`s}      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      6 Safe-InferredAThis class captures all types that have some sort of description  attached to it. &Short name that describes the object. Longer description None7In a cryptographic setting, naive equality checking is @ dangerous. This class is the timing safe way of doing equality D checking. The recommended method of defining equality checking for 1 cryptographically sensitive data is as follows.   Define an instance of . * Make use of the above instance to define  instance as follows.  data SomeSensitiveType = ...  + instance Equality SomeSensitiveType where  eq a b = ...  % instance Eq SomeSensitiveType where  (==) a b = a === b ]The result of a comparison. This is an opaque type and the monoid instance essentially takes . AND of two comparisons in a timing safe way. :Checks whether a given equality comparison is successful. 9Check whether two values are equal using the timing safe  / function. Use this function when defining the  instance for a  Sensitive data type. 9Timing independent equality checks for vector of values. Do not C use this to check the equality of two general vectors in a timing  independent manner (use  instead) because:  2 They do not work for vectors of unequal lengths, % They do not work for empty vectors. ?The use case is for defining equality of data types which have 6 fixed size vector quantities in it. Like for example  import Data.Vector.Unboxed * newtype Sha1 = Sha1 (Vector (BE Word32))   instance Eq Sha1 where 6 (==) (Sha1 g) (Sha1 h) = oftenCorrectEqVector g h  ATiming independent equality checks for vectors. If you know that @ the vectors are not empty and of equal length, you may use the  slightly faster   !"#$% !"#$% Safe-Inferred @The DH (Diffie-Hellman) typeclass provides an interface for key  exchanges.  / represents the secret generated by each party  & known only to itself.   represents the token  generated from the  # which is sent to the other party.   0 represents the common secret generated by both - parties from the respective public tokens.   takes the F generator of the group and a secret and generates the public token.  7 takes the generator of the group, secret of one party G and public token of the other party and generates the shared secret.      NoneA monadic arrow field. AA field where the underlying arrow is the (->). This is normally  what we call a field. @A field on the space is a function from the points in the space 7 to some value. Here we define it for a general arrow. 7The twisted functor is essentially a generalisation of . semi-direct product to applicative functors. 4The generalisation of distributivity to applicative < functors. This generalisation is what allows us to capture D applicative functors like parsers. For an applicative functor, and < a monoid acting uniformly on it, we say that the action is 3 distributive if the following laws are satisfied: ? m <<.>> (pure a) = pure a -- pure values are stoic : m <<.>> (a <*> b) = (m <<.>> a) <*> (m <<.>> b) -- dist =The semidirect product Space " Monoid. For monoids acting on D monoidal spaces distributively the semi-direct product is itself a D monoid. It turns out that data serialisers can essentially seen as  a semidirect product. BA left-monoid action on a monoidal-space, i.e. the space on which ( the monoid acts is itself a monoid, is  distributive if it  satisfies the law:  ) a <.> p <> q = (a <.> p) <> (a <.> q). )The above law implies that every element m is a monoid  homomorphism. >Uniform action of a monoid on a functor. The laws that should  be satisfied are:  1 <<.>> fx = fx ' (a <> b) <<.>> fx = a . (b <<.>> fx) ; m <<.>> fmap f u = fmap f (m <<.>> u) -- acts uniformly  A monoid m0 acting on the left of a space. Think of a left C action as a multiplication with the monoid. It should satisfy the  law: 1 1 <.> p = p -- identity = a <> b <.> p = a <.> b <.> p -- successive displacements An alternate symbol for  & more useful in the additive context. AFrom the an element of semi-direct product Space " Monoid return  the point. AFrom the an element of semi-direct product Space " Monoid return  the monoid element. "Get the underlying functor value. !Get the underlying monoid value. !<Compute the value of a field at a given point in the space. "!Lift a monadic action to FieldM. #4Runs a monadic field at a given point in the space. &;The action on the space translates to the action on field.  !"#'&()* !"# !#" !"#'&()*None%Type safe lengths/offsets in units of bits. 'Type safe lengths/offsets in units of bytes. )BIn cryptographic settings, we need to measure pointer offsets and > buffer sizes in different units. To avoid errors due to unit C conversions, we distinguish between different length units at the C type level. This type class capturing such types, i.e. types that  stand of length units. *#Express the length units in bytes. +4The pointer type used by all cryptographic library. ,9A type whose only purpose in this universe is to provide  alignment safe pointers. +<Some common PTR functions abstracted over type safe length. -"Express the length units in bits. .Express length unit src in terms of length unit dest rounding  upwards. /Express length unit src in terms of length unit dest rounding  downwards. 0A length unit u. is usually a multiple of bytes. The function  0 is like , : the value byteQuotRem bytes is  a tuple (x,r), where x is bytes expressed in the unit u  with r being the reminder. 1Function similar to 0 but returns only the quotient. 2Function similar to 0 but works with bits instead. 3Function similar to 2 but returns only the quotient. 5 Similar to -, but returns the length in type safe units. 6The expression allocaBuffer l action allocates a local buffer  of length l# and passes it on to the IO action action. No = explicit freeing of the memory is required as the memory is D allocated locally and freed once the action finishes. It is better  to use this function than . as it does type safe A scaling. This function also ensure that the allocated buffer is  word aligned. 7#This function allocates a chunk of secure memory of a given E size and runs the action. The memory (1) exists for the duration of E the action (2) will not be swapped during that time and (3) will be ? wiped clean and deallocated when the action terminates either A directly or indirectly via errors. While this is mostly secure, E there can be strange situations in multi-threaded application where 7 the memory is not wiped out. For example if you run a C crypto-sensitive action inside a child thread and the main thread B gets exists, then the child thread is killed (due to the demonic E nature of haskell threads) immediately and might not give it chance A to wipe the memory clean. This is a problem inherent to how the  bracket) combinator works inside a child thread. (TODO: File this insecurity in the wiki. 89Creates a memory of given size. It is better to use over  / as it uses typesafe length. 9 A version of 0- which works for any type safe length units. :Copy between pointers. ;Move between pointers. <7Sets the given number of Bytes to the specified value. 1-The most interesting monoidal action for us. #$2%&'()*+,345+67-./0123456buffer length the action to run 78buffer length 9:Dest Src Number of Bytes to copy ;Dest Src Number of Bytes to copy <Target Value byte to set Number of bytes to set 189$%&'()*+,-./0123456789:;<$2%&'()*+,345+67-./0123456789:;<189 None=!A typesafe length for Bytestring >!A type safe version of replicate ?BCopy the bytestring to the crypto buffer. This operation leads to E undefined behaviour if the crypto pointer points to an area smaller # than the size of the byte string. @ Similar to ? but takes an additional input  n= which is the number of bytes (expressed in type safe length D units) to transfer. This operation leads to undefined behaviour if ' either the bytestring is shorter than n or the crypto pointer  points to an area smaller than n. A2Works directly on the pointer associated with the  :4. This function should only read and not modify the  contents of the pointer. B(Get the value from the bytestring using ;. CThe IO action createFrom n cptr! creates a bytestring by copying  n bytes from the pointer cptr. =>? The source. The destination. @length of data to be copied The source byte string  The buffer ABC=>?@ABC=>?@ABC!None D$Big endian version of the word type w E'Little endian version of the word type w FAThis class is the starting point of an endian agnostic interface D to basic cryptographic data types. Endianness only matters when we B first load the data from the buffer or when we finally write the ? data out. Any multi-byte type that are meant to be serialised / should define and instance of this class. The H and G 9 should takes care of the appropriate endian conversion. G=Store the given value at the locating pointed by the pointer H9Load the value from the location pointed by the pointer. IStore the given value as the n-th element of the array  pointed by the crypto pointer. J@Store the given value at an offset from the crypto pointer. The % offset is given in type safe units. K Load the n5-th value of an array pointed by the crypto pointer. LBLoad from a given offset. The offset is given in type safe units. M&Convert to the little endian variant. N$Convert to the big endian variants. D<E=FGthe location. value to store H>?@ABCDEI(the pointer to the first element of the  array the index of the array the value to store J the pointer /the absolute offset in type safe length units. value to store K$the pointer to the first element of  the array the index of the array L the pointer  the offset MNFGHIJKLMNOP DEFGHIJKLMND<E=FGH>?@ABCDEIJKLMNFGHIJKLMNOP"NoneO<A binary format is a representation of binary data often in B printable form. We distinguish between various binary formats at E the type level and each supported format corresponds to an instance  of the the class O. The P and  Q" are required to satisfy the laws  & decodeFormat . encodeByteString = id CFor type safety, the formats themselves are opaque types and hence C it is not possible to obtain the underlying binary data directly. 8 We require binary formats to be instances of the class R,  with the combinators S and T of the  R4 class performing the actual encoding and decoding.  Instances of O! are required to be instances of Q and so > that the encoded format can be easily printed. They are also  required to be instances of R so that they can be easily ) represented in Haskell source using the OverloadedStrings A extension. However, be careful when using this due to the fact 4 that invalid encodings can lead to runtime errors. P>Encode binary data into the format. The return type gurantees ; that any binary data can indeed be encoded into a format. Q+Decode the format to its associated binary ? representation. Notice that this function always succeeds: we " assume that elements of the type fmt are valid encodings and  hence the return type is : instead of S  ByteString. RThe type class R$ captures all the types that can be 6 encoded into a stream of bytes. By making a type say Foo an  instance of the R# class, we get for free methods to B encode it in any of the supported formats (i.e. instances of the  class O). .Minimum complete definition for this class is S and  T. Instances of F have default C definitions for both these functions and hence a trivial instance + declaration is sufficient for such types.   instance Encodable Foo  SConvert stuff to bytestring T6Try parsing back a value. Returns nothing on failure. UUnsafe version of T T@Bytestring itself is an encoding format (namely binary format). OPQRSTUTUVWXYZ[OPQRSTU OPQRSTUTUVWXYZ[#NoneV?The type corresponding to base-16 or hexadecimal encoding. The  V4 encoding has a special place in this library: most  cryptographic types use V encoding for their Q and  R instance. The combinators W and X 4 are exposed mainly to make these definitions easy. WBase16 variant of \. Useful in definition of  R1 instances as well as in cases where the default  R1 instance does not parse from a base16 encoding. XBase16 variant of ]. V^_`abcdWXefghVWX V^_`abcdWXefgh$NoneY=The type corresponding to the standard padded base-64 binary  encoding. iEncoding word. Yjklmnopqrstuviwxyz{|}~YYjklmnopqrstuviwxyz{|}~None Z<An applicative parser type for reading data from a pointer. [0A parser that fails with a given error message. \-Return the bytes that this parser will read. ]8Run the parser without checking the length constraints. BThe primary purpose of this function is to satisfy type checkers. ^BParses a value which is an instance of Storable. Beware that this C parser expects that the value is stored in machine endian. Mostly  it is useful in defining the ; function in a complicated   instance. _9Parse a crypto value. Endian safety is take into account B here. This is what you would need when you parse packets from an 6 external source. You can also use this to define the H  function in a complicated F instance. `.Parses a strict bytestring of a given length. a Similar to parseStorableVector but is expected to be slightly ; faster. It does not check whether the length parameter is E non-negative and hence is unsafe. Use it only if you can prove that ' the length parameter is non-negative. b Similar to  parseVector but is expected to be slightly ; faster. It does not check whether the length parameter is E non-negative and hence is unsafe. Use it only if you can prove that ' the length parameter is non-negative. c Similar to d" but parses according to the host > endian. This function is essentially used to define storable A instances of complicated data. It is unlikely to be of use when D parsing externally serialised data as one would want to keep track  of the endianness of the data. dAParses a vector of elements. It takes care of the correct endian @ conversion. This is the function to use while parsing external  data. Z[\]^_`abcd Z[\]^_`abcd Z\[]_^dcba`Z[\]^_`abcdNone=>?@ABC=>BCA?@NoneeEncode in a given format. f@Decode from a given format. It results in Nothing if there is a  parse error. gThe unsafe version of f. h&Translate from one format to another. efghOPQRSTUVWXYefghRSTUOPQefhgVWXYefghNone i/A write is an action which when executed using runWrite writes 1 bytes to the input buffer. It is similar to the %& type  exposed from the Raaz.Write.Unsafe module except that it keeps E track of the total bytes that would be written to the buffer if the  action is run. The runWrite# action will raise an error if the 0 buffer it is provided with is of size smaller. i s are monoid ( and hence can be concatnated using the  operator. >A write action is nothing but an IO action that returns () on  input a pointer. The monoid for write. Create a write action. jKReturns the bytes that will be written when the write action is performed. k-Perform the write action without any checks. lThe expression l a gives a write action that  stores a value a* in machine endian. The type of the value a has  to be an instance of #. This should be used when we want D to talk with C functions and not when talking to the outside world B (otherwise this could lead to endian confusion). To take care of  endianness use the m combinator. mThe expression m a$ gives a write action that stores a  value a". One needs the type of the value a to be an instance of  F3. Proper endian conversion is done irrespective of A what the machine endianness is. The man use of this write is to : serialize data for the consumption of the outside world. nThe vector version of l. oThe vector version of m. pThe combinator writeBytes n b writes b as the next n  consecutive bytes. qWrites a strict bytestring. r5A write action that just skips over the given bytes. ijklmnopqr ijklmnopqr ijkmlonpqrijklmnopqr'NonesDTuples that encode their length in their types. For tuples, we call  the length its dimension (Function to make the type checker happy t@Function that returns the dimension of the tuple. The dimension ? is calculated without inspecting the tuple and hence the term  t (undefined :: Tuple 5 Int) will evaluate to 5. Get the dimension to parser u?Construct a tuple out of the list. This function is unsafe and A will result in run time error if the list is not of the correct  dimension. vFComputes the initial fragment of a tuple. No length needs to be given " as it is infered from the types. "Equality checking is timing safe. stuvstuv stuvNone1$%&'()*+,-./0123456789:;<DEFGHIJKLMNstuv1FGHEDMNJILK+)*4'(%&$,-2031./67895<;:stvuNonew2A memory location to store a value of type having   instance. |=Any cryptographic primitives use memory to store stuff. This @ class abstracts all types that hold some memory. Cryptographic C application often requires securing the memory from being swapped E out (think of memory used to store private keys or passwords). This A abstraction supports memory securing. If your platform supports E memory locking, then securing a memory will prevent the memory from @ being swapped to the disk. Once secured the memory location is - overwritten by nonsense before being freed. &While some basic memory elements like w are exposed from D the library, often we require compound memory objects built out of  simpler ones. The  instance of the  can be made C use of in such situation to simplify such instance declaration as > illustrated in the instance declaration for a pair of memory  elements. : instance (Memory ma, Memory mb) => Memory (ma, mb) where  8 memoryAlloc = (,) <$> memoryAlloc <*> memoryAlloc  . underlyingPtr (ma, _) = underlyingPtr ma }&Returns an allocator for this memory. ~.Returns the pointer to the underlying buffer. 'A memory allocator for the memory type mem. The   instance of Alloc& can be used to build allocations for 0 complicated memory elements from simpler ones. 6A memory action that uses some sort of memory element  internally. #A runner of a memory state thread. An action of type  mem a# is an action that uses internally " a a single memory object of type mem and returns a result of type  a?. All the actions are performed on a single memory element and 8 hence the side effects persist. It is analogues to the ST  monad. BA class that captures monads that use an internal memory element. Any instance of  can be executed  in which : case all allocations are performed from a locked pool of ? memory. which at the end of the operation is also wiped clean  before deallocation. >Systems often put tight restriction on the amount of memory a A process can lock. Therefore, secure memory is often to be used & judiciously. Instances of this class should also implement the  the combinator $ which allocates all memory from an  unlocked memory pool. &This library exposes two instances of    Memory threads captured by the type , which are a sequence 1 of actions that use the same memory element and  Memory actions captured by the type . WARNING: Be careful with . CThe rule of thumb to follow is that the action being lifted should C itself never unlock any memory. In particular, the following code  is bad because the $ action unlocks some portion of the  memory after foo is executed.    liftIO $ securely $ foo  -On the other hand the following code is fine   ( liftIO $ insecurely $ someMemoryAction   Whether an IO2 action unlocks memory is difficult to keep track ; of; for all you know, it might be a FFI call that does an   memunlock. AAs to why this is dangerous, it has got to do with the fact that  mlock and munlock! do not nest correctly. A single munlock can  unlock multiple calls of mlock on the same page. BPerform the memory action where all memory elements are allocated C locked memory. All memory allocated will be locked and hence will E never be swapped out by the operating system. It will also be wiped  clean before releasing. DMemory locking is an expensive operation and usually there would be B a limit to how much locked memory can be allocated. Nonetheless, D actions that work with sensitive information like passwords should # use this to run an memory action. 8Perform the memory action where all memory elements are A allocated unlocked memory. Use this function when you work with E data that is not sensitive to security considerations (for example, . when you want to verify checksums of files). Given an memory thread 0Run a given memory action in the memory thread. 2Get the pointer associated with the given memory. ?Work with the underlying pointer of the memory element. Useful # while working with ffi functions. 5Compound memory elements might intern be composed of ' sub-elements. Often one might want to lift the memory thread for D a sub-element to the compound element. Given a sub-element of type  mem'; which can be obtained from the compound memory element of  type mem using the projection proj, liftSubMT proj lifts the = a memory thread of the sub element to the compound element. 1Run the memory thread to obtain a memory action. +Make an allocator for a given memory type. Allocates a buffer of size l( and returns the pointer to it pointer. ?Copy data from a given memory location to the other. The first E argument is destionation and the second argument is source to match ) with the convention followed in memcpy. =Perform an action which makes use of this memory. The memory @ allocated will automatically be freed when the action finishes @ either gracefully or with some exception. Besides being safer, < this method might be more efficient as the memory might be @ allocated from the stack directly and will have very little GC  overhead.  Similar to ' but allocates a secure memory for the B action. Secure memories are never swapped on to disk and will be C wiped clean of sensitive data after use. However, be careful when C using this function in a child thread. Due to the daemonic nature @ of Haskell threads, if the main thread exists before the child ? thread is done with its job, sensitive data can leak. This is C essentially a limitation of the bracket which is used internally. @Perform some pointer action on MemoryCell. Useful while working  with ffi functions. BApply the given function to the value in the cell. For a function  f :: b -> a,  the action modify f first extracts a value of type b from the  memory element, applies f) to it and puts the result back into the  memory. % modify f = do b <- extract ! initialise $ f b 5wxyz{|}~%Projection from the compound element  to sub-element "Memory thread of the sub-element.  Destination Source wxyz{|}~|}~wz{xy)wxyz{|}~ None >Type safe message length in units of blocks of the primitive. ? When dealing with buffer lengths for a primitive, it is often # better to use the type safe units . Functions in the raaz A package that take lengths usually allow any type safe length as A long as they can be converted to bytes. This can avoid a lot of . tedious and error prone length calculations. An asymmetric primitive. The public key The private key ;A symmetric primitive. An example would be primitives like  Ciphers, HMACs etc. The key for the primitive. 4Primitives that have a recommended implementations. 2The recommended implementation for the primitive. =The type class that captures an abstract block cryptographic C primitive. Bulk cryptographic primitives like hashes, ciphers etc D often acts on blocks of data. The size of the block is captured by  the member . BAs a library, raaz believes in providing multiple implementations , for a given primitive. The associated type  , captures implementations of the primitive.  There is a reference implementation where the emphasis is on D correctness rather than speed or security. They are used to verify ; the correctness of the other implementations for the same ; primitive. Apart from this, for production use, we have a  recommended implementation. 8Associated type that captures an implementation of this  primitive. The block size. The expression n  p" specifies the message lengths in , units of the block length of the primitive p. This expression is 4 sometimes required to make the type checker happy.  (NoneSTypical size of L1 cache. Used for selecting buffer size etc in crypto operations.  None ?A byte source src is pure if filling from it does not have any B other side effect on the state of the byte source. Formally, two B different fills form the same source should fill the buffer with D the same bytes. This additional constraint on the source helps to  purify< certain crypto computations like computing the hash or mac $ of the source. Usualy sources like : etc are pure byte 1 sources. A file handle is a byte source that is not a pure  source. @Never ending stream of bytes. The reads to the stream might get A delayed but it will always return the number of bytes that were  asked for. BAbstract byte sources. A bytesource is something that you can use  to fill a buffer.  Fills a buffer from the source. 3This type captures the result of a fill operation. source exhausted with so much  bytes read.  the buffer is filled completely $Combinator to handle a fill result. >A version of fillBytes that takes type safe lengths as input. :A version of slurp that takes type safe lengths as input. ;Process data from a source in chunks of a particular size. bytes to read, the source to fill from, the buffer source to fill.  Buffer size The source to fill. Buffer pointer stuff to do when filled stuff to do when exhausted the fill result to process   None@The system wide pseudo-random generator. The source is expected = to be of high quality, albeit a bit slow due to system call D overheads. It is expected that this source is automatically seeded @ from the entropy pool maintained by the platform. Hence, it is = neither necessary nor possible to seed this generator which 0 reflected by the fact that the associated type    is the unit type (). :Stuff that can be generated by a pseudo-random generator. BThe class that captures pseudo-random generators. Essentially the ? a pseudo-random generator (PRG) is a byte sources that can be  seeded. 4Associated type that captures the seed for the PRG. 'Creates a new pseudo-random generators Re-seeding the prg.   None$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYefghstuvwxyz{|}~ None=Computing cryptographic hashes usually involves chunking the B message into blocks and compressing one block at a time. Usually B this compression makes use of the hash of the previous block and B the length of the message seen so far to compressing the current B block. Most implementations therefore need to keep track of only E hash and the length of the message seen so. This memory can be used  in such situations. Cell to store the hash Cell to store the length +Type class capturing a cryptographic hash. ?Cryptographic hashes can be computed for messages that are not < a multiple of the block size. This combinator computes the < maximum size of padding that can be attached to a message. 7Some implementation of a given hash. The existentially A quantification allows us freedom to choose the best memory type $ suitable for each implementations. <The constraints that a memory used by a hash implementation  should satisfy. ;The Hash implementation. Implementations should ensure the  following.   The action compress impl ptr blks should only read till the  blks2 offset starting at ptr and never write any data.  The action padFinal impl ptr byts should touch at most  #byts/blocksize# + padBlocks# blocks starting at ptr. It should  not write anything till the byts offset but may write stuff  beyond that. DAn easy to remember this rule is to remember that computing hash of * a payload should not modify the payload. compress the blocks, !pad and process the final bytes, ?Certain hashes are essentially bit-truncated versions of other E hashes. For example, SHA224 is obtained from SHA256 by dropping the C last 32-bits. This combinator can be used build an implementation ? of truncated hash from the implementation of its parent hash. -Compute the hash of a pure byte source like, :. Compute the hash of file. +Compute the hash of a generic byte source.  Similar to 0 but the user can specify the implementation to  use. Similar to hashFile'- but the user can specify the implementation  to use.  Similar to  hashSource but the user can specify the  implementation to use. @Gives a memory action that completes the hashing procedure with E the rest of the source. Useful to compute the hash of a source with + some prefix (like in the HMAC procedure). 1Extract the length of the message hashed so far. -Update the message length by a given amount. Message File to be hashed Message Implementation the message as a byte source. Implementation File to be hashed )NoneBThe HMAC associated to a hash value. The HMAC type is essentially C the underlying hash type wrapped inside a newtype. Therefore, the  & instance for HMAC is essentially the  instance for the @ underlying hash. It is safe against timing attack provided the 9 underlying hash comparison is safe under timing attack. AThe HMAC key type. The HMAC keys are usually of size at most the C block size of the associated hash, although the hmac construction @ allows using keys arbitrary size. Using keys of small size, in E particular smaller than the size of the corresponding hash, can can  compromise security.  == A note on Q and R instances of keys. 6As any other cryptographic type HMAC keys also have a R  and Q4 instance which is essentially the key expressed in C base16. Keys larger than the block size of the underlying hashes A are shortened by applying the appropriate hash. As a result the  ] and \% need not be inverses of each other. -Compute the hash of a pure byte source like, :. Compute the hash of file. +Compute the hash of a generic byte source. -Compute the hash of a pure byte source like, :. Compute the hash of file. %Base16 representation of the string.  the key. Message File to be hashed Message Message File to be hashed  *NoneThe cryptographic hash SHA1. +None0The type alias for the raw compressor function. BCreates an implementation for a sha hash given the compressor and  the length writer. <The generic compress function for the sha family of hashes. &The compressor for the last function. 'The length encoding that uses 64-bits. (The length encoding that uses 128-bits. The padding to be used The buffer to compress !The number of blocks to compress $The cell memory containing the hash Name  Description raw compress function. buffer pointer number of blocks the length writer the raw compressor  the buffer the message length The length encoding  The hash The message length None'The portable C implementation of SHA1. ,NoneNone(Compute the sha1 hash of an instance of . Use C this for computing the sha1 hash of a strict or lazy byte string. !Compute the sha1 hash of a file. 0Compute the sha1 hash of a general byte source. 9Compute the message authentication code using hmac-sha1. 4Compute the message authentication code for a file. BCompute the message authetication code for a generic byte source. -None2Sha224 hash value which consist of 7 32bit words. .NoneThe Sha256 hash value. None)The portable C implementation of SHA256.   None)The portable C implementation of SHA224.         /NoneNone*Compute the sha224 hash of an instance of . Use E this for computing the sha224 hash of a strict or lazy byte string. #Compute the sha224 hash of a file. 2Compute the sha224 hash of a general byte source. ;Compute the message authentication code using hmac-sha224. 4Compute the message authentication code for a file. BCompute the message authetication code for a generic byte source.  Key to use  pure source whose hmac is to be  computed  Key to use "File whose hmac is to be computed 0NoneNone*Compute the sha256 hash of an instance of . Use E this for computing the sha256 hash of a strict or lazy byte string. #Compute the sha256 hash of a file. 2Compute the sha256 hash of a general byte source. ;Compute the message authentication code using hmac-sha256. 4Compute the message authentication code for a file. BCompute the message authetication code for a generic byte source.  Key to use  pure source whose hmac is to be  computed  Key to use "File whose hmac is to be computed 1NoneThe Sha384 hash value. 2NoneAThe Sha512 hash value. Used in implementation of Sha384 as well. None)The portable C implementation of SHA512.   None)The portable C implementation of SHA384. !"#$%&'!"#$%&'3None((None*Compute the sha384 hash of an instance of . Use E this for computing the sha384 hash of a strict or lazy byte string. #Compute the sha384 hash of a file. 2Compute the sha384 hash of a general byte source. ;Compute the message authentication code using hmac-sha384. 4Compute the message authentication code for a file. BCompute the message authetication code for a generic byte source.  Key to use  pure source whose hmac is to be  computed  Key to use "File whose hmac is to be computed 4None))None*Compute the sha512 hash of an instance of . Use E this for computing the sha512 hash of a strict or lazy byte string. #Compute the sha512 hash of a file. 2Compute the sha512 hash of a general byte source. ;Compute the message authentication code using hmac-sha512. 4Compute the message authentication code for a file. BCompute the message authetication code for a generic byte source.  Key to use  pure source whose hmac is to be  computed  Key to use "File whose hmac is to be computed None+None ?Some implementation of a block cipher. This type existentially 8 quantifies over the memory used in the implementation. &The implementation of a block cipher. *The underlying block encryption function. *The underlying block decryption function. Block cipher modes. Counter Cipher-block chaining Encrypt the given :". This function is unsafe because ( it only works correctly when the input : is of length 8 which is a multiple of the block length of the cipher. ?Encrypt using the recommended implementation. This function is 7 unsafe because it only works correctly when the input : E is of length which is a multiple of the block length of the cipher. *&Make a copy and run the given action. Decrypts the given :". This function is unsafe because ( it only works correctly when the input : is of length 8 which is a multiple of the block length of the cipher. ?Decrypt using the recommended implementation. This function is 7 unsafe because it only works correctly when the input : E is of length which is a multiple of the block length of the cipher. +The cipher to use The implementation to use The key to use The string to encrypt.  The cipher The key to use The string to encrypt *The cipher to use The implementation to use The key to use The string to encrypt.  The cipher The key to use The string to encrypt ,- +*,-5NoneThe IV used by the CBC mode. Key used for AES-128 Key used for AES-128  Key used for AES-128 .A tuple of AES words. /The basic word used in AES.  AThe type associated with AES ciphers. Raaz provides AES variants @ with key lengths 128, 192 and 256. The key types for the above , ciphers in cbc mode are given by the types ( , IV),  (, IV) (, IV) respectively.  128-bit aes cipher in  mode.  128-bit aes cipher in  mode.  128-bit aes cipher in  mode. $Smart constructors for AES 128 ctr. 01Poke a key and expand it with the given routine. 1Key is (,) pair. 2$The 256-bit aes cipher in cbc mode. 3Key is (,) pair. 4$The 192-bit aes cipher in cbc mode. 5Key is ( ,) pair. 6$The 128-bit aes cipher in cbc mode. 7 Shown as a its base16 encoding. 8Expects in base16. 9Shows in base 16 :Expects in base 16 ;Shows in base 16 <Expects in base 16 =Shows in base 16 >Expects in base 16 4?@ABCDEFG H./ IJ   0 key to poke expansion algorithm buffer pointer. KLMN12O34P5678QR9:;<=>STUVWX ?AC  I   ,?@ABCDEFG H./ IJ   0KLMN12O34P5678QR9:;<=>STUVWXNoneYMemory for aes-256-cbc ZMemory for aes-192-cbc [Memory for aes-128-cbc \ CBC decrypt ] CBC encrypt. ^Transpose AES matrices. <Implementation of 128-bit AES in CBC mode using Portable C. _*128-bit AES in CBC mode using Portable C. `The encryption action. aThe decryption action. <Implementation of 192-bit AES in CBC mode using Portable C. b*192-bit AES in CBC mode using Portable C. cThe encryption action. dThe decryption action. <Implementation of 256-bit AES in CBC mode using Portable C. e*256-bit AES in CBC mode using Portable C. fThe encryption action. gThe decryption action. !YhijZklm[nop\]^_`abcdefgqrstuvYhijZklm[nop\]^_`abcdefgqrstuv6NonewxywxyNone            7None      8 Safe-Inferred z{|}~{ z{|}~NoneRaaz library version number. $%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYefghstuvwxyz{|}~   9:;<=>?@ABCDEFGHIJKKLMMNOPQRSTUVWXYZ[\\]]^_`abcdefghijklmnopq r s t u v w x!y!z!{!|!}!~!!!!!"""""""###$&''''          (                   ))))*-.     12 !"##$$%&'()*+,-./5051525354555657589:;<=>?@>ABCDEFGHIJKLMNOPQRSTUVWXYWZ[W\]W\^W_`a[abcdefghijWZk!y!z!l!m!n!o!p!q!r!s!t!u!v!w!x!y!z!{!|!}!~WWW""""""""WW###########$$$$$$$$$$$$$$$$$$$$$$$$WZW''''''''''W                            )))))))))))) ) ) ) ) )))*******++++++++, --!-"-#-$-%..&.'..(.).*+,,-./0/102113141516172282292:2;2<=>>?@AB3C4DEFGH5I5J5K5L5M5N5O5P5Q5R5S5T5U5V5W5X5Y5Z5Z5[5[5\5\50515253545]5^5_5`5a5b5c5d5e5f5g5h5i5j5klmnopqrstuvwxyzl{|m}~n66688<88888888888 raaz-0.0.2Raaz.Core.Types Raaz.Core.DHRaaz.Core.MonoidalActionRaaz.Core.UtilRaaz.Core.EncodeRaaz.Core.Parse.ApplicativeRaaz.Core.WriteRaaz.Core.MemoryRaaz.Core.Primitives Raaz.CoreRaaz.Core.ByteSourceRaaz.Core.RandomRaaz.Hash.Internal Raaz.HashRaaz.Hash.Sha1'Raaz.Hash.Sha1.Implementation.CPortableRaaz.Hash.Sha224Raaz.Hash.Sha256)Raaz.Hash.Sha256.Implementation.CPortable)Raaz.Hash.Sha224.Implementation.CPortableRaaz.Hash.Sha384Raaz.Hash.Sha512)Raaz.Hash.Sha512.Implementation.CPortable)Raaz.Hash.Sha384.Implementation.CPortableRaaz.Cipher.InternalRaaz.Cipher.AES,Raaz.Cipher.AES.CBC.Implementation.CPortableRaazRaaz.Core.Types.DescribeRaaz.Core.Types.EqualityRaaz.Core.Types.PointerRaaz.Core.Util.ByteStringRaaz.Core.Types.EndianRaaz.Core.Encode.InternalRaaz.Core.Encode.Base16Raaz.Core.Encode.Base64WUWriteRaaz.Core.Types.TupleRaaz.Core.ConstantsRaaz.Hash.Internal.HMACRaaz.Hash.Sha1.InternalRaaz.Hash.Sha.UtilRaaz.Hash.Sha1.RecommendationRaaz.Hash.Sha224.InternalRaaz.Hash.Sha256.InternalRaaz.Hash.Sha224.RecommendationRaaz.Hash.Sha256.RecommendationRaaz.Hash.Sha384.InternalRaaz.Hash.Sha512.InternalRaaz.Hash.Sha384.RecommendationRaaz.Hash.Sha512.RecommendationRaaz.Cipher.AES.InternalRaaz.Cipher.AES.Recommendation Raaz.Cipher Paths_raaz Describablename descriptionEqualityeqResult===oftenCorrectEqVectoreqVectorDHSecret PublicToken SharedSecret publicToken sharedSecretFieldMFieldFieldATwistRF DistributiveFSemiR DistributiveLActionF<<.>>LAction<.><++> semiRSpace semiRMonoidtwistFunctorValuetwistMonoidValue computeField liftToFieldM runFieldMALIGNBITSBYTES LengthUnitinBytesPointerAligninBitsatLeastatMost bytesQuotRem bytesQuot bitsQuotRembitsQuotmovePtrbyteSize allocaBuffer allocaSecure mallocBufferhFillBufmemcpymemmovememsetlength replicateunsafeCopyToPointerunsafeNCopyToPointerwithByteStringfromByteStringStorable createFromBELE EndianStorestoreload storeAtIndexstoreAt loadFromIndexloadFrom littleEndian bigEndianFormatencodeByteString decodeFormat Encodable toByteStringfromByteStringunsafeFromByteStringBase16 fromBase16 showBase16Base64Parser parseError parseWidthunsafeRunParser parseStorableparseparseByteStringunsafeParseStorableVectorunsafeParseVectorparseStorableVector parseVectorencodedecode unsafeDecode translate bytesToWrite unsafeWrite writeStorablewritewriteStorableVector writeVector writeByteswriteByteString skipWriteTuple dimensionunsafeFromListinitial MemoryCell Extractableextract Initialisable initialiseMemory memoryAlloc underlyingPtrAllocMemoryMMT MonadMemorysecurely insecurelyallocateexecute getMemorygetMemoryPointer withPointer liftSubMTrunMT pointerAlloc copyMemorymodifyBLOCKS Asymmetric PublicKey PrivateKey SymmetricKeyRecommendation recommended PrimitiveImplementation blockSizeblocksOfl1CachePureByteSourceInfiniteSource slurpBytes ByteSource fillBytes FillResult Exhausted RemainingwithFillResultfillslurp processChunks SystemPRGRandomrandomPRGSeednewPRGreseed HashMemoryhashCellmessageLengthCellHashadditionalPadBlocks SomeHashIHashMHashI hashINamehashIDescriptioncompress compressFinal truncatedIhashhashFile hashSourcehash' hashFile' hashSource'completeHashing extractLength updateLengthHMAChmachmacFile hmacSourceSHA1implementationsha1sha1File sha1SourcehmacSha1 hmacSha1FilehmacSha1SourceSHA224SHA256 cPortablesha224 sha224File sha224Source hmacSha224hmacSha224FilehmacSha224Sourcesha256 sha256File sha256Source hmacSha256hmacSha256FilehmacSha256SourceSHA384SHA512sha384 sha384File sha384Source hmacSha384hmacSha384FilehmacSha384Sourcesha512 sha512File sha512Source hmacSha512hmacSha512FilehmacSha512SourceCipher SomeCipherICipherI cipherINamecipherIDescription encryptBlocks decryptBlocks CipherModeCTRCBCunsafeEncrypt' unsafeEncryptunsafeDecrypt' unsafeDecryptIVKEY256KEY192KEY128AES aes128cbc aes192cbc aes256cbc aes128ctr aes128cbcI aes192cbcI aes256cbcIversionghc-prim GHC.ClassesEq isSuccessfulunResult$fEquality(,,,,,,)$fEquality(,,,,,)$fEquality(,,,,)$fEquality(,,,)$fEquality(,,) $fEquality(,)$fEqualityWord64$fEqualityWord32$fEqualityWord16$fEqualityWord8$fEqualityWord$fVectorVectorResult$fMVectorMVectorResult $fUnboxResult$fMonoidResult$fLActionFmWrappedArrow$fDistributiveFmWrappedArrow$fApplicativeTwistRF$fFunctorTwistRF $fMonoidSemiRc_memcpybaseGHC.RealquotRemForeign.StorablesizeOfForeign.Marshal.Alloc allocaBytes mallocBytesGHC.IO.Handle.TexthGetBuf$fLActionSumPtrc_memset c_memmove c_munlockc_mlock$fLengthUnitBYTES$fLengthUnitALIGNbytestring-0.10.8.1Data.ByteString.Internal ByteStringpeek c_storeBE64 c_loadBE64 c_storeLE64 c_loadLE64 c_storeBE32 c_loadBE32 c_storeLE32 c_loadLE32$fVectorVectorBE$fMVectorMVectorBE$fVectorVectorLE$fMVectorMVectorLE $fUnboxBE $fUnboxLE$fEndianStoreBE$fEndianStoreLE$fEndianStoreBE0$fEndianStoreLE0$fEndianStoreWord8GHC.ShowShow Data.StringIsString Data.MaybeMaybe$fFormatByteString$fEncodableBYTES$fEncodableBITS$fEncodableByteString $fEncodableBE$fEncodableBE0 $fEncodableLE$fEncodableLE0 fromStringshowunBase16hexhexDigittop4bot4 unsafeFromHex$fFormatBase16$fIsStringBase16 $fShowBase16$fEncodableBase16b64unBase64top6bot2top2bot6byte0byte1byte2byte3padunB64toB64merg0merg1merg2 unsafeFromB64$fFormatBase64$fIsStringBase64 $fShowBase64$fEncodableBase64 undefParseStorable ParseAction BytesMonoid makeParser Data.Monoid<> WriteActionWriteM makeWriteunWriteM$fEncodableSemiR$fIsStringSemiR$fDistributiveSum(->)$fLActionSum(->)$fMonoidWriteMgetAgetParseDimension $fEqTupleunTuple dimensionP getTupFromP$fEndianStoreTuple$fStorableTuple$fEqualityTupleControl.Applicative ApplicativeRunnertransformers-0.5.2.0Control.Monad.IO.ClassliftIO makeAlloc withMemorywithSecureMemorywithCell unMemoryCell AllocField ALIGNMonoid unMemoryMunMT$fExtractableMemoryCella$fInitialisableMemoryCella$fMemoryMemoryCell $fMemory(,,,) $fMemory(,,) $fMemory(,)$fMonadMemoryMemoryM$fMonadIOMemoryM$fMonadMemoryM$fApplicativeMemoryM$fFunctorMemoryM$fMonadMemoryMT $fMonadIOMT $fMonadMT$fApplicativeMT $fFunctorMT$fLengthUnitBLOCKS$fPureByteSourceMaybe$fPureByteSource[]$fPureByteSourceByteString$fPureByteSourceByteString0$fByteSource[]$fByteSourceMaybe$fByteSourceByteString$fByteSourceByteString0$fByteSourceHandle$fFunctorFillResult$fPRGSystemPRG$fInfiniteSourceSystemPRG $fRandom(,,) $fRandom(,) $fRandomBE $fRandomLE$fRandomWord64$fRandomWord32$fRandomWord16 $fRandomWord$fExtractableHashMemoryh$fInitialisableHashMemoryh$fMemoryHashMemory$fDescribableSomeHashI$fDescribableHashIHMACKeyhmac' hmacFile'$fIsStringHMACKeyunHMACunKey hmacAdjustKey hmacSource'$fSymmetricHMAC$fRecommendationHMAC$fPrimitiveHMAC $fShowHMAC $fShowHMACKey$fEncodableHMACKey$fRandomHMACKey$fEndianStoreHMACKey$fStorableHMACKey $fHashSHA1$fPrimitiveSHA1$fInitialisableHashMemory() $fShowSHA1$fIsStringSHA1$fEncodableSHA1 CompressorshaImplementation shaCompressshaCompressFinal length64Writelength128Write paddedMesg portableCc_sha1_compress$fRecommendationSHA1 $fHashSHA224$fPrimitiveSHA224 $fShowSHA224$fIsStringSHA224$fEncodableSHA224 $fHashSHA256$fPrimitiveSHA256 $fShowSHA256$fIsStringSHA256$fEncodableSHA256c_sha256_compress SHA224Memory unSHA224Mem$fExtractableSHA224MemorySHA224$fInitialisableSHA224Memory()$fMemorySHA224Memory$fRecommendationSHA224$fRecommendationSHA256 $fHashSHA384$fPrimitiveSHA384 $fShowSHA384$fIsStringSHA384$fEncodableSHA384 $fHashSHA512$fPrimitiveSHA512 $fShowSHA512$fIsStringSHA512$fEncodableSHA512c_sha512_compress SHA384Memory unSHA384Mem$fExtractableSHA384MemorySHA384$fInitialisableSHA384Memory()$fMemorySHA384Memory$fRecommendationSHA384$fRecommendationSHA512 makeCopyRunCipherM$fDescribableSomeCipherI$fDescribableCipherITUPLEWORD pokeAndExpand$fSymmetricAES$fPrimitiveAES$fSymmetricAES0$fPrimitiveAES0$fSymmetricAES1$fPrimitiveAES1$fShowIV $fIsStringIV $fShowKEY256$fIsStringKEY256 $fShowKEY192$fIsStringKEY192 $fShowKEY128$fIsStringKEY128EKEY256EKEY192EKEY128c_expand$fInitialisableMemoryCellKEY256$fInitialisableMemoryCellKEY192$fInitialisableMemoryCellKEY128 $fCipherAES $fCipherAES0 $fCipherAES1 $fRandomIV $fEncodableIV$fRandomKEY256$fRandomKEY192$fRandomKEY128$fEncodableKEY256$fEncodableKEY192$fEncodableKEY128M256M192M128 c_aes_cbc_d c_aes_cbc_e c_transposecbc128CPortable cbc128Encrypt cbc128Decryptcbc192CPortable cbc192Encrypt cbc192Decryptcbc256CPortable cbc256Encrypt cbc256Decryptm256ekeym256ivm192ekeym192ivm128ekeym128iv$fInitialisableM256(,) $fMemoryM256$fInitialisableM192(,) $fMemoryM192$fInitialisableM128(,) $fMemoryM128$fRecommendationAES$fRecommendationAES0$fRecommendationAES1catchIObindirlibdirdatadir libexecdir sysconfdir getBinDir getLibDir getDataDir getLibexecDir getSysconfDirgetDataFileName