Lib.rs

Cryptography
#sha-512 #hmac #sha-2

no-std hmac-sha512

A small, self-contained SHA512, HMAC-SHA512, HKDF-SHA512, SHA384, HMAC-SHA384, and HKDF-SHA384 implementation

by Frank Denis

22 releases (14 stable)

1.1.12 Feb 13, 2026
1.1.8 Jan 22, 2026
1.1.7 May 19, 2025
1.1.6 Dec 9, 2024
0.1.6 Jun 23, 2020

#35 in Cryptography

Download history 99994/week @ 2026-01-21 105317/week @ 2026-01-28 111755/week @ 2026-02-04 112969/week @ 2026-02-11 110342/week @ 2026-02-18 111334/week @ 2026-02-25 129200/week @ 2026-03-04 123652/week @ 2026-03-11 139309/week @ 2026-03-18 147413/week @ 2026-03-25 125524/week @ 2026-04-01 131875/week @ 2026-04-08 134904/week @ 2026-04-15 126407/week @ 2026-04-22 161941/week @ 2026-04-29 175648/week @ 2026-05-06

627,719 downloads per month
Used in 173 crates (24 directly)

ISC license

46KB
1K SLoC

hmac-sha512

A small, self-contained SHA512, HMAC-SHA512, HKDF-SHA512, SHA384, and HMAC-SHA384 implementation in Rust.

Crates.io Documentation License: ISC

Features

  • Pure Rust implementation
  • Minimal dependencies
  • no_std compatible for embedded systems
  • Both one-shot and streaming APIs for HMAC
  • HKDF key derivation (RFC 5869)
  • Constant-time verification to prevent timing attacks
  • Optional size optimizations

Optional Features

  • sha384 (enabled by default): Includes SHA384 and HMAC-SHA384 implementations
  • opt_size: Optimizes for binary size at a slight performance cost (reduces text section size by ~75% with ~16% performance hit)
  • traits09: Support for Digest trait from digest crate v0.9.x
  • traits010: Support for Digest trait from digest crate v0.10.x
  • traits011: Support for Digest trait from digest crate v0.11.x

Usage

Add this to your Cargo.toml:

[dependencies]
hmac-sha512 = "1.1"

SHA512 Hashing

use hmac_sha512::Hash;

// One-shot hashing
let hash = Hash::hash(b"message");

// Incremental hashing
let mut hasher = Hash::new();
hasher.update(b"hello ");
hasher.update(b"world");
let hash = hasher.finalize();

HMAC-SHA512

use hmac_sha512::HMAC;

// One-shot HMAC
let mac = HMAC::mac(b"message", b"key");

// Incremental HMAC
let mut hmac = HMAC::new(b"key");
hmac.update(b"message part 1");
hmac.update(b"message part 2");
let mac = hmac.finalize();

// Constant-time verification (one-shot)
let expected = HMAC::mac(b"message", b"key");
let is_valid = HMAC::verify(b"message", b"key", &expected);

// Constant-time verification (streaming)
let mut hmac = HMAC::new(b"key");
hmac.update(b"message");
assert!(hmac.finalize_verify(&expected));

HKDF-SHA512

HKDF (HMAC-based Key Derivation Function) as defined in RFC 5869.

use hmac_sha512::HKDF;

// Extract a pseudorandom key from input keying material
let prk = HKDF::extract(b"salt", b"input key material");

// Expand the pseudorandom key to the desired output length
let mut output = [0u8; 128];
HKDF::expand(&mut output, prk, b"application info");

SHA384 Hashing (when enabled)

use hmac_sha512::sha384::Hash;

let hash = Hash::hash(b"message");

HMAC-SHA384 (when enabled)

use hmac_sha512::sha384::HMAC;

let mac = HMAC::mac(b"message", b"key");

let expected = [0u8; 48]; // Replace with actual expected MAC
let is_valid = HMAC::verify(b"message", b"key", &expected);

With Digest Trait

use hmac_sha512::Hash;
use digest::Digest;  // Requires enabling traits feature

let mut hasher = Hash::new();
hasher.update(b"message");
let result = hasher.finalize();

Building and Testing

# Build with default features
cargo build

# Build with all features
cargo build --all-features

# Build without SHA384 support
cargo build --no-default-features

# Run all tests
cargo test --all-features

License

This project is licensed under the ISC License.

Dependencies

~180KB