9      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~                                  ! " #$% & ' ()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ B!None:<=DRThe result of a comparison. This is an opaque type and the monoid instance essentially takes AND of two comparisons in a timing safe way.HAll types that support timing safe equality are instances of this class.9Check whether two values are equal using the timing safe 0 function. Use this function when defining the % instance for a Sensitive data type.9Checks whether a given equality comparison is successful.Vector of Results.MVector for Results."SafeQThis class captures all types that have some sort of description attached to it.%Short name that describes the object.Longer description#NoneI$The destination of a copy operation.&Note to Developers of Raaz: Since the d type inherits the Storable instance of the base type, one can use this type in foreign functions. The source of a copy operation. smart constructor for source#smart constructor for destionation.     $Safe*,9;<=DORT4The constraint on the alignment o(since base 4.7.0).A type w0 forced to be aligned to the alignment boundary algThe underlying unAligned value.#Align the value to 16-byte boundary#Align the value to 32-byte boundary#Align the value to 64-byte boundary Safe9;<=A monadic arrow field.WA field where the underlying arrow is the (->). This is normally what we call a field.vA field on the space is a function from the points in the space to some value. Here we define it for a general arrow.dThe twisted functor is essentially a generalisation of semi-direct product to applicative functors."The generalisation of distributivity to applicative functors. This generalisation is what allows us to capture applicative functors like parsers. For an applicative functor, and a monoid acting uniformly on it, we say that the action is distributive if the following laws are satisfied: vm <<.>> (pure a) = pure a -- pure values are stoic m <<.>> (a <*> b) = (m <<.>> a) <*> (m <<.>> b) -- distThe semidirect product Space " Monoid. For monoids acting on monoidal spaces distributively the semi-direct product is itself a monoid. It turns out that data serialisers can essentially seen as a semidirect product.jA left-monoid action on a monoidal-space, i.e. the space on which the monoid acts is itself a monoid, is  distributive if it satisfies the law: 'a <.> p <> q = (a <.> p) <> (a <.> q).)The above law implies that every element m is a monoid homomorphism.PUniform action of a monoid on a functor. The laws that should be satisfied are: p1 <<.>> fx = fx (a <> b) <<.>> fx = a . (b <<.>> fx) m <<.>> fmap f u = fmap f (m <<.>> u) -- acts uniformly A monoid mx acting on the left of a space. Think of a left action as a multiplication with the monoid. It should satisfy the law: k1 <.> p = p -- identity a <> b <.> p = a <.> b <.> p -- successive displacements!?An alternate symbol for <> more useful in the additive context."LFrom the an element of semi-direct product Space " Monoid return the point.#UFrom the an element of semi-direct product Space " Monoid return the monoid element.$!Get the underlying functor value.% Get the underlying monoid value.&;Compute the value of a field at a given point in the space.' Lift a monadic action to FieldM.(3Runs a monadic field at a given point in the space.*:The action on the space translates to the action on field. !"#$%&'()*+,- !"#$%&'( !"#$%&(' !"#$%&'()*+,-5 5!5%None9;<=I$.-Types to measure alignment in units of bytes./Type safe length unit that measures offsets in multiples of word length. This length unit can be used if one wants to make sure that all offsets are word aligned.0+Type safe lengths/offsets in units of bits.2,Type safe lengths/offsets in units of bytes.4In cryptographic settings, we need to measure pointer offsets and buffer sizes. The smallest of length/offset that we have is bytes measured using the type 2. In various other circumstances, it would be more natural to measure these in multiples of bytes. For example, when allocating buffer to use encrypt using a block cipher it makes sense to measure the buffer size in multiples of block of the cipher. Explicit conversion between these length units, while allocating or moving pointers, involves a lot of low level scaling that is also error prone. To avoid these errors due to unit conversions, we distinguish between different length units at the type level. This type class capturing all such types, i.e. types that stand of length units. Allocation functions and pointer arithmetic are generalised to these length units.All instances of a 4" are required to be instances of ~ where the monoid operation gives these types the natural size/offset addition semantics: i.e. shifting a pointer by offset a  b is same as shifting it by a and then by b.5"Express the length units in bytes.63The pointer type used by all cryptographic library.RA type whose only purpose in this universe is to provide alignment safe pointers.;Some common PTR functions abstracted over type safe length.7!Express the length units in bits.8Express length unit src in terms of length unit dest rounding upwards.9+Often we want to allocate a buffer of size lN. We also want to make sure that the buffer starts at an alignment boundary an. However, the standard word allocation functions might return a pointer that is not aligned as desired. The atLeastAligned l a returns a length n such the length n1 is big enough to ensure that there is at least lJ length of valid buffer starting at the next pointer aligned at boundary a . If the alignment required in a0 then allocating @l + a - 1 should do the trick.:Express length unit src in terms of length unit dest rounding downwards.;A length unit u/ is usually a multiple of bytes. The function ; is like  : the value byteQuotRem bytes is a tuple (x,r), where x is bytes expressed in the unit u with r being the reminder.<Function similar to ; but returns only the quotient.=Function similar to ; but works with bits instead.>Function similar to = but returns only the quotient.?.The default alignment to use is word boundary.@'Compute the size of a storable element.A@Size of the buffer to be allocated to store an element of type a so as to guarantee that there exist enough space to store the element after aligning the pointer. If the size of the element is s and its alignment is a- then this quantity is essentially equal to  s + a - 1'. All units measured in word alignment.B,Compute the alignment for a storable object.C-Align a pointer to the appropriate alignment.D.Move the given pointer with a specific offset.EKCompute the next aligned pointer starting from the given pointer location.F0Peek the element from the next aligned location.G0Poke the element from the next aligned location.HA less general version of I7 where the pointer passed is aligned to word boundary.IThe expression allocaAligned a l action% allocates a local buffer of length l and alignment a$ and passes it on to the IO action action. No explicit freeing of the memory is required as the memory is allocated locally and freed once the action finishes. It is better to use this function than , as it does type safe scaling and alignment.JA less general version of K6 where the pointer passed is aligned to word boundaryKThis function allocates a chunk of "secure" memory of a given size and runs the action. The memory (1) exists for the duration of the action (2) will not be swapped during that time and (3) will be wiped clean and deallocated when the action terminates either directly or indirectly via errors. While this is mostly secure, there can be strange situations in multi-threaded application where the memory is not wiped out. For example if you run a crypto-sensitive action inside a child thread and the main thread gets exists, then the child thread is killed (due to the demonic nature of haskell threads) immediately and might not give it chance to wipe the memory clean. This is a problem inherent to how the bracket( combinator works inside a child thread.'TODO: File this insecurity in the wiki.L:Creates a memory of given size. It is better to use over  as it uses typesafe length.M A version of , which works for any type safe length units.NCopy between pointers.OMove between pointers.P6Sets the given number of Bytes to the specified value.,The most interesting monoidal action for us.4./0123456789:;<=>?@ABCDEFGH buffer lengththe action to runIthe alignment of the buffersize of the bufferthe action to runJKL buffer lengthMN destinationsrcNumber of Bytes to copyO destinationsourceNumber of Bytes to copyPTargetValue byte to setNumber of bytes to set#./0123456789:;<=>?@ABCDEFGHIJKLMNOP,./0123456789:;<=>?@ABCDEFGHIJKLMNOP&None 09;<=DIRQ$Big endian version of the word type wR'Little endian version of the word type wSThis class captures types which provides an endian agnostic way of loading from and storing to data buffers. Any multi-byte type that is meant to be serialised to the outside world should be an instance of this class. When defining the U, T, VL member functions, care should be taken to ensure proper endian conversion.T The action  store ptr w stores w at the location pointed by ptr. Endianness of the type w^ is taken care of when storing. For example, irrespective of the endianness of the machine, #store ptr (0x01020304 :: BE Word32) will store the bytes 0x01, 0x02, 0x03, 0x04 respectively at locations ptr, ptr +1, ptr+2 and ptr+3. On the other hand $store ptr (0x01020304 :: LE Word32) would store 0x04, 0x03, 0x02, 0x01 at the above locations.U The action load ptr loads the value stored at the ptrS. Like store, it takes care of the endianness of the data type. For example, if ptr) points to a buffer containing the bytes 0x01, 0x02, 0x03, 0x042, irrespective of the endianness of the machine, load ptr :: IO (BE Word32) will load the vale  0x01020304 of type  BE Word32 and load ptr :: IO (LE Word32) will load  0x04030201 of type  LE Word32.V The action adjustEndian ptr n7 adjusts the encoding of bytes stored at the location ptrW to conform with the endianness of the underlying data type. For example, assume that ptr* points to a buffer containing the bytes 0x01 0x02 0x03 0x04,, and we are on a big endian machine, then (adjustEndian (ptr :: Ptr (LE Word32)) 1 will result in ptr pointing to the sequence 0x04 0x03 0x02 0x01. On the other hand if we were on a little endian machine, the sequence should remain the same. In particular, the following equalities should hold. 9 store ptr w = poke ptr w >> adjustEndian ptr 1 Similarly the value loaded by load ptr* should be same as the value returned by adjustEndian ptr 1 >> peak ptr>, although the former does not change the contents stored at ptr@ where as the latter might does modify the contents pointed by ptr= if the endianness of the machine and the time do not agree. The action )adjustEndian ptr n >> adjustEndian ptr n  should be equivalent to  return ().WdStore the given value at an offset from the crypto pointer. The offset is given in type safe units.XStore the given value as the n8-th element of the array pointed by the crypto pointer.Y Load the n4-th value of an array pointed by the crypto pointer.ZALoad from a given offset. The offset is given in type safe units.[ For the type w , the action copyFromBytes dest src n copies n-elements from src to destP. Copy performed by this combinator accounts for the endianness of the data in dest and is therefore not a mere copy of  n * sizeOf(w)( bytes. This action does not modify the src pointer in any way.\ Similar to  copyFromBytesu but the transfer is done in the other direction. The copy takes care of performing the appropriate endian encoding.]%Convert to the little endian variant.^#Convert to the big endian variants.+QRSTUVW the pointer.the absolute offset in type safe length units.value to storeX.the pointer to the first element of the arraythe index of the arraythe value to storeY.the pointer to the first element of the arraythe index of the arrayZ the pointer the offset[How many items.\]^QRSTUVWXYZ[\]^ QRSTUVWXYZ[\]^'None:_ A typesafe length for Bytestring` A type safe version of replicateaCopy the bytestring to the crypto buffer. This operation leads to undefined behaviour if the crypto pointer points to an area smaller than the size of the byte string.b Similar to a but takes an additional input n which is the number of bytes (expressed in type safe length units) to transfer. This operation leads to undefined behaviour if either the bytestring is shorter than n7 or the crypto pointer points to an area smaller than n.c3Works directly on the pointer associated with the M. This function should only read and not modify the contents of the pointer.d(Get the value from the bytestring using .e The action  create l act creates a length l9 bytestring where the contents are filled using the the act to fill the buffer.fThe IO action createFrom n cptr" creates a bytestring by copying n bytes from the pointer cptr._`a The source.The destination.blength of data to be copiedThe source byte string The buffercdef_`abcdef_`abcdefNoneg;An applicative parser type for reading data from a pointer.hSkip over some data.i/A parser that fails with a given error message.j,Return the bytes that this parser will read.k+Runs a parser on a byte string. It returns C if the byte string is smaller than what the parser would consume.l7Run the parser without checking the length constraints.AThe primary purpose of this function is to satisfy type checkers.mParses a value which is an instance of Storable. Beware that this parser expects that the value is stored in machine endian. Mostly it is useful in defining the  function in a complicated  instance.nParse a crypto value. Endian safety is take into account here. This is what you would need when you parse packets from an external source. You can also use this to define the U function in a complicated S instance.o-Parses a strict bytestring of a given length.p Similar to parseStorableVector but is expected to be slightly faster. It does not check whether the length parameter is non-negative and hence is unsafe. Use it only if you can prove that the length parameter is non-negative.q Similar to  parseVector but is expected to be slightly faster. It does not check whether the length parameter is non-negative and hence is unsafe. Use it only if you can prove that the length parameter is non-negative.r Similar to s but parses according to the host endian. This function is essentially used to define storable instances of complicated data. It is unlikely to be of use when parsing externally serialised data as one would want to keep track of the endianness of the data.sParses a vector of elements. It takes care of the correct endian conversion. This is the function to use while parsing external data.ghijklmnopqrs ghijklmnopqrs gjiklnmsrqpohghijklmnopqrsNone_`abcdef_`defcab(None69:;tA binary format is a representation of binary data often in printable form. We distinguish between various binary formats at the type level and each supported format corresponds to an instance of the the class t. The u and v! are required to satisfy the laws $decodeFormat . encodeByteString = idFor type safety, the formats themselves are opaque types and hence it is not possible to obtain the underlying binary data directly. We require binary formats to be instances of the class w, with the combinators x and y of the w3 class performing the actual encoding and decoding. Instances of t! are required to be instances of c and so that the encoded format can be easily printed. They are also required to be instances of  E so that they can be easily represented in Haskell source using the OverloadedStringsu extension. However, be careful when using this due to the fact that invalid encodings can lead to runtime errors.uxEncode binary data into the format. The return type gurantees that any binary data can indeed be encoded into a format.vDecode the format to its associated binary representation. Notice that this function always succeeds: we assume that elements of the type fmt3 are valid encodings and hence the return type is  instead of   ByteString.wThe type class wa captures all the types that can be encoded into a stream of bytes. For a user defined type say Foo, defining an instance w) is all that is required to make use of encode and decodeI for any of the supported encoding formats (i.e. instances of the class t)..Minimum complete definition for this class is x and y. Instances of S{ have default definitions for both these functions and hence a trivial instance declaration is sufficient for such types. }newtype Foo = Foo (LE Word64) deriving (Storable, EndianStore) instance EndianStore Foo where ... instance Encodable Foo RIn particular, all the endian encoded versions of Haskell's word, i.e types like R Word32, R Word64 etc, are instances of w,. Note that the corresponding plain type is not an instance of w because encoding of say  ; without specifying whether the endianness is meaningless.xConvert stuff to bytestringy5Try parsing back a value. Returns nothing on failure.zUnsafe version of y ?Bytestring itself is an encoding format (namely binary format).tuvwxyz  tuvwxyz tuvwxyzxy  )NoneI{GThe type corresponding to the standard padded base-64 binary encoding.Encoding word.Ignores spaces and newlines.{ !"#$%&'()*+,{{ !"#$%&'()*+,*NoneI|@The type corresponding to base-16 or hexadecimal encoding. The |M encoding has a special place in this library: most cryptographic types use | encoding for their  and   instance. The combinators } and ~4 are exposed mainly to make these definitions easy.}Base16 variant of -. Useful in definition of  2 instances as well as in cases where the default  0 instance does not parse from a base16 encoding.~Base16 variant of ../Ignores spaces and : (colon).|0123456}~7/89|}~ |0123456}~7/89NoneEncode in a given format.MDecode from a given format. It results in Nothing if there is a parse error.The unsafe version of .%Translate from one format to another.tuvwxyz{|}~wxyzxytuv|}~{None9:;<=IA read io-action.The  is the type that captures the act of reading from a buffer and possibly doing some action on the bytes read. Although inaccurate, it is helpful to think of elements of W as action that on an input buffer transfers data from it to some unspecified source.<Read actions form a monoid with the following semantics: if r1 and r2 are two read actions then r1 : r2' first reads the data associated from r1- and then the read associated with the data r2.A write io-action.PAn element of type `WriteM m` is an action which when executed transfers bytes into its input buffer. The type  m8 forms a monoid and hence can be concatnated using the : operator.;jByte transfers that keep track of the number of bytes that were transferred (from/into) its input buffer.<cA action that transfers bytes from its input pointer. Transfer could either be writing or reading.='This monoid captures a transfer action.>'Make an explicit transfer action given.JReturns the bytes that will be written when the write action is performed.9Perform the write action without any checks of the buffer?3Function that explicitly constructs a write action.The expression  a+ gives a write action that stores a value a* in machine endian. The type of the value a has to be an instance of . This should be used when we want to talk with C functions and not when talking to the outside world (otherwise this could lead to endian confusion). To take care of endianness use the  combinator.The expression  a+ gives a write action that stores a value a". One needs the type of the value a to be an instance of S. Proper endian conversion is done irrespective of what the machine endianness is. The man use of this write is to serialize data for the consumption of the outside world.)Write many elements from the given bufferThe vector version of .The vector version of .The combinator writeBytes n b writes b as the next n consecutive bytes.The combinator glueWrites w n hdr ftr is equivalent to hdr <> glue <> ftr where the write glue writes as many bytes w5 so that the total length is aligned to the boundary n.The write action prependWrite w n wr is wr pre-pended with the byte w1 so that the total length ends at a multiple of n.The write action padWrite w n wr is wr padded with the byte w1 so that the total length ends at a multiple of n.Writes a strict bytestring.4A write action that just skips over the given bytes.@3Function that explicitly constructs a write action.The expression  bytesToRead rY gives the total number of bytes that would be read from the input buffer if the action r is performed. The action unsafeRead r ptr results in reading  bytesToRead r# bytes from the buffer pointed by ptrq. This action is unsafe as it will not (and cannot) check if the action reads beyond what is legally stored at ptr. The action readBytes sz dptrG gives a read action, which if run on an input buffer, will transfers sz' to the destination buffer pointed by dptrD. Note that it is the responsibility of the user to make sure that dptr has enough space to receive sz8 units of data if and when the read action is executed. The action readInto n dptrF gives a read action which if run on an input buffer, will transfers n elements of type a into the buffer pointed by dptr!. In particular, the read action readInto n dptr is the same as ,readBytes (fromIntegral n :: BYTES Int) dptr when the type a is A.&BCDE;<=FG>.The pointer for the buffer to be written into.?The bytes to use in the glue The length boundary to align to.The header writeThe footer writethe byte to pre-pend with."the length to align the message to"the message that needs pre-pendingthe padding byte to usethe length to align message tothe message that needs padding@.The pointer for the buffer to be written into.how much to read.buffer to read the bytes intohow many elements to read. buffer to read the elements into BCDE;<=FG>?@+None*,9;<=DOQRT Function that returns the dimension of the tuple. The dimension is calculated without inspecting the tuple and hence the term  (undefined :: Tuple 5 Int) will evaluate to 5.>The constaint on the dimension of the tuple (since base 4.7.0)^Tuples that encode their length in their types. For tuples, we call the length its dimension.H'Function to make the type checker happy3This combinator returns the dimension of the tuple.IGet the dimension to parser0Construct a tuple by repeating a monadic action.Construct a tuple out of the list. This function is unsafe and will result in run time error if the list is not of the correct dimension.gComputes the initial fragment of a tuple. No length needs to be given as it is infered from the types.The  diagonal a( gives a tuple, all of whose entries is a.A zipwith function for tuplesJ!Equality checking is timing safe.KLHMNIOPQJRKLHMNIOPQJRNoneI ./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^NSTUV[\RQ]^WXZY64523017@=;><89:.?/BCDAEFGIKHJLPONM  None %&9;<=DORT2A memory location to store a value of type having  instance.A memory type that can extract bytes into a buffer. The extraction will perform a direct copy and hence the chances of the extracted value ending up in the swap space is minimised.A memory type that can be initialised from a pointer buffer. The initialisation performs a direct copy from the input buffer and hence the chances of the initialisation value ending up in the swap is minimised.RMemories from which pure values can be extracted. Once a pure value is extracted,Memories that can be initialised with a pure value. The pure value resides in the Haskell heap and hence can potentially be swapped. Therefore, this class should be avoided if compromising the initialisation value can be dangerous. Consider using InitialiseableFromBuffer$A memory element that holds nothing.Any cryptographic primitives use memory to store stuff. This class abstracts all types that hold some memory. Cryptographic application often requires securing the memory from being swapped out (think of memory used to store private keys or passwords). This abstraction supports memory securing. If your platform supports memory locking, then securing a memory will prevent the memory from being swapped to the disk. Once secured the memory location is overwritten by nonsense before being freed.&While some basic memory elements like i are exposed from the library, often we require compound memory objects built out of simpler ones. The S instance of the  can be made use of in such situation to simplify such instance declaration as illustrated in the instance declaration for a pair of memory elements. instance (Memory ma, Memory mb) => Memory (ma, mb) where memoryAlloc = (,) <$> memoryAlloc <*> memoryAlloc unsafeToPointer (ma, _) = unsafeToPointer ma%Returns an allocator for this memory.-Returns the pointer to the underlying buffer.'A memory allocator for the memory type mem. The S instance of AllocU can be used to build allocations for complicated memory elements from simpler ones.T A pointer action inside a monad m7 is some function that takes a pointer action of type Pointer -> m ae and supplies it with an appropriate pointer. In particular, memory allocators are pointer actions.TA class that captures abstract "memory threads". A memory thread can either be run  or ?. Pure IO actions can be run inside a memory thread using the runIO-. However, the IO action that is being run must not directly or indirectly run a secure7 action ever. In particular, the following code is bad. 3-- BAD EXAMPLE: DO NOT USE. runIO $ securely $ foo ,On the other hand the following code is fine ' runIO $ insecurely $ someMemoryAction BAs to why this is dangerous, it has got to do with the fact that mlock and munlock! do not nest correctly. A single munlock can unlock multiple calls of mlock% on the same page. Whether a given IOm action unlocks memory is difficult to keep track of; for all you know, it might be a FFI call that does an  memunlock9. Hence, currently there is no easy way to enforce this.Run a memory action with the internal memory allocated from a locked memory buffer. This memory buffer will never be swapped out by the operating system and will be wiped clean before releasing.Memory locking is an expensive operation and usually there would be a limit to how much locked memory can be allocated. Nonetheless, actions that work with sensitive information like passwords should use this to run an memory action.Run a memory action with the internal memory used by the action being allocated from unlocked memory. Use this function when you work with data that is not sensitive to security considerations (for example, when you want to verify checksums of files).Lift an actual memory thread.[Combinator that allows us to run a memory action on a sub-memory element. A sub-memory of submem of a memory element mem is given by a projection proj : mem -> submem. The action onSubMemory projG lifts the a memory thread on the sub element to the compound element.An action of type  mem aC is an action that uses internally a single memory object of type mem and returns a result of type aw. All the actions are performed on a single memory element and hence the side effects persist. It is analogues to the ST monad./Run a given memory action in the memory thread..Perform an IO action inside the memory thread.DAn IO allocator can be lifted to the memory thread level as follows.7Get the underlying memory element of the memory thread.U*Make an allocator for a given memory type.Allocates a buffer of size l' and returns the pointer to it pointer.Copy data from a given memory location to the other. The first argument is destionation and the second argument is source to match with the convention followed in memcpy.VCPerform an action which makes use of this memory. The memory allocated will automatically be freed when the action finishes either gracefully or with some exception. Besides being safer, this method might be more efficient as the memory might be allocated from the stack directly and will have very little GC overhead.W Similar to V but allocates a secure memory for the action. Secure memories are never swapped on to disk and will be wiped clean of sensitive data after use. However, be careful when using this function in a child thread. Due to the daemonic nature of Haskell threads, if the main thread exists before the child thread is done with its job, sensitive data can leak. This is essentially a limitation of the bracket which is used internally.BApply the given function to the value in the cell. For a function  f :: b -> a, the action modify f first extracts a value of type b# from the memory element, applies f1 to it and puts the result back into the memory. Cmodify f = do b <- extract initialise $ f bXThe location where the actual storing of element happens. This pointer is guaranteed to be aligned to the alignment restriction of a^Work with the underlying pointer of the memory cell. Useful while working with ffi functions.6Get the pointer associated with the given memory cell.WARNING:$ do not lift a secure memory action.7YZ[\]T^_U DestinationSourceVWX'YZ[\]T^_UVWXNone *:<=ADIRT Type safe message length in units of blocks of the primitive. When dealing with buffer lengths for a primitive, it is often better to use the type safe units . Functions in the raaz package that take lengths usually allow any type safe length as long as they can be converted to bytes. This can avoid a lot of tedious and error prone length calculations.Some primitives like ciphers have an encryption/decryption key. This type family captures the key associated with a primitive if it has any.3Primitives that have a recommended implementations.1The recommended implementation for the primitive.The type class that captures an abstract block cryptographic primitive. Bulk cryptographic primitives like hashes, ciphers etc often acts on blocks of data. The size of the block is captured by the member .nAs a library, raaz believes in providing multiple implementations for a given primitive. The associated type , captures implementations of the primitive.ZFor use in production code, the library recommends a particular implementation using the b class. By default this is the implementation used when no explicit implementation is specified.CAssociated type that captures an implementation of this primitive.The block size.Implementation of block primitives work on buffers. Often for optimal performance, and in some case for safety, we need restrictions on the size and alignment of the buffer pointer. This type class captures such restrictions..The alignment expected for the buffer pointer.NAllocate a buffer a particular implementation of a primitive prim. algorithm algo_. It ensures that the memory passed is aligned according to the demands of the implementation.The expression n  pN specifies the message lengths in units of the block length of the primitive pH. This expression is sometimes required to make the type checker happy.`a `a None-Check whether the cpu supports sse extension..Check whether the cpu supports sse2 extension..Check whether the cpu supports sse3 extension.0Check whether the cpu supports sse4_1 extension.1Check whether the cpu supports sse-4.2 extension.-Check whether the cpu supports avx extension..Check whether the cpu supports avx2 extension.bcdefghibcdefghi,NoneRTypical size of L1 cache. Used for selecting buffer size etc in crypto operations. None: A byte source src is pure if filling from it does not have any other side effect on the state of the byte source. Formally, two different fills form the same source should fill the buffer with the same bytes. This additional constraint on the source helps to purify` certain crypto computations like computing the hash or mac of the source. Usualy sources like D etc are pure byte sources. A file handle is a byte source that is not a pure source.TAbstract byte sources. A bytesource is something that you can use to fill a buffer.WARNING:" The source is required to return r in the boundary case where it has exactly the number of bytes requested. In other words, if the source returns  Remaining on any particular request, there should be at least 1 additional byte left on the source for the next request. Cryptographic block primitives have do certain special processing for the last block and it is required to know whether the last block has been read or not.Fills a buffer from the source.2This type captures the result of a fill operation.There is still bytes left.*source exhausted with so much bytes read.#Combinator to handle a fill result.=A version of fillBytes that takes type safe lengths as input.:Process data from a source in chunks of a particular size.__WARNING:_ The  may block.stuff to do when filledstuff to do when exhaustedthe fill result to process  None ./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdeftuvwxyz{|}~-NonejGet random bytes from the system. Do not over use this function as it is meant to be used by a PRG. This function reads bytes from '/dev/urandom'.jjj None!"*9:;<=ADRTComputing cryptographic hashes usually involves chunking the message into blocks and compressing one block at a time. Usually this compression makes use of the hash of the previous block and the length of the message seen so far to compressing the current block. Most implementations therefore need to keep track of only hash and the length of the message seen so. This memory can be used in such situations.Cell to store the hashCell to store the length*Type class capturing a cryptographic hash.Cryptographic hashes can be computed for messages that are not a multiple of the block size. This combinator computes the maximum size of padding that can be attached to a message.Some implementation of a given hash. The existentially quantification allows us freedom to choose the best memory type suitable for each implementations.LThe constraints that a memory used by a hash implementation should satisfy. FThe Hash implementation. Implementations should ensure the following.  The action compress impl ptr blks should only read till the blks1 offset starting at ptr and never write any data. The action padFinal impl ptr byts should touch at most #byts/blocksize# + padBlocks@ blocks starting at ptr. It should not write anything till the byts) offset but may write stuff beyond that.mAn easy to remember this rule is to remember that computing hash of a payload should not modify the payload. compress the blocks, pad and process the final bytes,Certain hashes are essentially bit-truncated versions of other hashes. For example, SHA224 is obtained from SHA256 by dropping the last 32-bits. This combinator can be used build an implementation of truncated hash from the implementation of its parent hash.-Compute the hash of a pure byte source like, .Compute the hash of file.*Compute the hash of a generic byte source. Similar to 5 but the user can specify the implementation to use.ISimilar to hashFile' but the user can specify the implementation to use. Similar to  hashSource5 but the user can specify the implementation to use.Gives a memory action that completes the hashing procedure with the rest of the source. Useful to compute the hash of a source with some prefix (like in the HMAC procedure).0Extract the length of the message hashed so far.,Update the message length by a given amount.!     MessageFile to be hashedMessageImplementationthe message as a byte source.ImplementationFile to be hashed                 .None !",9:;<=DIR k+Memory element for BLAKE2s implementations.l+Memory element for BLAKE2b implementations.!The BLAKE2s hash type."The BLAKE2b hash type.mWord type for Blake2snWord type for Blake2boThe BLAKE2 type.pIThe initial value to start the blake2b hashing. This is equal to the iv q the parameter block.rIThe initial value to start the blake2b hashing. This is equal to the iv q the parameter block.s%The generic blake2 padding algorithm.tdCreate a hash implementation form BLAKE2b given a compression function and the last block function.udCreate a hash implementation form BLAKE2s given a compression function and the last block function.(vwBuffernumber of blockslength of the message so far Hash pointerxyBuffernumber of blocks Upper countLowerkz{|l}~!"mnoprs#the primitive (BLAKE2b or BLAKE2s).length of the messagetName DescriptionuName Descriptionkl!"ostu vwxykz{|l}~!"mnoprstuNone#)The portable C implementation of BLAKE2b.$)The portable C implementation of BLAKE2s.#$#$#$#$/None9;'Recommended implementation for balke2s.'Recommended implementation for blake2b. None%+Compute the blake2b hash of an instance of H. Use this for computing the sha1 hash of a strict or lazy byte string.&#Compute the blake2b hash of a file.'2Compute the blake2b hash of a general byte source.%&'!"%&'"!%&'%&'0None*:DR Action on a BufferThe type alias for the raw compressor function. The compressor function does not need to know the length of the message so far and hence this is not supposed to update lengths.!Type that captures length writes.The Writes used in this module.+All actions here are in the following monadaThe utilities in this module can be used on primitives which satisfies the following constraint.&The length encoding that uses 64-bits.'The length encoding that uses 128-bits.XLifts the raw compressor to a buffer action. This function does not update the lengths.The combinator  on an input compressor comp4 gives a buffer action that process blocks of data.The combinator  on an input compressor comp2 gives buffer action for the final chunk of data.Padding is message followed by a single bit 1 and a glue of zeros followed by the length so that the message is aligned to the block boundary.UCreates an implementation for a sha hash given the compressor and the length writer. The data bufferTotal data presentThe buffer to compress The number of blocks to compress#The cell memory containing the hashthe compressor functionthe raw compressorthe length writerName Description 1None ,9;<=DIR(The cryptographic hash SHA1.(((None)&The portable C implementation of SHA1.))))2None$Recommended implementation for SHA1.3None ,9;<=DIR*1Sha224 hash value which consist of 7 32bit words.***4None ,9;<=DIR+The Sha256 hash value.+++None,(The portable C implementation of SHA256.-The Hash implementation, i.e.   associated with the portable C implementation for the hash SHA256. This can be used to define an implementation of truncated hashes like SHA224.,-,-,-,-None<=.(The portable C implementation of SHA224../01.../015None&Recommended implementation for SHA224.6None&Recommended implementation for SHA256.7None ,9;<=DIR2The Sha384 hash value.2228None ,9;<=DIR3@The Sha512 hash value. Used in implementation of Sha384 as well.333None4(The portable C implementation of SHA512.5The Hash implementation, i.e.   associated with the portable C implementation for the hash SHA512. This can be used to implement truncated implementation like SHA384.45454545None<=6(The portable C implementation of SHA384.67896667899None&Recommended implementation for SHA384.:None$Recommend implementation for SHA512.None*9:;<=ADRT:3Class that captures stream ciphers. An instance of : should be an instance of ;-, with the following additional constraints. ;The encryption and decryption should be the same algorithm.=Encryption/decryption can be applied to a messages of length l even if l# is not a multiple of block length.'The encryption of a prefix of a length l of a message m should be the same as the l( length prefix of the encryption of m.It is the duty of the implementer of the cipher to ensure that the above conditions are true before declaring an instance of a stream cipher.;Class capturing ciphers. The implementation of this class should give an encryption and decryption algorithm for messages of length which is a multiple of the block size. Needless to say, the encryption and decryption should be inverses of each other for such messages.<ySome implementation of a block cipher. This type is existentially quantifies over the memory used in the implementation.@Type constraints on the memory of a block cipher implementation.>%The implementation of a block cipher.B)The underlying block encryption function.C)The underlying block decryption function.EBlock cipher modes.FCipher-block chainingGCounterH Constructs a >l value out of a stream transformation function. Useful in building a Cipher instance of a stream cipher.IEncrypt the given J. This function is unsafe because it only works correctly when the input E is of length which is a multiple of the block length of the cipher.JTransforms a given bytestring using a stream cipher. We use the transform instead of encrypt/decrypt because for stream ciphers these operations are same.KVTransform a given bytestring using the recommended implementation of a stream cipher.LvEncrypt using the recommended implementation. This function is unsafe because it only works correctly when the input E is of length which is a multiple of the block length of the cipher.MDecrypts the given J. This function is unsafe because it only works correctly when the input E is of length which is a multiple of the block length of the cipher.NvDecrypt using the recommended implementation. This function is unsafe because it only works correctly when the input E is of length which is a multiple of the block length of the cipher.:;<=>?@ABCDEFGHname descriptionstream transformerbuffer starting alignmentIThe cipher to useThe implementation to useThe key to useThe string to encrypt.JKL The cipherThe key to useThe string to encryptMThe cipher to useThe implementation to useThe key to useThe string to encrypt.N The cipherThe key to useThe string to encryptOPQR:;<=>?@ABCDEFGHIJKLMN;EFG>?@ABCD<=:HKJLNIM:;<=>?@ABCDEFGHIJKLMNOPQR;None ,9;<=DIRchacha20 memoryU-The type associated with the ChaCha20 cipher.V The key type.WThe counter type for chacha20XThe IV for the chacha20The chacha20 stream cipher. The word typeUVWXUVWXUVWXNone,9;<=Chacha20 block transformation.Y1The portable c implementation of chacha20 cipher.*Encrypting/Decrypting a block of chacha20.Z"The chacha20 randomness generator.The chacha20 randomness generator. We have set the alignment to 32 because this allows gcc to further optimise the implementation.YZYZYZYZ<None9; The chacha stream cipher is also used as the prg for generating random bytes. Such a prg needs to keep an auxilary buffer type so that one can generate random bytes not just of block size but smaller. This memory type is essentially for maintaining such a buffer.dGet the actual location where the data is to be stored. Ensures that the pointer is aligned to the randomBufferAlignment restriction.6The size of the buffer in blocks of ChaCha20. While the implementations should handle any multiple of blocks, often implementations naturally handle some multiple of blocks, for example the Vector256 implementation handles 2-chacha blocks. Set this quantity to the maximum supported by all implementations.Implementations are also designed to work with a specific alignment boundary. Unaligned access can slow down the primitives quite a bit. Set this to the maximum of alignment supported by all implementationsZ=None: ,Memory for strong the internal memory state.The maximum value of counter before reseeding from entropy source. Currently set to 1024 * 1024 * 1024. Which will generate 64GB before reseeding.The counter is a 32-bit quantity. Which means that one can generate 2^32 blocks of data before the counter roles over and starts repeating. We have choosen a conservative 2^30 blocks here.%Run an action on the auxilary buffer.&Get the number of bytes in the buffer."Set the number of remaining bytes.The overall idea is to generate a key stream into the auxilary buffer using chacha20 and giving out bytes from this buffer. This operation we call sampling. A portion of the sample is used for resetting the key and iv to make the prg safe against backward prediction, i.e. even if one knows the current seed (i.e. key iv pair) one cannot predict the random values generated before.7This fills in the random block with some new randomness See the PRG from system entropy.HSeed if we have already generated maxCounterVal blocks of random bytes.,Fill the iv and key from a filling function.Reseed the prg.qThe function to generate random bytes. Fills from existing bytes and continues if not enough bytes are obtained.Fill from already existing bytes. Returns the number of bytes filled. Let remaining bytes be r. Then fillExistingBytes will fill min(r,m) bytes into the buffer, and return the number of bytes filled.   $The function used to fill the buffer         NoneI [ Instances of S which can be randomly generated. It might appear that all instances of the class  should be be instances of this class, after all we know the size of the element, why not write that many random bytes. In fact, this module provides an a which does that. However, we do not give a blanket definition for all storables because for certain refinements of a given type, like for example, Word8's modulo 10, a introduces unacceptable skews.\7Fill the buffer with so many random elements of type a.]>The monad for generating cryptographically secure random data.^)A batch of actions on the memory element mem that uses some randomness. mRun a randomness thread. In particular, this combinator takes care of seeding the internal prg at the start._Reseed from the system entropy pool. There is never a need to explicitly seed your generator. The insecurely and securely calls makes sure that your generator is seed before starting. Furthermore, the generator also reseeds after every few GB of random bytes that it generates. Generating random data from the system entropy is usually an order of magnitude slower than using a fast stream cipher. Reseeding often can slow your program considerably without any additional security advantage.`/Fill the given input pointer with random bytes.aRThis is a helper function that has been exported to simplify the definition of a [ instance for ] types. However, there is a reason why we do not give a blanket instance for all instances T and why this function is unsafe? This function generates a random element of type a by generating n random bytes where n! is the size of the elements of a&. For instances that range the entire nf byte space this is fine. However, if the type is actually a refinement of such a type, (consider a A modulo 10y for example) this function generates an unacceptable skew in the distribution. Hence this function is prefixed unsafe.bHGenerate a random element from an instance of a RandomStorable element.c7Randomise the contents of a memory cell. Equivalent to b >>= liftMT . initialise= but ensures that no data is transferred to unlocked memory.dGenerate a random byteString.[\]^ _`abcdefghijklmnopqrst [\]^_`abcd ^]dbc[\a`_[\]^ _`abcdefghijklmnopqrst>None*9:;ADIRT yThe HMAC associated to a hash value. The HMAC type is essentially the underlying hash type wrapped inside a newtype. Therefore, the & instance for HMAC is essentially the  instance for the underlying hash. It is safe against timing attack provided the underlying hash comparison is safe under timing attack.The HMAC key type. The HMAC keys are usually of size at most the block size of the associated hash, although the hmac construction allows using keys arbitrary size. Using keys of small size, in particular smaller than the size of the corresponding hash, can can compromise security. A note on  and   instances of keys.6As any other cryptographic type HMAC keys also have a   and  instance which is essentially the key expressed in base16. Keys larger than the block size of the underlying hashes are shortened by applying the appropriate hash. As a result the . and -$ need not be inverses of each other.z-Compute the hash of a pure byte source like, .{Compute the hmac of file.|*Compute the hmac of a generic byte source.-Compute the hmac of a pure byte source like, .Compute the hmac of file.FCompute the hmac of a generic ByteSource using a given implementation.$Base16 representation of the string.ythe key.zMessage{Key to use for mac-ingFile to be hashed|key to use for mac-ing.MessageMessageFile to be hashed yz{|yz{|None}(Compute the sha1 hash of an instance of H. Use this for computing the sha1 hash of a strict or lazy byte string.~ Compute the sha1 hash of a file./Compute the sha1 hash of a general byte source.8Compute the message authentication code using hmac-sha1.3Compute the message authentication code for a file.ACompute the message authetication code for a generic byte source.}~(}~(}~}~None*Compute the sha224 hash of an instance of J. Use this for computing the sha224 hash of a strict or lazy byte string."Compute the sha224 hash of a file.1Compute the sha224 hash of a general byte source.:Compute the message authentication code using hmac-sha224.3Compute the message authentication code for a file.ACompute the message authetication code for a generic byte source. Key to use)pure source whose hmac is to be computed Key to use!File whose hmac is to be computed**None*Compute the sha256 hash of an instance of J. Use this for computing the sha256 hash of a strict or lazy byte string."Compute the sha256 hash of a file.1Compute the sha256 hash of a general byte source.:Compute the message authentication code using hmac-sha256.3Compute the message authentication code for a file.ACompute the message authetication code for a generic byte source. Key to use)pure source whose hmac is to be computed Key to use!File whose hmac is to be computed++None*Compute the sha384 hash of an instance of J. Use this for computing the sha384 hash of a strict or lazy byte string."Compute the sha384 hash of a file.1Compute the sha384 hash of a general byte source.:Compute the message authentication code using hmac-sha384.3Compute the message authentication code for a file.ACompute the message authetication code for a generic byte source. Key to use)pure source whose hmac is to be computed Key to use!File whose hmac is to be computed22None*Compute the sha512 hash of an instance of J. Use this for computing the sha512 hash of a strict or lazy byte string."Compute the sha512 hash of a file.1Compute the sha512 hash of a general byte source.:Compute the message authentication code using hmac-sha512.3Compute the message authentication code for a file.ACompute the message authetication code for a generic byte source. Key to use)pure source whose hmac is to be computed Key to use!File whose hmac is to be computed33None)!"%&'*+23yz{|yz{|NoneThe chacha20 stream cipher.UVWXUVXW?None ,9;<=DIR Extended key for aes256!Extended key for aes192"Extended key for aes128The IV used by the CBC mode.Key used for AES-128Key used for AES-128Key used for AES-128#A tuple of AES words.$The basic word used in AES.The type associated with AES ciphers. Raaz provides AES variants with key lengths 128, 192 and 256. The key types for the above ciphers in cbc mode are given by the types (, IV), (, IV) (, IV) respectively.128-bit aes cipher in F mode.128-bit aes cipher in F mode.128-bit aes cipher in F mode.#Smart constructors for AES 128 ctr.%0Poke a key and expand it with the given routine.&#The 256-bit aes cipher in cbc mode.'#The 192-bit aes cipher in cbc mode.(#The 128-bit aes cipher in cbc mode.)Shown as a its base16 encoding.*Expects in base16.+Shows in base 16,Expects in base 16-Shows in base 16.Expects in base 16/Shows in base 160Expects in base 164 1!2"34567#$89% key to pokeexpansion algorithmbuffer pointer.:;<=>&?@'AB()*CD+,-./0EFGHIJ  !"8, 1!2"34567#$89%:;<=>&?@'AB()*CD+,-./0EFGHIJNone,9;<=KMemory for aes-256-cbcLMemory for aes-192-cbcMMemory for aes-128-cbcN CBC decryptO CBC encrypt.PTranspose AES matrices.;Implementation of 128-bit AES in CBC mode using Portable C.Q)128-bit AES in CBC mode using Portable C.RThe encryption action.SThe decryption action.;Implementation of 192-bit AES in CBC mode using Portable C.T)192-bit AES in CBC mode using Portable C.UThe encryption action.VThe decryption action.;Implementation of 256-bit AES in CBC mode using Portable C.W)256-bit AES in CBC mode using Portable C.XThe encryption action.YThe decryption action.!KZ[\L]^_M`abNOPQRSTUVWXYKZ[\L]^_M`abNOPQRSTUVWXY@None,9;c)Recommended implementation of AES-256 cbcd)Recommended implementation of AES-192 cbce)Recommended implementation of AES-128 cbccdecdeNone  ANone:;K:K;BSafe fghijklmnopqrgmnopqr fghijklmnopqr NoneRaaz library version number. ./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdeftuvwxyz{|}~!"%&'*+23:;K[\]^_`abcdyz{|s!C!D!E!F"G"H"I#J#J#K#L#L#M#N#O$P$Q$R$S$TUVWXXYZZ[\]^_`abcdefghijkl%m%n%o%o%p%p%q%r%s%t%u%v%w%x%y%z%{%|%}%~%%%%%%%%%%%%%%%&&&&&&&&&&&&&&''''''''((((((()***++++++++       ! " # $ % &,' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = = > ? @ A B B C D D E F G H I J K L M N O P Q R S T U V W X Y Z.[.\]^ _ ` a1bc3d4ecfcghi7j8kcfclmnopqqrrstuvwxyz{|}~;;;;c>>>>????????? !!!!C!!!!!!!!!!!!!!!!!!##$$P$$%% % %m% %n% %% %%%%%%%%&&&&&&&&&&&&& &!&"&#&$&%&&&'&(&)&*&+&,&-&.&/&01234567489:;<=>?@AB(C(D(E(F(G(H(I(J(K)L)M))N)O)P)Q)R)S)T)U)V)W)X)Y)Z)[)\)])^)_)`)a)b>c<d*e**f*g*h*Q*R*i*j*k*lmnopqrstAuvwqx+y+z+{++|+}+~++++        -......................................//00000000000001b111111f23d333334e444444f567j777778k888888f9:;;;;;;;;;;;;;;;;;;;;;; ;    <<<<<<<<============ ==!="=#=$%&>'>(>)>*>+>>,>'>->.>/>0>1>2>3>4?5?6?7?8??9?:?;?<? ??=?>???@?A?B?5?6?7??????C?D?E?F?G?H?I?J?K?L?? ?M?N?O?P?Q?RSTUVWXYZ[\]^_`aSbcTdeUfg@h@i@jBkBBlBmBnBoBpBqBrBsBtBuBvw!raaz-0.2.0-6HOccENM1LwLfYLp6JPUKiRaaz.Core.TypesRaaz.Core.MonoidalActionRaaz.Core.UtilRaaz.Core.Parse.ApplicativeRaaz.Core.EncodeRaaz.Core.TransferRaaz.Core.MemoryRaaz.Core.PrimitivesRaaz.Core.CpuSupports Raaz.CoreRaaz.Core.ByteSourceRaaz.Hash.InternalRaaz.Hash.Blake2)Raaz.Hash.Blake2.Implementation.CPortableRaaz.Hash.Sha1'Raaz.Hash.Sha1.Implementation.CPortableRaaz.Hash.Sha224Raaz.Hash.Sha256)Raaz.Hash.Sha256.Implementation.CPortable)Raaz.Hash.Sha224.Implementation.CPortableRaaz.Hash.Sha384Raaz.Hash.Sha512)Raaz.Hash.Sha512.Implementation.CPortable)Raaz.Hash.Sha384.Implementation.CPortableRaaz.Cipher.InternalRaaz.Cipher.ChaCha20-Raaz.Cipher.ChaCha20.Implementation.CPortable Raaz.Random Raaz.HashRaaz.Cipher.AES,Raaz.Cipher.AES.CBC.Implementation.CPortableRaazRaaz.Core.Types.EqualityRaaz.Core.Types.DescribeRaaz.Core.Types.CopyingRaaz.Core.Types.AlignedRaaz.Core.Types.PointerRaaz.Core.Types.EndianRaaz.Core.Util.ByteStringRaaz.Core.Encode.InternalRaaz.Core.Encode.Base64Raaz.Core.Encode.Base16Raaz.Core.Types.TupleRaaz.Core.Constants Raaz.EntropyRaaz.Hash.Blake2.InternalRaaz.Hash.Blake2.RecommendationRaaz.Hash.Sha.UtilRaaz.Hash.Sha1.InternalRaaz.Hash.Sha1.RecommendationRaaz.Hash.Sha224.InternalRaaz.Hash.Sha256.InternalRaaz.Hash.Sha224.RecommendationRaaz.Hash.Sha256.RecommendationRaaz.Hash.Sha384.InternalRaaz.Hash.Sha512.InternalRaaz.Hash.Sha384.RecommendationRaaz.Hash.Sha512.RecommendationRaaz.Cipher.ChaCha20.Internal#Raaz.Cipher.ChaCha20.RecommendationRaaz.Random.ChaCha20PRGRaaz.Hash.Internal.HMACRaaz.Cipher.AES.InternalRaaz.Cipher.AES.Recommendation Raaz.Cipher Paths_raazResultEqualityeq=== Describablename descriptionDestunDestSrcunSrcsource destinationAligned unAlignedaligned16Bytesaligned32Bytesaligned64BytesFieldMFieldFieldATwistRF DistributiveFSemiR DistributiveLActionF<<.>>LAction<.><++> semiRSpace semiRMonoidtwistFunctorValuetwistMonoidValue computeField liftToFieldM runFieldM$fDistributiveFmWrappedArrow$fLActionFmWrappedArrow$fApplicativeTwistRF$fFunctorTwistRF $fMonoidSemiR AlignmentALIGNBITSBYTES LengthUnitinBytesPointerinBitsatLeastatLeastAlignedatMost bytesQuotRem bytesQuot bitsQuotRembitsQuot wordAlignmentsizeOf alignedSizeOf alignmentalignPtrmovePtrnextAlignedPtr peekAligned pokeAligned allocaBuffer allocaAligned allocaSecureallocaSecureAligned mallocBufferhFillBufmemcpymemmovememsetBELE EndianStorestoreload adjustEndianstoreAt storeAtIndex loadFromIndexloadFrom copyFromBytes copyToBytes littleEndian bigEndianlength replicateunsafeCopyToPointerunsafeNCopyToPointerwithByteStringfromByteStringStorablecreate createFromParserskip parseError parseWidth runParserunsafeRunParser parseStorableparseparseByteStringunsafeParseStorableVectorunsafeParseVectorparseStorableVector parseVectorFormatencodeByteString decodeFormat Encodable toByteStringfromByteStringunsafeFromByteStringBase64Base16 fromBase16 showBase16encodedecode unsafeDecode translateReadIOReadMWriteIOWriteM bytesToWrite unsafeWrite writeStorablewrite writeFromwriteStorableVector writeVector writeBytes glueWrites prependWritepadWritewriteByteString skipWrite bytesToRead unsafeRead readBytesreadInto$fEncodableWriteM$fIsStringWriteM$fDistributiveBYTES(->)$fLActionBYTES(->)$fMonoidTransferM$fMonoidWriteM $fMonoidReadM DimensionTuple dimensionrepeatMunsafeFromListinitialdiagonalzipWith MemoryCellExtractableToBuffer extractorInitialisableFromBuffer initialiser Extractableextract Initialisable initialise VoidMemoryMemory memoryAllocunsafeToPointerAlloc MemoryThreadsecurely insecurelyliftMT onSubMemoryMTexecutedoIOliftPointerAction getMemory pointerAlloc copyMemorymodifywithCellPointergetCellPointer$fExtractableToBufferMemoryCell#$fInitialisableFromBufferMemoryCell$fExtractableMemoryCella$fInitialisableMemoryCella$fMemoryMemoryCell $fMemory(,,,) $fMemory(,,) $fMemory(,)$fMemoryVoidMemory$fMemoryThreadMT $fMonadIOMT $fMonadMT$fApplicativeMT $fFunctorMTBLOCKSKeyRecommendation recommended PrimitiveImplementation blockSizeBlockAlgorithmbufferStartAlignmentallocBufferForblocksOf$fLengthUnitBLOCKS$fMonoidBLOCKS $fShowBLOCKS $fEqBLOCKS $fOrdBLOCKS $fEnumBLOCKSssesse2sse3sse4_1sse4_2avxavx2l1CachePureByteSource ByteSource fillBytes FillResult Remaining ExhaustedwithFillResultfill processChunks$fPureByteSourceMaybe$fPureByteSource[]$fPureByteSourceByteString$fPureByteSourceByteString0$fByteSource[]$fByteSourceMaybe$fByteSourceByteString$fByteSourceByteString0$fByteSourceHandle$fFunctorFillResult$fShowFillResult$fEqFillResult HashMemoryhashCellmessageLengthCellHashadditionalPadBlocks SomeHashIHashMHashI hashINamehashIDescriptioncompress compressFinalcompressStartAlignment truncatedIhashhashFile hashSourcehash' hashFile' hashSource'completeHashing extractLength updateLength$fExtractableHashMemoryh$fInitialisableHashMemoryh$fMemoryHashMemory$fBlockAlgorithmSomeHashI$fDescribableSomeHashI$fDescribableHashI$fBlockAlgorithmHashIBLAKE2sBLAKE2bimplementation2bimplementation2sblake2b blake2bFile blake2bSourceSHA1implementationSHA224SHA256 cPortable$fExtractableSHA224MemorySHA224$fInitialisableSHA224Memory()$fMemorySHA224MemorySHA384SHA512$fExtractableSHA384MemorySHA384$fInitialisableSHA384Memory()$fMemorySHA384Memory StreamCipherCipher SomeCipherICipherI cipherINamecipherIDescription encryptBlocks decryptBlockscipherStartAlignment CipherModeCBCCTR makeCipherIunsafeEncrypt' transform' transform unsafeEncryptunsafeDecrypt' unsafeDecrypt$fBlockAlgorithmSomeCipherI$fDescribableSomeCipherI$fDescribableCipherI$fBlockAlgorithmCipherI$fShowCipherMode$fEqCipherModeChaCha20KEYCounterIVchacha20RandomRandomStorablefillRandomElementsRandMRTreseedfillRandomBytesunsafeFillRandomElementsrandom randomiseCellrandomByteString$fRandomStorableTuple$fRandomStorableBE$fRandomStorableLE$fRandomStorableIV$fRandomStorableKEY$fRandomStorableInt$fRandomStorableInt64$fRandomStorableInt32$fRandomStorableInt16$fRandomStorableInt8$fRandomStorableWord$fRandomStorableWord64$fRandomStorableWord32$fRandomStorableWord16$fRandomStorableWord8$fMemoryThreadRT $fFunctorRT$fApplicativeRT $fMonadRT $fMonadIORTHMAChmachmacFile hmacSourcesha1sha1File sha1SourcehmacSha1 hmacSha1FilehmacSha1Sourcesha224 sha224File sha224Source hmacSha224hmacSha224FilehmacSha224Sourcesha256 sha256File sha256Source hmacSha256hmacSha256FilehmacSha256Sourcesha384 sha384File sha384Source hmacSha384hmacSha384FilehmacSha384Sourcesha512 sha512File sha512Source hmacSha512hmacSha512FilehmacSha512Sourcechacha20KEY256KEY192KEY128AES aes128cbc aes192cbc aes256cbc aes128ctr aes128cbcI aes192cbcI aes256cbcI$fInitialisableM256(,) $fMemoryM256$fInitialisableM192(,) $fMemoryM192$fInitialisableM128(,) $fMemoryM128versionghc-prim GHC.ClassesEq isSuccessfulD:R:VectorResult0D:R:MVectorsResult0unResultV_Result MV_Result$fVectorVectorResult$fMVectorMVectorResult $fUnboxResult$fMonoidResult$fEquality(,,,,,,)$fEquality(,,,,,)$fEquality(,,,,)$fEquality(,,,)$fEquality(,,) $fEquality(,)$fEqualityWord64$fEqualityWord32$fEqualityWord16$fEqualityWord8$fEqualityWord $fFunctorDest $fFunctorSrc AlignBoundaryalignmentBoundary$fStorableAlignedbaseGHC.BaseMonoidmappendAlignc_memcpyGHC.RealquotRemForeign.Marshal.AllocallocaBytesAligned mallocBytesGHC.IO.Handle.TexthGetBuf $fLActionuPtr unAlignmentunALIGNc_memset c_memmove c_munlockc_mlock$fMonoidAlignment$fLengthUnitBYTES$fLengthUnitALIGN $fMonoidALIGN $fMonoidBYTESunBEunLEV_BEMV_BEV_LEMV_LE c_Swap64Array c_Swap32ArrayunBEPtr$fVectorVectorBE$fMVectorMVectorBE$fVectorVectorLE$fMVectorMVectorLE D:R:VectorBE0D:R:MVectorsBE0 D:R:VectorLE0D:R:MVectorsLE0 $fUnboxBE $fUnboxLE$fEndianStoreLE$fEndianStoreLE0$fEndianStoreBE$fEndianStoreBE0 $fFunctorBE $fFunctorLE$fEndianStoreBYTES$fEndianStoreWord8bytestring-0.10.8.1Data.ByteString.Internal ByteStringForeign.StorablepeekNothing undefParseStorable ParseAction BytesMonoid makeParserGHC.ShowShow Data.StringIsStringMaybeGHC.WordWord32$fFormatByteString$fEncodableBYTES$fEncodableBITS$fEncodableByteString $fEncodableBE$fEncodableBE0 $fEncodableLE$fEncodableLE0$fEncodableWord8b64$fIsStringBase64unBase64top6bot2top4bot4top2bot6byte0byte1byte2byte3padunB64toB64merg0merg1merg2 unsafeFromB64$fFormatBase64 $fShowBase64$fEncodableBase64 fromStringshow$fIsStringBase16unBase16hexhexDigit unsafeFromHex$fFormatBase16 $fShowBase16$fEncodableBase16 Data.Monoid<>TransferTransferAction TransferM makeTransfer makeWritemakeReadWord8unReadMunWriteM unTransferMgetAgetParseDimension $fEqTupleunTuple natValInt dimensionP getTupFromP$fEndianStoreTuple$fStorableTuple$fEqualityTuple Applicative PointerAction makeAlloc withMemorywithSecureMemory actualCellPtr unMemoryCell unVoidMemory AllocFieldunMTunBLOCKSc_avx2c_avxc_sse4_2c_sse4_1c_sse3c_sse2c_ssegccBuiltInToBool getEntropy Blake2sMem Blake2bMemWord2sWord2bBLAKE2hash2b0 Data.Bitsxorhash2s0 blake2Padblake2bImplementationblake2sImplementationLast2s Compress2sLast2b Compress2b blake2sCell lengthCell blake2bCell uLengthCell lLengthCell$fExtractableBlake2sMemBLAKE2$fInitialisableBlake2sMem()$fMemoryBlake2sMem$fExtractableBlake2bMemBLAKE2$fInitialisableBlake2bMem()$fMemoryBlake2bMem $fHashBLAKE2$fPrimitiveBLAKE2 $fHashBLAKE20$fPrimitiveBLAKE20 $fShowBLAKE2 $fShowBLAKE20$fIsStringBLAKE2$fIsStringBLAKE20$fEncodableBLAKE2$fEncodableBLAKE20c_blake2s_lastc_blake2s_compressc_blake2b_lastc_blake2b_compress cPortable2b cPortable2s$fRecommendationBLAKE2$fRecommendationBLAKE20ShaBufferAction Compressor LengthWriteShaWriteShaMonadIsSha length64Writelength128WriteliftCompressor shaBlocksshaFinalshaPadshaImplementation $fHashSHA1$fPrimitiveSHA1$fInitialisableHashMemory() $fShowSHA1$fIsStringSHA1$fEncodableSHA1c_sha1_compress$fRecommendationSHA1 $fHashSHA224$fPrimitiveSHA224 $fShowSHA224$fIsStringSHA224$fEncodableSHA224 $fHashSHA256$fPrimitiveSHA256 $fShowSHA256$fIsStringSHA256$fEncodableSHA256c_sha256_compress SHA224Memory unSHA224Mem$fRecommendationSHA224$fRecommendationSHA256 $fHashSHA384$fPrimitiveSHA384 $fShowSHA384$fIsStringSHA384$fEncodableSHA384 $fHashSHA512$fPrimitiveSHA512 $fShowSHA512$fIsStringSHA512$fEncodableSHA512c_sha512_compress SHA384Memory unSHA384Mem$fRecommendationSHA384$fRecommendationSHA512CipherM ChaCha20MemWORDkeyCellivCell counterCell ChaCha20Key$fInitialisableChaCha20Mem(,)$fInitialisableChaCha20Mem(,,)$fMemoryChaCha20Mem$fStreamCipherChaCha20$fCipherChaCha20$fDescribableChaCha20$fPrimitiveChaCha20 $fIsStringKEY $fShowKEY$fEncodableKEY $fIsStringIV$fShowIV $fEncodableIVc_chacha20_block chacha20Blockchacha20Portable RandomBufgetBufferPointerrandomBufferSizerandomBufferAlignmentunBuf$fMemoryRandomBuf$fRecommendationChaCha20 RandomState maxCounterVal withAuxBuffergetRemainingBytessetRemainingBytes newSampleseed seedIfReq fillKeyIVWithreseedMTfillRandomBytesMTfillExistingBytes chacha20State auxBufferremainingBytes$fMemoryRandomState seedAndRunRTunRTHMACKeyhmac' hmacFile' hmacSource'$fIsStringHMACKeyunHMACunKey hmacAdjustKey $fShowHMAC $fShowHMACKey$fEncodableHMACKey$fRandomStorableHMACKey$fEndianStoreHMACKey$fStorableHMACKeyEKEY256EKEY192EKEY128TUPLE pokeAndExpand$fPrimitiveAES$fPrimitiveAES0$fPrimitiveAES1 $fShowKEY256$fIsStringKEY256 $fShowKEY192$fIsStringKEY192 $fShowKEY128$fIsStringKEY128c_expand$fInitialisableMemoryCellKEY256$fInitialisableMemoryCellKEY192$fInitialisableMemoryCellKEY128 $fCipherAES$fDescribableAES $fCipherAES0$fDescribableAES0 $fCipherAES1$fDescribableAES1$fRandomStorableKEY256$fRandomStorableKEY192$fRandomStorableKEY128$fEncodableKEY256$fEncodableKEY192$fEncodableKEY128M256M192M128 c_aes_cbc_d c_aes_cbc_e c_transposecbc128CPortable cbc128Encrypt cbc128Decryptcbc192CPortable cbc192Encrypt cbc192Decryptcbc256CPortable cbc256Encrypt cbc256Decryptm256ekeym256ivm192ekeym192ivm128ekeym128iv$fRecommendationAES$fRecommendationAES0$fRecommendationAES1catchIObindirlibdirdatadir libexecdir sysconfdir getBinDir getLibDir getDataDir getLibexecDir getSysconfDirgetDataFileName