Common stuff for all my devices' web server pages: css, login, log, ipv4, ipv6, firmware update, clock, reset info etc.

Dependents:   oldheating gps motorhome heating

Security

A password has to be set whenever there has been a software reset. Resets following faults or power on do not require a new password as the hash is restored from the RTC GPREG register.

The password is not saved on the device; instead a 32 bit hash of the password is saved. It would take 2^31 attempts to brute force the password: this could be done in under a month if an attempt were possible every millisecond. To prevent this a 200 ms delay is introduced in the reply to the login form, that gives a more reasonable 13 years to brute force the password.

Once the password is accepted a random session id is created. This is 36 bit to give six base 64 characters but without an extra delay. If an attempt could be made every ms then this would still take over a year to brute force.

The most likely attack would to use a dictionary with, say, 10 million entries against the password which would still take 20 days to do.

Committer:
andrewboyson
Date:
Wed Dec 23 09:57:17 2020 +0000
Revision:
142:b472ba95b018
Parent:
130:9a5b8fe308f1
Added parameters for the change to the net RA (Link unique prefixes)

Who changed what in which revision?

UserRevisionLine numberNew contents of line
andrewboyson 103:91194cc19bbb 1 #include <stdint.h>
andrewboyson 103:91194cc19bbb 2
andrewboyson 103:91194cc19bbb 3 #include "http.h"
andrewboyson 103:91194cc19bbb 4 #include "log.h"
andrewboyson 103:91194cc19bbb 5 #include "net.h"
andrewboyson 103:91194cc19bbb 6 #include "link.h"
andrewboyson 103:91194cc19bbb 7 #include "dns.h"
andrewboyson 103:91194cc19bbb 8 #include "dnsname.h"
andrewboyson 103:91194cc19bbb 9 #include "dnsquery.h"
andrewboyson 103:91194cc19bbb 10 #include "dnsreply.h"
andrewboyson 103:91194cc19bbb 11 #include "dnsserver.h"
andrewboyson 103:91194cc19bbb 12 #include "ntp.h"
andrewboyson 103:91194cc19bbb 13 #include "dhcp.h"
andrewboyson 103:91194cc19bbb 14 #include "ns.h"
andrewboyson 142:b472ba95b018 15 #include "nr.h"
andrewboyson 103:91194cc19bbb 16 #include "echo4.h"
andrewboyson 103:91194cc19bbb 17 #include "echo6.h"
andrewboyson 103:91194cc19bbb 18 #include "dest6.h"
andrewboyson 103:91194cc19bbb 19 #include "ra.h"
andrewboyson 103:91194cc19bbb 20 #include "rs.h"
andrewboyson 103:91194cc19bbb 21 #include "ar4.h"
andrewboyson 103:91194cc19bbb 22 #include "ar6.h"
andrewboyson 103:91194cc19bbb 23 #include "arp.h"
andrewboyson 103:91194cc19bbb 24 #include "ip4.h"
andrewboyson 103:91194cc19bbb 25 #include "ip6.h"
andrewboyson 103:91194cc19bbb 26 #include "udp.h"
andrewboyson 103:91194cc19bbb 27 #include "tcp.h"
andrewboyson 130:9a5b8fe308f1 28 #include "web.h"
andrewboyson 103:91194cc19bbb 29 #include "tftp.h"
andrewboyson 103:91194cc19bbb 30 #include "ntpclient.h"
andrewboyson 103:91194cc19bbb 31
andrewboyson 103:91194cc19bbb 32 void WebTraceAjax()
andrewboyson 103:91194cc19bbb 33 {
andrewboyson 103:91194cc19bbb 34 HttpOk("text/plain; charset=UTF-8", "no-cache", NULL, NULL);
andrewboyson 103:91194cc19bbb 35 char nibble;
andrewboyson 103:91194cc19bbb 36
andrewboyson 103:91194cc19bbb 37 nibble = 0; //0
andrewboyson 103:91194cc19bbb 38 if ( DnsSendRequestsViaIp4) nibble |= 2;
andrewboyson 103:91194cc19bbb 39 if ( NtpClientQuerySendRequestsViaIp4) nibble |= 4;
andrewboyson 103:91194cc19bbb 40 if (TftpSendRequestsViaIp4) nibble |= 8;
andrewboyson 103:91194cc19bbb 41 HttpAddNibbleAsHex(nibble);
andrewboyson 103:91194cc19bbb 42
andrewboyson 103:91194cc19bbb 43 HttpAddByteAsHex(NetTraceHost[0]); //1, 2
andrewboyson 103:91194cc19bbb 44 HttpAddByteAsHex(NetTraceHost[1]); //3, 4
andrewboyson 103:91194cc19bbb 45
andrewboyson 103:91194cc19bbb 46 nibble = 0; //5
andrewboyson 103:91194cc19bbb 47 if (NetTraceStack ) nibble |= 1;
andrewboyson 103:91194cc19bbb 48 if (NetTraceNewLine ) nibble |= 2;
andrewboyson 103:91194cc19bbb 49 if (NetTraceVerbose ) nibble |= 4;
andrewboyson 103:91194cc19bbb 50 if (LinkTrace ) nibble |= 8;
andrewboyson 103:91194cc19bbb 51 HttpAddNibbleAsHex(nibble);
andrewboyson 103:91194cc19bbb 52
andrewboyson 103:91194cc19bbb 53 nibble = 0; //6
andrewboyson 103:91194cc19bbb 54 if (DnsNameTrace ) nibble |= 1;
andrewboyson 103:91194cc19bbb 55 if (DnsQueryTrace ) nibble |= 2;
andrewboyson 103:91194cc19bbb 56 if (DnsReplyTrace ) nibble |= 4;
andrewboyson 103:91194cc19bbb 57 if (DnsServerTrace ) nibble |= 8;
andrewboyson 103:91194cc19bbb 58 HttpAddNibbleAsHex(nibble);
andrewboyson 103:91194cc19bbb 59
andrewboyson 103:91194cc19bbb 60 nibble = 0; //7
andrewboyson 103:91194cc19bbb 61 if (NtpTrace ) nibble |= 1;
andrewboyson 103:91194cc19bbb 62 if (DhcpTrace ) nibble |= 2;
andrewboyson 103:91194cc19bbb 63 if (NsTraceRecvSol ) nibble |= 4;
andrewboyson 103:91194cc19bbb 64 if (NsTraceRecvAdv ) nibble |= 8;
andrewboyson 103:91194cc19bbb 65 HttpAddNibbleAsHex(nibble);
andrewboyson 103:91194cc19bbb 66
andrewboyson 103:91194cc19bbb 67 nibble = 0; //8
andrewboyson 103:91194cc19bbb 68 if (NsTraceSendSol ) nibble |= 1;
andrewboyson 103:91194cc19bbb 69 if (Nr4Trace ) nibble |= 2;
andrewboyson 142:b472ba95b018 70 if (NrTrace ) nibble |= 4;
andrewboyson 103:91194cc19bbb 71 if (NtpClientTrace ) nibble |= 8;
andrewboyson 103:91194cc19bbb 72 HttpAddNibbleAsHex(nibble);
andrewboyson 103:91194cc19bbb 73
andrewboyson 103:91194cc19bbb 74 nibble = 0; //9
andrewboyson 103:91194cc19bbb 75 if (Echo4Trace ) nibble |= 4;
andrewboyson 103:91194cc19bbb 76 if (Echo6Trace ) nibble |= 8;
andrewboyson 103:91194cc19bbb 77 HttpAddNibbleAsHex(nibble);
andrewboyson 103:91194cc19bbb 78
andrewboyson 103:91194cc19bbb 79 nibble = 0; //10
andrewboyson 103:91194cc19bbb 80 if (Dest6Trace ) nibble |= 1;
andrewboyson 103:91194cc19bbb 81 if (RaTrace ) nibble |= 2;
andrewboyson 103:91194cc19bbb 82 if (RsTrace ) nibble |= 4;
andrewboyson 103:91194cc19bbb 83 if (Ar4Trace ) nibble |= 8;
andrewboyson 103:91194cc19bbb 84 HttpAddNibbleAsHex(nibble);
andrewboyson 103:91194cc19bbb 85
andrewboyson 103:91194cc19bbb 86 nibble = 0; //11
andrewboyson 103:91194cc19bbb 87 if (Ar6Trace ) nibble |= 1;
andrewboyson 103:91194cc19bbb 88 if (ArpTrace ) nibble |= 2;
andrewboyson 103:91194cc19bbb 89 if (Ip4Trace ) nibble |= 4;
andrewboyson 103:91194cc19bbb 90 if (Ip6Trace ) nibble |= 8;
andrewboyson 103:91194cc19bbb 91 HttpAddNibbleAsHex(nibble);
andrewboyson 103:91194cc19bbb 92
andrewboyson 103:91194cc19bbb 93 nibble = 0; //12
andrewboyson 103:91194cc19bbb 94 if (UdpTrace ) nibble |= 1;
andrewboyson 103:91194cc19bbb 95 if (TcpTrace ) nibble |= 2;
andrewboyson 130:9a5b8fe308f1 96 if (WebTrace ) nibble |= 4;
andrewboyson 103:91194cc19bbb 97 if (TftpTrace ) nibble |= 8;
andrewboyson 103:91194cc19bbb 98 HttpAddNibbleAsHex(nibble);
andrewboyson 103:91194cc19bbb 99 }
andrewboyson 103:91194cc19bbb 100