rust-hmac-sha256
A small, self-contained SHA256, HMAC-SHA256, and HKDF-SHA256 implementation in Rust with no_std support.
Features
- Pure Rust implementation
- No external dependencies (unless optional features are enabled)
no_std
compatible- Both one-shot and streaming APIs
- Constant-time verification to prevent timing attacks
- HKDF key derivation (extraction and expansion)
Optional Features
traits
: Enable support for theDigest
trait from thedigest
crate (both version 0.9.0 and 0.10.7)opt_size
: Enable size optimizations. Based on benchmarks, the.text
section size is reduced by 75%, at the cost of approximately 16% performance.
Usage Examples
SHA-256
// One-shot hashing
let hash = hash;
// Incremental hashing
let mut hasher = new;
hasher.update;
hasher.update;
let hash = hasher.finalize;
// Constant-time verification
let expected = hash;
let mut hasher = new;
hasher.update;
assert!;
HMAC-SHA256
// One-shot HMAC
let mac = HMAC mac;
// Incremental HMAC
let mut hmac = HMAC new;
hmac.update;
hmac.update;
let mac = hmac.finalize;
// Constant-time verification
let expected = HMAC mac;
let mut hmac = HMAC new;
hmac.update;
assert!;
HKDF-SHA256
// Extract a pseudorandom key from input keying material
let prk = HKDF extract;
// Expand the pseudorandom key to the desired output length
let mut output = ;
HKDF expand;