5Try parsing back a value. Returns nothing on failure.[Unsafe version of Z\Encode in a given format.]MDecode from a given format. It results in Nothing if there is a parse error.^The unsafe version of ].?Bytestring itself is an encoding format (namely binary format).UVWXYZ[\]^ UVWXYZ[\]^ UVWXYZ[YZ\]^#NoneI_The base16 type.`Base16 variant of . Useful in definition of 2 instances as well as in cases where the default 0 instance does not parse from a base16 encoding.aBase16 variant of ._`a_`a _`aNone b;An applicative parser type for reading data from a pointer.c/A parser that fails with a given error message.d,Return the bytes that this parser will read.e7Run the parser without checking the length constraints.AThe primary purpose of this function is to satisfy type checkers.fParses a value which is an instance of Storable. Beware that this parser expects that the value is stored in machine endian. Mostly it is useful in defining the } function in a complicated  instance.gParse a crypto value. Endian safety is take into account here. This is what you would need when you parse packets from an external source. You can also use this to define the N function in a complicated L instance.h-Parses a strict bytestring of a given length.i Similar to parseStorableVector but is expected to be slightly faster. It does not check whether the length parameter is non-negative and hence is unsafe. Use it only if you can prove that the length parameter is non-negative.j Similar to  parseVector but is expected to be slightly faster. It does not check whether the length parameter is non-negative and hence is unsafe. Use it only if you can prove that the length parameter is non-negative.k Similar to l but parses according to the host endian. This function is essentially used to define storable instances of complicated data. It is unlikely to be of use when parsing externally serialised data as one would want to keep track of the endianness of the data.lParses a vector of elements. It takes care of the correct endian conversion. This is the function to use while parsing external data.bcdefghijkl bcdefghijkl bdcegflkjihbcdefghijklNoneCDEFGHICDHIGEFNone UVWXYZ[\]^_`aXYZ[YZUVW\]^_`aNone9:;<= m/A write is an action which when executed using runWrite9 writes bytes to the input buffer. It is similar to the $% type exposed from the Raaz.Write.Unsafev module except that it keeps track of the total bytes that would be written to the buffer if the action is run. The runWriteS action will raise an error if the buffer it is provided with is of size smaller. m5s are monoid and hence can be concatnated using the  operator.OA write action is nothing but an IO action that returns () on input a pointer.The monoid for write.Create a write action.nJReturns the bytes that will be written when the write action is performed.o,Perform the write action without any checks.pThe expression p a+ gives a write action that stores a value a* in machine endian. The type of the value a has to be an instance of . This should be used when we want to talk with C functions and not when talking to the outside world (otherwise this could lead to endian confusion). To take care of endianness use the q combinator.qThe expression q a+ gives a write action that stores a value a". One needs the type of the value a to be an instance of L. Proper endian conversion is done irrespective of what the machine endianness is. The man use of this write is to serialize data for the consumption of the outside world.rThe vector version of p.sThe vector version of q.tThe combinator writeBytes n b writes b as the next n consecutive bytes.uWrites a strict bytestring.v4A write action that just skips over the given bytes.mnopqrstuvwxyz{ mnopqrstuv mnoqpsrtuvmnopqrstuvwxyz{&None,9;<=DOQRT|]Tuples that encode their length in their types. For tuples, we call the length its dimension'Function to make the type checker happy}Function that returns the dimension of the tuple. The dimension is calculated without inspecting the tuple and hence the term } (undefined :: Tuple 5 Int) will evaluate to 5.Get the dimension to parser~Construct a tuple out of the list. This function is unsafe and will result in run time error if the list is not of the correct dimension.gComputes the initial fragment of a tuple. No length needs to be given as it is infered from the types.!Equality checking is timing safe.|}~|}~ |}~None2 *+,-./0123456789:;<=>?@ABJKLMNOPQRST|}~2 LMNKJSTPORQ1/0:-.+,*23869745<=>?;BA@|}~None %&69;<=DORT2A memory location to store a value of type having  instance.Any cryptographic primitives use memory to store stuff. This class abstracts all types that hold some memory. Cryptographic application often requires securing the memory from being swapped out (think of memory used to store private keys or passwords). This abstraction supports memory securing. If your platform supports memory locking, then securing a memory will prevent the memory from being swapped to the disk. Once secured the memory location is overwritten by nonsense before being freed.&While some basic memory elements like i are exposed from the library, often we require compound memory objects built out of simpler ones. The  instance of the  can be made use of in such situation to simplify such instance declaration as illustrated in the instance declaration for a pair of memory elements. instance (Memory ma, Memory mb) => Memory (ma, mb) where memoryAlloc = (,) <$> memoryAlloc <*> memoryAlloc underlyingPtr (ma, _) = underlyingPtr ma%Returns an allocator for this memory.-Returns the pointer to the underlying buffer.'A memory allocator for the memory type mem. The  instance of AllocU can be used to build allocations for complicated memory elements from simpler ones.BA memory action that uses some sort of memory element internally."A runner of a memory state thread.An action of type  mem aE is an action that uses internally a a single memory object of type mem and returns a result of type aw. All the actions are performed on a single memory element and hence the side effects persist. It is analogues to the ST monad.AA class that captures monads that use an internal memory element.Any instance of  can be executed  in which case all allocations are performed from a locked pool of memory. which at the end of the operation is also wiped clean before deallocation.Systems often put tight restriction on the amount of memory a process can lock. Therefore, secure memory is often to be used judiciously. Instances of this class should$ also implement the the combinator : which allocates all memory from an unlocked memory pool.&This library exposes two instances of  Memory threads captured by the type G, which are a sequence of actions that use the same memory element andMemory actions captured by the type .WARNING: Be careful with .The rule of thumb to follow is that the action being lifted should itself never unlock any memory. In particular, the following code is bad because the 2 action unlocks some portion of the memory after foo is executed.  liftIO $ securely $ foo ,On the other hand the following code is fine ( liftIO $ insecurely $ someMemoryAction  Whether an IOn action unlocks memory is difficult to keep track of; for all you know, it might be a FFI call that does an  memunlock.BAs to why this is dangerous, it has got to do with the fact that mlock and munlock! do not nest correctly. A single munlock can unlock multiple calls of mlock on the same page.Perform the memory action where all memory elements are allocated locked memory. All memory allocated will be locked and hence will never be swapped out by the operating system. It will also be wiped clean before releasing.Memory locking is an expensive operation and usually there would be a limit to how much locked memory can be allocated. Nonetheless, actions that work with sensitive information like passwords should use this to run an memory action.Perform the memory action where all memory elements are allocated unlocked memory. Use this function when you work with data that is not sensitive to security considerations (for example, when you want to verify checksums of files).Given an memory thread/Run a given memory action in the memory thread.1Get the pointer associated with the given memory.aWork with the underlying pointer of the memory element. Useful while working with ffi functions.\Compound memory elements might intern be composed of sub-elements. Often one might want to lift\ the memory thread for a sub-element to the compound element. Given a sub-element of type mem'A which can be obtained from the compound memory element of type mem using the projection proj, liftSubMT projG lifts the a memory thread of the sub element to the compound element.0Run the memory thread to obtain a memory action.*Make an allocator for a given memory type.Allocates a buffer of size l' and returns the pointer to it pointer.Copy data from a given memory location to the other. The first argument is destionation and the second argument is source to match with the convention followed in memcpy.CPerform an action which makes use of this memory. The memory allocated will automatically be freed when the action finishes either gracefully or with some exception. Besides being safer, this method might be more efficient as the memory might be allocated from the stack directly and will have very little GC overhead. Similar to  but allocates a secure memory for the action. Secure memories are never swapped on to disk and will be wiped clean of sensitive data after use. However, be careful when using this function in a child thread. Due to the daemonic nature of Haskell threads, if the main thread exists before the child thread is done with its job, sensitive data can leak. This is essentially a limitation of the bracket which is used internally.TPerform some pointer action on MemoryCell. Useful while working with ffi functions.2Apply the given function to the value in the cell.54Projection from the compound element to sub-element!Memory thread of the sub-element. DestinationSource) None *6:<=ADIRT Type safe message length in units of blocks of the primitive. When dealing with buffer lengths for a primitive, it is often better to use the type safe units . Functions in the raaz package that take lengths usually allow any type safe length as long as they can be converted to bytes. This can avoid a lot of tedious and error prone length calculations.An asymmetric primitive.The public keyThe private keyOA symmetric primitive. An example would be primitives like Ciphers, HMACs etc.The key for the primitive.3Primitives that have a recommended implementations.1The recommended implementation for the primitive.The type class that captures an abstract block cryptographic primitive. Bulk cryptographic primitives like hashes, ciphers etc often acts on blocks of data. The size of the block is captured by the member .nAs a library, raaz believes in providing multiple implementations for a given primitive. The associated type , captures implementations of the primitive. There is a reference implementation where the emphasis is on correctness rather than speed or security. They are used to verify the correctness of the other implementations for the same primitive. Apart from this, for production use, we have a recommended implementation.CAssociated type that captures an implementation of this primitive.The block size.The expression n  pN specifies the message lengths in units of the block length of the primitive pH. This expression is sometimes required to make the type checker happy. 'NoneRTypical size of L1 cache. Used for selecting buffer size etc in crypto operations. None6: A byte source src is pure if filling from it does not have any other side effect on the state of the byte source. Formally, two different fills form the same source should fill the buffer with the same bytes. This additional constraint on the source helps to purify` certain crypto computations like computing the hash or mac of the source. Usualy sources like |D etc are pure byte sources. A file handle is a byte source that is not a pure source.Never ending stream of bytes. The reads to the stream might get delayed but it will always return the number of bytes that were asked for.TAbstract byte sources. A bytesource is something that you can use to fill a buffer.Fills a buffer from the source.2This type captures the result of a fill operation.the buffer is filled completely*source exhausted with so much bytes read.#Combinator to handle a fill result.=A version of fillBytes that takes type safe lengths as input.:Process data from a source in chunks of a particular size.stuff to do when filledstuff to do when exhaustedthe fill result to process  None6:DRnThe system wide pseudo-random generator. The source is expected to be of high quality, albeit a bit slow due to system call overheads. It is expected that this source is automatically seeded from the entropy pool maintained by the platform. Hence, it is neither necessary nor possible to seed this generator which reflected by the fact that the associated type   is the unit type ().9Stuff that can be generated by a pseudo-random generator.The class that captures pseudo-random generators. Essentially the a pseudo-random generator (PRG) is a byte sources that can be seeded.3Associated type that captures the seed for the PRG.&Creates a new pseudo-random generatorsRe-seeding the prg.  None~ *+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a|}~ None!"*9:;<=ADRTComputing cryptographic hashes usually involves chunking the message into blocks and compressing one block at a time. Usually this compression makes use of the hash of the previous block and the length of the message seen so far to compressing the current block. Most implementations therefore need to keep track of only hash and the length of the message seen so. This memory can be used in such situations.Cell to store the hashCell to store the length*Type class capturing a cryptographic hash.Cryptographic hashes can be computed for messages that are not a multiple of the block size. This combinator computes the maximum size of padding that can be attached to a message.Some implementation of a given hash. The existentially quantification allows us freedom to choose the best memory type suitable for each implementations.LThe constraints that a memory used by a hash implementation should satisfy.FThe Hash implementation. Implementations should ensure the following.  The action compress impl ptr blks should only read till the blks1 offset starting at ptr and never write any data. The action padFinal impl ptr byts should touch at most #byts/blocksize# + padBlocks@ blocks starting at ptr. It should not write anything till the byts) offset but may write stuff beyond that.mAn easy to remember this rule is to remember that computing hash of a payload should not modify the payload.compress the blocks, pad and process the final bytes,Certain hashes are essentially bit-truncated versions of other hashes. For example, SHA224 is obtained from SHA256 by dropping the last 32-bits. This combinator can be used build an implementation of truncated hash from the implementation of its parent hash.-Compute the hash of a pure byte source like, |.Compute the hash of file.*Compute the hash of a generic byte source. Similar to 5 but the user can specify the implementation to use.ISimilar to hashFile' but the user can specify the implementation to use. Similar to  hashSource5 but the user can specify the implementation to use.Gives a memory action that completes the hashing procedure with the rest of the source. Useful to compute the hash of a source with some prefix (like in the HMAC procedure).0Extract the length of the message hashed so far.,Update the message length by a given amount.MessageFile to be hashedMessageImplementationthe message as a byte source.ImplementationFile to be hashed(None*9:;ADIRTThe HMAC associated to a hash value. The HMAC type is essentially the underlying hash type wrapped inside a newtype. Therefore, the ]& instance for HMAC is essentially the ] instance for the underlying hash. It is safe against timing attack provided the underlying hash comparison is safe under timing attack.The HMAC key type. The HMAC keys are usually of size at most the block size of the associated hash, although the hmac construction allows using keys arbitrary size. Using keys of small size, in particular smaller than the size of the corresponding hash, can can compromise security. A note on  and  instances of keys.6As any other cryptographic type HMAC keys also have a  and  instance which is essentially the key expressed in base16. Keys larger than the block size of the underlying hashes are shortened by applying the appropriate hash. As a result the  and $ need not be inverses of each other.-Compute the hash of a pure byte source like, |.Compute the hash of file.*Compute the hash of a generic byte source.-Compute the hash of a pure byte source like, |.Compute the hash of file.$Base16 representation of the string.the key.MessageFile to be hashedMessageMessageFile to be hashed )None ,9;<=DIRThe cryptographic hash SHA1.*None:DR/The type alias for the raw compressor function.UCreates an implementation for a sha hash given the compressor and the length writer.;The generic compress function for the sha family of hashes.%The compressor for the last function.&The length encoding that uses 64-bits.'The length encoding that uses 128-bits.The padding to be usedThe buffer to compress The number of blocks to compress#The cell memory containing the hashName Descriptionraw compress function.buffer pointernumber of blocksthe length writerthe raw compressor the bufferthe message lengthThe length encodingThe hashThe message lengthNone &The portable C implementation of SHA1.+NoneNone(Compute the sha1 hash of an instance of H. Use this for computing the sha1 hash of a strict or lazy byte string.  Compute the sha1 hash of a file. /Compute the sha1 hash of a general byte source. 8Compute the message authentication code using hmac-sha1. 3Compute the message authentication code for a file. ACompute the message authetication code for a generic byte source.                    ,None ,9;<=DIR1Sha224 hash value which consist of 7 32bit words.-None  ,9;<=DIRThe Sha256 hash value.    None (The portable C implementation of SHA256.  None <=(The portable C implementation of SHA224.    .NoneNone*Compute the sha224 hash of an instance of J. Use this for computing the sha224 hash of a strict or lazy byte string."Compute the sha224 hash of a file.1Compute the sha224 hash of a general byte source.:Compute the message authentication code using hmac-sha224.3Compute the message authentication code for a file.ACompute the message authetication code for a generic byte source. Key to use)pure source whose hmac is to be computed Key to use!File whose hmac is to be computed/NoneNone*Compute the sha256 hash of an instance of J. Use this for computing the sha256 hash of a strict or lazy byte string."Compute the sha256 hash of a file.1Compute the sha256 hash of a general byte source.:Compute the message authentication code using hmac-sha256. 3Compute the message authentication code for a file.!ACompute the message authetication code for a generic byte source. Key to use)pure source whose hmac is to be computed  Key to use!File whose hmac is to be computed! ! ! !0None ,9;<=DIR"The Sha384 hash value."""1None  ,9;<=DIR#@The Sha512 hash value. Used in implementation of Sha384 as well.###None $(The portable C implementation of SHA512.$%$%$%$%None <=&(The portable C implementation of SHA384. !"&#'()&& !"&#'()2None$$None**Compute the sha384 hash of an instance of J. Use this for computing the sha384 hash of a strict or lazy byte string.+"Compute the sha384 hash of a file.,1Compute the sha384 hash of a general byte source.-:Compute the message authentication code using hmac-sha384..3Compute the message authentication code for a file./ACompute the message authetication code for a generic byte source.*+,- Key to use)pure source whose hmac is to be computed. Key to use!File whose hmac is to be computed/"*+,-./"*+,-./*+,-./3None%%None0*Compute the sha512 hash of an instance of J. Use this for computing the sha512 hash of a strict or lazy byte string.1"Compute the sha512 hash of a file.21Compute the sha512 hash of a general byte source.3:Compute the message authentication code using hmac-sha512.43Compute the message authentication code for a file.5ACompute the message authetication code for a generic byte source.0123 Key to use)pure source whose hmac is to be computed4 Key to use!File whose hmac is to be computed5#012345#012345012345None+      !"#*+,-./012345None*9:;<=ADRT 7vSome implementation of a block cipher. This type existentially quantifies over the memory used in the implementation.9%The implementation of a block cipher.=)The underlying block encryption function.>)The underlying block decryption function.?Block cipher modes.@Cipher-block chainingACounterBEncrypt the given |J. This function is unsafe because it only works correctly when the input |E is of length which is a multiple of the block length of the cipher.CvEncrypt using the recommended implementation. This function is unsafe because it only works correctly when the input |E is of length which is a multiple of the block length of the cipher.&%Make a copy and run the given action.DDecrypts the given |J. This function is unsafe because it only works correctly when the input |E is of length which is a multiple of the block length of the cipher.EvDecrypt using the recommended implementation. This function is unsafe because it only works correctly when the input |E is of length which is a multiple of the block length of the cipher.678'9:;<=>?@ABThe cipher to useThe implementation to useThe key to useThe string to encrypt.C The cipherThe key to useThe string to encrypt&DThe cipher to useThe implementation to useThe key to useThe string to encrypt.E The cipherThe key to useThe string to encryptFG6789:;<=>?@ABCDE6?@A9:;<=>78CEBD 678'9:;<=>?@ABC&DEFG4None  ,9;<=DIRJThe IV used by the CBC mode.KKey used for AES-128LKey used for AES-128MKey used for AES-128(A tuple of AES words.)The basic word used in AES.NThe type associated with AES ciphers. Raaz provides AES variants with key lengths 128, 192 and 256. The key types for the above ciphers in cbc mode are given by the types (M, IV), (L, IV) (K, IV) respectively.O128-bit aes cipher in @ mode.P128-bit aes cipher in @ mode.Q128-bit aes cipher in @ mode.R#Smart constructors for AES 128 ctr.*0Poke a key and expand it with the given routine.+Key is (K,J) pair.,#The 256-bit aes cipher in cbc mode.-Key is (L,J) pair..#The 192-bit aes cipher in cbc mode./Key is (M,J) pair.0#The 128-bit aes cipher in cbc mode.1Shown as a its base16 encoding.2Expects in base16.3Shows in base 164Expects in base 165Shows in base 166Expects in base 167Shows in base 168Expects in base 1649:;<=>J?K@LAMB()NCDOPQR* key to pokeexpansion algorithmbuffer pointer.EFGH+,I-.J/012KL345678MNOPQR 9;=JKLMNCOPQR,9:;<=>J?K@LAMB()NCDOPQR*EFGH+,I-.J/012KL345678MNOPQRNone ,9;<=SMemory for aes-256-cbcTMemory for aes-192-cbcUMemory for aes-128-cbcV CBC decryptW CBC encrypt.XTranspose AES matrices.S;Implementation of 128-bit AES in CBC mode using Portable C.Y)128-bit AES in CBC mode using Portable C.ZThe encryption action.[The decryption action.T;Implementation of 192-bit AES in CBC mode using Portable C.\)192-bit AES in CBC mode using Portable C.]The encryption action.^The decryption action.U;Implementation of 256-bit AES in CBC mode using Portable C._)256-bit AES in CBC mode using Portable C.`The encryption action.aThe decryption action.!SbcdTefgUhijVWXSYZ[T\]^U_`aVWXYZ[STUSTUSbcdTefgUhijVWXSYZ[T\]^U_`aVWXYZ[5None,9;klmklmNone JKLMNOPQR NMLKJOPQR6NoneOPQOPQ7Safe nopqrstuvwxyzouvwxyz nopqrstuvwxyzNone\Raaz library version number.\ *+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a|}~      !"#*+,-./012345OPQ\\\{89:;<=>?@ABCDEFGHIJKKLMMNOPQRSTUVWXYZ[\]^_`aabbcdefghijklmnopqrstuv w x y z { | }!~!!!!!!!!!!""""""""""###%&&&&          '                                           ! " # $ % & ' ( ) * + , - . / 0 1(2(3(4(5)6789:;<=,>-?7@7ABCDEFGHIJKLMNO0P1Q7@7RSTUVWXYZ[\]^_`abbccdefghijklmnopqr4s4t4u4v4w4x4y4z4{|}~=`f!~!!!!!!!!!!!!!!!!!!!!!!!!!!!!""""""""###########&&&&&&&&&&  (((((2((((( ( ( ( ( ((((()6))))))******** !@+",>,#,$,%,&,'-?-(-)--*-+-,-../@.0/10P02030405061Q17118191:1;<==>@2?3@AB4C4D4E4F4G4H4I4J4K4L4M4N4O4P4Q4R4S4T4T4U4U4V4V4s4t4u4v4w4W4X4Y4Z4[4\4]4^4_4`4a4b4c4d4efghijklmnopqrstfuvgwxhyz5{5|5}7~777777777777!raaz-0.0.1-6xeNczKG6dKHuFGCJnCh2bRaaz.Core.Types Raaz.Core.DHRaaz.Core.MonoidalActionRaaz.Core.UtilRaaz.Core.EncodeRaaz.Core.Parse.ApplicativeRaaz.Core.WriteRaaz.Core.MemoryRaaz.Core.Primitives Raaz.CoreRaaz.Core.ByteSourceRaaz.Core.RandomRaaz.Hash.Internal Raaz.HashRaaz.Hash.Sha1'Raaz.Hash.Sha1.Implementation.CPortableRaaz.Hash.Sha224Raaz.Hash.Sha256)Raaz.Hash.Sha256.Implementation.CPortable)Raaz.Hash.Sha224.Implementation.CPortableRaaz.Hash.Sha384Raaz.Hash.Sha512)Raaz.Hash.Sha512.Implementation.CPortable)Raaz.Hash.Sha384.Implementation.CPortableRaaz.Cipher.InternalRaaz.Cipher.AES,Raaz.Cipher.AES.CBC.Implementation.CPortableRaazRaaz.Core.Types.DescribeRaaz.Core.Types.EqualityRaaz.Core.Types.PointerRaaz.Core.Util.ByteStringRaaz.Core.Types.EndianRaaz.Core.Encode.InternalRaaz.Core.Encode.Base16WUWriteRaaz.Core.Types.TupleRaaz.Core.ConstantsRaaz.Hash.Internal.HMACRaaz.Hash.Sha1.InternalRaaz.Hash.Sha.UtilRaaz.Hash.Sha1.RecommendationRaaz.Hash.Sha224.InternalRaaz.Hash.Sha256.InternalRaaz.Hash.Sha224.RecommendationRaaz.Hash.Sha256.RecommendationRaaz.Hash.Sha384.InternalRaaz.Hash.Sha512.InternalRaaz.Hash.Sha384.RecommendationRaaz.Hash.Sha512.RecommendationRaaz.Cipher.AES.InternalRaaz.Cipher.AES.Recommendation Raaz.Cipher Paths_raaz Describablename descriptionEqualityeqResult isSuccessful===oftenCorrectEqVectoreqVectorDHSecret PublicToken SharedSecret publicToken sharedSecretFieldMFieldFieldATwistRF DistributiveFSemiR DistributiveLActionF<<.>>LAction<.><++> semiRSpace semiRMonoidtwistFunctorValuetwistMonoidValue computeField liftToFieldM runFieldM$fDistributiveFmWrappedArrow$fLActionFmWrappedArrow$fApplicativeTwistRF$fFunctorTwistRF $fMonoidSemiRALIGNBITSBYTES LengthUnitinBytesPointerAligninBitsatLeastatMost bytesQuotRem bytesQuot bitsQuotRembitsQuotmovePtrbyteSize allocaBuffer allocaSecure mallocBufferhFillBufmemcpymemmovememsetlength replicateunsafeCopyToPointerunsafeNCopyToPointerwithByteStringfromByteStringStorable createFromBELE EndianStorestoreload storeAtIndexstoreAt loadFromIndexloadFrom littleEndian bigEndianFormatencodeByteString decodeFormat Encodable toByteStringfromByteStringunsafeFromByteStringencodedecode unsafeDecodeBase16 fromBase16 showBase16Parser parseError parseWidthunsafeRunParser parseStorableparseparseByteStringunsafeParseStorableVectorunsafeParseVectorparseStorableVector parseVector bytesToWrite unsafeWrite writeStorablewritewriteStorableVector writeVector writeByteswriteByteString skipWrite$fEncodableSemiR$fIsStringSemiR$fDistributiveSum(->)$fLActionSum(->)$fMonoidWriteMTuple dimensionunsafeFromListinitial MemoryCell Extractableextract Initialisable initialiseMemory memoryAlloc underlyingPtrAllocMemoryMMT MonadMemorysecurely insecurelyallocateexecute getMemorygetMemoryPointer withPointer liftSubMTrunMT pointerAlloc copyMemorymodify$fExtractableMemoryCella$fInitialisableMemoryCella$fMemoryMemoryCell $fMemory(,,,) $fMemory(,,) $fMemory(,)$fMonadMemoryMemoryM$fMonadIOMemoryM$fMonadMemoryM$fApplicativeMemoryM$fFunctorMemoryM$fMonadMemoryMT $fMonadIOMT $fMonadMT$fApplicativeMT $fFunctorMTBLOCKS Asymmetric PublicKey PrivateKey SymmetricKeyRecommendation recommended PrimitiveImplementation blockSizeblocksOf$fLengthUnitBLOCKS $fShowBLOCKS $fEqBLOCKS $fOrdBLOCKS $fEnumBLOCKS $fRealBLOCKS $fNumBLOCKS$fIntegralBLOCKSl1CachePureByteSourceInfiniteSource slurpBytes ByteSource fillBytes FillResult Remaining ExhaustedwithFillResultfillslurp processChunks$fPureByteSourceMaybe$fPureByteSource[]$fPureByteSourceByteString$fPureByteSourceByteString0$fByteSource[]$fByteSourceMaybe$fByteSourceByteString$fByteSourceByteString0$fByteSourceHandle$fFunctorFillResult SystemPRGRandomrandomPRGSeednewPRGreseed$fPRGSystemPRG$fInfiniteSourceSystemPRG $fRandom(,,) $fRandom(,) $fRandomBE $fRandomLE$fRandomWord64$fRandomWord32$fRandomWord16 $fRandomWord HashMemoryhashCellmessageLengthCellHashadditionalPadBlocks SomeHashIHashMHashI hashINamehashIDescriptioncompress compressFinal truncatedIhashhashFile hashSourcehash' hashFile' hashSource'completeHashing extractLength updateLength$fExtractableHashMemoryh$fInitialisableHashMemoryh$fMemoryHashMemory$fDescribableSomeHashI$fDescribableHashIHMAChmachmacFile hmacSourceSHA1implementationsha1sha1File sha1SourcehmacSha1 hmacSha1FilehmacSha1SourceSHA224SHA256 cPortable$fExtractableSHA224MemorySHA224$fInitialisableSHA224Memory()$fMemorySHA224Memorysha224 sha224File sha224Source hmacSha224hmacSha224FilehmacSha224Sourcesha256 sha256File sha256Source hmacSha256hmacSha256FilehmacSha256SourceSHA384SHA512$fExtractableSHA384MemorySHA384$fInitialisableSHA384Memory()$fMemorySHA384Memorysha384 sha384File sha384Source hmacSha384hmacSha384FilehmacSha384Sourcesha512 sha512File sha512Source hmacSha512hmacSha512FilehmacSha512SourceCipher SomeCipherICipherI cipherINamecipherIDescription encryptBlocks decryptBlocks CipherModeCBCCTRunsafeEncrypt' unsafeEncryptunsafeDecrypt' unsafeDecrypt$fDescribableSomeCipherI$fDescribableCipherI$fShowCipherMode$fEqCipherModeIVKEY256KEY192KEY128AES aes128cbc aes192cbc aes256cbc aes128ctr aes128cbcI aes192cbcI aes256cbcI$fInitialisableM256(,) $fMemoryM256$fInitialisableM192(,) $fMemoryM192$fInitialisableM128(,) $fMemoryM128versionghc-prim GHC.ClassesEqD:R:VectorResult0D:R:MVectorsResult0unResultV_Result MV_Result$fEqualityWord64$fEqualityWord32$fEqualityWord16$fEqualityWord8$fEqualityWord$fVectorVectorResult$fMVectorMVectorResult $fUnboxResult$fMonoidResultc_memcpybaseGHC.RealquotRemForeign.StorablesizeOfForeign.Marshal.Alloc allocaBytes mallocBytesGHC.IO.Handle.TexthGetBuf$fLActionSumPtrc_memset c_memmove c_munlockc_mlock$fLengthUnitBYTES$fLengthUnitALIGNbytestring-0.10.8.1Data.ByteString.Internal ByteStringpeekV_BEMV_BEV_LEMV_LE c_storeBE64 c_loadBE64 c_storeLE64 c_loadLE64 c_storeBE32 c_loadBE32 c_storeLE32 c_loadLE32$fVectorVectorBE$fMVectorMVectorBE$fVectorVectorLE$fMVectorMVectorLE D:R:VectorBE0D:R:MVectorsBE0 D:R:VectorLE0D:R:MVectorsLE0 $fUnboxBE $fUnboxLE$fEndianStoreBE$fEndianStoreLE$fEndianStoreBE0$fEndianStoreLE0$fEndianStoreWord8 Data.StringIsStringGHC.ShowShow$fFormatByteString$fEncodableBYTES$fEncodableBITS$fEncodableByteString $fEncodableBE$fEncodableBE0 $fEncodableLE$fEncodableLE0 fromStringshowunBase16hexhexDigittop4bot4 unsafeFromHex$fFormatBase16$fIsStringBase16 $fShowBase16$fEncodableBase16 undefParseStorable ParseAction BytesMonoid makeParser Data.Monoid<> WriteActionWriteM makeWriteunWriteMgetAgetParseDimension $fEqTupleunTuple dimensionP getTupFromP$fEndianStoreTuple$fStorableTuple$fEqualityTupleGHC.Base ApplicativeRunnerControl.Monad.IO.ClassliftIO makeAlloc withMemorywithSecureMemorywithCell unMemoryCell AllocField ALIGNMonoid unMemoryMunMTHMACKeyhmac' hmacFile'$fIsStringHMACKeyunHMACunKey hmacAdjustKey hmacSource'$fSymmetricHMAC$fRecommendationHMAC$fPrimitiveHMAC $fShowHMAC $fShowHMACKey$fEncodableHMACKey$fRandomHMACKey$fEndianStoreHMACKey$fStorableHMACKey $fHashSHA1$fPrimitiveSHA1$fInitialisableHashMemory() $fShowSHA1$fIsStringSHA1$fEncodableSHA1 CompressorshaImplementation shaCompressshaCompressFinal length64Writelength128Write paddedMesg portableCc_sha1_compress$fRecommendationSHA1 $fHashSHA224$fPrimitiveSHA224 $fShowSHA224$fIsStringSHA224$fEncodableSHA224 $fHashSHA256$fPrimitiveSHA256 $fShowSHA256$fIsStringSHA256$fEncodableSHA256c_sha256_compress SHA224Memory unSHA224Mem$fRecommendationSHA224$fRecommendationSHA256 $fHashSHA384$fPrimitiveSHA384 $fShowSHA384$fIsStringSHA384$fEncodableSHA384 $fHashSHA512$fPrimitiveSHA512 $fShowSHA512$fIsStringSHA512$fEncodableSHA512c_sha512_compress SHA384Memory unSHA384Mem$fRecommendationSHA384$fRecommendationSHA512 makeCopyRunCipherMTUPLEWORD pokeAndExpand$fSymmetricAES$fPrimitiveAES$fSymmetricAES0$fPrimitiveAES0$fSymmetricAES1$fPrimitiveAES1$fShowIV $fIsStringIV $fShowKEY256$fIsStringKEY256 $fShowKEY192$fIsStringKEY192 $fShowKEY128$fIsStringKEY128EKEY256EKEY192EKEY128c_expand$fInitialisableMemoryCellKEY256$fInitialisableMemoryCellKEY192$fInitialisableMemoryCellKEY128 $fCipherAES $fCipherAES0 $fCipherAES1 $fRandomIV $fEncodableIV$fRandomKEY256$fRandomKEY192$fRandomKEY128$fEncodableKEY256$fEncodableKEY192$fEncodableKEY128M256M192M128 c_aes_cbc_d c_aes_cbc_e c_transposecbc128CPortable cbc128Encrypt cbc128Decryptcbc192CPortable cbc192Encrypt cbc192Decryptcbc256CPortable cbc256Encrypt cbc256Decryptm256ekeym256ivm192ekeym192ivm128ekeym128iv$fRecommendationAES$fRecommendationAES0$fRecommendationAES1catchIObindirlibdirdatadir libexecdir sysconfdir getBinDir getLibDir getDataDir getLibexecDir getSysconfDirgetDataFileName