go-crypt/crypt/hmac.go

package crypt

import (
	"crypto/hmac"
	"crypto/sha256"
	"crypto/sha512"
	"hash"
)

// HMACSHA256 computes the HMAC-SHA256 of a message using the given key.
func HMACSHA256(message, key []byte) []byte {
	mac := hmac.New(sha256.New, key)
	mac.Write(message)
	return mac.Sum(nil)
}

// HMACSHA512 computes the HMAC-SHA512 of a message using the given key.
func HMACSHA512(message, key []byte) []byte {
	mac := hmac.New(sha512.New, key)
	mac.Write(message)
	return mac.Sum(nil)
}

// VerifyHMAC verifies an HMAC using constant-time comparison.
// hashFunc should be sha256.New, sha512.New, etc.
func VerifyHMAC(message, key, mac []byte, hashFunc func() hash.Hash) bool {
	expected := hmac.New(hashFunc, key)
	expected.Write(message)
	return hmac.Equal(mac, expected.Sum(nil))
}
feat: extract crypto/security packages from core/go ChaCha20-Poly1305, AES-256-GCM, Argon2 key derivation, OpenPGP challenge-response auth, and trust tier policy engine. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-16 15:25:54 +00:00			`package crypt`

			`import (`
			`"crypto/hmac"`
			`"crypto/sha256"`
			`"crypto/sha512"`
			`"hash"`
			`)`

			`// HMACSHA256 computes the HMAC-SHA256 of a message using the given key.`
			`func HMACSHA256(message, key []byte) []byte {`
			`mac := hmac.New(sha256.New, key)`
			`mac.Write(message)`
			`return mac.Sum(nil)`
			`}`

			`// HMACSHA512 computes the HMAC-SHA512 of a message using the given key.`
			`func HMACSHA512(message, key []byte) []byte {`
			`mac := hmac.New(sha512.New, key)`
			`mac.Write(message)`
			`return mac.Sum(nil)`
			`}`

			`// VerifyHMAC verifies an HMAC using constant-time comparison.`
			`// hashFunc should be sha256.New, sha512.New, etc.`
			`func VerifyHMAC(message, key, mac []byte, hashFunc func() hash.Hash) bool {`
			`expected := hmac.New(hashFunc, key)`
			`expected.Write(message)`
			`return hmac.Equal(mac, expected.Sum(nil))`
			`}`