fix(ota): Use SHA3 for sensitive information

Author: lucasssvaz

libraries/ArduinoOTA/examples/BasicOTA/BasicOTA.ino

@@ -19,6 +19,7 @@
 
 const char *ssid = "..........";
 const char *password = "..........";
+uint32_t last_ota_time = 0;
 
 void setup() {
   Serial.begin(115200);
@@ -40,9 +41,9 @@ void setup() {
   // No authentication by default
   // ArduinoOTA.setPassword("admin");
 
-  // Password can be set with it's md5 value as well
-  // MD5(admin) = 21232f297a57a5a743894a0e4a801fc3
-  // ArduinoOTA.setPasswordHash("21232f297a57a5a743894a0e4a801fc3");
+  // Password can be set with it's SHA3_256 value as well
+  // SHA3_256(admin) = fb001dfcffd1c899f3297871406242f097aecf1a5342ccf3ebcd116146188e4b
+  // ArduinoOTA.setPasswordHash("fb001dfcffd1c899f3297871406242f097aecf1a5342ccf3ebcd116146188e4b");
 
   ArduinoOTA
     .onStart([]() {
@@ -60,7 +61,10 @@ void setup() {
       Serial.println("\nEnd");
     })
     .onProgress([](unsigned int progress, unsigned int total) {
-      Serial.printf("Progress: %u%%\r", (progress / (total / 100)));
+      if (millis() - last_ota_time > 500) {
+        Serial.printf("Progress: %u%%\n", (progress / (total / 100)));
+        last_ota_time = millis();
+      }
     })
     .onError([](ota_error_t error) {
       Serial.printf("Error[%u]: ", error);

libraries/ArduinoOTA/src/ArduinoOTA.cpp

@@ -19,7 +19,7 @@
 #include "ArduinoOTA.h"
 #include "NetworkClient.h"
 #include "ESPmDNS.h"
-#include "MD5Builder.h"
+#include "SHA3Builder.h"
 #include "Update.h"
 
 // #define OTA_DEBUG Serial
@@ -72,12 +72,12 @@ String ArduinoOTAClass::getHostname() {
 
 ArduinoOTAClass &ArduinoOTAClass::setPassword(const char *password) {
   if (_state == OTA_IDLE && password) {
-    MD5Builder passmd5;
-    passmd5.begin();
-    passmd5.add(password);
-    passmd5.calculate();
+    SHA3Builder passsha3;
+    passsha3.begin();
+    passsha3.add(password);
+    passsha3.calculate();
     _password.clear();
-    _password = passmd5.toString();
+    _password = passsha3.toString();
   }
   return *this;
 }
@@ -188,17 +188,17 @@ void ArduinoOTAClass::_onRx() {
     _udp_ota.read();
     _md5 = readStringUntil('\n');
     _md5.trim();
-    if (_md5.length() != 32) {
+    if (_md5.length() != 32) {  // MD5 produces 32 character hex string for firmware integrity
       log_e("bad md5 length");
       return;
     }
 
     if (_password.length()) {
-      MD5Builder nonce_md5;
-      nonce_md5.begin();
-      nonce_md5.add(String(micros()));
-      nonce_md5.calculate();
-      _nonce = nonce_md5.toString();
+      SHA3Builder nonce_sha3;
+      nonce_sha3.begin();
+      nonce_sha3.add(String(micros()));
+      nonce_sha3.calculate();
+      _nonce = nonce_sha3.toString();
 
       _udp_ota.beginPacket(_udp_ota.remoteIP(), _udp_ota.remotePort());
       _udp_ota.printf("AUTH %s", _nonce.c_str());
@@ -222,18 +222,26 @@ void ArduinoOTAClass::_onRx() {
     _udp_ota.read();
     String cnonce = readStringUntil(' ');
     String response = readStringUntil('\n');
-    if (cnonce.length() != 32 || response.length() != 32) {
+    if (cnonce.length() != 64 || response.length() != 64) {  // SHA3-256 produces 64 character hex string
       log_e("auth param fail");
       _state = OTA_IDLE;
       return;
     }
 
     String challenge = _password + ":" + String(_nonce) + ":" + cnonce;
-    MD5Builder _challengemd5;
-    _challengemd5.begin();
-    _challengemd5.add(challenge);
-    _challengemd5.calculate();
-    String result = _challengemd5.toString();
+    SHA3Builder _challengesha3;
+    _challengesha3.begin();
+    _challengesha3.add(challenge);
+    _challengesha3.calculate();
+    String result = _challengesha3.toString();
+
+    // Debug logging
+    log_d("Challenge: %s", challenge.c_str());
+    log_d("Expected: %s", result.c_str());
+    log_d("Received: %s", response.c_str());
+    log_d("Password hash: %s", _password.c_str());
+    log_d("Nonce: %s", _nonce.c_str());
+    log_d("CNonce: %s", cnonce.c_str());
 
     if (result.equals(response)) {
       _udp_ota.beginPacket(_udp_ota.remoteIP(), _udp_ota.remotePort());
@@ -266,7 +274,7 @@ void ArduinoOTAClass::_runUpdate() {
     _state = OTA_IDLE;
     return;
   }
-  Update.setMD5(_md5.c_str());
+  Update.setMD5(_md5.c_str());  // Note: Update library still uses MD5 for firmware integrity, this is separate from authentication
 
   if (_start_callback) {
     _start_callback();

libraries/ArduinoOTA/src/ArduinoOTA.h

@@ -54,7 +54,7 @@ class ArduinoOTAClass {
   //Sets the password that will be required for OTA. Default NULL
   ArduinoOTAClass &setPassword(const char *password);
 
-  //Sets the password as above but in the form MD5(password). Default NULL
+  //Sets the password as above but in the form SHA3_256(password). Default NULL
   ArduinoOTAClass &setPasswordHash(const char *password);
 
   //Sets the partition label to write to when updating SPIFFS. Default NULL

tools/espota.py

@@ -119,7 +119,7 @@ def serve(remote_addr, local_addr, remote_port, local_port, password, filename,
             return 1
         sock2.settimeout(TIMEOUT)
         try:
-            data = sock2.recv(37).decode()
+            data = sock2.recv(69).decode()  # "AUTH " + 64-char SHA3-256 nonce
             break
         except:  # noqa: E722
             sys.stderr.write(".")
@@ -134,17 +134,17 @@ def serve(remote_addr, local_addr, remote_port, local_port, password, filename,
         if data.startswith("AUTH"):
             nonce = data.split()[1]
             cnonce_text = "%s%u%s%s" % (filename, content_size, file_md5, remote_addr)
-            cnonce = hashlib.md5(cnonce_text.encode()).hexdigest()
-            passmd5 = hashlib.md5(password.encode()).hexdigest()
-            result_text = "%s:%s:%s" % (passmd5, nonce, cnonce)
-            result = hashlib.md5(result_text.encode()).hexdigest()
+            cnonce = hashlib.sha3_256(cnonce_text.encode()).hexdigest()
+            passsha3 = hashlib.sha3_256(password.encode()).hexdigest()
+            result_text = "%s:%s:%s" % (passsha3, nonce, cnonce)
+            result = hashlib.sha3_256(result_text.encode()).hexdigest()
             sys.stderr.write("Authenticating...")
             sys.stderr.flush()
             message = "%d %s %s\n" % (AUTH, cnonce, result)
             sock2.sendto(message.encode(), remote_address)
             sock2.settimeout(10)
             try:
-                data = sock2.recv(32).decode()
+                data = sock2.recv(64).decode()  # SHA3-256 produces 64 character response
             except:  # noqa: E722
                 sys.stderr.write("FAIL\n")
                 logging.error("No Answer to our Authentication")