If you are not limited to HMAC, blind signatures would meet your requirements.
In RSA, you can do blind signatures as follows:
Let $M$ be the message to be signed (probably the hash of a message) and let $e,N$ be A's public key, $d$ is A's private key.
B computes $M' = M\cdot r^e \bmod{N}$ and sends $M'$ to A.
A computes $S' = M'^d\bmod{N}$ and sends it to B.
B computes $S = S'\cdot r^{-1}\bmod{N} = M^d\bmod{N}$ (i.e., $M$ signed with A's private key).
I am not aware of any libraries that support this scheme out of the box, but it wouldn't be too hard to add the functionality. Also, other cryptosystems would support this idea too.
Homomorphic Encryption
Using fully homomorphic encryption, this would be very possible to do. You would just need to implement a homomorphic version of a hash function and build it up into an HMAC function. Given current public-key homomorphic technology, it would be very slow. Still, though, this technology is too new for deployment.
Garbled Circuits
Another option for implementing HMAC that should meet the requirements you have stated is garbled circuits. Garbled circuits can evaluate AES privately much faster than even the most optimized version of homomorphic AES. Which suggests that a hash function could be practical to compute using a garbled circuit.
