diff --git a/CHANGELOG.md b/CHANGELOG.md
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # CHANGELOG for crypton
 
+## 1.0.6
+
+* Fix test failures on less common 64-bit arches.
+  [#65](https://github.com/kazu-yamamoto/crypton/pull/65)
+
 ## 1.0.5
 
 * Setter/Getter for ChaCha counter.
diff --git a/Crypto/Cipher/ChaCha.hs b/Crypto/Cipher/ChaCha.hs
--- a/Crypto/Cipher/ChaCha.hs
+++ b/Crypto/Cipher/ChaCha.hs
@@ -94,6 +94,7 @@
 
 -- | Initialize a new ChaCha context with the number of rounds,
 -- the key and the nonce associated.
+-- To use ChaCha20 defined in RFC 8439, 20, 256bits-key and 96-bits nonce must be used.
 initialize
     :: (ByteArrayAccess key, ByteArrayAccess nonce)
     => Int
diff --git a/Crypto/Cipher/ChaChaPoly1305.hs b/Crypto/Cipher/ChaChaPoly1305.hs
--- a/Crypto/Cipher/ChaChaPoly1305.hs
+++ b/Crypto/Cipher/ChaChaPoly1305.hs
@@ -6,7 +6,7 @@
 -- Portability : good
 --
 -- A simple AEAD scheme using ChaCha20 and Poly1305. See
--- <https://tools.ietf.org/html/rfc7539 RFC 7539>.
+-- <https://tools.ietf.org/html/rfc8439 RFC 8439>.
 --
 -- The State is not modified in place, so each function changing the State,
 -- returns a new State.
diff --git a/Crypto/Cipher/Types/AEAD.hs b/Crypto/Cipher/Types/AEAD.hs
--- a/Crypto/Cipher/Types/AEAD.hs
+++ b/Crypto/Cipher/Types/AEAD.hs
@@ -19,42 +19,46 @@
 -- | AEAD Implementation
 data AEADModeImpl st = AEADModeImpl
     { aeadImplAppendHeader :: forall ba. ByteArrayAccess ba => st -> ba -> st
+    -- ^ Adding associated\/additional data to the AEAD context.
     , aeadImplEncrypt :: forall ba. ByteArray ba => st -> ba -> (ba, st)
+    -- ^ Encrypiting plaintext and update the AEAD context.
     , aeadImplDecrypt :: forall ba. ByteArray ba => st -> ba -> (ba, st)
+    -- ^ Decrypting ciphertext and update the AEAD context.
     , aeadImplFinalize :: st -> Int -> AuthTag
+    -- ^ Finalizing the AEAD context and returning the authentication tag.
     }
 
--- | Authenticated Encryption with Associated Data algorithms
+-- | Algorithm and context for AEAD(Authenticated Encryption with Associated\/Additional Data)
 data AEAD cipher = forall st. AEAD
     { aeadModeImpl :: AEADModeImpl st
     , aeadState :: !st
     }
 
--- | Append some header information to an AEAD context
+-- | Adding associated\/additional data to the AEAD context.
 aeadAppendHeader :: ByteArrayAccess aad => AEAD cipher -> aad -> AEAD cipher
 aeadAppendHeader (AEAD impl st) aad = AEAD impl $ aeadImplAppendHeader impl st aad
 
--- | Encrypt some data and update the AEAD context
+-- | Encrypting plaintext  and update the AEAD context.
 aeadEncrypt :: ByteArray ba => AEAD cipher -> ba -> (ba, AEAD cipher)
 aeadEncrypt (AEAD impl st) ba = second (AEAD impl) $ aeadImplEncrypt impl st ba
 
--- | Decrypt some data and update the AEAD context
+-- | Decrypting ciphertext and update the AEAD context.
 aeadDecrypt :: ByteArray ba => AEAD cipher -> ba -> (ba, AEAD cipher)
 aeadDecrypt (AEAD impl st) ba = second (AEAD impl) $ aeadImplDecrypt impl st ba
 
--- | Finalize the AEAD context and return the authentication tag
+-- | Finalizing the AEAD context and returning the authentication tag.
 aeadFinalize :: AEAD cipher -> Int -> AuthTag
 aeadFinalize (AEAD impl st) = aeadImplFinalize impl st
 
--- | Simple AEAD encryption
+-- | Simple AEAD encryption.
 aeadSimpleEncrypt
     :: (ByteArrayAccess aad, ByteArray ba)
     => AEAD a
-    -- ^ A new AEAD Context
+    -- ^ An AEAD Context
     -> aad
-    -- ^ Optional Authentication data header
+    -- ^ Associated\/additional data
     -> ba
-    -- ^ Optional Plaintext
+    -- ^ Plaintext
     -> Int
     -- ^ Tag length
     -> (AuthTag, ba)
@@ -65,13 +69,13 @@
     (output, aeadFinal) = aeadEncrypt aead input
     tag = aeadFinalize aeadFinal taglen
 
--- | Simple AEAD decryption
+-- | Simple AEAD decryptio.
 aeadSimpleDecrypt
     :: (ByteArrayAccess aad, ByteArray ba)
     => AEAD a
-    -- ^ A new AEAD Context
+    -- ^ An AEAD Context
     -> aad
-    -- ^ Optional Authentication data header
+    -- ^ Associated\/additional data
     -> ba
     -- ^ Ciphertext
     -> AuthTag
diff --git a/cbits/decaf/include/word.h b/cbits/decaf/include/word.h
--- a/cbits/decaf/include/word.h
+++ b/cbits/decaf/include/word.h
@@ -151,7 +151,7 @@
     br_set_to_mask(mask_t x) {
         return vdupq_n_u32(x);
     }
-#elif __amd64__ || __X86_64__ || __aarch64__ /* || _WIN64 -> WIN64 does not support int128 so force the build on arch32 default so do not use this define for _WIN64*/
+#elif __amd64__ || __X86_64__ || __aarch64__ || __loongarch_lp64 || __PPC64__ || __riscv ||  __s390x__ || __alpha__ || __powerpc64__ || (__sparc__ && __arch64__) /* || _WIN64 -> WIN64 does not support int128 so force the build on arch32 default so do not use this define for _WIN64*/
     #define VECTOR_ALIGNED __attribute__((aligned(8)))
     typedef uint64_t big_register_t, uint64xn_t;
 
diff --git a/crypton.cabal b/crypton.cabal
--- a/crypton.cabal
+++ b/crypton.cabal
@@ -1,6 +1,6 @@
 cabal-version:      1.18
 name:               crypton
-version:            1.0.5
+version:            1.0.6
 license:            BSD3
 license-file:       LICENSE
 copyright:          Vincent Hanquez <vincent@snarc.org>
@@ -310,13 +310,13 @@
     if flag(old_toolchain_inliner)
         cc-options: -fgnu89-inline
 
-    if (arch(x86_64) || arch(aarch64))
+    if (arch(x86_64) || arch(aarch64) || arch(loongarch64) || arch(ppc64le) || arch(riscv64) || arch(s390x) || arch(alpha) || arch(ppc64) || arch(sparc64))
         include-dirs: cbits/include64
 
     else
         include-dirs: cbits/include32
 
-    if (arch(x86_64) || arch(aarch64))
+    if (arch(x86_64) || arch(aarch64) || arch(loongarch64) || arch(ppc64le) || arch(riscv64) || arch(s390x) || arch(alpha) || arch(ppc64) || arch(sparc64))
         c-sources:
             cbits/decaf/ed448goldilocks/decaf_all.c
             cbits/decaf/ed448goldilocks/eddsa.c
@@ -340,13 +340,13 @@
 
         include-dirs: cbits/decaf/include/arch_32 cbits/decaf/p448/arch_32
 
-    if (arch(x86_64) || arch(aarch64))
+    if (arch(x86_64) || arch(aarch64) || arch(loongarch64) || arch(ppc64le) || arch(riscv64) || arch(s390x) || arch(alpha) || arch(ppc64) || arch(sparc64))
         c-sources: cbits/curve25519/curve25519-donna-c64.c
 
     else
         c-sources: cbits/curve25519/curve25519-donna.c
 
-    if (arch(i386) || arch(x86_64))
+    if (arch(i386) || arch(x86_64) || arch(loongarch64) || arch(ppc64le) || arch(riscv64) || arch(alpha))
         cpp-options: -DARCH_IS_LITTLE_ENDIAN
 
     if arch(i386)
diff --git a/tests/ChaCha.hs b/tests/ChaCha.hs
--- a/tests/ChaCha.hs
+++ b/tests/ChaCha.hs
@@ -39,6 +39,55 @@
     expected =
         "\x45\x59\xab\xba\x4e\x48\xc1\x61\x02\xe8\xbb\x2c\x05\xe6\x94\x7f\x50\xa7\x86\xde\x16\x2f\x9b\x0b\x7e\x59\x2a\x9b\x53\xd0\xd4\xe9\x8d\x8d\x64\x10\xd5\x40\xa1\xa6\x37\x5b\x26\xd8\x0d\xac\xe4\xfa\xb5\x23\x84\xc7\x31\xac\xbf\x16\xa5\x92\x3c\x0c\x48\xd3\x57\x5d\x4d\x0d\x2c\x67\x3b\x66\x6f\xaa\x73\x10\x61\x27\x77\x01\x09\x3a\x6b\xf7\xa1\x58\xa8\x86\x42\x92\xa4\x1c\x48\xe3\xa9\xb4\xc0\xda\xec\xe0\xf8\xd9\x8d\x0d\x7e\x05\xb3\x7a\x30\x7b\xbb\x66\x33\x31\x64\xec\x9e\x1b\x24\xea\x0d\x6c\x3f\xfd\xdc\xec\x4f\x68\xe7\x44\x30\x56\x19\x3a\x03\xc8\x10\xe1\x13\x44\xca\x06\xd8\xed\x8a\x2b\xfb\x1e\x8d\x48\xcf\xa6\xbc\x0e\xb4\xe2\x46\x4b\x74\x81\x42\x40\x7c\x9f\x43\x1a\xee\x76\x99\x60\xe1\x5b\xa8\xb9\x68\x90\x46\x6e\xf2\x45\x75\x99\x85\x23\x85\xc6\x61\xf7\x52\xce\x20\xf9\xda\x0c\x09\xab\x6b\x19\xdf\x74\xe7\x6a\x95\x96\x74\x46\xf8\xd0\xfd\x41\x5e\x7b\xee\x2a\x12\xa1\x14\xc2\x0e\xb5\x29\x2a\xe7\xa3\x49\xae\x57\x78\x20\xd5\x52\x0a\x1f\x3f\xb6\x2a\x17\xce\x6a\x7e\x68\xfa\x7c\x79\x11\x1d\x88\x60\x92\x0b\xc0\x48\xef\x43\xfe\x84\x48\x6c\xcb\x87\xc2\x5f\x0a\xe0\x45\xf0\xcc\xe1\xe7\x98\x9a\x9a\xa2\x20\xa2\x8b\xdd\x48\x27\xe7\x51\xa2\x4a\x6d\x5c\x62\xd7\x90\xa6\x63\x93\xb9\x31\x11\xc1\xa5\x5d\xd7\x42\x1a\x10\x18\x49\x74\xc7\xc5"
 
+rfc8439A2_1 = cipher @=? cipher'
+  where
+    key :: ByteString
+    key =
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+    nonce :: ByteString
+    nonce = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+    plain :: ByteString
+    plain =
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+    cipher :: ByteString
+    cipher =
+        "\x76\xb8\xe0\xad\xa0\xf1\x3d\x90\x40\x5d\x6a\xe5\x53\x86\xbd\x28\xbd\xd2\x19\xb8\xa0\x8d\xed\x1a\xa8\x36\xef\xcc\x8b\x77\x0d\xc7\xda\x41\x59\x7c\x51\x57\x48\x8d\x77\x24\xe0\x3f\xb8\xd8\x4a\x37\x6a\x43\xb8\xf4\x15\x18\xa1\x1c\xc3\x87\xb6\x69\xb2\xee\x65\x86"
+    cipher' = fst $ ChaCha.combine (ChaCha.initialize 20 key nonce) plain
+
+rfc8439A2_2 = cipher @=? cipher'
+  where
+    key :: ByteString
+    key =
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01"
+    nonce :: ByteString
+    nonce = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02"
+    plain :: ByteString
+    plain =
+        "\x41\x6e\x79\x20\x73\x75\x62\x6d\x69\x73\x73\x69\x6f\x6e\x20\x74\x6f\x20\x74\x68\x65\x20\x49\x45\x54\x46\x20\x69\x6e\x74\x65\x6e\x64\x65\x64\x20\x62\x79\x20\x74\x68\x65\x20\x43\x6f\x6e\x74\x72\x69\x62\x75\x74\x6f\x72\x20\x66\x6f\x72\x20\x70\x75\x62\x6c\x69\x63\x61\x74\x69\x6f\x6e\x20\x61\x73\x20\x61\x6c\x6c\x20\x6f\x72\x20\x70\x61\x72\x74\x20\x6f\x66\x20\x61\x6e\x20\x49\x45\x54\x46\x20\x49\x6e\x74\x65\x72\x6e\x65\x74\x2d\x44\x72\x61\x66\x74\x20\x6f\x72\x20\x52\x46\x43\x20\x61\x6e\x64\x20\x61\x6e\x79\x20\x73\x74\x61\x74\x65\x6d\x65\x6e\x74\x20\x6d\x61\x64\x65\x20\x77\x69\x74\x68\x69\x6e\x20\x74\x68\x65\x20\x63\x6f\x6e\x74\x65\x78\x74\x20\x6f\x66\x20\x61\x6e\x20\x49\x45\x54\x46\x20\x61\x63\x74\x69\x76\x69\x74\x79\x20\x69\x73\x20\x63\x6f\x6e\x73\x69\x64\x65\x72\x65\x64\x20\x61\x6e\x20\x22\x49\x45\x54\x46\x20\x43\x6f\x6e\x74\x72\x69\x62\x75\x74\x69\x6f\x6e\x22\x2e\x20\x53\x75\x63\x68\x20\x73\x74\x61\x74\x65\x6d\x65\x6e\x74\x73\x20\x69\x6e\x63\x6c\x75\x64\x65\x20\x6f\x72\x61\x6c\x20\x73\x74\x61\x74\x65\x6d\x65\x6e\x74\x73\x20\x69\x6e\x20\x49\x45\x54\x46\x20\x73\x65\x73\x73\x69\x6f\x6e\x73\x2c\x20\x61\x73\x20\x77\x65\x6c\x6c\x20\x61\x73\x20\x77\x72\x69\x74\x74\x65\x6e\x20\x61\x6e\x64\x20\x65\x6c\x65\x63\x74\x72\x6f\x6e\x69\x63\x20\x63\x6f\x6d\x6d\x75\x6e\x69\x63\x61\x74\x69\x6f\x6e\x73\x20\x6d\x61\x64\x65\x20\x61\x74\x20\x61\x6e\x79\x20\x74\x69\x6d\x65\x20\x6f\x72\x20\x70\x6c\x61\x63\x65\x2c\x20\x77\x68\x69\x63\x68\x20\x61\x72\x65\x20\x61\x64\x64\x72\x65\x73\x73\x65\x64\x20\x74\x6f"
+    cipher :: ByteString
+    cipher =
+        "\xa3\xfb\xf0\x7d\xf3\xfa\x2f\xde\x4f\x37\x6c\xa2\x3e\x82\x73\x70\x41\x60\x5d\x9f\x4f\x4f\x57\xbd\x8c\xff\x2c\x1d\x4b\x79\x55\xec\x2a\x97\x94\x8b\xd3\x72\x29\x15\xc8\xf3\xd3\x37\xf7\xd3\x70\x05\x0e\x9e\x96\xd6\x47\xb7\xc3\x9f\x56\xe0\x31\xca\x5e\xb6\x25\x0d\x40\x42\xe0\x27\x85\xec\xec\xfa\x4b\x4b\xb5\xe8\xea\xd0\x44\x0e\x20\xb6\xe8\xdb\x09\xd8\x81\xa7\xc6\x13\x2f\x42\x0e\x52\x79\x50\x42\xbd\xfa\x77\x73\xd8\xa9\x05\x14\x47\xb3\x29\x1c\xe1\x41\x1c\x68\x04\x65\x55\x2a\xa6\xc4\x05\xb7\x76\x4d\x5e\x87\xbe\xa8\x5a\xd0\x0f\x84\x49\xed\x8f\x72\xd0\xd6\x62\xab\x05\x26\x91\xca\x66\x42\x4b\xc8\x6d\x2d\xf8\x0e\xa4\x1f\x43\xab\xf9\x37\xd3\x25\x9d\xc4\xb2\xd0\xdf\xb4\x8a\x6c\x91\x39\xdd\xd7\xf7\x69\x66\xe9\x28\xe6\x35\x55\x3b\xa7\x6c\x5c\x87\x9d\x7b\x35\xd4\x9e\xb2\xe6\x2b\x08\x71\xcd\xac\x63\x89\x39\xe2\x5e\x8a\x1e\x0e\xf9\xd5\x28\x0f\xa8\xca\x32\x8b\x35\x1c\x3c\x76\x59\x89\xcb\xcf\x3d\xaa\x8b\x6c\xcc\x3a\xaf\x9f\x39\x79\xc9\x2b\x37\x20\xfc\x88\xdc\x95\xed\x84\xa1\xbe\x05\x9c\x64\x99\xb9\xfd\xa2\x36\xe7\xe8\x18\xb0\x4b\x0b\xc3\x9c\x1e\x87\x6b\x19\x3b\xfe\x55\x69\x75\x3f\x88\x12\x8c\xc0\x8a\xaa\x9b\x63\xd1\xa1\x6f\x80\xef\x25\x54\xd7\x18\x9c\x41\x1f\x58\x69\xca\x52\xc5\xb8\x3f\xa3\x6f\xf2\x16\xb9\xc1\xd3\x00\x62\xbe\xbc\xfd\x2d\xc5\xbc\xe0\x91\x19\x34\xfd\xa7\x9a\x86\xf6\xe6\x98\xce\xd7\x59\xc3\xff\x9b\x64\x77\x33\x8f\x3d\xa4\xf9\xcd\x85\x14\xea\x99\x82\xcc\xaf\xb3\x41\xb2\x38\x4d\xd9\x02\xf3\xd1\xab\x7a\xc6\x1d\xd2\x9c\x6f\x21\xba\x5b\x86\x2f\x37\x30\xe3\x7c\xfd\xc4\xfd\x80\x6c\x22\xf2\x21"
+    cipher' =
+        fst $
+            ChaCha.combine (ChaCha.setCounter32 1 (ChaCha.initialize 20 key nonce)) plain
+
+rfc8439A2_3 = cipher @=? cipher'
+  where
+    key :: ByteString
+    key =
+        "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a\xf3\x33\x88\x86\x04\xf6\xb5\xf0\x47\x39\x17\xc1\x40\x2b\x80\x09\x9d\xca\x5c\xbc\x20\x70\x75\xc0"
+    nonce :: ByteString
+    nonce = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02"
+    plain :: ByteString
+    plain =
+        "\x27\x54\x77\x61\x73\x20\x62\x72\x69\x6c\x6c\x69\x67\x2c\x20\x61\x6e\x64\x20\x74\x68\x65\x20\x73\x6c\x69\x74\x68\x79\x20\x74\x6f\x76\x65\x73\x0a\x44\x69\x64\x20\x67\x79\x72\x65\x20\x61\x6e\x64\x20\x67\x69\x6d\x62\x6c\x65\x20\x69\x6e\x20\x74\x68\x65\x20\x77\x61\x62\x65\x3a\x0a\x41\x6c\x6c\x20\x6d\x69\x6d\x73\x79\x20\x77\x65\x72\x65\x20\x74\x68\x65\x20\x62\x6f\x72\x6f\x67\x6f\x76\x65\x73\x2c\x0a\x41\x6e\x64\x20\x74\x68\x65\x20\x6d\x6f\x6d\x65\x20\x72\x61\x74\x68\x73\x20\x6f\x75\x74\x67\x72\x61\x62\x65\x2e"
+    cipher :: ByteString
+    cipher =
+        "\x62\xe6\x34\x7f\x95\xed\x87\xa4\x5f\xfa\xe7\x42\x6f\x27\xa1\xdf\x5f\xb6\x91\x10\x04\x4c\x0d\x73\x11\x8e\xff\xa9\x5b\x01\xe5\xcf\x16\x6d\x3d\xf2\xd7\x21\xca\xf9\xb2\x1e\x5f\xb1\x4c\x61\x68\x71\xfd\x84\xc5\x4f\x9d\x65\xb2\x83\x19\x6c\x7f\xe4\xf6\x05\x53\xeb\xf3\x9c\x64\x02\xc4\x22\x34\xe3\x2a\x35\x6b\x3e\x76\x43\x12\xa6\x1a\x55\x32\x05\x57\x16\xea\xd6\x96\x25\x68\xf8\x7d\x3f\x3f\x77\x04\xc6\xa8\xd1\xbc\xd1\xbf\x4d\x50\xd6\x15\x4b\x6d\xa7\x31\xb1\x87\xb5\x8d\xfd\x72\x8a\xfa\x36\x75\x7a\x79\x7a\xc1\x88\xd1"
+    cipher' =
+        fst $
+            ChaCha.combine (ChaCha.setCounter32 42 (ChaCha.initialize 20 key nonce)) plain
+
 data Vector
     = Vector
         Int -- rounds
@@ -59,6 +108,9 @@
         , testCase "12-256-K0-I0" (chachaRunSimple b12_256_k0_i0 12 32 8)
         , testCase "20-256-K0-I0" (chachaRunSimple b20_256_k0_i0 20 32 8)
         , testCase "XChaCha20 example KAT" xChaCha20_ExampleKAT
+        , testCase "RFC 8439 A2 #1 ChaCha20" rfc8439A2_1
+        , testCase "RFC 8439 A2 #2 ChaCha20" rfc8439A2_2
+        , testCase "RFC 8439 A2 #3 ChaCha20" rfc8439A2_3
         , testProperty "generate-combine" chachaGenerateCombine
         , testProperty "chunking-generate" chachaGenerateChunks
         , testProperty "chunking-combine" chachaCombineChunks
diff --git a/tests/ChaChaPoly1305.hs b/tests/ChaChaPoly1305.hs
--- a/tests/ChaChaPoly1305.hs
+++ b/tests/ChaChaPoly1305.hs
@@ -2,7 +2,8 @@
 
 module ChaChaPoly1305 where
 
-import qualified Crypto.Cipher.ChaChaPoly1305 as AEAD
+import qualified Crypto.Cipher.ChaChaPoly1305 as CP
+import Crypto.Cipher.Types
 import Crypto.Error
 import Imports
 import Poly1305 ()
@@ -55,6 +56,39 @@
 nonce9 = "\x00\x01\x00\x00\x00\x00\x00\x00"
 nonce10 = "\xff\xff\xff\xff\xff\xff\xff\xff"
 
+a5key :: ByteString
+a5key =
+    "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a\xf3\x33\x88\x86\x04\xf6\xb5\xf0\x47\x39\x17\xc1\x40\x2b\x80\x09\x9d\xca\x5c\xbc\x20\x70\x75\xc0"
+
+a5nonce :: ByteString
+a5nonce = "\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07\x08"
+
+a5aad :: ByteString
+a5aad = "\xf3\x33\x88\x86\x00\x00\x00\x00\x00\x00\x4e\x91"
+
+a5cipher :: ByteString
+a5cipher =
+    "\x64\xa0\x86\x15\x75\x86\x1a\xf4\x60\xf0\x62\xc7\x9b\xe6\x43\xbd\x5e\x80\x5c\xfd\x34\x5c\xf3\x89\xf1\x08\x67\x0a\xc7\x6c\x8c\xb2\x4c\x6c\xfc\x18\x75\x5d\x43\xee\xa0\x9e\xe9\x4e\x38\x2d\x26\xb0\xbd\xb7\xb7\x3c\x32\x1b\x01\x00\xd4\xf0\x3b\x7f\x35\x58\x94\xcf\x33\x2f\x83\x0e\x71\x0b\x97\xce\x98\xc8\xa8\x4a\xbd\x0b\x94\x81\x14\xad\x17\x6e\x00\x8d\x33\xbd\x60\xf9\x82\xb1\xff\x37\xc8\x55\x97\x97\xa0\x6e\xf4\xf0\xef\x61\xc1\x86\x32\x4e\x2b\x35\x06\x38\x36\x06\x90\x7b\x6a\x7c\x02\xb0\xf9\xf6\x15\x7b\x53\xc8\x67\xe4\xb9\x16\x6c\x76\x7b\x80\x4d\x46\xa5\x9b\x52\x16\xcd\xe7\xa4\xe9\x90\x40\xc5\xa4\x04\x33\x22\x5e\xe2\x82\xa1\xb0\xa0\x6c\x52\x3e\xaf\x45\x34\xd7\xf8\x3f\xa1\x15\x5b\x00\x47\x71\x8c\xbc\x54\x6a\x0d\x07\x2b\x04\xb3\x56\x4e\xea\x1b\x42\x22\x73\xf5\x48\x27\x1a\x0b\xb2\x31\x60\x53\xfa\x76\x99\x19\x55\xeb\xd6\x31\x59\x43\x4e\xce\xbb\x4e\x46\x6d\xae\x5a\x10\x73\xa6\x72\x76\x27\x09\x7a\x10\x49\xe6\x17\xd9\x1d\x36\x10\x94\xfa\x68\xf0\xff\x77\x98\x71\x30\x30\x5b\xea\xba\x2e\xda\x04\xdf\x99\x7b\x71\x4d\x6c\x6f\x2c\x29\xa6\xad\x5c\xb4\x02\x2b\x02\x70\x9b"
+
+a5plain :: ByteString
+a5plain =
+    "\x49\x6e\x74\x65\x72\x6e\x65\x74\x2d\x44\x72\x61\x66\x74\x73\x20\x61\x72\x65\x20\x64\x72\x61\x66\x74\x20\x64\x6f\x63\x75\x6d\x65\x6e\x74\x73\x20\x76\x61\x6c\x69\x64\x20\x66\x6f\x72\x20\x61\x20\x6d\x61\x78\x69\x6d\x75\x6d\x20\x6f\x66\x20\x73\x69\x78\x20\x6d\x6f\x6e\x74\x68\x73\x20\x61\x6e\x64\x20\x6d\x61\x79\x20\x62\x65\x20\x75\x70\x64\x61\x74\x65\x64\x2c\x20\x72\x65\x70\x6c\x61\x63\x65\x64\x2c\x20\x6f\x72\x20\x6f\x62\x73\x6f\x6c\x65\x74\x65\x64\x20\x62\x79\x20\x6f\x74\x68\x65\x72\x20\x64\x6f\x63\x75\x6d\x65\x6e\x74\x73\x20\x61\x74\x20\x61\x6e\x79\x20\x74\x69\x6d\x65\x2e\x20\x49\x74\x20\x69\x73\x20\x69\x6e\x61\x70\x70\x72\x6f\x70\x72\x69\x61\x74\x65\x20\x74\x6f\x20\x75\x73\x65\x20\x49\x6e\x74\x65\x72\x6e\x65\x74\x2d\x44\x72\x61\x66\x74\x73\x20\x61\x73\x20\x72\x65\x66\x65\x72\x65\x6e\x63\x65\x20\x6d\x61\x74\x65\x72\x69\x61\x6c\x20\x6f\x72\x20\x74\x6f\x20\x63\x69\x74\x65\x20\x74\x68\x65\x6d\x20\x6f\x74\x68\x65\x72\x20\x74\x68\x61\x6e\x20\x61\x73\x20\x2f\xe2\x80\x9c\x77\x6f\x72\x6b\x20\x69\x6e\x20\x70\x72\x6f\x67\x72\x65\x73\x73\x2e\x2f\xe2\x80\x9d"
+
+a5tag :: ByteString
+a5tag = "\xee\xad\x9d\x67\x89\x0c\xbb\x22\x39\x23\x36\xfe\xa1\x85\x1f\x38"
+
+rfc8439encrypt = a5cipher @=? ct
+  where
+    ct = case CP.aeadChacha20poly1305Init a5key a5nonce of
+        CryptoPassed st -> snd $ aeadSimpleEncrypt st a5aad a5plain 16
+        _ -> "dummy"
+
+rfc8439decrypt = Just a5plain @=? mpt
+  where
+    mpt = case CP.aeadChacha20poly1305Init a5key a5nonce of
+        CryptoPassed st -> aeadSimpleDecrypt st a5aad a5cipher (AuthTag $ B.convert a5tag)
+        _ -> Nothing
+
 tests =
     testGroup
         "ChaChaPoly1305"
@@ -63,25 +97,27 @@
         , testCase "V1-extended" runEncryptX
         , testCase "V1-extended-decrypt" runDecryptX
         , testCase "nonce increment" runNonceInc
+        , testCase "RFC8439 A5 enc" rfc8439encrypt
+        , testCase "RFC8439 A5 dec" rfc8439decrypt
         ]
   where
     runEncrypt =
         let ini =
                 throwCryptoError $
-                    AEAD.initialize key (throwCryptoError $ AEAD.nonce8 constant iv)
-            afterAAD = AEAD.finalizeAAD (AEAD.appendAAD aad ini)
-            (out, afterEncrypt) = AEAD.encrypt plaintext afterAAD
-            outtag = AEAD.finalize afterEncrypt
+                    CP.initialize key (throwCryptoError $ CP.nonce8 constant iv)
+            afterAAD = CP.finalizeAAD (CP.appendAAD aad ini)
+            (out, afterEncrypt) = CP.encrypt plaintext afterAAD
+            outtag = CP.finalize afterEncrypt
          in propertyHoldCase
                 [ eqTest "ciphertext" ciphertext out
                 , eqTest "tag" tag (B.convert outtag)
                 ]
     runEncryptX =
         let ini =
-                throwCryptoError $ AEAD.initializeX key (throwCryptoError $ AEAD.nonce24 ivX)
-            afterAAD = AEAD.finalizeAAD (AEAD.appendAAD aad ini)
-            (out, afterEncrypt) = AEAD.encrypt plaintext afterAAD
-            outtag = AEAD.finalize afterEncrypt
+                throwCryptoError $ CP.initializeX key (throwCryptoError $ CP.nonce24 ivX)
+            afterAAD = CP.finalizeAAD (CP.appendAAD aad ini)
+            (out, afterEncrypt) = CP.encrypt plaintext afterAAD
+            outtag = CP.finalize afterEncrypt
          in propertyHoldCase
                 [ eqTest "ciphertext" ciphertextX out
                 , eqTest "tag" tagX (B.convert outtag)
@@ -90,10 +126,10 @@
     runDecrypt =
         let ini =
                 throwCryptoError $
-                    AEAD.initialize key (throwCryptoError $ AEAD.nonce8 constant iv)
-            afterAAD = AEAD.finalizeAAD (AEAD.appendAAD aad ini)
-            (out, afterDecrypt) = AEAD.decrypt ciphertext afterAAD
-            outtag = AEAD.finalize afterDecrypt
+                    CP.initialize key (throwCryptoError $ CP.nonce8 constant iv)
+            afterAAD = CP.finalizeAAD (CP.appendAAD aad ini)
+            (out, afterDecrypt) = CP.decrypt ciphertext afterAAD
+            outtag = CP.finalize afterDecrypt
          in propertyHoldCase
                 [ eqTest "plaintext" plaintext out
                 , eqTest "tag" tag (B.convert outtag)
@@ -101,33 +137,33 @@
 
     runDecryptX =
         let ini =
-                throwCryptoError $ AEAD.initializeX key (throwCryptoError $ AEAD.nonce24 ivX)
-            afterAAD = AEAD.finalizeAAD (AEAD.appendAAD aad ini)
-            (out, afterDecrypt) = AEAD.decrypt ciphertextX afterAAD
-            outtag = AEAD.finalize afterDecrypt
+                throwCryptoError $ CP.initializeX key (throwCryptoError $ CP.nonce24 ivX)
+            afterAAD = CP.finalizeAAD (CP.appendAAD aad ini)
+            (out, afterDecrypt) = CP.decrypt ciphertextX afterAAD
+            outtag = CP.finalize afterDecrypt
          in propertyHoldCase
                 [ eqTest "plaintext" plaintext out
                 , eqTest "tag" tagX (B.convert outtag)
                 ]
 
     runNonceInc =
-        let n1 = throwCryptoError . AEAD.nonce12 $ nonce1
-            n3 = throwCryptoError . AEAD.nonce12 $ nonce3
-            n5 = throwCryptoError . AEAD.nonce12 $ nonce5
-            n6 = throwCryptoError . AEAD.nonce8 constant $ nonce6
-            n8 = throwCryptoError . AEAD.nonce8 constant $ nonce8
-            n10 = throwCryptoError . AEAD.nonce8 constant $ nonce10
+        let n1 = throwCryptoError . CP.nonce12 $ nonce1
+            n3 = throwCryptoError . CP.nonce12 $ nonce3
+            n5 = throwCryptoError . CP.nonce12 $ nonce5
+            n6 = throwCryptoError . CP.nonce8 constant $ nonce6
+            n8 = throwCryptoError . CP.nonce8 constant $ nonce8
+            n10 = throwCryptoError . CP.nonce8 constant $ nonce10
          in propertyHoldCase
-                [ eqTest "nonce12a" nonce2 $ B.convert . AEAD.incrementNonce $ n1
-                , eqTest "nonce12b" nonce4 $ B.convert . AEAD.incrementNonce $ n3
-                , eqTest "nonce12c" nonce1 $ B.convert . AEAD.incrementNonce $ n5
+                [ eqTest "nonce12a" nonce2 $ B.convert . CP.incrementNonce $ n1
+                , eqTest "nonce12b" nonce4 $ B.convert . CP.incrementNonce $ n3
+                , eqTest "nonce12c" nonce1 $ B.convert . CP.incrementNonce $ n5
                 , eqTest "nonce8a" (B.concat [constant, nonce7]) $
-                    B.convert . AEAD.incrementNonce $
+                    B.convert . CP.incrementNonce $
                         n6
                 , eqTest "nonce8b" (B.concat [constant, nonce9]) $
-                    B.convert . AEAD.incrementNonce $
+                    B.convert . CP.incrementNonce $
                         n8
                 , eqTest "nonce8c" (B.concat [constant, nonce6]) $
-                    B.convert . AEAD.incrementNonce $
+                    B.convert . CP.incrementNonce $
                         n10
                 ]
