From 7bc2e59ccb69a8429f26dafeefdc201ff3a067de Mon Sep 17 00:00:00 2001 From: Me No Dev Date: Mon, 18 Jul 2016 11:01:32 +0300 Subject: [PATCH 1/5] Add option to give ArduinoOTA a hashed value of the password hashed password can be safely stored on flash --- libraries/ArduinoOTA/ArduinoOTA.cpp | 17 +++++++++++------ libraries/ArduinoOTA/ArduinoOTA.h | 3 ++- .../ArduinoOTA/examples/BasicOTA/BasicOTA.ino | 6 +++++- 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/libraries/ArduinoOTA/ArduinoOTA.cpp b/libraries/ArduinoOTA/ArduinoOTA.cpp index 621d7183fc..b2a8f7fe03 100644 --- a/libraries/ArduinoOTA/ArduinoOTA.cpp +++ b/libraries/ArduinoOTA/ArduinoOTA.cpp @@ -29,6 +29,7 @@ extern "C" { ArduinoOTAClass::ArduinoOTAClass() : _port(0) +, _pass_is_hash(false) , _udp_ota(0) , _initialized(false) , _state(OTA_IDLE) @@ -81,9 +82,10 @@ String ArduinoOTAClass::getHostname() { return _hostname; } -void ArduinoOTAClass::setPassword(const char * password) { +void ArduinoOTAClass::setPassword(const char * password, bool isHash) { if (!_initialized && !_password.length() && password) { _password = password; + _pass_is_hash = isHash; } } @@ -206,11 +208,14 @@ void ArduinoOTAClass::_onRx(){ return; } - MD5Builder _passmd5; - _passmd5.begin(); - _passmd5.add(_password); - _passmd5.calculate(); - String passmd5 = _passmd5.toString(); + String passmd5 = _password; + if(!_pass_is_hash){ + MD5Builder _passmd5; + _passmd5.begin(); + _passmd5.add(_password); + _passmd5.calculate(); + passmd5 = _passmd5.toString(); + } String challenge = passmd5 + ":" + String(_nonce) + ":" + cnonce; MD5Builder _challengemd5; diff --git a/libraries/ArduinoOTA/ArduinoOTA.h b/libraries/ArduinoOTA/ArduinoOTA.h index 94f86ca448..f2f17477a2 100644 --- a/libraries/ArduinoOTA/ArduinoOTA.h +++ b/libraries/ArduinoOTA/ArduinoOTA.h @@ -33,7 +33,7 @@ class ArduinoOTAClass void setPort(uint16_t port); void setHostname(const char *hostname); String getHostname(); - void setPassword(const char *password); + void setPassword(const char *password, bool isHash=false); void onStart(THandlerFunction fn); void onEnd(THandlerFunction fn); void onError(THandlerFunction_Error fn); @@ -44,6 +44,7 @@ class ArduinoOTAClass private: int _port; + bool _pass_is_hash; String _password; String _hostname; String _nonce; diff --git a/libraries/ArduinoOTA/examples/BasicOTA/BasicOTA.ino b/libraries/ArduinoOTA/examples/BasicOTA/BasicOTA.ino index db9a96c93b..ccdbea3409 100644 --- a/libraries/ArduinoOTA/examples/BasicOTA/BasicOTA.ino +++ b/libraries/ArduinoOTA/examples/BasicOTA/BasicOTA.ino @@ -24,7 +24,11 @@ void setup() { // ArduinoOTA.setHostname("myesp8266"); // No authentication by default - // ArduinoOTA.setPassword((const char *)"123"); + // ArduinoOTA.setPassword("admin"); + + // Password can be set with it's md5 value as well + // MD5(admin) = 21232f297a57a5a743894a0e4a801fc3 + // ArduinoOTA.setPassword("21232f297a57a5a743894a0e4a801fc3", true); ArduinoOTA.onStart([]() { String type; From a7213dc9d9b1f85919b8339c1ee0ddf58f7dc6d2 Mon Sep 17 00:00:00 2001 From: Me No Dev Date: Mon, 18 Jul 2016 11:46:04 +0300 Subject: [PATCH 2/5] Switch to separate method to accept the hash --- libraries/ArduinoOTA/ArduinoOTA.cpp | 11 +++++++++-- libraries/ArduinoOTA/ArduinoOTA.h | 3 ++- libraries/ArduinoOTA/examples/BasicOTA/BasicOTA.ino | 2 +- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/libraries/ArduinoOTA/ArduinoOTA.cpp b/libraries/ArduinoOTA/ArduinoOTA.cpp index b2a8f7fe03..2a0038718e 100644 --- a/libraries/ArduinoOTA/ArduinoOTA.cpp +++ b/libraries/ArduinoOTA/ArduinoOTA.cpp @@ -82,10 +82,17 @@ String ArduinoOTAClass::getHostname() { return _hostname; } -void ArduinoOTAClass::setPassword(const char * password, bool isHash) { +void ArduinoOTAClass::setPassword(const char * password) { if (!_initialized && !_password.length() && password) { _password = password; - _pass_is_hash = isHash; + _pass_is_hash = false; + } +} + +void ArduinoOTAClass::setPasswordHash(const char * password) { + if (!_initialized && !_password.length() && password) { + _password = password; + _pass_is_hash = true; } } diff --git a/libraries/ArduinoOTA/ArduinoOTA.h b/libraries/ArduinoOTA/ArduinoOTA.h index f2f17477a2..68c9ca6d29 100644 --- a/libraries/ArduinoOTA/ArduinoOTA.h +++ b/libraries/ArduinoOTA/ArduinoOTA.h @@ -33,7 +33,8 @@ class ArduinoOTAClass void setPort(uint16_t port); void setHostname(const char *hostname); String getHostname(); - void setPassword(const char *password, bool isHash=false); + void setPassword(const char *password); + void setPasswordHash(const char *password); void onStart(THandlerFunction fn); void onEnd(THandlerFunction fn); void onError(THandlerFunction_Error fn); diff --git a/libraries/ArduinoOTA/examples/BasicOTA/BasicOTA.ino b/libraries/ArduinoOTA/examples/BasicOTA/BasicOTA.ino index ccdbea3409..f3c0789288 100644 --- a/libraries/ArduinoOTA/examples/BasicOTA/BasicOTA.ino +++ b/libraries/ArduinoOTA/examples/BasicOTA/BasicOTA.ino @@ -28,7 +28,7 @@ void setup() { // Password can be set with it's md5 value as well // MD5(admin) = 21232f297a57a5a743894a0e4a801fc3 - // ArduinoOTA.setPassword("21232f297a57a5a743894a0e4a801fc3", true); + // ArduinoOTA.setPasswordHash("21232f297a57a5a743894a0e4a801fc3"); ArduinoOTA.onStart([]() { String type; From 095ab628a406cfa15cfca9410cc6824ac92cb4d8 Mon Sep 17 00:00:00 2001 From: Me No Dev Date: Mon, 18 Jul 2016 11:48:49 +0300 Subject: [PATCH 3/5] Calculate the hash of plain passwords at setup --- libraries/ArduinoOTA/ArduinoOTA.cpp | 19 ++++++------------- libraries/ArduinoOTA/ArduinoOTA.h | 1 - 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/libraries/ArduinoOTA/ArduinoOTA.cpp b/libraries/ArduinoOTA/ArduinoOTA.cpp index 2a0038718e..e55fd33dd6 100644 --- a/libraries/ArduinoOTA/ArduinoOTA.cpp +++ b/libraries/ArduinoOTA/ArduinoOTA.cpp @@ -84,15 +84,17 @@ String ArduinoOTAClass::getHostname() { void ArduinoOTAClass::setPassword(const char * password) { if (!_initialized && !_password.length() && password) { - _password = password; - _pass_is_hash = false; + MD5Builder _passmd5; + _passmd5.begin(); + _passmd5.add(password); + _passmd5.calculate(); + _password = _passmd5.toString(); } } void ArduinoOTAClass::setPasswordHash(const char * password) { if (!_initialized && !_password.length() && password) { _password = password; - _pass_is_hash = true; } } @@ -215,16 +217,7 @@ void ArduinoOTAClass::_onRx(){ return; } - String passmd5 = _password; - if(!_pass_is_hash){ - MD5Builder _passmd5; - _passmd5.begin(); - _passmd5.add(_password); - _passmd5.calculate(); - passmd5 = _passmd5.toString(); - } - - String challenge = passmd5 + ":" + String(_nonce) + ":" + cnonce; + String challenge = _password + ":" + String(_nonce) + ":" + cnonce; MD5Builder _challengemd5; _challengemd5.begin(); _challengemd5.add(challenge); diff --git a/libraries/ArduinoOTA/ArduinoOTA.h b/libraries/ArduinoOTA/ArduinoOTA.h index 68c9ca6d29..162cef40da 100644 --- a/libraries/ArduinoOTA/ArduinoOTA.h +++ b/libraries/ArduinoOTA/ArduinoOTA.h @@ -45,7 +45,6 @@ class ArduinoOTAClass private: int _port; - bool _pass_is_hash; String _password; String _hostname; String _nonce; From cf1a2b25a3851c1ef22f6f01d67494e3691e9a13 Mon Sep 17 00:00:00 2001 From: Me No Dev Date: Mon, 18 Jul 2016 11:49:29 +0300 Subject: [PATCH 4/5] missed line --- libraries/ArduinoOTA/ArduinoOTA.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/libraries/ArduinoOTA/ArduinoOTA.cpp b/libraries/ArduinoOTA/ArduinoOTA.cpp index e55fd33dd6..11851881c4 100644 --- a/libraries/ArduinoOTA/ArduinoOTA.cpp +++ b/libraries/ArduinoOTA/ArduinoOTA.cpp @@ -29,7 +29,6 @@ extern "C" { ArduinoOTAClass::ArduinoOTAClass() : _port(0) -, _pass_is_hash(false) , _udp_ota(0) , _initialized(false) , _state(OTA_IDLE) From df57f5e247be87f1556ce858c368286c35870d7d Mon Sep 17 00:00:00 2001 From: Me No Dev Date: Mon, 18 Jul 2016 11:55:51 +0300 Subject: [PATCH 5/5] Remove underscores from local variable --- libraries/ArduinoOTA/ArduinoOTA.cpp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libraries/ArduinoOTA/ArduinoOTA.cpp b/libraries/ArduinoOTA/ArduinoOTA.cpp index 11851881c4..bafa7f914c 100644 --- a/libraries/ArduinoOTA/ArduinoOTA.cpp +++ b/libraries/ArduinoOTA/ArduinoOTA.cpp @@ -83,11 +83,11 @@ String ArduinoOTAClass::getHostname() { void ArduinoOTAClass::setPassword(const char * password) { if (!_initialized && !_password.length() && password) { - MD5Builder _passmd5; - _passmd5.begin(); - _passmd5.add(password); - _passmd5.calculate(); - _password = _passmd5.toString(); + MD5Builder passmd5; + passmd5.begin(); + passmd5.add(password); + passmd5.calculate(); + _password = passmd5.toString(); } }