Skip to content

Commit e83f30a

Browse files
me-no-devigrr
me-no-dev
authored and
igrr
committed
Ota hashed password (#2292)
* Add option to give ArduinoOTA a hashed value of the password hashed password can be safely stored on flash * Switch to separate method to accept the hash * Calculate the hash of plain passwords at setup * missed line * Remove underscores from local variable
1 parent c4f9f10 commit e83f30a

File tree

3 files changed

+17
-8
lines changed

3 files changed

+17
-8
lines changed

libraries/ArduinoOTA/ArduinoOTA.cpp

+11-7
Original file line numberDiff line numberDiff line change
@@ -82,6 +82,16 @@ String ArduinoOTAClass::getHostname() {
8282
}
8383

8484
void ArduinoOTAClass::setPassword(const char * password) {
85+
if (!_initialized && !_password.length() && password) {
86+
MD5Builder passmd5;
87+
passmd5.begin();
88+
passmd5.add(password);
89+
passmd5.calculate();
90+
_password = passmd5.toString();
91+
}
92+
}
93+
94+
void ArduinoOTAClass::setPasswordHash(const char * password) {
8595
if (!_initialized && !_password.length() && password) {
8696
_password = password;
8797
}
@@ -206,13 +216,7 @@ void ArduinoOTAClass::_onRx(){
206216
return;
207217
}
208218

209-
MD5Builder _passmd5;
210-
_passmd5.begin();
211-
_passmd5.add(_password);
212-
_passmd5.calculate();
213-
String passmd5 = _passmd5.toString();
214-
215-
String challenge = passmd5 + ":" + String(_nonce) + ":" + cnonce;
219+
String challenge = _password + ":" + String(_nonce) + ":" + cnonce;
216220
MD5Builder _challengemd5;
217221
_challengemd5.begin();
218222
_challengemd5.add(challenge);

libraries/ArduinoOTA/ArduinoOTA.h

+1
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ class ArduinoOTAClass
3434
void setHostname(const char *hostname);
3535
String getHostname();
3636
void setPassword(const char *password);
37+
void setPasswordHash(const char *password);
3738
void onStart(THandlerFunction fn);
3839
void onEnd(THandlerFunction fn);
3940
void onError(THandlerFunction_Error fn);

libraries/ArduinoOTA/examples/BasicOTA/BasicOTA.ino

+5-1
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,11 @@ void setup() {
2424
// ArduinoOTA.setHostname("myesp8266");
2525

2626
// No authentication by default
27-
// ArduinoOTA.setPassword((const char *)"123");
27+
// ArduinoOTA.setPassword("admin");
28+
29+
// Password can be set with it's md5 value as well
30+
// MD5(admin) = 21232f297a57a5a743894a0e4a801fc3
31+
// ArduinoOTA.setPasswordHash("21232f297a57a5a743894a0e4a801fc3");
2832

2933
ArduinoOTA.onStart([]() {
3034
String type;

0 commit comments

Comments
 (0)