ESPHome: esphome/components/hmac_sha256/hmac_sha256.cpp Source File

#include <cstring>

#include "hmac_sha256.h"

#if defined(USE_ESP32) || defined(USE_ESP8266) || defined(USE_RP2040) || defined(USE_LIBRETINY) || defined(USE_HOST)

#include "esphome/core/helpers.h"


namespace esphome::hmac_sha256 {


constexpr size_t SHA256_DIGEST_SIZE = 32;


#if defined(USE_HMAC_SHA256_PSA)


// ESP-IDF 6.0 ships mbedtls 4.0 which removed the legacy mbedtls_md HMAC API.

// Use the PSA Crypto MAC API instead.


HmacSHA256::~HmacSHA256() {

  psa_mac_abort(&this->op_);

  psa_destroy_key(this->key_id_);

}


void HmacSHA256::init(const uint8_t *key, size_t len) {

  psa_mac_abort(&this->op_);

  psa_destroy_key(this->key_id_);


  psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;

  psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC);

  psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);

  psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(PSA_ALG_SHA_256));

  psa_import_key(&attributes, key, len, &this->key_id_);


  this->op_ = PSA_MAC_OPERATION_INIT;

  psa_mac_sign_setup(&this->op_, this->key_id_, PSA_ALG_HMAC(PSA_ALG_SHA_256));

}


void HmacSHA256::add(const uint8_t *data, size_t len) { psa_mac_update(&this->op_, data, len); }


void HmacSHA256::calculate() {

  size_t mac_length;

  psa_mac_sign_finish(&this->op_, this->digest_, sizeof(this->digest_), &mac_length);

}


void HmacSHA256::get_bytes(uint8_t *output) { memcpy(output, this->digest_, SHA256_DIGEST_SIZE); }


void HmacSHA256::get_hex(char *output) {

  format_hex_to(output, SHA256_DIGEST_SIZE * 2 + 1, this->digest_, SHA256_DIGEST_SIZE);

}


bool HmacSHA256::equals_bytes(const uint8_t *expected) {

  return memcmp(this->digest_, expected, SHA256_DIGEST_SIZE) == 0;

}


bool HmacSHA256::equals_hex(const char *expected) {

  char hex_output[SHA256_DIGEST_SIZE * 2 + 1];

  this->get_hex(hex_output);

  hex_output[SHA256_DIGEST_SIZE * 2] = '\0';

  return strncmp(hex_output, expected, SHA256_DIGEST_SIZE * 2) == 0;

}


#elif defined(USE_HMAC_SHA256_MBEDTLS)


HmacSHA256::~HmacSHA256() { mbedtls_md_free(&this->ctx_); }


void HmacSHA256::init(const uint8_t *key, size_t len) {

  mbedtls_md_init(&this->ctx_);

  const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);

  mbedtls_md_setup(&this->ctx_, md_info, 1);  // 1 = HMAC mode

  mbedtls_md_hmac_starts(&this->ctx_, key, len);

}


void HmacSHA256::add(const uint8_t *data, size_t len) { mbedtls_md_hmac_update(&this->ctx_, data, len); }


void HmacSHA256::calculate() { mbedtls_md_hmac_finish(&this->ctx_, this->digest_); }


void HmacSHA256::get_bytes(uint8_t *output) { memcpy(output, this->digest_, SHA256_DIGEST_SIZE); }


void HmacSHA256::get_hex(char *output) {

  format_hex_to(output, SHA256_DIGEST_SIZE * 2 + 1, this->digest_, SHA256_DIGEST_SIZE);

}


bool HmacSHA256::equals_bytes(const uint8_t *expected) {

  return memcmp(this->digest_, expected, SHA256_DIGEST_SIZE) == 0;

}


bool HmacSHA256::equals_hex(const char *expected) {

  char hex_output[SHA256_DIGEST_SIZE * 2 + 1];

  this->get_hex(hex_output);

  hex_output[SHA256_DIGEST_SIZE * 2] = '\0';

  return strncmp(hex_output, expected, SHA256_DIGEST_SIZE * 2) == 0;

}


#else


HmacSHA256::~HmacSHA256() = default;


// HMAC block size for SHA256 (RFC 2104)

constexpr size_t HMAC_BLOCK_SIZE = 64;


void HmacSHA256::init(const uint8_t *key, size_t len) {

  uint8_t ipad[HMAC_BLOCK_SIZE], opad[HMAC_BLOCK_SIZE];


  memset(ipad, 0, sizeof(ipad));

  if (len > HMAC_BLOCK_SIZE) {

    sha256::SHA256 keysha256;

    keysha256.init();

    keysha256.add(key, len);

    keysha256.calculate();

    keysha256.get_bytes(ipad);

  } else {

    memcpy(ipad, key, len);

  }

  memcpy(opad, ipad, sizeof(opad));


  for (size_t i = 0; i < HMAC_BLOCK_SIZE; i++) {

    ipad[i] ^= 0x36;

    opad[i] ^= 0x5c;

  }


  this->ihash_.init();

  this->ihash_.add(ipad, sizeof(ipad));


  this->ohash_.init();

  this->ohash_.add(opad, sizeof(opad));

}


void HmacSHA256::add(const uint8_t *data, size_t len) { this->ihash_.add(data, len); }


void HmacSHA256::calculate() {

  uint8_t ibytes[32];


  this->ihash_.calculate();

  this->ihash_.get_bytes(ibytes);


  this->ohash_.add(ibytes, sizeof(ibytes));

  this->ohash_.calculate();

}


void HmacSHA256::get_bytes(uint8_t *output) { this->ohash_.get_bytes(output); }


void HmacSHA256::get_hex(char *output) { this->ohash_.get_hex(output); }


bool HmacSHA256::equals_bytes(const uint8_t *expected) { return this->ohash_.equals_bytes(expected); }


bool HmacSHA256::equals_hex(const char *expected) { return this->ohash_.equals_hex(expected); }


#endif  // USE_HMAC_SHA256_PSA / USE_HMAC_SHA256_MBEDTLS


}  // namespace esphome::hmac_sha256


#endif

esphome::HashBase::get_hex
void get_hex(char *output)
Retrieve the hash as hex characters. Output buffer must hold get_size() * 2 + 1 bytes.
Definition hash_base.h:29

esphome::HashBase::equals_hex
bool equals_hex(const char *expected)
Compare the hash against a provided hex-encoded hash.
Definition hash_base.h:35

esphome::HashBase::equals_bytes
bool equals_bytes(const uint8_t *expected)
Compare the hash against a provided byte-encoded hash.
Definition hash_base.h:32

esphome::HashBase::get_bytes
void get_bytes(uint8_t *output)
Retrieve the hash as bytes.
Definition hash_base.h:26

esphome::hmac_sha256::HmacSHA256::equals_bytes
bool equals_bytes(const uint8_t *expected)
Compare the digest against a provided byte-encoded digest (32 bytes).
Definition hmac_sha256.cpp:47

esphome::hmac_sha256::HmacSHA256::ctx_
mbedtls_md_context_t ctx_
Definition hmac_sha256.h:67

esphome::hmac_sha256::HmacSHA256::key_id_
mbedtls_svc_key_id_t key_id_
Definition hmac_sha256.h:63

esphome::hmac_sha256::HmacSHA256::equals_hex
bool equals_hex(const char *expected)
Compare the digest against a provided hex-encoded digest (64 bytes).
Definition hmac_sha256.cpp:51

esphome::hmac_sha256::HmacSHA256::add
void add(const uint8_t *data, size_t len)
Add bytes of data for the digest.
Definition hmac_sha256.cpp:34

esphome::hmac_sha256::HmacSHA256::~HmacSHA256
~HmacSHA256()
Definition hmac_sha256.cpp:15

esphome::hmac_sha256::HmacSHA256::get_hex
void get_hex(char *output)
Retrieve the HMAC-SHA256 digest as hex characters.
Definition hmac_sha256.cpp:43

esphome::hmac_sha256::HmacSHA256::ihash_
sha256::SHA256 ihash_
Definition hmac_sha256.h:70

esphome::hmac_sha256::HmacSHA256::op_
psa_mac_operation_t op_
Definition hmac_sha256.h:62

esphome::hmac_sha256::HmacSHA256::get_bytes
void get_bytes(uint8_t *output)
Retrieve the HMAC-SHA256 digest as bytes.
Definition hmac_sha256.cpp:41

esphome::hmac_sha256::HmacSHA256::SHA256_DIGEST_SIZE
static constexpr size_t SHA256_DIGEST_SIZE
Definition hmac_sha256.h:61

esphome::hmac_sha256::HmacSHA256::ohash_
sha256::SHA256 ohash_
Definition hmac_sha256.h:71

esphome::hmac_sha256::HmacSHA256::digest_
uint8_t digest_[SHA256_DIGEST_SIZE]
Definition hmac_sha256.h:64

esphome::hmac_sha256::HmacSHA256::calculate
void calculate()
Compute the digest, based on the provided data.
Definition hmac_sha256.cpp:36

esphome::hmac_sha256::HmacSHA256::init
void init(const uint8_t *key, size_t len)
Initialize a new HMAC-SHA256 digest computation.
Definition hmac_sha256.cpp:20

esphome::sha256::SHA256
SHA256 hash implementation.
Definition sha256.h:51

esphome::sha256::SHA256::calculate
void calculate() override
Definition sha256.cpp:27

esphome::sha256::SHA256::add
void add(const uint8_t *data, size_t len) override
Definition sha256.cpp:25

esphome::sha256::SHA256::init
void init() override
Definition sha256.cpp:19

helpers.h

hmac_sha256.h

esphome::hmac_sha256
Definition hmac_sha256.cpp:6

esphome::hmac_sha256::SHA256_DIGEST_SIZE
constexpr size_t SHA256_DIGEST_SIZE
Definition hmac_sha256.cpp:8

esphome::hmac_sha256::HMAC_BLOCK_SIZE
constexpr size_t HMAC_BLOCK_SIZE
Definition hmac_sha256.cpp:95

esphome::len
std::string size_t len
Definition helpers.h:1045

esphome::format_hex_to
char * format_hex_to(char *buffer, size_t buffer_size, const uint8_t *data, size_t length)
Format byte array as lowercase hex to buffer (base implementation).
Definition helpers.cpp:367