diff --git a/crypto_onetimeauth.js b/crypto_onetimeauth.js
index 0e3622d..d47c554 100644
--- a/crypto_onetimeauth.js
+++ b/crypto_onetimeauth.js
@@ -1,21 +1,37 @@
 /* eslint-disable camelcase */
+const assert = require('nanoassert')
 const Poly1305 = require('./internal/poly1305')
 const { crypto_verify_16 } = require('./crypto_verify')
 
+const crypto_onetimeauth_BYTES = 16
+const crypto_onetimeauth_KEYBYTES = 32
+const crypto_onetimeauth_PRIMITIVE = 'poly1305'
+
 module.exports = {
   crypto_onetimeauth,
-  crypto_onetimeauth_verify
+  crypto_onetimeauth_verify,
+  crypto_onetimeauth_BYTES,
+  crypto_onetimeauth_KEYBYTES,
+  crypto_onetimeauth_PRIMITIVE
 }
 
-function crypto_onetimeauth (out, outpos, m, mpos, n, k) {
-  var s = new Poly1305(k)
-  s.update(m, mpos, n)
-  s.finish(out, outpos)
-  return 0
+function crypto_onetimeauth (mac, msg, key) {
+  assert(mac.byteLength === crypto_onetimeauth_BYTES, 'mac must be \'crypto_onetimeauth_BYTES\' bytes')
+  assert(msg.byteLength != null, 'msg must be buffer')
+  assert(key.byteLength === crypto_onetimeauth_KEYBYTES, 'key must be \'crypto_onetimeauth_KEYBYTES\' bytes')
+
+  var s = new Poly1305(key)
+  s.update(msg, 0, msg.byteLength)
+  s.finish(mac, 0)
+  return true
 }
 
-function crypto_onetimeauth_verify (h, hpos, m, mpos, n, k) {
-  var x = new Uint8Array(16)
-  crypto_onetimeauth(x, 0, m, mpos, n, k)
-  return crypto_verify_16(h, hpos, x, 0)
+function crypto_onetimeauth_verify (mac, msg, key) {
+  assert(mac.byteLength === crypto_onetimeauth_BYTES, 'mac must be \'crypto_onetimeauth_BYTES\' bytes')
+  assert(msg.byteLength != null, 'msg must be buffer')
+  assert(key.byteLength === crypto_onetimeauth_KEYBYTES, 'key must be \'crypto_onetimeauth_KEYBYTES\' bytes')
+
+  var tmp = new Uint8Array(16)
+  crypto_onetimeauth(tmp, msg, key)
+  return crypto_verify_16(mac, 0, tmp, 0) === 0
 }