This provider will use WebCrypto's SubtleCrypto.sign method to perform HMAC operations. It will need to handle incremental updating and input validation itself since the actual WebCrypto function won't be called until the HMAC is finalized.

crypto Proposal Reference - HMAC Section

See examples at https://github.com/diafygi/webcrypto-examples

There is an initial solution available at https://github.com/devpaul/crypto/tree/hmac based on code from PR #9. Tests pass on Chrome and FireFox. Safari gives up before really connecting to the proxy.

I am hoping this will give us a chance to compare the node and webcrypto implementations and ensure our APIs will provide a consistent user experience between platforms.

Note that this uses the latest spec for CryptoKey and MDN is not up-to-date at the time of this writing. For instance, the hash algorithm can be supplied as a string or an object: https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#algorithm-dictionary.

Once PR #9 has been merged I'll cherry-pick out my changes and reapply them into another branch that will be submitted for review.

P.S. I found these tests to be a useful reference: https://chromium.googlesource.com/chromium/blink/+/949530d6cba5e6943ce1b1502b602ae97b9bd557/LayoutTests/crypto/sign-verify.html