Generic implementation of Hash-based Message Authentication Code (HMAC).
To use it you'll need a cryptographic hash function implementation from
RustCrypto project. You can either import specific crate (e.g. `sha2`), or
meta-crate `crypto-hashes` which reexport all related crates.
# Usage
Let us demonstrate how to use HMAC using SHA256 as an example.
To get the authentication code:
```rust
extern crate hmac;
extern crate sha2;
use sha2::Sha256;
use hmac::{Hmac, Mac};
// Create alias for HMAC-SHA256
type HmacSha256 = Hmac;
# fn main() {
// Create HMAC-SHA256 instance which implements `Mac` trait
let mut mac = HmacSha256::new_varkey(b"my secret and secure key")
.expect("HMAC can take key of any size");
mac.input(b"input message");
// `result` has type `MacResult` which is a thin wrapper around array of
// bytes for providing constant time equality check
let result = mac.result();
// To get underlying array use `code` method, but be carefull, since
// incorrect use of the code value may permit timing attacks which defeat
// the security provided by the `MacResult`
let code_bytes = result.code();
# }
```
To verify the message:
```rust
# extern crate hmac;
# extern crate sha2;
# use sha2::Sha256;
# use hmac::{Hmac, Mac};
# fn main() {
# type HmacSha256 = Hmac;
let mut mac = HmacSha256::new_varkey(b"my secret and secure key")
.expect("HMAC can take key of any size");
mac.input(b"input message");
# let code_bytes = mac.clone().result().code();
// `verify` will return `Ok(())` if code is correct, `Err(MacError)` otherwise
mac.verify(&code_bytes).unwrap();
# }
```
# Block and input sizes
Usually it is assumed that block size is larger than output size, due to the
generic nature of the implementation this edge case must be handled as well
to remove potential panic scenario. This is done by truncating hash output
to the hash block size if needed.