-- SPDX-FileCopyrightText: 2020 Serokell -- -- SPDX-License-Identifier: MPL-2.0 {-# OPTIONS_HADDOCK not-home #-} -- ! This module merely re-exports definitions from the corresponding -- ! module in NaCl and alters the Haddock to make it more specific -- ! to crypto-sodium. So, the docs should be kept more-or-less in sync. -- | Message authentication codes. -- -- It is best to import this module qualified: -- -- @ -- import qualified Crypto.Mac as Mac -- -- authenticator = Mac.'create' key message -- if Mac.'verify' key message authenticator -- then {- Ok! -} -- else {- Fail! -} -- @ -- -- A message authenticator is like a signature, except that the key is -- secret. It can be used when it is not necessary to encrypt the data, -- but its integrity needs to be guaranteed. module Crypto.Mac ( -- * Keys Key , toKey -- * Authenticator tags , Authenticator , toAuthenticator -- * Authentication , create , verify ) where import NaCl.Auth (Authenticator, Key, toAuthenticator, toKey, verify) import Data.ByteArray (ByteArray, ByteArrayAccess) import qualified NaCl.Auth as NaCl.Auth -- | Create an authenticator for a message. -- -- @ -- authenticator = Mac.create key message -- @ -- -- * @key@ is the secret key used for authentication. See "Crypto.Key" for how -- to get one. -- -- * @message@ is the data you are authenticating. -- -- This function produces authentication data, so if anyone modifies the message, -- @verify@ will return @False@. create :: ( ByteArray authBytes , ByteArrayAccess keyBytes , ByteArrayAccess msg ) => Key keyBytes -- ^ Secret key. -> msg -- ^ Message to authenticate. -> Authenticator authBytes create :: Key keyBytes -> msg -> Authenticator authBytes create = Key keyBytes -> msg -> Authenticator authBytes forall authBytes keyBytes msg. (ByteArray authBytes, ByteArrayAccess keyBytes, ByteArrayAccess msg) => Key keyBytes -> msg -> Authenticator authBytes NaCl.Auth.create