Signature generation for DPS handshake between IoT client device and Cloud

[syASaj]

Hi,
I have a scenario where a IoT device as a client through WiFi connectivity needs to perform Device Provisioning Service (DPS) handshake using Symmetric key with the Azure Cloud.
In this scenario, the Azure Cloud independently computes the signature, and if this signature matches with what is sent by the Client device then the DPS handshake is authenticated and connection is allowed between client device and Azure cloud.

Now the Azure cloud computes the signature with the crypto method crypto.createHmac.

Issue: The client IoT device has its library for signature generation embedded in this case for ESP32 esp-idf v5.0.
This embedded library might become older version or deprecated in comparison to similar in the npm based crypto used by the Azure cloud. This leads to generating a client signature that does not match with similar signature generated in the cloud using latest crypto.

Question: How the client device firmware can be updated to match with npm crypto in order for generating the matching signature ?

I appreciate a good suggestion or resolution for the issue as above involving the firmware of Client IoT devices potentially deployed in some substantial volumes through out the world over some decades.

Thank you.

Best regards,

Sajid (syASaj)