thooge
/
esp32-nmea2000-obp60
mirror of https://github.com/thooge/esp32-nmea2000-obp60.git
1
0
Fork 0
Code Releases Activity

intermediate: check admin password

This commit is contained in:
wellenvogel 2021-12-13 15:24:30 +01:00
parent c34e6d4ce7
commit c38964e8b0
6 changed files with 296 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
platformio.ini
View File

@ -32,6 +32,7 @@ board_build.embed_files =
lib/generated/index.css.gz
lib/generated/config.json.gz
lib/generated/xdrconfig.json.gz
lib/generated/md5.js.gz
board_build.partitions = partitions_custom.csv
extra_scripts =
pre:extra_script.py

66
src/main.cpp
View File

@ -53,6 +53,7 @@ const unsigned long HEAP_REPORT_TIME=2000; //set to 0 to disable heap reporting
#include <map>
#include <vector>
#include "esp_heap_caps.h"
#include <MD5Builder.h>
#include "GwJsonDocument.h"
#include "N2kDataToNMEA0183.h"
@ -127,6 +128,47 @@ GwCounter<String> countTCPOut("countTCPout");
GwCounter<String> countSerialIn("countSerialIn");
GwCounter<String> countSerialOut("countSerialOut");
unsigned long saltBase=esp_random();
char hv(uint8_t nibble){
nibble=nibble&0xf;
if (nibble < 10) return (char)('0'+nibble);
return (char)('A'+nibble-10);
}
void toHex(unsigned long v,char *buffer,size_t bsize){
uint8_t *bp=(uint8_t *)&v;
size_t i=0;
for (;i<sizeof(v) && (2*i +1)< bsize;i++){
buffer[2*i]=hv((*bp) >> 4);
buffer[2*i+1]=hv(*bp);
bp++;
}
if ((2*i) < bsize) buffer[2*i]=0;
}
bool checkPass(String hash){
if (! config.getBool(config.useAdminPass)) return true;
String pass=config.getString(config.adminPassword);
unsigned long now=millis()/1000UL & ~0x7UL;
MD5Builder builder;
char buffer[2*sizeof(now)+1];
for (int i=0;i< 5 ;i++){
unsigned long base=saltBase+now;
toHex(base,buffer,2*sizeof(now)+1);
builder.begin();
builder.add(buffer);
builder.add(pass);
builder.calculate();
String md5=builder.toString();
bool rt=hash == md5;
logger.logDebug(GwLog::DEBUG,"checking pass %s, base=%ld, hash=%s, res=%d",
hash.c_str(),base,md5.c_str(),(int)rt);
if (rt) return true;
now -= 8;
}
return false;
}
void updateNMEACounter(int id,const char *msg,bool incoming,bool fail=false){
//we rely on the msg being long enough
char key[6];
@ -417,6 +459,11 @@ protected:
status["clientIP"] = WiFi.localIP().toString();
status["numClients"] = socketServer.numClients();
status["apIp"] = gwWifi.apIP();
size_t bsize=2*sizeof(unsigned long)+1;
unsigned long base=saltBase + ( millis()/1000UL & ~0x7UL);
char buffer[bsize];
toHex(base,buffer,bsize);
status["salt"] = buffer;
//nmea0183Converter->toJson(status);
countNMEA2KIn.toJson(status);
countNMEA2KOut.toJson(status);
@ -430,6 +477,20 @@ protected:
}
};
class CheckPassRequest : public GwRequestMessage{
String hash;
public:
CheckPassRequest(String h): GwRequestMessage(F("application/json"),F("checkPass")){
this->hash=h;
};
protected:
virtual void processRequest(){
bool res=checkPass(hash);
if (res) result=JSON_OK;
else result=F("{\"status\":\"ERROR\"}");
}
};
class CapabilitiesRequest : public GwRequestMessage{
public:
CapabilitiesRequest() : GwRequestMessage(F("application/json"),F("capabilities")){};
@ -709,6 +770,11 @@ void setup() {
});
webserver.registerMainHandler("/api/xdrUnmapped", [](AsyncWebServerRequest *request)->GwRequestMessage *
{ return new XdrUnMappedRequest(); });
webserver.registerMainHandler("/api/checkPass", [](AsyncWebServerRequest *request)->GwRequestMessage *
{
String hash=request->arg("hash");
return new CheckPassRequest(hash);
});
webserver.begin();
xdrMappings.begin();

20
web/config.json
View File

@ -123,6 +123,26 @@
]
}
},
{
"name": "useAdminPass",
"type": "boolean",
"default": "true",
"description": "use a password for config modifications",
"category": "system"
},
{
"name": "adminPassword",
"type": "password",
"default": "esp32admin",
"check": "checkAdminPass",
"description": "set the password for config modifications",
"category": "system",
"capabilities": {
"hardwareReset": [
"true"
]
}
},
{
"name": "showInvalidData",
"label": "show all data",

1
web/index.html
View File

@ -5,6 +5,7 @@
<title>NMEA 2000 Gateway</title>
<script type="text/javascript" src="index.js"></script>
<script type="text/javascript" src="md5.js"></script>
<link rel="stylesheet" href="index.css">
</head>
<body>

23
web/index.js
View File

@ -1,6 +1,8 @@
let self = this;
let lastUpdate = (new Date()).getTime();
let reloadConfig = false;
let adminPass="ABCDE";
let lastSalt="";
function addEl(type, clazz, parent, text) {
let el = document.createElement(type);
if (clazz) {
@ -60,6 +62,9 @@ function update() {
getJson('/api/status')
.then(function (jsonData) {
for (let k in jsonData) {
if (k == "salt"){
lastSalt=jsonData[k];
}
if (typeof (jsonData[k]) === 'object') {
for (let sk in jsonData[k]) {
let key = k + "." + sk;
@ -986,6 +991,24 @@ function loadConfigDefinitions() {
})
.catch(function (err) { alert("unable to load config: " + err) })
}
function verifyPass(){
return new Promise(function(resolve,reject){
let hash=lastSalt+adminPass;
let md5hash=MD5(hash);
getJson('api/checkPass?hash='+encodeURIComponent(md5hash))
.then(function(jsonData){
if (jsonData.status == 'OK') resolve('ok');
else reject(jsonData.status);
return;
})
.catch(function(error){reject(error);})
});
}
function testPass(){
verifyPass()
.then(function(r){console.log("password ok");})
.catch(function(e){alert("check failed: "+e);});
}
function converterInfo() {
getJson("api/converterInfo").then(function (json) {
let text = "<h3>Converted entities</h3>";

184
web/md5.js Normal file
View File

@ -0,0 +1,184 @@
/**
*
* MD5 (Message-Digest Algorithm)
* http://www.webtoolkit.info/
*
**/
var MD5 = function (string) {
function RotateLeft(lValue, iShiftBits) {
return (lValue<<iShiftBits) | (lValue>>>(32-iShiftBits));
}
function AddUnsigned(lX,lY) {
var lX4,lY4,lX8,lY8,lResult;
lX8 = (lX & 0x80000000);
lY8 = (lY & 0x80000000);
lX4 = (lX & 0x40000000);
lY4 = (lY & 0x40000000);
lResult = (lX & 0x3FFFFFFF)+(lY & 0x3FFFFFFF);
if (lX4 & lY4) {
return (lResult ^ 0x80000000 ^ lX8 ^ lY8);
}
if (lX4 | lY4) {
if (lResult & 0x40000000) {
return (lResult ^ 0xC0000000 ^ lX8 ^ lY8);
} else {
return (lResult ^ 0x40000000 ^ lX8 ^ lY8);
}
} else {
return (lResult ^ lX8 ^ lY8);
}
}
function F(x,y,z) { return (x & y) | ((~x) & z); }
function G(x,y,z) { return (x & z) | (y & (~z)); }
function H(x,y,z) { return (x ^ y ^ z); }
function I(x,y,z) { return (y ^ (x | (~z))); }
function FF(a,b,c,d,x,s,ac) {
a = AddUnsigned(a, AddUnsigned(AddUnsigned(F(b, c, d), x), ac));
return AddUnsigned(RotateLeft(a, s), b);
};
function GG(a,b,c,d,x,s,ac) {
a = AddUnsigned(a, AddUnsigned(AddUnsigned(G(b, c, d), x), ac));
return AddUnsigned(RotateLeft(a, s), b);
};
function HH(a,b,c,d,x,s,ac) {
a = AddUnsigned(a, AddUnsigned(AddUnsigned(H(b, c, d), x), ac));
return AddUnsigned(RotateLeft(a, s), b);
};
function II(a,b,c,d,x,s,ac) {
a = AddUnsigned(a, AddUnsigned(AddUnsigned(I(b, c, d), x), ac));
return AddUnsigned(RotateLeft(a, s), b);
};
function ConvertToWordArray(string) {
var lWordCount;
var lMessageLength = string.length;
var lNumberOfWords_temp1=lMessageLength + 8;
var lNumberOfWords_temp2=(lNumberOfWords_temp1-(lNumberOfWords_temp1 % 64))/64;
var lNumberOfWords = (lNumberOfWords_temp2+1)*16;
var lWordArray=Array(lNumberOfWords-1);
var lBytePosition = 0;
var lByteCount = 0;
while ( lByteCount < lMessageLength ) {
lWordCount = (lByteCount-(lByteCount % 4))/4;
lBytePosition = (lByteCount % 4)*8;
lWordArray[lWordCount] = (lWordArray[lWordCount] | (string.charCodeAt(lByteCount)<<lBytePosition));
lByteCount++;
}
lWordCount = (lByteCount-(lByteCount % 4))/4;
lBytePosition = (lByteCount % 4)*8;
lWordArray[lWordCount] = lWordArray[lWordCount] | (0x80<<lBytePosition);
lWordArray[lNumberOfWords-2] = lMessageLength<<3;
lWordArray[lNumberOfWords-1] = lMessageLength>>>29;
return lWordArray;
};
function WordToHex(lValue) {
var WordToHexValue="",WordToHexValue_temp="",lByte,lCount;
for (lCount = 0;lCount<=3;lCount++) {
lByte = (lValue>>>(lCount*8)) & 255;
WordToHexValue_temp = "0" + lByte.toString(16);
WordToHexValue = WordToHexValue + WordToHexValue_temp.substr(WordToHexValue_temp.length-2,2);
}
return WordToHexValue;
};
function Utf8Encode(string) {
string = string.replace(/\r\n/g,"\n");
var utftext = "";
for (var n = 0; n < string.length; n++) {
var c = string.charCodeAt(n);
if (c < 128) {
utftext += String.fromCharCode(c);
}
else if((c > 127) && (c < 2048)) {
utftext += String.fromCharCode((c >> 6) | 192);
utftext += String.fromCharCode((c & 63) | 128);
}
else {
utftext += String.fromCharCode((c >> 12) | 224);
utftext += String.fromCharCode(((c >> 6) & 63) | 128);
utftext += String.fromCharCode((c & 63) | 128);
}
}
return utftext;
};
var x=Array();
var k,AA,BB,CC,DD,a,b,c,d;
var S11=7, S12=12, S13=17, S14=22;
var S21=5, S22=9 , S23=14, S24=20;
var S31=4, S32=11, S33=16, S34=23;
var S41=6, S42=10, S43=15, S44=21;
string = Utf8Encode(string);
x = ConvertToWordArray(string);
a = 0x67452301; b = 0xEFCDAB89; c = 0x98BADCFE; d = 0x10325476;
for (k=0;k<x.length;k+=16) {
AA=a; BB=b; CC=c; DD=d;
a=FF(a,b,c,d,x[k+0], S11,0xD76AA478);
d=FF(d,a,b,c,x[k+1], S12,0xE8C7B756);
c=FF(c,d,a,b,x[k+2], S13,0x242070DB);
b=FF(b,c,d,a,x[k+3], S14,0xC1BDCEEE);
a=FF(a,b,c,d,x[k+4], S11,0xF57C0FAF);
d=FF(d,a,b,c,x[k+5], S12,0x4787C62A);
c=FF(c,d,a,b,x[k+6], S13,0xA8304613);
b=FF(b,c,d,a,x[k+7], S14,0xFD469501);
a=FF(a,b,c,d,x[k+8], S11,0x698098D8);
d=FF(d,a,b,c,x[k+9], S12,0x8B44F7AF);
c=FF(c,d,a,b,x[k+10],S13,0xFFFF5BB1);
b=FF(b,c,d,a,x[k+11],S14,0x895CD7BE);
a=FF(a,b,c,d,x[k+12],S11,0x6B901122);
d=FF(d,a,b,c,x[k+13],S12,0xFD987193);
c=FF(c,d,a,b,x[k+14],S13,0xA679438E);
b=FF(b,c,d,a,x[k+15],S14,0x49B40821);
a=GG(a,b,c,d,x[k+1], S21,0xF61E2562);
d=GG(d,a,b,c,x[k+6], S22,0xC040B340);
c=GG(c,d,a,b,x[k+11],S23,0x265E5A51);
b=GG(b,c,d,a,x[k+0], S24,0xE9B6C7AA);
a=GG(a,b,c,d,x[k+5], S21,0xD62F105D);
d=GG(d,a,b,c,x[k+10],S22,0x2441453);
c=GG(c,d,a,b,x[k+15],S23,0xD8A1E681);
b=GG(b,c,d,a,x[k+4], S24,0xE7D3FBC8);
a=GG(a,b,c,d,x[k+9], S21,0x21E1CDE6);
d=GG(d,a,b,c,x[k+14],S22,0xC33707D6);
c=GG(c,d,a,b,x[k+3], S23,0xF4D50D87);
b=GG(b,c,d,a,x[k+8], S24,0x455A14ED);
a=GG(a,b,c,d,x[k+13],S21,0xA9E3E905);
d=GG(d,a,b,c,x[k+2], S22,0xFCEFA3F8);
c=GG(c,d,a,b,x[k+7], S23,0x676F02D9);
b=GG(b,c,d,a,x[k+12],S24,0x8D2A4C8A);
a=HH(a,b,c,d,x[k+5], S31,0xFFFA3942);
d=HH(d,a,b,c,x[k+8], S32,0x8771F681);
c=HH(c,d,a,b,x[k+11],S33,0x6D9D6122);
b=HH(b,c,d,a,x[k+14],S34,0xFDE5380C);
a=HH(a,b,c,d,x[k+1], S31,0xA4BEEA44);
d=HH(d,a,b,c,x[k+4], S32,0x4BDECFA9);
c=HH(c,d,a,b,x[k+7], S33,0xF6BB4B60);
b=HH(b,c,d,a,x[k+10],S34,0xBEBFBC70);
a=HH(a,b,c,d,x[k+13],S31,0x289B7EC6);
d=HH(d,a,b,c,x[k+0], S32,0xEAA127FA);
c=HH(c,d,a,b,x[k+3], S33,0xD4EF3085);
b=HH(b,c,d,a,x[k+6], S34,0x4881D05);
a=HH(a,b,c,d,x[k+9], S31,0xD9D4D039);
d=HH(d,a,b,c,x[k+12],S32,0xE6DB99E5);
c=HH(c,d,a,b,x[k+15],S33,0x1FA27CF8);
b=HH(b,c,d,a,x[k+2], S34,0xC4AC5665);
a=II(a,b,c,d,x[k+0], S41,0xF4292244);
d=II(d,a,b,c,x[k+7], S42,0x432AFF97);
c=II(c,d,a,b,x[k+14],S43,0xAB9423A7);
b=II(b,c,d,a,x[k+5], S44,0xFC93A039);
a=II(a,b,c,d,x[k+12],S41,0x655B59C3);
d=II(d,a,b,c,x[k+3], S42,0x8F0CCC92);
c=II(c,d,a,b,x[k+10],S43,0xFFEFF47D);
b=II(b,c,d,a,x[k+1], S44,0x85845DD1);
a=II(a,b,c,d,x[k+8], S41,0x6FA87E4F);
d=II(d,a,b,c,x[k+15],S42,0xFE2CE6E0);
c=II(c,d,a,b,x[k+6], S43,0xA3014314);
b=II(b,c,d,a,x[k+13],S44,0x4E0811A1);
a=II(a,b,c,d,x[k+4], S41,0xF7537E82);
d=II(d,a,b,c,x[k+11],S42,0xBD3AF235);
c=II(c,d,a,b,x[k+2], S43,0x2AD7D2BB);
b=II(b,c,d,a,x[k+9], S44,0xEB86D391);
a=AddUnsigned(a,AA);
b=AddUnsigned(b,BB);
c=AddUnsigned(c,CC);
d=AddUnsigned(d,DD);
}
var temp = WordToHex(a)+WordToHex(b)+WordToHex(c)+WordToHex(d);
return temp.toLowerCase();
}