нУЁh$  Ж═  Й╟                   	  
                                               !  "  #  $  %  &  '  (  )  *  +  ,  -  .  /  0  1  2  3  4  5  6  7  8  9  :  ;  <  =  >  ?  @  A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  [  \  ]  ^  _  `  a  b  c  d  e  f  g  h  i  j  k  l  m  n  o  p  q  r  s  t  u  v  w  x  y  z  {  |  }  ~    ─  │  ┌  ┐  └  ┘  ├  ┤  ┬  ┴  ┼  ▀  ▄  █  ▌  ▐  ░  ▒  ▓  ⌠  ■  ∙  √  ≈  ≤  ≥     ⌡  °  ²  ·  ÷  ═  ║  ╒  ё  є  ╔  і  ї  ╗  ╘  ╙  ╚  ╛  ґ  ў  ╞  ╟  ╠  ╡  Ё  Є  ╣  І  Ї  ╦  ╧  ╨  ╩  ╪  Ґ  Ў  ©  ю  	а  
б  
ц  
д  
е  
ф  
г  
х  
и  
й  
к  
л  
м  
н  
о  
п  
я  
р  
с  
т  
у  
ж  
в  
ь  
ы  
з  
ш  
э  
щ  
ч  
ъ  
Ю  
А  
Б  
Ц  
Д  
Е  
Ф  
Г  
Х  
И  
Й  
К  
Л  М  Н  О  П  Я  Р  С  Т  У  Ж  В  Ь  Ы  З  Ш  Э  Щ  Ч  Ъ  ─  │  ┌  ┐  └  ┘  ├  ┤  ┬  ┴  ┼  ▀  ▄  █  ▌  ▐  ░  ▒  ▓  ⌠  ■  ∙  √  ≈  ≤  ≥     ⌡  °  ²  ·  ÷  ═  ║  ╒  ё  є  ╔  і  ї  ╗  ╘  ╙  ╚  ╛  ґ  ў  ╞  ╟  ╠  ╡  Ё  Є  ╣  І  Ї  ╦  ╧  ╨  ╩  ╪  Ґ  Ў  ©  ю  а  б  ц  д  е  ф  г  х  и  й  к  л  м  н  о  п  я  р  с  т  у  ж  в  ь  ы  з  ш  э  щ  ч  ъ  Ю  А  Б  Ц  Д  Е  Ф  Г  Х  И  Й  К  Л  М  Н  О  П  Я  Р  С  Т  У  Ж  В  Ь  Ы  З  Ш  Э  Щ  Ч  Ъ  ─  │  ┌  ┐  └  ┘  ├  ┤  ┬  ┴  ┼  ▀  ▄  █  ▌  ▐  ░  ▒  ▓  ⌠  ■  ∙  √  ≈  ≤  ≥     ⌡  °  ²  ·  ÷  ═  ║  ╒  ё  є  ╔  і  ї  ╗  ╘  ╙  ╚  ╛  ґ  ў  ╞   б   !       Safe-Inferred   $  ╟╠╡ЁЄ╣ІЇ            None   	Д  raaz-Check whether the cpu supports sse extension. raaz.Check whether the cpu supports sse2 extension. raaz.Check whether the cpu supports sse3 extension. raaz0Check whether the cpu supports sse4_1 extension. raaz1Check whether the cpu supports sse-4.2 extension. raaz-Check whether the cpu supports avx extension. raaz.Check whether the cpu supports avx2 extension.              Safe-Inferred >ю а б   k raazA monadic arrow field. raazв A field where the underlying arrow is the (->). This is normally
 what we call a field.	 raazЖ A field on the space is a function from the points in the space
 to some value. Here we define it for a general arrow.
 raazД The twisted functor is essentially a generalisation of
 semi-direct product to applicative functors. raaz╒The generalisation of distributivity to applicative
 functors. This generalisation is what allows us to capture
 applicative functors like parsers. For an applicative functor, and
 a monoid acting uniformly on it, we say that the action is
 distributive if the following laws are satisfied:Ж m <<.>> (pure a) = pure a            -- pure values are stoic
m <<.>> (a <*> b) = (m <<.>> a) <*> (m <<.>> b)  -- dist raazшThe semidirect product Space йE Monoid. For monoids acting on
 monoidal spaces distributively the semi-direct product is itself a
 monoid. It turns out that data serialisers can essentially seen as
 a semidirect product. raazЙ A left-monoid action on a monoidal-space, i.e. the space on which
 the monoid acts is itself a monoid, is distributive if it
 satisfies the law:'a <.> p <> q  = (a <.> p) <> (a <.> q).)The above law implies that every element m is a monoid
 homomorphism. raazп Uniform action of a monoid on a functor. The laws that should
 be satisfied are:П 1 <<.>> fx  = fx
(a <> b) <<.>> fx  = a . (b <<.>> fx)
m <<.>> fmap f u = fmap f (m <<.>> u)   -- acts uniformly raaz	A monoid mЬ  acting on the left of a space. Think of a left
 action as a multiplication with the monoid. It should satisfy the
 law:К 1 <.> p = p                         -- identity
a <> b <.> p  = a <.> b <.> p   -- successive displacements raaz?An alternate symbol for <> more useful in the additive context. raazл From the an element of semi-direct product Space йE Monoid return
 the point. raazу From the an element of semi-direct product Space йE Monoid return
 the monoid element. raaz!Get the underlying functor value. raaz Get the underlying monoid value. raaz;Compute the value of a field at a given point in the space. raaz Lift a monadic action to FieldM. raaz3Runs a monadic field at a given point in the space. raaz:The action on the space translates to the action on field. 	

	 555  "       Safe-Inferred -/>ю а б и т в ы   Г" raazA type w0 forced to be aligned to the alignment boundary alg# raazThe underlying unAligned value.$ raaz#Align the value to 16-byte boundary% raaz#Align the value to 32-byte boundary& raaz#Align the value to 64-byte boundary "#$%&     #       Noneн   P' raaz$The destination of a copy operation.&Note to Developers of Raaz: Since the  'Д  type inherits the
 Storable instance of the base type, one can use this type in
 foreign functions.( raazThe source of a copy operation.) raazsmart constructor for source* raaz#smart constructor for destionation. '╦╧(╨╩)*     $       Safe-Inferred   -+ raazя This class captures all types that have some sort of description
 attached to it., raaz%Short name that describes the object.- raazLonger description +,-     %       None ?а б и в   *. raaz┼The result of a comparison. This is an opaque type and the monoid instance essentially takes
 AND of two comparisons in a timing safe way./ raazх All types that support timing safe equality are instances of this class.1 raaz9Check whether two values are equal using the timing safe  00
 function. Use this function when defining the  ╪% instance for a
 Sensitive data type.Ґ raazVector of Results.Ў raazMVector for Results. ./01     &       None >ю а б н   0J"2 raaz-Types to measure alignment in units of bytes.3 raazєType safe length unit that measures offsets in multiples of word
 length. This length unit can be used if one wants to make sure that
 all offsets are word aligned.4 raaz+Type safe lengths/offsets in units of bits.6 raaz,Type safe lengths/offsets in units of bytes.8 raaz·In cryptographic settings, we need to measure pointer offsets and
 buffer sizes. The smallest of length/offset that we have is bytes
 measured using the type  6╙. In various other circumstances, it
 would be more natural to measure these in multiples of bytes. For
 example, when allocating buffer to use encrypt using a block cipher
 it makes sense to measure the buffer size in multiples of block of
 the cipher. Explicit conversion between these length units, while
 allocating or moving pointers, involves a lot of low level scaling
 that is also error prone. To avoid these errors due to unit
 conversions, we distinguish between different length units at the
 type level. This type class capturing all such types, i.e. types
 that stand of length units. Allocation functions and pointer
 arithmetic are generalised to these length units.All instances of a  8" are required to be instances of
  ©Ч  where the monoid operation gives these types the natural
 size/offset addition semantics: i.e. shifting a pointer by offset
 a  ю b is same as shifting it by a and then by b.9 raaz"Express the length units in bytes.: raaz3The pointer type used by all cryptographic library.; raaz!Express the length units in bits.< raazExpress length unit src in terms of length unit dest rounding
 upwards.= raaz+Often we want to allocate a buffer of size lн . We also want to
 make sure that the buffer starts at an alignment boundary
 aН . However, the standard word allocation functions might return a
 pointer that is not aligned as desired. The atLeastAligned l a
 returns a length n such the length n1 is big enough to ensure
 that there is at least lй  length of valid buffer starting at the
 next pointer aligned at boundary a . If the alignment required in
 a0 then allocating @l + a - 1 should do the trick.> raazExpress length unit src in terms of length unit dest rounding
 downwards.? raazA length unit u/ is usually a multiple of bytes. The function
  ?	 is like  а: the value byteQuotRem bytes is
 a tuple (x,r), where x is bytes expressed in the unit u
 with r being the reminder.@ raazFunction similar to  ? but returns only the quotient.A raazFunction similar to  ? but works with bits instead.B raazFunction similar to  A but returns only the quotient.C raaz.The default alignment to use is word boundary.D raaz'Compute the size of a storable element.E raazю Size of the buffer to be allocated to store an element of type
 a┐ so as to guarantee that there exist enough space to store the
 element after aligning the pointer. If the size of the element is
 s and its alignment is a- then this quantity is essentially
 equal to 	s + a - 1'. All units measured in word alignment.F raaz,Compute the alignment for a storable object.G raaz-Align a pointer to the appropriate alignment.H raaz.Move the given pointer with a specific offset.I raazк Compute the next aligned pointer starting from the given pointer
 location.J raaz0Peek the element from the next aligned location.K raaz0Poke the element from the next aligned location.L raazA less general version of  M7 where the pointer passed
 is aligned to word boundary.M raazThe expression allocaAligned a l action% allocates a local
 buffer of length l and alignment a$ and passes it on to the IO
 action action║. No explicit freeing of the memory is required as
 the memory is allocated locally and freed once the action
 finishes. It is better to use this function than
  б, as it does type safe scaling and alignment.N raazA less general version of  O6 where the pointer passed
 is aligned to word boundaryO raazпThis function allocates a chunk of "secure" memory of a given
 size and runs the action. The memory (1) exists for the duration of
 the action (2) will not be swapped during that time and (3) will be
 wiped clean and deallocated when the action terminates either
 directly or indirectly via errors. While this is mostly secure,
 there can be strange situations in multi-threaded application where
 the memory is not wiped out. For example if you run a
 crypto-sensitive action inside a child thread and the main thread
 gets exists, then the child thread is killed (due to the demonic
 nature of haskell threads) immediately and might not give it chance
 to wipe the memory clean. This is a problem inherent to how the
 bracket( combinator works inside a child thread.'TODO: File this insecurity in the wiki.P raaz:Creates a memory of given size. It is better to use over
  ц as it uses typesafe length.Q raazA version of  д, which works for any type safe length units.R raazCopy between pointers.S raazMove between pointers.T raaz6Sets the given number of Bytes to the specified value.е raaz,The most interesting monoidal action for us.L  raazbuffer length raazthe action to runM  raazthe alignment of the buffer raazsize of the buffer raazthe action to runP  raazbuffer lengthR  raazdestination raazsrc raazNumber of Bytes to copyS  raazdestination raazsource raazNumber of Bytes to copyT  raazTarget raazValue byte to set raazNumber of bytes to set#23456789:;<=>?@ABCDEFGHIJKLMNOPQRST     '       None 3>ю а б и н в   @еU raaz$Big endian version of the word type wV raaz'Little endian version of the word type wW raazОThis class captures types which provides an endian agnostic way
 of loading from and storing to data buffers. Any multi-byte type
 that is meant to be serialised to the outside world should be an
 instance of this class. When defining the  Y,  X,
  Zл  member functions, care should be taken to ensure
 proper endian conversion.X raazThe action store ptr w stores w at the location pointed by
 ptr.  Endianness of the type wч  is taken care of when storing.
 For example, irrespective of the endianness of the machine,
 #store ptr (0x01020304 :: BE Word32) will store the bytes
 0x01, 0x02, 0x03, 0x04 respectively at locations ptr,
 ptr +1, ptr+2 and ptr+3. On the other hand $store ptr
 (0x01020304 :: LE Word32) would store 0x04, 0x03, 0x02,
 0x01 at the above locations.Y raazThe action load ptr loads the value stored at the ptrс . Like
 store, it takes care of the endianness of the data type.  For
 example, if ptr) points to a buffer containing the bytes 0x01,
 0x02, 0x03, 0x042, irrespective of the endianness of the
 machine, load ptr :: IO (BE Word32) will load the vale
 
0x01020304	 of type 	BE Word32 and load ptr :: IO (LE Word32)
 will load 
0x04030201	 of type 	LE Word32.Z raazThe action adjustEndian ptr n7 adjusts the encoding of bytes
 stored at the location ptrв  to conform with the endianness of
 the underlying data type. For example, assume that ptr* points
 to a buffer containing the bytes 0x01 0x02 0x03 0x04,, and we
 are on a big endian machine, then (adjustEndian (ptr :: Ptr (LE
 Word32)) 1 will result in ptr pointing to the sequence 0x04
 0x03 0x02 0x01≈. On the other hand if we were on a little endian
 machine, the sequence should remain the same.  In particular, the
 following equalities should hold.9
store ptr w          = poke ptr w >> adjustEndian ptr 1
Similarly the value loaded by load ptr* should be same as the
 value returned by adjustEndian ptr 1 >> peak ptr>, although the
 former does not change the contents stored at ptrю  where as the
 latter might does modify the contents pointed by ptr= if the
 endianness of the machine and the time do not agree.The action )adjustEndian ptr n >> adjustEndian ptr n  should be
 equivalent to 	return ().[ raazД Store the given value at an offset from the crypto pointer. The
 offset is given in type safe units.\ raazStore the given value as the n8-th element of the array
 pointed by the crypto pointer.] raaz	Load the n4-th value of an array pointed by the crypto pointer.^ raazа Load from a given offset. The offset is given in type safe units._ raazFor the type w, the action copyFromBytes dest src n copies n-elements from
 src to destп . Copy performed by this combinator accounts for the
 endianness of the data in dest and is therefore not a mere copy
 of n * sizeOf(w)( bytes. This action does not modify the src
 pointer in any way.` raazSimilar to copyFromBytesУ  but the transfer is done in the other direction. The copy takes
 care of performing the appropriate endian encoding.a raaz%Convert to the little endian variant.b raaz#Convert to the big endian variants.X  raazthe location. raazvalue to storeZ  raazbuffer pointers, raazhow many w's are present,[  raazthe pointer raaz.the absolute offset in type safe length units. raazvalue to store\  raaz.the pointer to the first element of the
 array raazthe index of the array raazthe value to store]  raaz.the pointer to the first element of
 the array raazthe index of the array^  raazthe pointer raaz
the offset_ raazHow many items.UVWXYZ[\]^_`ab     (       None?  Eґc raaz A typesafe length for Bytestringd raaz A type safe version of replicatee raaz╘Copy the bytestring to the crypto buffer. This operation leads to
 undefined behaviour if the crypto pointer points to an area smaller
 than the size of the byte string.f raazSimilar to  e  but takes an additional input
 n╗ which is the number of bytes (expressed in type safe length
 units) to transfer. This operation leads to undefined behaviour if
 either the bytestring is shorter than n7 or the crypto pointer
 points to an area smaller than n.g raaz3Works directly on the pointer associated with the
  фм . This function should only read and not modify the
 contents of the pointer.h raaz(Get the value from the bytestring using  г.i raazThe action create l act creates a length l9 bytestring where
 the contents are filled using the the act to fill the buffer.j raazThe IO action createFrom n cptr" creates a bytestring by copying
 n bytes from the pointer cptr.e  raazThe source. raazThe destination.f  raazlength of data to be copied raazThe source byte string raaz
The buffercdefghij            None   Eс  cdefghijcdhijgef           None   MCk raaz;An applicative parser type for reading data from a pointer.l raazSkip over some data.m raaz/A parser that fails with a given error message.n raaz,Return the bytes that this parser will read.o raaz+Runs a parser on a byte string. It returns  хц  if the byte string is smaller than
 what the parser would consume.p raaz7Run the parser without checking the length constraints.q raazёParses a value which is an instance of Storable. Beware that this
 parser expects that the value is stored in machine endian. Mostly
 it is useful in defining the  г function in a complicated
  и
 instance.r raaz╠Parse a crypto value. Endian safety is take into account
 here. This is what you would need when you parse packets from an
 external source. You can also use this to define the  Y
 function in a complicated  W
 instance.s raaz-Parses a strict bytestring of a given length.t raazSimilar to parseStorableVectorф but is expected to be slightly
 faster. It does not check whether the length parameter is
 non-negative and hence is unsafe. Use it only if you can prove that
 the length parameter is non-negative.u raazSimilar to parseVectorф but is expected to be slightly
 faster. It does not check whether the length parameter is
 non-negative and hence is unsafe. Use it only if you can prove that
 the length parameter is non-negative.v raazSimilar to  w└ but parses according to the host
 endian. This function is essentially used to define storable
 instances of complicated data. It is unlikely to be of use when
 parsing externally serialised data as one would want to keep track
 of the endianness of the data.w raaz┤Parses a vector of elements. It takes care of the correct endian
 conversion. This is the function to use while parsing external
 data. klmnopqrstuvwknmoprqwvutsl    )       None9>?ю   Wбx raazуA binary format is a representation of binary data often in
 printable form. We distinguish between various binary formats at
 the type level and each supported format corresponds to an instance
 of the the class  x. The  y and
  z! are required to satisfy the laws$decodeFormat . encodeByteString = idЎFor type safety, the formats themselves are opaque types and hence
 it is not possible to obtain the underlying binary data directly.
 We require binary formats to be instances of the class  {,
 with the combinators  | and  }	 of the
  {3 class performing the actual encoding and decoding.Instances of  x! are required to be instances of  йЦ  and so
 that the encoded format can be easily printed. They are also
 required to be instances of  ке  so that they can be easily
 represented in Haskell source using the OverloadedStringsУ 
 extension.  However, be careful when using this due to the fact
 that invalid encodings can lead to runtime errors.y raazЬ Encode binary data into the format. The return type gurantees
 that any binary data can indeed be encoded into a format.z raaz▄Decode the format to its associated binary
 representation. Notice that this function always succeeds: we
 assume that elements of the type fmt3 are valid encodings and
 hence the return type is  ф instead of  л
 ByteString.{ raazThe type class  {А  captures all the types that can be
 encoded into a stream of bytes. For a user defined type say Foo,
 defining an instance  {) is all that is required to make
 use of encode and decodeи  for any of the supported encoding
 formats (i.e. instances of the class  x)..Minimum complete definition for this class is  | and
  }. Instances of  WШ  have default
 definitions for both these functions and hence a trivial instance
 declaration is sufficient for such types.Щ newtype Foo = Foo (LE Word64) deriving (Storable, EndianStore)

instance EndianStore Foo where
  ...

instance Encodable Foo
р In particular, all the endian encoded versions of Haskell's word,
 i.e types like  V Word32,  V Word64 etc, are instances of
  {,. Note that the corresponding plain type is not an
 instance of  { because encoding of say  м; without
 specifying whether the endianness is meaningless.| raazConvert stuff to bytestring} raaz5Try parsing back a value. Returns nothing on failure.~ raazUnsafe version of  }н raaz?Bytestring itself is an encoding format (namely binary format). xyz{|}~     *       None н   Xe raazг The type corresponding to the standard padded base-64 binary
 encoding.о raazIgnores spaces and newlines.      +       None н   Zй─ raazю The type corresponding to base-16 or hexadecimal encoding. The
  ─м  encoding has a special place in this library: most
 cryptographic types use  ─ encoding for their  й and
  к instance. The combinators  │ and  ┌4
 are exposed mainly to make these definitions easy.│ raazBase16 variant of  п. Useful in definition of
  к2 instances as well as in cases where the default
  к0 instance does not parse from a base16 encoding.┌ raazBase16 variant of  я.р raazIgnores spaces and :	 (colon). ─│┌            None   [и┐ raazEncode in a given format.└ raazм Decode from a given format. It results in Nothing if there is a
 parse error.┘ raazThe unsafe version of  └.├ raaz%Translate from one format to another. xyz{|}~─│┌┐└┘├{|}~xyz┐└├┘─│┌           None >?ю а б н   m┤ raazA read io-action.┬ raazThe  ┬╚ is the type that captures the act of reading from a buffer
 and possibly doing some action on the bytes read. Although
 inaccurate, it is helpful to think of elements of  ┬в  as action
 that on an input buffer transfers data from it to some unspecified
 source.<Read actions form a monoid with the following semantics: if r1
 and r2 are two read actions then r1  с r2' first reads the
 data associated from r1- and then the read associated with the
 data r2.┴ raazA write io-action.┼ raazп An element of type `WriteM m` is an action which when executed transfers bytes
 into its input buffer.  The type  ┼ m8 forms a monoid and
 hence can be concatnated using the  с
 operator.▀ raazй Returns the bytes that will be written when the write action is performed.▄ raaz9Perform the write action without any checks of the buffer█ raazThe expression  █ a+ gives a write action that
 stores a value a* in machine endian. The type of the value a has
 to be an instance of  иҐ. This should be used when we want
 to talk with C functions and not when talking to the outside world
 (otherwise this could lead to endian confusion). To take care of
 endianness use the  ▌ combinator.▌ raazThe expression  ▌ a+ gives a write action that stores a
 value a". One needs the type of the value a to be an instance of
  Wґ. Proper endian conversion is done irrespective of
 what the machine endianness is. The man use of this write is to
 serialize data for the consumption of the outside world.▐ raaz)Write many elements from the given buffer░ raazThe vector version of  █.▒ raazThe vector version of  ▌.▓ raazThe combinator writeBytes n b writes b as the next n
 consecutive bytes.⌠ raazThe combinator glueWrites w n hdr ftr is equivalent to
 hdr <> glue <> ftr where the write glue writes as many bytes
 w5 so that the total length is aligned to the boundary n.■ raazThe write action prependWrite w n wr  is wr pre-pended with the byte w1 so that the total length
 ends at a multiple of n.∙ raazThe write action padWrite w n wr is wr padded with the byte w1 so that the total length
 ends at a multiple of n.√ raazWrites a strict bytestring.≈ raaz4A write action that just skips over the given bytes.≤ raazThe expression bytesToRead rы  gives the total number of bytes that
 would be read from the input buffer if the action r is performed.≥ raazThe action unsafeRead r ptr results in reading bytesToRead r#
 bytes from the buffer pointed by ptrЯ . This action is unsafe as it
 will not (and cannot) check if the action reads beyond what is
 legally stored at ptr.  raazThe action readBytes sz dptrг  gives a read action, which if run on
 an input buffer, will transfers sz' to the destination buffer
 pointed by dptrд . Note that it is the responsibility of the user
 to make sure that dptr has enough space to receive sz8 units of
 data if and when the read action is executed.⌡ raazThe action readInto n dptrф  gives a read action which if run on an
 input buffer, will transfers n elements of type a into the
 buffer pointed by dptr!. In particular, the read action readInto n
 dptr is the same as ,readBytes (fromIntegral n :: BYTES Int) dptr
 when the type a is  т.▄ raaz.The pointer for the buffer to be written into.⌠  raazThe bytes to use in the glue raaz The length boundary to align to. raazThe header write raazThe footer write■  raazthe byte to pre-pend with. raaz"the length to align the message to raaz"the message that needs pre-pending∙  raazthe padding byte to use raazthe length to align message to raazthe message that needs padding≥ raaz.The pointer for the buffer to be written into.   raazhow much to read. raazbuffer to read the bytes into⌡  raazhow many elements to read. raaz buffer to read the elements into┤┬┴┼▀▄█▌▐░▒▓⌠■∙√≈≤≥ ⌡┬┤≤≥ ⌡┼┴▀▄▌█▒░▐▓∙■⌠√≈    ,       None -/>ю а б и т ж в ы   q:	і raaz─Function that returns the dimension of the tuple. The dimension
 is calculated without inspecting the tuple and hence the term
  ╗ (undefined :: Tuple 5 Int) will evaluate to 5.>The constaint on the dimension of the tuple (since base 4.7.0)ї raazч Tuples that encode their length in their types. For tuples, we call
 the length its dimension.╗ raaz3This combinator returns the dimension of the tuple.╘ raaz0Construct a tuple by repeating a monadic action.╙ raaz▀Construct a tuple out of the list. This function is unsafe and
 will result in run time error if the list is not of the correct
 dimension.╚ raazГ Computes the initial fragment of a tuple. No length needs to be given
 as it is infered from the types.╛ raazThe 
diagonal a( gives a tuple, all of whose entries is a.ґ raazA zipwith function for tuplesу raaz!Equality checking is timing safe. ії╗╘╙╚╛ґ            None   qh  и "#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWZXY[\]^_`abії╗╘╙╚╛ґи /01.WXYZ_`VUab[\^]:896745;DA?B@<=>2C3FGHEIJKMOLNPTSRQ"#$%&їі╗╚╛╘ґ╙'()*+,-           None -?а б ф и н в ы   zQў raaz═Type safe message length in units of blocks of the primitive.
 When dealing with buffer lengths for a primitive, it is often
 better to use the type safe units  ўг. Functions in the raaz
 package that take lengths usually allow any type safe length as
 long as they can be converted to bytes. This can avoid a lot of
 tedious and error prone length calculations.╞ raaz▌Some primitives like ciphers have an encryption/decryption key. This
 type family captures the key associated with a primitive if it has
 any.╟ raaz3Primitives that have a recommended implementations.╠ raaz1The recommended implementation for the primitive.╡ raazпThe type class that captures an abstract block cryptographic
 primitive. Bulk cryptographic primitives like hashes, ciphers etc
 often acts on blocks of data. The size of the block is captured by
 the member  Є.Н As a library, raaz believes in providing multiple implementations
 for a given primitive. The associated type  Ё,
 captures implementations of the primitive.з For use in production code, the library recommends a particular
 implementation using the  ╟Б  class. By default this is
 the implementation used when no explicit implementation is
 specified.Ё raazц Associated type that captures an implementation of this
 primitive.Є raazThe block size.╣ raazДImplementation of block primitives work on buffers. Often for optimal
 performance, and in some case for safety, we need restrictions on
 the size and alignment of the buffer pointer. This type class
 captures such restrictions.І raaz.The alignment expected for the buffer pointer.Ї raazн Allocate a buffer a particular implementation of a primitive prim.
 algorithm algoъ . It ensures that the memory passed is aligned
 according to the demands of the implementation.╦ raazThe expression n  ╦ pн  specifies the message lengths in
 units of the block length of the primitive pх . This expression is
 sometimes required to make the type checker happy. ў╞╟╠╡ЁЄ╣ІЇ╦╡ЁЄ╣І╞╟╠ў╦Ї    -       None   zЫю raazр Typical size of L1 cache. Used for selecting buffer size etc in crypto operations. ю     
       None '(>ю а б и т в ы   ▒kа raaz2A memory location to store a value of type having  и
 instance.б raazІA memory type that can extract bytes into a buffer. The extraction will perform
 a direct copy and hence the chances of the extracted value ending
 up in the swap space is minimised.д raazтA memory type that can be initialised from a pointer buffer. The initialisation performs
 a direct copy from the input buffer and hence the chances of the
 initialisation value ending up in the swap is minimised.ф raazр Memories from which pure values can be extracted. Once a pure value is
 extracted,х raazШMemories that can be initialised with a pure value. The pure
 value resides in the Haskell heap and hence can potentially be
 swapped. Therefore, this class should be avoided if compromising
 the initialisation value can be dangerous. Consider using
 InitialiseableFromBufferй raaz$A memory element that holds nothing.к raazВAny cryptographic primitives use memory to store stuff. This
 class abstracts all types that hold some memory. Cryptographic
 application often requires securing the memory from being swapped
 out (think of memory used to store private keys or passwords). This
 abstraction supports memory securing. If your platform supports
 memory locking, then securing a memory will prevent the memory from
 being swapped to the disk. Once secured the memory location is
 overwritten by nonsense before being freed.&While some basic memory elements like  аИ  are exposed from
 the library, often we require compound memory objects built out of
 simpler ones. The  ж instance of the  н≤ can be made
 use of in such situation to simplify such instance declaration as
 illustrated in the instance declaration for a pair of memory
 elements.╛instance (Memory ma, Memory mb) => Memory (ma, mb) where

   memoryAlloc             = (,) <$> memoryAlloc <*> memoryAlloc

   unsafeToPointer (ma, _) =  unsafeToPointer maл raaz%Returns an allocator for this memory.м raaz-Returns the pointer to the underlying buffer.н raaz'A memory allocator for the memory type mem. The  ж
 instance of Allocу  can be used to build allocations for
 complicated memory elements from simpler ones.о raazт A class that captures abstract "memory threads". A memory thread
 can either be run  п or  я?. Pure IO actions can
 be run inside a memory thread using the runIO-.  However, the IO
 action that is being run must not directly or indirectly run a
 secure7 action ever. In particular, the following code is bad.3-- BAD EXAMPLE: DO NOT USE.
runIO $ securely $ foo
,On the other hand the following code is fine'
runIO $ insecurely $ someMemoryAction
б As to why this is dangerous, it has got to do with the fact that
 mlock and munlock! do not nest correctly. A single munlock can
 unlock multiple calls of mlock% on the same page.  Whether a given
 IOМ  action unlocks memory is difficult to keep track of; for all
 you know, it might be a FFI call that does an 	memunlock9. Hence,
 currently there is no easy way to enforce this.п raazеRun a memory action with the internal memory allocated from a
 locked memory buffer. This memory buffer will never be swapped
 out by the operating system and will be wiped clean before
 releasing.ЛMemory locking is an expensive operation and usually there would be
 a limit to how much locked memory can be allocated. Nonetheless,
 actions that work with sensitive information like passwords should
 use this to run an memory action.я raazЧRun a memory action with the internal memory used by the action
 being allocated from unlocked memory. Use this function when you
 work with data that is not sensitive to security considerations
 (for example, when you want to verify checksums of files).р raazLift an actual memory thread.с raazш Combinator that allows us to run a memory action on a
 sub-memory element. A sub-memory of submem of a memory element
 mem is given by a projection proj : mem -> submem. The action
 onSubMemory projг  lifts the a memory thread on the sub element
 to the compound element.т raazAn action of type  т mem aц  is an action that uses internally
 a single memory object of type mem and returns a result of type
 aВ . All the actions are performed on a single memory element and
 hence the side effects persist. It is analogues to the ST monad.у raaz/Run a given memory action in the memory thread.ж raaz.Perform an IO action inside the memory thread.в raazд An IO allocator can be lifted to the memory thread level as follows.ь raaz7Get the underlying memory element of the memory thread.ы raazAllocates a buffer of size l' and returns the pointer to it pointer.з raaz╛Copy data from a given memory location to the other. The first
 argument is destionation and the second argument is source to match
 with the convention followed in memcpy.ш raazб Apply the given function to the value in the cell. For a function f :: b -> a,
 the action modify f  first extracts a value of type b# from the
 memory element, applies f1 to it and puts the result back into the
 memory.ц modify f = do b          <- extract
              initialise $  f bэ raazч Work with the underlying pointer of the memory cell. Useful while
 working with ffi functions.щ raaz6Get the pointer associated with the given memory cell.ч raazWARNING:$ do not lift a secure memory action.з  raazDestination raazSourceабцдефгхийклмнопярстужвьызшэщклмйзхифгдебцаэщопярсжьшутвны           None?  ≤┤
Л raaz┬A byte source src is pure if filling from it does not have any
 other side effect on the state of the byte source. Formally, two
 different fills form the same source should fill the buffer with
 the same bytes.  This additional constraint on the source helps to
 purifyЮ  certain crypto computations like computing the hash or mac
 of the source. Usualy sources like  фд  etc are pure byte
 sources. A file handle is a byte source that is not a pure
 source.М raazт Abstract byte sources. A bytesource is something that you can use
 to fill a buffer.WARNING:" The source is required to return  ЯР  in the
 boundary case where it has exactly the number of bytes
 requested. In other words, if the source returns 	Remaining░ on any
 particular request, there should be at least 1 additional byte left
 on the source for the next request. Cryptographic block primitives
 have do certain special processing for the last block and it is
 required to know whether the last block has been read or not.Н raazFills a buffer from the source.О raaz2This type captures the result of a fill operation.П raazThere is still bytes left.Я raaz*source exhausted with so much
 bytes read.Р raaz#Combinator to handle a fill result.С raaz=A version of fillBytes that takes type safe lengths as input.Т raaz:Process data from a source in chunks of a particular size.З raaz__WARNING:_ The  Н may block.Н  raazBuffer size raazThe source to fill. raazBuffer pointerР  raazstuff to do when filled raazstuff to do when exhausted raazthe fill result to process	ЛМНОПЯРСТ	МНЛОПЯСТР    	       None   ≤х  ⌠"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWZXY[\]^_`abcdefghijxyz{~|}─│┌┐└┘├ії╗╘╙╚╛ґў╞╟╠╡ЁЄЁ╣ІЇ╦юабцдефгхийклмносрпятужвьызшэщЛМНОПЯРСТю           None ->?ю а б ф и в ы   ╔╠│ raaz3Class that captures stream ciphers. An instance of  │
 should be an instance of  ┌-, with the following additional
 constraints.	;The encryption and decryption should be the same algorithm.=Encryption/decryption can be applied to a messages of length l
    even if l# is not a multiple of block length.'The encryption of a prefix of a length l of a message m
    should be the same as the l( length prefix of the encryption of
    m.▐It is the duty of the implementer of the cipher to ensure that the
 above conditions are true before declaring an instance of a stream
 cipher.┌ raaz▓Class capturing ciphers. The implementation of this class should
 give an encryption and decryption algorithm for messages of length
 which is a multiple of the block size.  Needless to say, the
 encryption and decryption should be inverses of each other for such
 messages.┐ raazЫ Some implementation of a block cipher. This type is existentially
 quantifies over the memory used in the implementation.┘ raaz%The implementation of a block cipher.┴ raaz)The underlying block encryption function.┼ raaz)The underlying block decryption function.▄ raazBlock cipher modes.█ raazCipher-block chaining▌ raazCounter▐ raazConstructs a  ┘Л   value out of a stream transformation function. Useful in
   building a Cipher instance of a stream cipher.░ raazEncrypt the given  фй . This function is unsafe because
 it only works correctly when the input  фе  is of length
 which is a multiple of the block length of the cipher.▒ raaz°Transforms a given bytestring using a stream cipher. We use the
 transform instead of encrypt/decrypt because for stream ciphers
 these operations are same.▓ raazж Transform a given bytestring using the recommended implementation
 of a stream cipher.⌠ raazЖ Encrypt using the recommended implementation. This function is
 unsafe because it only works correctly when the input  фе 
 is of length which is a multiple of the block length of the cipher.■ raazDecrypts the given  фй . This function is unsafe because
 it only works correctly when the input  фе  is of length
 which is a multiple of the block length of the cipher.∙ raazЖ Decrypt using the recommended implementation. This function is
 unsafe because it only works correctly when the input  фе 
 is of length which is a multiple of the block length of the cipher.▐  raazname raazdescription raazstream transformer raazbuffer starting alignment░  raazThe cipher to use raazThe implementation to use raazThe key to use raazThe string to encrypt.⌠  raaz
The cipher raazThe key to use raazThe string to encrypt■  raazThe cipher to use raazThe implementation to use raazThe key to use raazThe string to encrypt.∙  raaz
The cipher raazThe key to use raazThe string to encrypt│┌┐└┘├┤┬┴┼▀▄█▌▐░▒▓⌠■∙┌▄█▌┘├┤┬┴┼▀┐└│▐▓▒⌠∙░■    .       None
/>ю а б и н в   їDв raazchacha20 memory° raaz-The type associated with the ChaCha20 cipher.² raazThe key type.· raazThe counter type for chacha20÷ raazThe IV for the chacha20ь raazThe chacha20 stream cipher.The word typeы raazThe key for ChaCha20. взшэщ°ч²ъ·Ю÷Аь            None/>ю а б   їЯ═ raaz1The portable c implementation of chacha20 cipher.║ raaz"The chacha20 randomness generator. ═║═║    /       None >ю   ╚Б raaz▀The chacha stream cipher is also used as the prg for generating
 random bytes. Such a prg needs to keep an auxilary buffer type so
 that one can generate random bytes not just of block size but
 smaller. This memory type is essentially for maintaining such a
 buffer.Ц raazД Get the actual location where the data is to be stored. Ensures
 that the pointer is aligned to the randomBufferAlignment
 restriction.Д raazІThe size of the buffer in blocks of ChaCha20. While the
 implementations should handle any multiple of blocks, often
 implementations naturally handle some multiple of blocks, for
 example the Vector256 implementation handles 2-chacha blocks. Set
 this quantity to the maximum supported by all implementations. ║БЦД            None   ╚]╒ raazThe chacha20 stream cipher. °²·÷╒°╒²÷·    0       None   ╛4Е raaz├Get random bytes from the system. Do not over use this function
 as it is meant to be used by a PRG. This function reads bytes from
 'dev	urandom'. Е            None #$->?ю а б ф и в ы   Їtё raaz·Computing cryptographic hashes usually involves chunking the
 message into blocks and compressing one block at a time. Usually
 this compression makes use of the hash of the previous block and
 the length of the message seen so far to compressing the current
 block. Most implementations therefore need to keep track of only
 hash and the length of the message seen so. This memory can be used
 in such situations.╔ raazCell to store the hashі raazCell to store the lengthї raaz*Type class capturing a cryptographic hash.╗ raazІCryptographic hashes can be computed for messages that are not
 a multiple of the block size. This combinator computes the
 maximum size of padding that can be attached to a message.╘ raaz⌡Some implementation of a given hash. The existentially
 quantification allows us freedom to choose the best memory type
 suitable for each implementations.╚ raazл The constraints that a memory used by a hash implementation
 should satisfy.╛ raazф The Hash implementation. Implementations should ensure the
 following.	The action compress impl ptr blks should only read till the
 blks1 offset starting at ptr and never write any data.The action padFinal impl ptr byts should touch at most
 ┬Fbyts/blocksize┴F + padBlocksю  blocks starting at ptr. It should
 not write anything till the byts) offset but may write stuff
 beyond that.М An easy to remember this rule is to remember that computing hash of
 a payload should not modify the payload.╟ raazcompress the blocks,╠ raaz pad and process the final bytes,Ё raaz┘Certain hashes are essentially bit-truncated versions of other
 hashes. For example, SHA224 is obtained from SHA256 by dropping the
 last 32-bits. This combinator can be used build an implementation
 of truncated hash from the implementation of its parent hash.Є raaz-Compute the hash of a pure byte source like,  ф.╣ raazCompute the hash of file.І raaz*Compute the hash of a generic byte source.Ї raazSimilar to  Є5 but the user can specify the implementation to
 use.╦ raazи Similar to hashFile' but the user can specify the implementation
 to use.╧ raazSimilar to 
hashSource5 but the user can specify the
 implementation to use.╨ raaz╞Gives a memory action that completes the hashing procedure with
 the rest of the source. Useful to compute the hash of a source with
 some prefix (like in the HMAC procedure).╩ raaz0Extract the length of the message hashed so far.╪ raaz,Update the message length by a given amount.Є  raazMessage╣  raazFile to be hashedІ  raazMessageЇ  raazImplementation raazthe message as a byte source.╦  raazImplementation raazFile to be hashedёє╔ії╗╘╙╚╛ґў╞╟╠╡ЁЄ╣ІЇ╦╧╨╩╪ї╗Є╣ІЇ╦╧╛ґў╞╟╠╡╘╙╚Ёёє╔і╩╪╨    1       None#$/>?ю а б и н в   ╨▌Ф raaz+Memory element for BLAKE2s implementations.Г raaz+Memory element for BLAKE2b implementations.д raazThe BLAKE2s hash type.е raazThe BLAKE2b hash type.Х raazThe BLAKE2 type.И raaz%The generic blake2 padding algorithm.Й raazД Create a hash implementation form BLAKE2b given a compression
 function and the last block function.К raazД Create a hash implementation form BLAKE2s given a compression
 function and the last block function.И  raaz#the primitive (BLAKE2b or BLAKE2s). raazlength of the messageЙ  raazName raazDescriptionК  raazName raazDescriptionФГдеХИЙК            None   ╩&ф raaz)The portable C implementation of BLAKE2b.г raaz)The portable C implementation of BLAKE2s. фгфг    2       None>ю   ╩ЄЛ raaz'Recommended implementation for balke2s.М raaz'Recommended implementation for blake2b.              None   ╪гх raaz+Compute the blake2b hash of an instance of  Лх . Use
 this for computing the sha1 hash of a strict or lazy byte string.и raaz#Compute the blake2b hash of a file.й raaz2Compute the blake2b hash of a general byte source. дехийедхий    3       None-?и в   ©+Н raaz╡The type alias for the raw compressor function. The compressor function
 does not need to know the length of the message so far and hence
 this is not supposed to update lengths.О raaz&The length encoding that uses 64-bits.П raaz'The length encoding that uses 128-bits.Я raazу Creates an implementation for a sha hash given the compressor and
 the length writer.Н  raazThe buffer to compress raaz The number of blocks to compress raaz#The cell memory containing the hashЯ  raazName raazDescriptionНОПЯ     4       None />ю а б и н в   ©┼к raazThe cryptographic hash SHA1. кР            None   ©чл raaz&The portable C implementation of SHA1. лл    5       None   ю/С raaz$Recommended implementation for SHA1.       6       None />ю а б и н в   ю⌡м raaz1Sha224 hash value which consist of 7 32bit words. мТ     7       None />ю а б и н в   юПн raazThe Sha256 hash value. нУ            None   бо raaz(The portable C implementation of SHA256.п raazThe Hash implementation, i.e.  ╛⌠ associated with the
 portable C implementation for the hash SHA256. This can be used to
 define an implementation of truncated hashes like SHA224. опоп           Noneа б   бiя raaz(The portable C implementation of SHA224. яя    8       None   б╪Ж raaz&Recommended implementation for SHA224.       9       None   цВ raaz&Recommended implementation for SHA256.       :       None />ю а б и н в   ц]у raazThe Sha384 hash value. уЬ     ;       None />ю а б и н в   цщж raazю The Sha512 hash value. Used in implementation of Sha384 as well. жЫ            None   дОв raaz(The portable C implementation of SHA512.ь raazThe Hash implementation, i.e.  ╛┴ associated with the
 portable C implementation for the hash SHA512. This can be used
 to implement truncated implementation like SHA384. вьвь           Noneа б   еLы raaz(The portable C implementation of SHA384. ыы    <       None   е÷З raaz&Recommended implementation for SHA384.       =       None   еМШ raaz$Recommend implementation for SHA512.       >       None?  фщЭ raaz,Memory for strong the internal memory state.Щ raazReseed the prg.Ч raazЯ The function to generate random bytes. Fills from existing bytes
 and continues if not enough bytes are obtained. ЭЪ─│┌ЩЧ            Noneн   пP
щ raazInstances of  ис  which can be randomly generated. It might
 appear that all instances of the class  и° should be
 be instances of this class, after all we know the size of the
 element, why not write that many random bytes. In fact, this module
 provides an  Ц╙ which does that. However, we
 do not give a blanket definition for all storables because for
 certain refinements of a given type, like for example, Word8's
 modulo 10,  Ц  introduces unacceptable
 skews.ч raaz7Fill the buffer with so many random elements of type a.ъ raaz>The monad for generating cryptographically secure random data.Ю raaz)A batch of actions on the memory element mem that uses some
 randomness.А raazРReseed from the system entropy pool. There is never a need to
 explicitly seed your generator. The insecurely and securely calls
 makes sure that your generator is seed before
 starting. Furthermore, the generator also reseeds after every few
 GB of random bytes that it generates. Generating random data from
 the system entropy is usually an order of magnitude slower than
 using a fast stream cipher. Reseeding often can slow your program
 considerably without any additional security advantage.Б raaz/Fill the given input pointer with random bytes.Ц raazр This is a helper function that has been exported to simplify the
 definition of a  щ instance for  ищ 
 types. However, there is a reason why we do not give a blanket
 instance for all instances  ит  and why this function is
 unsafe? This function generates a random element of type a by
 generating n random bytes where n! is the size of the elements
 of a&. For instances that range the entire nФ  byte space this is
 fine. However, if the type is actually a refinement of such a type,
 (consider a  т modulo 10Ы  for example) this function
 generates an unacceptable skew in the distribution. Hence this
 function is prefixed unsafe.Д raazх Generate a random element from an instance of a RandomStorable
 element.Е raaz7Randomise the contents of a memory cell. Equivalent to  Д
 >>= liftMT . initialise= but ensures that no data is transferred to
 unlocked memory.Ф raazGenerate a random byteString.ч  raaznumber of elements to fill raazThe buffer to fill
щчъЮАБЦДЕФ
ЮъФДЕщчЦБА    ?       None ->?ю ф и н в ы   тDШ raaz├The HMAC associated to a hash value. The HMAC type is essentially
 the underlying hash type wrapped inside a newtype. Therefore, the
  ╪& instance for HMAC is essentially the  ╪┼ instance for the
 underlying hash. It is safe against timing attack provided the
 underlying hash comparison is safe under timing attack.Э raaz-Compute the hash of a pure byte source like,  ф.Щ raazCompute the hmac of file.Ч raaz*Compute the hmac of a generic byte source.┐ raaz-Compute the hmac of a pure byte source like,  ф.└ raazCompute the hmac of file.┘ raazф Compute the hmac of a generic ByteSource using a given implementation.├ raaz$Base16 representation of the string.Э raazMessageЩ  raazKey to use for mac-ing raazFile to be hashedЧ  raazkey to use for mac-ing. raazMessage┐ raazMessage└ raazFile to be hashed	Ш┤┬ЭЩЧ┐└┘            None   жкЪ raaz*Compute the sha512 hash of an instance of  Лй . Use
 this for computing the sha512 hash of a strict or lazy byte string.─ raaz"Compute the sha512 hash of a file.│ raaz1Compute the sha512 hash of a general byte source.┌ raaz:Compute the message authentication code using hmac-sha512.┐ raaz3Compute the message authentication code for a file.└ raazа Compute the message authetication code for a generic byte source.┌  raaz
Key to use raaz)pure source whose hmac is to be
 computed┐  raaz
Key to use raaz!File whose hmac is to be computedжЪ─│┌┐└жЪ─│┌┐└           None   ы[┘ raaz*Compute the sha384 hash of an instance of  Лй . Use
 this for computing the sha384 hash of a strict or lazy byte string.├ raaz"Compute the sha384 hash of a file.┤ raaz1Compute the sha384 hash of a general byte source.┬ raaz:Compute the message authentication code using hmac-sha384.┴ raaz3Compute the message authentication code for a file.┼ raazа Compute the message authetication code for a generic byte source.┬  raaz
Key to use raaz)pure source whose hmac is to be
 computed┴  raaz
Key to use raaz!File whose hmac is to be computedу┘├┤┬┴┼у┘├┤┬┴┼           None   шК▀ raaz*Compute the sha256 hash of an instance of  Лй . Use
 this for computing the sha256 hash of a strict or lazy byte string.▄ raaz"Compute the sha256 hash of a file.█ raaz1Compute the sha256 hash of a general byte source.▌ raaz:Compute the message authentication code using hmac-sha256.▐ raaz3Compute the message authentication code for a file.░ raazа Compute the message authetication code for a generic byte source.▌  raaz
Key to use raaz)pure source whose hmac is to be
 computed▐  raaz
Key to use raaz!File whose hmac is to be computedн▀▄█▌▐░н▀▄█▌▐░           None   ч{▒ raaz*Compute the sha224 hash of an instance of  Лй . Use
 this for computing the sha224 hash of a strict or lazy byte string.▓ raaz"Compute the sha224 hash of a file.⌠ raaz1Compute the sha224 hash of a general byte source.■ raaz:Compute the message authentication code using hmac-sha224.∙ raaz3Compute the message authentication code for a file.√ raazа Compute the message authetication code for a generic byte source.■  raaz
Key to use raaz)pure source whose hmac is to be
 computed∙  raaz
Key to use raaz!File whose hmac is to be computedм▒▓⌠■∙√м▒▓⌠■∙√           None   Юq≈ raaz(Compute the sha1 hash of an instance of  Лх . Use
 this for computing the sha1 hash of a strict or lazy byte string.≤ raaz Compute the sha1 hash of a file.≥ raaz/Compute the sha1 hash of a general byte source.  raaz8Compute the message authentication code using hmac-sha1.⌡ raaz3Compute the message authentication code for a file.° raazа Compute the message authetication code for a generic byte source. к≈≤≥ ⌡°к≈≤≥ ⌡°           None   Ю╙  )їЄ╣ІдехиймнужШЭЩЧЪ─│┌┐└┘├┤┬┴┼▀▄█▌▐░▒▓⌠■∙√їЄ╣ІШЭЩЧ    @       None
/>ю а б и н в   Ф┴ raazExtended key for aes256┼ raazExtended key for aes192▀ raazExtended key for aes128² raazThe IV used by the CBC mode.· raazKey used for AES-128÷ raazKey used for AES-128═ raazKey used for AES-128║ raazґThe type associated with AES ciphers. Raaz provides AES variants
 with key lengths 128, 192 and 256. The key types for the above
 ciphers in cbc mode are given by the types ( ═, IV),
 ( ÷, IV) ( ·, IV) respectively.╒ raaz128-bit aes cipher in  █ mode.ё raaz128-bit aes cipher in  █ mode.є raaz128-bit aes cipher in  █ mode.╔ raaz#Smart constructors for AES 128 ctr.▄ raaz#The 256-bit aes cipher in cbc mode.█ raaz#The 192-bit aes cipher in cbc mode.▌ raaz#The 128-bit aes cipher in cbc mode.▐ raazShows in base 16░ raazExpects in base 16▒ raazShows in base 16▓ raazExpects in  base 16⌠ raazShows in base 16■ raazExpects in base 16∙ raazKey is ( ·, ²) pair.√ raazKey is ( ÷, ²) pair.≈ raazKey is ( ═, ²) pair.≤ raazShown as a its base16 encoding.≥ raazExpects in base16. ┴┼▀²·÷═║ ╒ёє╔            None/>ю а б   Г'і raaz;Implementation of 128-bit AES in CBC mode using Portable C.ї raaz;Implementation of 192-bit AES in CBC mode using Portable C.╗ raaz;Implementation of 256-bit AES in CBC mode using Portable C. ії╗ії╗    A       None/>ю   ГС⌡ raaz)Recommended implementation of AES-256 cbc° raaz)Recommended implementation of AES-192 cbc² raaz)Recommended implementation of AES-128 cbc              None   Х  	²·÷═║╒ёє╔	║═÷·²╒ёє╔    B       None   ХR  │┌▓╒╒ёє│▓╒┌╒ёє            None   ХЁ╞ raazRaaz library version number. н"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWZXY[\]^_`abcdefghijxyz{~|}─│┌┐└┘├ії╗╘╙╚╛ґў╞╟╠╡ЁЄЁ╣ІЇ╦юабцдефгхийклмносрпятужвьызшэщЛМНОПЯРСТ│┌▓╒їЄ╣ІдехиймнужщчъЮАБЦДЕФШЭЩЧЪ─│┌┐└┘├┤┬┴┼▀▄█▌▐░▒▓⌠■∙√╒ёє╞╞  ·   C   D   E   F   G   H   I  J  K  L  M  M  N  O  O  P  Q   R  S   T   U   V   W   X   Y   Z   [   \   ]   ^   _   `   a   b  "c  " d  " e  " f  " g  #h  #i  # j  # k  $l  $ m  $ n  %o  %p  % q  % r  &s  &t  &u  &u  &v  &v  &w  & x  &y  & z  & {  & |  & }  & ~  &   & ─  & │  & ┌  & ┐  & └  & ┘  & ├  & ┤  & ┬  & ┴  & ┼  & ▀  & ▄  & █  & ▌  & ▐  & ░  & ▒  & ▓  & ⌠  '■  '∙  '√  ' ≈  ' ≤  ' ≥  '    ' ⌡  ' °  ' ²  ' ·  ' ÷  ' ═  ' ║  ( ╒  ( ё  ( є  ( ╔  ( і  ( ї  ( ╗  ( ╘  ╙   ╚   ╛   ґ   ў   ╞   ╟   ╠   ╡   Ё   Є   ╣   І  )Ї  ) ╦  ) ╧  )╨  ) ╩  ) ╪  ) Ґ  *Ў  +©  + ю  + а   б   ц   д   е  ф  г  х  и   й   к   л   м   н   о   п   я   р   с   т   у   ж   в   ь   ы   з   ш   э   щ   ч   ъ   Ю   А   Б   Ц   Д  ,Е  ,Ф  , Г  , Х  , И  , Й  , К  , Л  М  Н  О   П  Я  Р   С  Т   У   Ж   В   Ь   Ы   З   Ш   Э   Щ   Ч  - Ъ  
─  
│  
 ┌  
┐  
 └  
┘  
 ├  
┤  
 ┬  
┴  
┼  
 ▀  
 ▄  
█  
▌  
 ▐  
 ░  
 ▒  
 ▓  
⌠  
 ■  
 ∙  
 √  
 ≈  
 ≤  
 ≥  
    
 ⌡  
 °  
 ²  
 ·  
 ÷  
 ═  
 ║  
 ╒  
 ё  
 є  
 ╔  
 і  
 ї  
 ╗  
 ╘  
 ╙  ╚  ╛   ґ  ў  ╞  ╟   ╠   ╡   Ё   Є   ╣   І   Ї   ╦   ╧   ╨   ╩   ╪   Ґ   Ў   ©  ю  а  б  б  ц  ц   д   е   ф   г   х  и  й  к   л   м   н   о   п   я   р   с   т   у   ж   в   ь  .ы  .з  .ш  .э   щ   ч   ъ  Ю  Ю   А   Б  Ц   Д  Е  Е  Ф  Г  Г   Х   И   Й   К   Л   М   Н   О   П   Я   Р   С   Т   У   Ж   В   Ь   Ы   З   Ш   Э   Щ  1Ч  1Ъ   ─   │   ┌   ┐   └  4┘   щ  6├  7┤   щ   ┬   щ   ┴   ┼   ▀  :▄  ;█   щ   ┬   щ   ▌   ▐   ░  ▒   ▓  ⌠  ■   ∙   √   ≈   ≤   ≥       ⌡   °   ²   ·   ÷   ═   ║   ╒   ё   є   ╔   і   ї   ╗   ╘   ╙   ╚   ╛   ґ   ў  ?╞  ? ╟  ? ╠  ? ╡   Ё   Є   ╣   І   Ї   ╦   ╧   ╨   ╩   ╪   Ґ   Ў   ©   ю   а   б   ц   д   е   ф   г   х   и   й   к   л   м   н   о   п  @э  @я  @р  @с  @т  @ у  @ ж  @ в  @ ь   ы   з   ш   э   щ   ч   ъ   Ю   А    Б  ! Б  ! Ц  ! Д  ! Е  ! Ф  ! Г  ! Х  ! И  #h  # Й  #i  # К ЛМН  %О  %П ЯРС ЯР Т ЯУ Ж ЯВ Ь ЯВ Ы ЯЗ Ш  & Э ЩЧЪ Я─ │ Я┌┐ Я─└ Я┘├ Я┤┬ Я┌┴ Я┼▀  ) ▄  * █ Я┤ ▌ Я┘ ▐  + ░ ЯР ▒ Я┼▓  , ⌠ ЯР■  .∙  .√  .≈  .∙  . ≤  . ≥  .    .ы  .⌡  .ш  .э  /°  / ²  / ·  0 ÷  1═  1║  1╒  1 ё  1 є  1 ╔  2 і  2 ї  3╗  3 ╘  3 ╙  3 ╚  4┘  5 ╛  6├  7┤  8 ґ  9 ў  :▄  ;█  < ╞  = ╟  >╠  > ╡  > Ё  >╠  > Є  > ╣  > І  ? Ї  ? ╦  ? ╧  ? ╨  ?╞  ? ╩  @╪  @Ґ  @Ў  @ ©  @ ю  @ а  @ б  @ ц  @ д  @ е  @ ф  @ г  @х  @и  @й  @ к  @ л  @т  A м  A н  A оп!raaz-0.2.3-3mox0vOCCXrBTCNCDGs2dKRaaz.Core.CpuSupportsRaaz.Core.MonoidalActionRaaz.Core.TypesRaaz.Core.UtilRaaz.Core.Parse.ApplicativeRaaz.Core.EncodeRaaz.Core.TransferRaaz.Core.Primitives	Raaz.CoreRaaz.Core.MemoryRaaz.Core.ByteSourceRaaz.Cipher.InternalRaaz.Cipher.ChaCha20-Raaz.Cipher.ChaCha20.Implementation.CPortableRaaz.Hash.InternalRaaz.Hash.Blake2)Raaz.Hash.Blake2.Implementation.CPortableRaaz.Hash.Sha1'Raaz.Hash.Sha1.Implementation.CPortableRaaz.Hash.Sha224Raaz.Hash.Sha256)Raaz.Hash.Sha256.Implementation.CPortable)Raaz.Hash.Sha224.Implementation.CPortableRaaz.Hash.Sha384Raaz.Hash.Sha512)Raaz.Hash.Sha512.Implementation.CPortable)Raaz.Hash.Sha384.Implementation.CPortableRaaz.Random	Raaz.HashRaaz.Cipher.AES,Raaz.Cipher.AES.CBC.Implementation.CPortableRaaz
Paths_raazRaaz.Core.Types.AlignedRaaz.Core.Types.CopyingRaaz.Core.Types.DescribeRaaz.Core.Types.EqualityRaaz.Core.Types.PointerRaaz.Core.Types.EndianRaaz.Core.Util.ByteStringRaaz.Core.Encode.InternalRaaz.Core.Encode.Base64Raaz.Core.Encode.Base16Raaz.Core.Types.TupleRaaz.Core.ConstantsRaaz.Cipher.ChaCha20.Internal#Raaz.Cipher.ChaCha20.RecommendationRaaz.EntropyRaaz.Hash.Blake2.InternalRaaz.Hash.Blake2.RecommendationRaaz.Hash.Sha.UtilRaaz.Hash.Sha1.InternalRaaz.Hash.Sha1.RecommendationRaaz.Hash.Sha224.InternalRaaz.Hash.Sha256.InternalRaaz.Hash.Sha224.RecommendationRaaz.Hash.Sha256.RecommendationRaaz.Hash.Sha384.InternalRaaz.Hash.Sha512.InternalRaaz.Hash.Sha384.RecommendationRaaz.Hash.Sha512.RecommendationRaaz.Random.ChaCha20PRGRaaz.Hash.Internal.HMACRaaz.Cipher.AES.InternalRaaz.Cipher.AES.RecommendationRaaz.Cipherssesse2sse3sse4_1sse4_2avxavx2FieldMFieldFieldATwistRFDistributiveFSemiRDistributiveLActionF<<.>>LAction<.><++>
semiRSpacesemiRMonoidtwistFunctorValuetwistMonoidValuecomputeFieldliftToFieldM	runFieldM$fLActionFmWrappedArrow$fMonoidSemiR$fSemigroupSemiR$fDistributiveFmWrappedArrow$fApplicativeTwistRF$fFunctorTwistRFAligned	unAlignedaligned16Bytesaligned32Bytesaligned64BytesDestSrcsourcedestinationDescribablenamedescriptionResultEqualityeq===	AlignmentALIGNBITSBYTES
LengthUnitinBytesPointerinBitsatLeastatLeastAlignedatMostbytesQuotRem	bytesQuotbitsQuotRembitsQuotwordAlignmentsizeOfalignedSizeOf	alignmentalignPtrmovePtrnextAlignedPtrpeekAlignedpokeAlignedallocaBufferallocaAlignedallocaSecureallocaSecureAlignedmallocBufferhFillBufmemcpymemmovememsetBELEEndianStorestoreloadadjustEndianstoreAtstoreAtIndexloadFromIndexloadFromcopyFromBytescopyToByteslittleEndian	bigEndianlength	replicateunsafeCopyToPointerunsafeNCopyToPointerwithByteStringfromByteStringStorablecreate
createFromParserskip
parseError
parseWidth	runParserunsafeRunParserparseStorableparseparseByteStringunsafeParseStorableVectorunsafeParseVectorparseStorableVectorparseVectorFormatencodeByteStringdecodeFormat	EncodabletoByteStringfromByteStringunsafeFromByteStringBase64Base16
fromBase16
showBase16encodedecodeunsafeDecode	translateReadIOReadMWriteIOWriteMbytesToWriteunsafeWritewriteStorablewrite	writeFromwriteStorableVectorwriteVector
writeBytes
glueWritesprependWritepadWritewriteByteString	skipWritebytesToRead
unsafeRead	readBytesreadInto$fMonoidTransferM$fSemigroupTransferM$fDistributiveBYTES->$fLActionBYTES->$fEncodableWriteM$fIsStringWriteM$fSemigroupReadM$fMonoidReadM$fSemigroupWriteM$fMonoidWriteM	DimensionTuple	dimensionrepeatMunsafeFromListinitialdiagonalzipWithBLOCKSKeyRecommendationrecommended	PrimitiveImplementation	blockSizeBlockAlgorithmbufferStartAlignmentallocBufferForblocksOf$fLengthUnitBLOCKS$fMonoidBLOCKS$fSemigroupBLOCKS$fShowBLOCKS
$fEqBLOCKS$fOrdBLOCKS$fEnumBLOCKSl1Cache
MemoryCellExtractableToBuffer	extractorInitialisableFromBufferinitialiserExtractableextractInitialisable
initialise
VoidMemoryMemorymemoryAllocunsafeToPointerAllocMemoryThreadsecurely
insecurelyliftMTonSubMemoryMTexecutedoIOliftPointerAction	getMemorypointerAlloc
copyMemorymodifywithCellPointergetCellPointer$fMonadIOMT	$fMonadMT$fApplicativeMT$fFunctorMT$fMemory(,,,)$fMemory(,,)$fMemory(,)$fMemoryThreadMT$fMemoryVoidMemory$fExtractableToBufferMemoryCell#$fInitialisableFromBufferMemoryCell$fExtractableMemoryCella$fInitialisableMemoryCella$fMemoryMemoryCellPureByteSource
ByteSource	fillBytes
FillResult	Remaining	ExhaustedwithFillResultfillprocessChunks$fFunctorFillResult$fByteSource[]$fByteSourceMaybe$fByteSourceByteString$fByteSourceByteString0$fByteSourceHandle$fPureByteSourceMaybe$fPureByteSource[]$fPureByteSourceByteString$fPureByteSourceByteString0$fShowFillResult$fEqFillResultStreamCipherCipherSomeCipherICipherIcipherINamecipherIDescriptionencryptBlocksdecryptBlockscipherStartAlignment
CipherModeCBCCTRmakeCipherIunsafeEncrypt'
transform'	transformunsafeEncryptunsafeDecrypt'unsafeDecrypt$fDescribableCipherI$fBlockAlgorithmCipherI$fBlockAlgorithmSomeCipherI$fDescribableSomeCipherI$fShowCipherMode$fEqCipherModeChaCha20KEYCounterIVimplementationchacha20Randomchacha20
HashMemoryhashCellmessageLengthCellHashadditionalPadBlocks	SomeHashIHashMHashI	hashINamehashIDescriptioncompresscompressFinalcompressStartAlignment
truncatedIhashhashFile
hashSourcehash'	hashFile'hashSource'completeHashingextractLengthupdateLength$fDescribableHashI$fBlockAlgorithmHashI$fBlockAlgorithmSomeHashI$fDescribableSomeHashI$fExtractableHashMemoryh$fInitialisableHashMemoryh$fMemoryHashMemoryBLAKE2sBLAKE2bimplementation2bimplementation2sblake2bblake2bFileblake2bSourceSHA1SHA224SHA256	cPortable$fExtractableSHA224MemorySHA224$fInitialisableSHA224Memory()$fMemorySHA224MemorySHA384SHA512$fExtractableSHA384MemorySHA384$fInitialisableSHA384Memory()$fMemorySHA384MemoryRandomStorablefillRandomElementsRandMRTreseedfillRandomBytesunsafeFillRandomElementsrandomrandomiseCellrandomByteString$fMemoryThreadRT$fRandomStorableTuple$fRandomStorableBE$fRandomStorableLE$fRandomStorableIV$fRandomStorableKEY$fRandomStorableInt$fRandomStorableInt64$fRandomStorableInt32$fRandomStorableInt16$fRandomStorableInt8$fRandomStorableWord$fRandomStorableWord64$fRandomStorableWord32$fRandomStorableWord16$fRandomStorableWord8$fFunctorRT$fApplicativeRT	$fMonadRT$fMonadIORTHMAChmachmacFile
hmacSourcesha512
sha512Filesha512Source
hmacSha512hmacSha512FilehmacSha512Sourcesha384
sha384Filesha384Source
hmacSha384hmacSha384FilehmacSha384Sourcesha256
sha256Filesha256Source
hmacSha256hmacSha256FilehmacSha256Sourcesha224
sha224Filesha224Source
hmacSha224hmacSha224FilehmacSha224Sourcesha1sha1File
sha1SourcehmacSha1hmacSha1FilehmacSha1SourceKEY256KEY192KEY128AES	aes128cbc	aes192cbc	aes256cbc	aes128ctr
aes128cbcI
aes192cbcI
aes256cbcI$fInitialisableM128(,)$fMemoryM128$fInitialisableM192(,)$fMemoryM192$fInitialisableM256(,)$fMemoryM256version	getBinDir	getLibDirgetDynLibDir
getDataDirgetLibexecDirgetSysconfDirgetDataFileNameunDestunSrcghc-primGHC.ClassesEqD:R:VectorResult0D:R:MVectorsResult0baseGHC.BaseMonoidmappendGHC.RealquotRemForeign.Marshal.AllocallocaBytesAlignedmallocBytesGHC.IO.Handle.TexthGetBuf$fLActionuPtrbytestring-0.10.10.0Data.ByteString.Internal
ByteStringForeign.Storablepeek	GHC.MaybeNothingStorableGHC.ShowShowData.StringIsStringMaybeGHC.WordWord32$fFormatByteString$fIsStringBase64
fromStringshow$fIsStringBase16<>Word8	$fEqTupleApplicativeChaCha20MemWORDD:R:KeyChaCha20keyCellivCellcounterCellChaCha20Key	RandomBufgetBufferPointerrandomBufferSize
getEntropy
Blake2sMem
Blake2bMemBLAKE2	blake2Padblake2bImplementationblake2sImplementation$fRecommendationBLAKE2$fRecommendationBLAKE20
Compressorlength64Writelength128WriteshaImplementation$fRecommendationSHA1$fRecommendationSHA224$fRecommendationSHA256$fRecommendationSHA384$fRecommendationSHA512RandomStatereseedMTfillRandomBytesMTchacha20State	auxBufferremainingByteshmac'	hmacFile'hmacSource'$fIsStringHMACKeyunHMACEKEY256EKEY192EKEY128$fPrimitiveAES$fPrimitiveAES0$fPrimitiveAES1$fShowKEY128$fIsStringKEY128$fShowKEY192$fIsStringKEY192$fShowKEY256$fIsStringKEY256
D:R:KeyAESD:R:KeyAES0D:R:KeyAES1$fShowIV$fIsStringIV$fRecommendationAES$fRecommendationAES0$fRecommendationAES1