Setup for HMAC authentication capabilities

aufdenkampe · aufdenkampe · commit 0ca66e3218b9 · 2022-04-14T14:43:03.000-05:00
@SRGDamia1, general HMAC functions could benefit all dataPublishers, so I am adding it to the dataPublisherBase. Does that make sense? Once I get general HMAC SHA256 tokens to work, I'll then be creating a new publisher for Azure EventHubs. AWS IoT has a similar endpoint, so this could be widely used.
diff --git a/library.json b/library.json
@@ -329,6 +329,16 @@
       "authors": ["Sara Damiano", "Anthony Aufdenkampe"],
       "frameworks": "arduino",
       "platforms": "atmelavr, atmelsam"
-    }
+    },
+    {
+        "name": "cryptosuite2",
+        "owner": "envirodiy",
+        "url": "https://github.com/EnviroDIY/cryptosuite2",
+        "version": "~0.2.7",
+        "note": "Arduino/Generic C library for SHA256, SHA1 hashing and SHA256-HMAC, SHA1-HMAC",
+        "authors": [],
+        "frameworks": "arduino",
+        "platforms": "*"
+      }  
   ]
 }
diff --git a/src/dataPublisherBase.cpp b/src/dataPublisherBase.cpp
@@ -155,3 +155,11 @@ String dataPublisher::parseMQTTState(int state) {
         default: return String(state) + ": UNKNOWN";
     }
 }
+
+
+String dataPublisher::writeHMACsignature(char* key, char* string_to_sign) {
+    // Create a HexMap to save 16 bytes of SRAM
+    const char hexMap[] PROGMEM = "0123456789abcdef";  // This is from the cryptosuite2 example, but there must be a better way.
+    // Anthony to add more code here
+    return signature;
+}
diff --git a/src/dataPublisherBase.h b/src/dataPublisherBase.h
@@ -52,6 +52,7 @@
 #undef MS_DEBUGGING_STD
 #include "LoggerBase.h"
 #include "Client.h"
+#include "sha256.h"  // `cryptosuite2` library's SHA256 functions
 
 /**
  * @brief The dataPublisher class is a virtual class used by other publishers to
@@ -268,6 +269,19 @@ class dataPublisher {
      */
     String parseMQTTState(int state);
 
+    /**
+     * @brief Write an HMAC-SHA256 signature -- which is a keyed-hash message 
+     * authentication code (HMAC) created using the SHA-256 cryptographic 
+     * hash algorithm -- for generating tokens for authenticating requests
+     * using the authorization header.
+     *
+     * @param key The shared secret key used to "salt" the hash
+     * @param string_to_sign The string that gets hashed into a signature token.
+     * @return **String** The signed HMAC-SHA256 authorization token, or 
+     * signature.
+     */
+    String writeHMACsignature(char* key, char* string_to_sign);
+
 
  protected:
     /**

Original file line number	Diff line number	Diff line change
`@@ -155,3 +155,11 @@ String dataPublisher::parseMQTTState(int state) {`
`155`	`155`	`default: return String(state) + ": UNKNOWN";`
`156`	`156`	`}`
`157`	`157`	`}`
	`158`	`+`
	`159`	`+`
	`160`	`+String dataPublisher::writeHMACsignature(char* key, char* string_to_sign) {`
	`161`	`+ // Create a HexMap to save 16 bytes of SRAM`
	`162`	`+ const char hexMap[] PROGMEM = "0123456789abcdef"; // This is from the cryptosuite2 example, but there must be a better way.`
	`163`	`+ // Anthony to add more code here`
	`164`	`+ return signature;`
	`165`	`+}`