README.md (2704B)
1 # poly1305 2 3 [](https://hackage.haskell.org/package/ppad-poly1305) 4  5 [](https://docs.ppad.tech/poly1305) 6 7 A pure Haskell implementation of the Poly1305 message authentication 8 code as specified by [RFC8439][8439]. 9 10 ## Usage 11 12 A sample GHCi session: 13 14 ``` 15 > :set -XOverloadedStrings 16 > 17 > -- import qualified 18 > import qualified Crypto.MAC.Poly1305 as Poly1305 19 > 20 > -- produce a MAC for a message using a secret one-time key 21 > let key = "i'll never use this key again!!!" 22 > let msg = "i am a message that is in need of authentication" 23 > Poly1305.mac key msg 24 Just "\247\247\GSZ^\140\168\r\177\197\242\182b#\210g" 25 ``` 26 27 ## Documentation 28 29 Haddocks (API documentation, etc.) are hosted at 30 [docs.ppad.tech/poly1305][hadoc]. 31 32 ## Performance 33 34 The aim is best-in-class performance for pure, highly-auditable Haskell 35 code. 36 37 Current benchmark figures on the simple "sunscreen input" from RFC8439 38 on an M4 Silicon MacBook Air look like (use `cabal bench` to run the 39 benchmark suite): 40 41 ``` 42 benchmarking ppad-poly1305/mac (big key) 43 time 3.491 μs (3.487 μs .. 3.495 μs) 44 1.000 R² (1.000 R² .. 1.000 R²) 45 mean 3.489 μs (3.484 μs .. 3.493 μs) 46 std dev 15.51 ns (12.66 ns .. 19.80 ns) 47 ``` 48 49 ## Security 50 51 This library aims at the maximum security achievable in a 52 garbage-collected language under an optimizing compiler such as GHC, in 53 which strict constant-timeness can be [challenging to achieve][const]. 54 55 Note that *at present* we use GHC's native variable-length Integer type 56 internally, and make no guarantees of constant-time execution. 57 58 The Poly1305 MAC function and its internals pass all official 59 test vectors in RFC8439, and the downstream AEAD-ChaCha20-Poly1305 60 implementation in [ppad-aead](https://github.com/ppad-tech/aead) passes 61 all the [Project Wycheproof vectors][wyche]. 62 63 If you discover any vulnerabilities, please disclose them via 64 security@ppad.tech. 65 66 ## Development 67 68 You'll require [Nix][nixos] with [flake][flake] support enabled. Enter a 69 development shell with: 70 71 ``` 72 $ nix develop 73 ``` 74 75 Then do e.g.: 76 77 ``` 78 $ cabal repl ppad-poly1305 79 ``` 80 81 to get a REPL for the main library. 82 83 [8439]: https://datatracker.ietf.org/doc/html/rfc8439 84 [nixos]: https://nixos.org/ 85 [flake]: https://nixos.org/manual/nix/unstable/command-ref/new-cli/nix3-flake.html 86 [hadoc]: https://docs.ppad.tech/poly1305 87 [const]: https://www.chosenplaintext.ca/articles/beginners-guide-constant-time-cryptography.html 88 [wyche]: https://github.com/C2SP/wycheproof