diff --git a/crates/tor-cell/src/relaycell/hs/est_intro.rs b/crates/tor-cell/src/relaycell/hs/est_intro.rs
index e8ed34932..6a99d1b65 100644
--- a/crates/tor-cell/src/relaycell/hs/est_intro.rs
+++ b/crates/tor-cell/src/relaycell/hs/est_intro.rs
@@ -3,7 +3,7 @@
 use caret::caret_int;
 use tor_bytes::{EncodeError, EncodeResult, Readable, Reader, Result, Writeable, Writer};
 use tor_error::bad_api_usage;
-use tor_hscrypto::ops::hs_mac;
+use tor_hscrypto::ops::{hs_mac, HS_MAC_LEN};
 use tor_llcrypto::{
     pk::ed25519::{self, Ed25519Identity, ED25519_ID_LEN, ED25519_SIGNATURE_LEN},
     util::ct::CtByteArray,
@@ -165,7 +165,7 @@ pub struct EstablishIntro {
     ///
     /// This MAC binds the EstablishIntro message to a single circuit, and keeps
     /// it from being replayed.
-    handshake_auth: CtByteArray<32>,
+    handshake_auth: CtByteArray<HS_MAC_LEN>,
     /// A textual record of all the fields in the
     #[educe(Debug(ignore))]
     mac_plaintext: Vec<u8>,
@@ -332,7 +332,7 @@ impl EstablishIntro {
     #[cfg(feature = "testing")]
     pub fn from_parts_for_test(
         body: EstablishIntroDetails,
-        mac: CtByteArray<32>,
+        mac: CtByteArray<HS_MAC_LEN>,
         signature: ed25519::Signature,
     ) -> Self {
         use tor_llcrypto::pk::ed25519::ValidatableEd25519Signature;
diff --git a/crates/tor-hscrypto/src/ops.rs b/crates/tor-hscrypto/src/ops.rs
index 2e8014b46..3dbe12735 100644
--- a/crates/tor-hscrypto/src/ops.rs
+++ b/crates/tor-hscrypto/src/ops.rs
@@ -5,10 +5,13 @@ use tor_llcrypto::util::ct::CtByteArray;
 
 use digest::Digest;
 
+/// The length of the MAC returned by [`hs_mac`].
+pub const HS_MAC_LEN: usize = 32;
+
 /// Compute the lightweight MAC function used in the onion service protocol.
 ///
 /// (rend-spec-v3 section 0.3 `MAC`)
-pub fn hs_mac(key: &[u8], msg: &[u8]) -> CtByteArray<32> {
+pub fn hs_mac(key: &[u8], msg: &[u8]) -> CtByteArray<HS_MAC_LEN> {
     // rend-spec-v3 says: "Instantiate H with SHA3-256... Instantiate MAC(key=k,
     // message=m) with H(k_len | k | m), where k_len is htonll(len(k))."
 
@@ -17,7 +20,7 @@ pub fn hs_mac(key: &[u8], msg: &[u8]) -> CtByteArray<32> {
     hasher.update(klen.to_be_bytes());
     hasher.update(key);
     hasher.update(msg);
-    let a: [u8; 32] = hasher.finalize().into();
+    let a: [u8; HS_MAC_LEN] = hasher.finalize().into();
     a.into()
 }