Crate hmac [−] [src]

Generic implementation of Hash-based Message Authentication Code (HMAC).

To use it you'll need a cryptographic hash function implementation from RustCrypto project. You can either import specific crate (e.g. sha2), or meta-crate crypto-hashes which reexport all related crates.

Usage

Let us demonstrate how to use HMAC using SHA256 as an example.

To get the authentication code:

extern crate sha2;
extern crate hmac;

use hmac::{Hmac, Mac};
use sha2::Sha256;

// Create `Mac` trait implementation, namely HMAC-SHA256
let mac = Hmac::<Sha256>::new(b"my secret and secure key");
mac.input(b"input message");

// `result` has type `MacResult` which is a thin wrapper around array of
// bytes for providing constant time equality check
let result = mac.result();
// To get &[u8] use `code` method, but be carefull, since incorrect use
// of the code value may permit timing attacks which defeat the security
// provided by the `MacResult`.
let code_bytes = resul.code();

To verify the message:

let mac = Hmac::<Sha256>::new(b"my secret and secure key");

mac.input(b"input message");

let is_code_correct = mac.verify(code_bytes);

Block and input sizes

Usually it is assumed that block size is larger than output size, due to the generic nature of the implementation this edge case must be handled as well to remove potential panic scenario. This is done by truncating hash output to the hash block size if needed.

Structs

Hmac	The `Hmac` struct represents an HMAC using a given hash function `D`.
MacResult	`MacResult` wraps a Mac code and provides a safe Eq implementation that runs in fixed time.

Traits

Mac	The Mac trait defines methods for a Message Authentication function.