Skip to content

[Repo Assist] feat: add l_hmac_sha256 — HMAC-SHA-256 message authentication#154

Draft
github-actions[bot] wants to merge 1 commit intomainfrom
repo-assist/feat-hmac-sha256-2026-04-24-d1a0c46d1ee1d9e8
Draft

[Repo Assist] feat: add l_hmac_sha256 — HMAC-SHA-256 message authentication#154
github-actions[bot] wants to merge 1 commit intomainfrom
repo-assist/feat-hmac-sha256-2026-04-24-d1a0c46d1ee1d9e8

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot commented Apr 24, 2026

🤖 This is an automated PR from Repo Assist.

Summary

Adds l_hmac_sha256() as a companion to the existing l_sha256 family. HMAC-SHA-256 (RFC 2104) is the industry-standard message authentication primitive — useful for cookie signing, API authentication, token generation, and TLS helpers.

API addition:

/// One-shot HMAC-SHA256. Authenticates datalen bytes using keylen-byte key; writes 32-byte tag.
static inline void l_hmac_sha256(const void *key, size_t keylen,
                                  const void *data, size_t datalen,
                                  unsigned char hash[32]);

Implementation

Follows RFC 2104:

  • Keys longer than the SHA-256 block size (64 bytes) are pre-hashed first
  • Inner digest: H(ipad ⊕ K ∥ message)
  • Outer digest: H(opad ⊕ K ∥ inner)
  • Zero heap allocation — two 64-byte stack arrays, one reused L_Sha256 context

Tests

Added test_hmac_sha256() in tests/test_utils.c with three vectors cross-verified against Python hmac and OpenSSL:

TC Key Data
TC1 20 × 0x0b "Hi There"
TC2 "Jefe" "what do ya want for nothing?"
TC5 131 × 0xaa (> block size, exercises key-hashing path) "Test Using Larger Than Block-Size Key..."

Test Status

✅ Local Linux (gcc): bash Taskfile test

  • test_utils: 271/271 tests passed (24 new HMAC-SHA-256 assertions)
  • All other suites: PASS
  • No warnings with -Wall -Wextra -Wpedantic

Generated by 🌈 Repo Assist at {run-started}. Learn more.

To install this agentic workflow, run

gh aw add githubnext/agentics/workflows/repo-assist.md@1f672aef974f4246124860fc532f82fe8a93a57e

@github-actions
feat: add l_hmac_sha256 — HMAC-SHA-256 message authentication
b940b9e 
Adds l_hmac_sha256() as a natural companion to the existing l_sha256
family. HMAC (RFC 2104) is a widely-used message authentication code;
having it in l_os.h means TLS helpers, cookie signing, and API clients
no longer need an external dependency.

Implementation follows RFC 2104:
- Keys > 64 bytes are pre-hashed (block size = 64 for SHA-256)
- Inner hash: H(ipad ^ k || message)
- Outer hash: H(opad ^ k || inner)
- Zero-allocation: 2 × 64-byte stack arrays + reused L_Sha256 context

Tests in test_utils.c cover three RFC 4231 vectors (verified against
Python hmac + OpenSSL):
- TC1: 20-byte 0x0b key, "Hi There"
- TC2: "Jefe" key, "what do ya want for nothing?"
- TC5: 131-byte 0xaa key (> block size), longer message

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This was referenced Apr 26, 2026
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

automation enhancement New feature or request repo-assist

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants