pub struct HMAC { /* private fields */ }
Expand description
HMAC-SHA256 implementation.
This struct provides both streaming and one-shot APIs for computing HMAC-SHA256.
§Examples
One-shot HMAC computation:
let mac = hmac_sha256::HMAC::mac(b"message data", b"secret key");
Incremental HMAC computation:
let mut hmac = hmac_sha256::HMAC::new(b"secret key");
hmac.update(b"first part");
hmac.update(b"second part");
let mac = hmac.finalize();
Implementations§
Source§impl HMAC
impl HMAC
Sourcepub fn mac(input: impl AsRef<[u8]>, k: impl AsRef<[u8]>) -> [u8; 32]
pub fn mac(input: impl AsRef<[u8]>, k: impl AsRef<[u8]>) -> [u8; 32]
Computes the HMAC-SHA256 of the provided input using the given key in a single operation.
This is a convenience method for simple HMAC operations.
§Arguments
input
- The message data to authenticatek
- The secret key
§Returns
A 32-byte HMAC-SHA256 message authentication code
§Example
let mac = hmac_sha256::HMAC::mac(b"message data", b"secret key");
Sourcepub fn update(&mut self, input: impl AsRef<[u8]>)
pub fn update(&mut self, input: impl AsRef<[u8]>)
Absorbs content into the HMAC state.
This method can be called multiple times to incrementally add data to be authenticated.
§Example
let mut hmac = hmac_sha256::HMAC::new(b"secret key");
hmac.update(b"first chunk");
hmac.update(b"second chunk");
let mac = hmac.finalize();
Sourcepub fn finalize(self) -> [u8; 32]
pub fn finalize(self) -> [u8; 32]
Computes the HMAC-SHA256 of all previously absorbed content.
This method consumes the HMAC instance and returns the computed 32-byte authentication code.
§Example
let mut hmac = hmac_sha256::HMAC::new(b"secret key");
hmac.update(b"message data");
let mac: [u8; 32] = hmac.finalize();
Sourcepub fn finalize_verify(self, expected: &[u8; 32]) -> bool
pub fn finalize_verify(self, expected: &[u8; 32]) -> bool
Verifies that the HMAC of absorbed content matches the expected MAC.
This provides constant-time comparison to prevent timing attacks.
§Example
let expected = hmac_sha256::HMAC::mac(b"message", b"key");
let mut hmac = hmac_sha256::HMAC::new(b"key");
hmac.update(b"message");
assert!(hmac.finalize_verify(&expected));
let mut hmac = hmac_sha256::HMAC::new(b"key");
hmac.update(b"modified message");
assert!(!hmac.finalize_verify(&expected));
Sourcepub fn verify(
input: impl AsRef<[u8]>,
k: impl AsRef<[u8]>,
expected: &[u8; 32],
) -> bool
pub fn verify( input: impl AsRef<[u8]>, k: impl AsRef<[u8]>, expected: &[u8; 32], ) -> bool
Verifies that the HMAC of the provided input using the given key matches the expected MAC.
This is a convenience method that combines HMAC computation and verification in a single call. It provides constant-time comparison to prevent timing attacks.
§Arguments
input
- The message data to authenticatek
- The secret keyexpected
- The expected HMAC value to compare against
§Returns
true
if the computed HMAC matches the expected value, false
otherwise
§Example
let mac = hmac_sha256::HMAC::mac(b"message", b"key");
// Verify in one shot
assert!(hmac_sha256::HMAC::verify(b"message", b"key", &mac));
assert!(!hmac_sha256::HMAC::verify(b"modified message", b"key", &mac));