`@eryx/crypto/hmac` Module

High-level keyed message authentication.

This module provides a single HMAC API for application code that wants authenticity and integrity without choosing a concrete hash function at every call site.

The returned MAC is a tagged buffer, allowing the underlying algorithm choice to evolve later.

The current format is:

"$m$" || raw_mac

local hmac = require("@eryx/crypto/hmac")

local mac = hmac.digest(buffer.fromstring("secret"), buffer.fromstring("hello"))
assert(hmac.verify(buffer.fromstring("secret"), buffer.fromstring("hello"), mac))

Summary

Functions

hmac.digest(key: buffer, data: buffer) → buffer

hmac.verify(key: buffer, data: buffer, mac: buffer) → boolean

API Reference

Functions

hmac.digest

Computes a tagged MAC over data using key.

The current implementation uses a fixed HMAC choice internally and returns a tagged buffer so callers do not depend on that detail.

hmac.digest(key: buffer, data: buffer) → buffer

Parameters

key: buffer

Secret key.

data: buffer

Input data.

Returns

buffer

Tagged MAC.

hmac.verify

Verifies that mac matches data under key.

Returns true if the MAC is well-formed, uses a supported tag, and matches the supplied key and data. Returns false for malformed or mismatched values.

hmac.verify(key: buffer, data: buffer, mac: buffer) → boolean

Parameters

key: buffer

Secret key.

data: buffer

Input data.

mac: buffer

Tagged MAC previously returned by digest.

Returns

boolean

true if the MAC matches.

@eryx/crypto/hmac Module

Summary

Functions

API Reference

Functions

hmac.digest

Parameters

Returns

hmac.verify

Parameters

Returns

`@eryx/crypto/hmac` Module