Setup for HMAC authentication capabilities

@SRGDamia1, general HMAC functions could benefit all dataPublishers, so I am adding it to the dataPublisherBase. Does that make sense? Once I get general HMAC SHA256 tokens to work, I'll then be creating a new publisher for Azure EventHubs. AWS IoT has a similar endpoint, so this could be widely used.
EnviroDIY · Apr 14, 2022 · 0ca66e3 · 0ca66e3 · aufdenkampe · Apr 14, 2022
1 parent 7a1c63a
commit 0ca66e3
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 1 deletion.
diff --git a/library.json b/library.json
@@ -329,6 +329,16 @@
       "authors": ["Sara Damiano", "Anthony Aufdenkampe"],
       "frameworks": "arduino",
       "platforms": "atmelavr, atmelsam"
-    }
+    },
+    {
+        "name": "cryptosuite2",
+        "owner": "envirodiy",
+        "url": "https://github.com/EnviroDIY/cryptosuite2",
+        "version": "~0.2.7",
+        "note": "Arduino/Generic C library for SHA256, SHA1 hashing and SHA256-HMAC, SHA1-HMAC",
+        "authors": [],
+        "frameworks": "arduino",
+        "platforms": "*"
+      }  
   ]
 }
diff --git a/src/dataPublisherBase.cpp b/src/dataPublisherBase.cpp
@@ -155,3 +155,11 @@ String dataPublisher::parseMQTTState(int state) {
         default: return String(state) + ": UNKNOWN";
     }
 }
+
+
+String dataPublisher::writeHMACsignature(char* key, char* string_to_sign) {
+    // Create a HexMap to save 16 bytes of SRAM
+    const char hexMap[] PROGMEM = "0123456789abcdef";  // This is from the cryptosuite2 example, but there must be a better way.
+    // Anthony to add more code here
+    return signature;
+}
diff --git a/src/dataPublisherBase.h b/src/dataPublisherBase.h
@@ -52,6 +52,7 @@
 #undef MS_DEBUGGING_STD
 #include "LoggerBase.h"
 #include "Client.h"
+#include "sha256.h"  // `cryptosuite2` library's SHA256 functions
 
 /**
  * @brief The dataPublisher class is a virtual class used by other publishers to
@@ -268,6 +269,19 @@ class dataPublisher {
      */
     String parseMQTTState(int state);
 
+    /**
+     * @brief Write an HMAC-SHA256 signature -- which is a keyed-hash message 
+     * authentication code (HMAC) created using the SHA-256 cryptographic 
+     * hash algorithm -- for generating tokens for authenticating requests
+     * using the authorization header.
+     *
+     * @param key The shared secret key used to "salt" the hash
+     * @param string_to_sign The string that gets hashed into a signature token.
+     * @return **String** The signed HMAC-SHA256 authorization token, or 
+     * signature.
+     */
+    String writeHMACsignature(char* key, char* string_to_sign);
+
 
  protected:
     /**