aead

Pure Haskell AEAD-ChaCha20-Poly1305 (docs.ppad.tech/aead).
git clone git://git.ppad.tech/aead.git
Log | Files | Refs | README | LICENSE
commit 0c15c2e3a51dfc9b9ad8de4b736e69304b7f84af
parent 0b8dc68f4890c02ff0fa1b00c2304754b812c79d
Author: Jared Tobin <jared@jtobin.io>
Date:   Sat, 16 May 2026 16:22:01 -0230

lib: use MAC newtype from ppad-poly1305

'Crypto.MAC.Poly1305.mac' returns 'Maybe MAC' rather than
'Maybe ByteString' since ppad-poly1305 introduced the 'MAC'
newtype wrapper (with constant-time 'Eq').  Unwrap at the two
call sites in 'Crypto.AEAD.ChaCha20Poly1305' so 'tag' continues
to be passed around as a raw 'ByteString'.

Minimal source change; no public API change to 'ppad-aead'.

Diffstat:

Mlib/Crypto/AEAD/ChaCha20Poly1305.hs | 4++--


1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/Crypto/AEAD/ChaCha20Poly1305.hs b/lib/Crypto/AEAD/ChaCha20Poly1305.hs
@@ -123,7 +123,7 @@ encrypt aad key nonce plaintext
               md3 = md2 <> unroll8 (fi (BS.length cip))
           case Poly1305.mac otk md3 of
             Nothing -> Left InvalidKey
-            Just tag -> pure (cip, tag)
+            Just (Poly1305.MAC tag) -> pure (cip, tag)
 
 -- | Decrypt an authenticated ciphertext, given a message authentication
 --   code and some additional authenticated data, via a 256-bit key and
@@ -151,7 +151,7 @@ decrypt aad key nonce (cip, mac)
           md3 = md2 <> unroll8 (fi (BS.length cip))
       case Poly1305.mac otk md3 of
         Nothing -> Left InvalidKey
-        Just tag
+        Just (Poly1305.MAC tag)
           | ct_eq mac tag -> case ChaCha20.cipher key 1 nonce cip of
               Left ChaCha20.InvalidKey -> Left InvalidKey
               Left ChaCha20.InvalidNonce -> Left InvalidNonce