DeterministicESPAsyncWebServer v6.27.1
Zero-allocation, bounded-execution async HTTP server for ESP32
Loading...
Searching...
No Matches
ssh_hmac_sha256.h File Reference

HMAC-SHA2-256 (RFC 2104 + FIPS 198-1). More...

#include "network_drivers/presentation/ssh/crypto/ssh_sha256.h"
#include <stddef.h>
#include <stdint.h>

Go to the source code of this file.

Classes

struct  SshHmacCtx
 Streaming HMAC-SHA2-256 context. More...
 

Macros

#define SSH_HMAC_SHA256_LEN   32
 HMAC-SHA2-256 output length in bytes.
 

Functions

void ssh_hmac_sha256 (const uint8_t *key, size_t key_len, const uint8_t *data, size_t len, uint8_t mac[SSH_HMAC_SHA256_LEN])
 Compute HMAC-SHA2-256 over a single contiguous buffer.
 
void ssh_hmac_sha256_init (SshHmacCtx *ctx, const uint8_t *key, size_t key_len)
 Initialize a streaming HMAC-SHA2-256 context.
 
void ssh_hmac_sha256_update (SshHmacCtx *ctx, const uint8_t *data, size_t len)
 Feed len bytes into the running HMAC.
 
void ssh_hmac_sha256_final (SshHmacCtx *ctx, uint8_t mac[SSH_HMAC_SHA256_LEN])
 Finalize and write the 32-byte MAC.
 

Detailed Description

HMAC-SHA2-256 (RFC 2104 + FIPS 198-1).

Used for SSH binary packet MAC in both directions after key exchange.

MAC computation (RFC 4253 §6.4): mac = HMAC-SHA256(mac_key, uint32_be(seq_num) || plaintext_packet)

where plaintext_packet = packet_length || padding_length || payload || padding (the unencrypted bytes - MAC is computed over plaintext before encryption).

SECURITY NOTE - MAC must be verified before plaintext is acted upon. ssh_packet.cpp enforces this order: decrypt → verify → dispatch. The functions in this file are pure crypto; the ordering guarantee lives in the packet layer.

Author
Douglas Quigg (dstroy0)
Date
2026

Definition in file ssh_hmac_sha256.h.

Macro Definition Documentation

◆ SSH_HMAC_SHA256_LEN

#define SSH_HMAC_SHA256_LEN   32

HMAC-SHA2-256 output length in bytes.

Definition at line 33 of file ssh_hmac_sha256.h.

Function Documentation

◆ ssh_hmac_sha256()

void ssh_hmac_sha256 ( const uint8_t *  key,
size_t  key_len,
const uint8_t *  data,
size_t  len,
uint8_t  mac[SSH_HMAC_SHA256_LEN] 
)

Compute HMAC-SHA2-256 over a single contiguous buffer.

Equivalent to calling the streaming variant with one update call.

Parameters
keyMAC key bytes.
key_lenKey length in bytes (must be ≤ 64; keys > 64 bytes are pre-hashed per RFC 2104; keys ≤ 64 bytes are zero-padded to the block length). SSH-derived keys are always 32 bytes.
dataInput bytes.
lenInput length.
macOutput buffer, must be SSH_HMAC_SHA256_LEN bytes.

Definition at line 85 of file ssh_hmac_sha256.cpp.

References ssh_hmac_sha256_final(), ssh_hmac_sha256_init(), and ssh_hmac_sha256_update().

◆ ssh_hmac_sha256_init()

void ssh_hmac_sha256_init ( SshHmacCtx ctx,
const uint8_t *  key,
size_t  key_len 
)

Initialize a streaming HMAC-SHA2-256 context.

Parameters
ctxContext to initialize.
keyKey bytes (≤ 64; keys > 64 are pre-hashed per RFC 2104).
key_lenLength of key in bytes.

Definition at line 53 of file ssh_hmac_sha256.cpp.

References SshHmacCtx::inner, SshHmacCtx::okey, ssh_sha256_init(), and ssh_sha256_update().

Referenced by ssh_hmac_sha256().

◆ ssh_hmac_sha256_update()

void ssh_hmac_sha256_update ( SshHmacCtx ctx,
const uint8_t *  data,
size_t  len 
)

Feed len bytes into the running HMAC.

Definition at line 63 of file ssh_hmac_sha256.cpp.

References SshHmacCtx::inner, and ssh_sha256_update().

Referenced by ssh_hmac_sha256().

◆ ssh_hmac_sha256_final()

void ssh_hmac_sha256_final ( SshHmacCtx ctx,
uint8_t  mac[SSH_HMAC_SHA256_LEN] 
)

Finalize and write the 32-byte MAC.

Definition at line 68 of file ssh_hmac_sha256.cpp.

References SshHmacCtx::inner, SshHmacCtx::okey, SSH_SHA256_DIGEST_LEN, ssh_sha256_final(), ssh_sha256_init(), and ssh_sha256_update().

Referenced by ssh_hmac_sha256().