Completing initial decryption key functions

CONTROL/control

@@ -1,10 +1,10 @@
 Package: webif
 Priority: optional
 Section: web
-Version: 1.4.3-2
+Version: 1.4.3-3
 Architecture: mipsel
 Maintainer: af123@hpkg.tv
-Depends: tcpfix,webif-channelicons(>=1.1.26),lighttpd(>=1.4.39-1),jim(>=0.77),jim-oo(>=0.77),jim-sqlite3(>=0.77),jim-cgi(>=0.7-1),jim-binary(>=0.76),service-control(>=2.3),busybox(>=1.20.2-1),lsof(>=4.87),epg(>=1.2.8),hmt(>=2.0.10),ssmtp,cron-daemon(>=1.18.3-3),at(>=3.1.18),anacron,trm(>=1.1),openssl-command,nicesplice,id3v2,file,rsvsync(>=1.1.11),webif-charts(>=1.2-1),stripts(>=1.4.1),tmenu(>=1.21-2),ffmpeg(>=2.8),id3v2,multienv(>=1.6),tcpping(>=1.1),e2fsprogs,wireless-tools(>=29-1),dbupdate,recmon(>=2.0.7),hwctl,nugget(>=0.98),sqlite3(>=3.15.1),jim-xconv
+Depends: tcpfix,webif-channelicons(>=1.1.26),lighttpd(>=1.4.39-1),jim(>=0.77),jim-oo(>=0.77),jim-sqlite3(>=0.77),jim-cgi(>=0.7-1),jim-binary(>=0.76),service-control(>=2.3),busybox(>=1.20.2-1),lsof(>=4.87),epg(>=1.2.8),hmt(>=2.0.10),ssmtp,cron-daemon(>=1.18.3-3),at(>=3.1.18),anacron,trm(>=1.1),openssl-command,nicesplice,id3v2,file,rsvsync(>=1.1.11),webif-charts(>=1.2-1),stripts(>=1.4.2),tmenu(>=1.21-2),ffmpeg(>=2.8),id3v2,multienv(>=1.6),tcpping(>=1.1),e2fsprogs,wireless-tools(>=29-1),dbupdate,recmon(>=2.0.7),hwctl,nugget(>=0.98-3),sqlite3(>=3.15.1),jim-xconv
 Suggests:
 Description: An evolving web interface for the Humax.
 Tags: https://hummy.tv/forum/threads/7712/

webif/html/browse/index.jim

@@ -401,6 +401,10 @@ if {$nicesplice} {
 }
 # Queue
 set queueactions(decrypt) "Decryption"
+if {$model ne "HD"} {
+	# For HDR, give slower option too.
+	dict set queueactions "decrypt -direct" "Decryption (direct, slower)"
+}
 set queueactions(shrink) "Shrink"
 dict set queueactions "mp3 -mp2" "Audio-Extraction (mp2, fast)"
 dict set queueactions "mp3 -mp3" "Audio-Extraction (mp3, slow)"

webif/html/settings/modules/advanced/init.hook

@@ -11,11 +11,36 @@ if {[cgi_get act] eq "xtelnet"} {
 	exit
 }
 
+if {[cgi_get act] eq "cryptokey"} {
+	set val [cgi_get cryptokey ""]
+	if {[string length "$val"] == 0} {
+		set val [system encryptionkey]
+		puts "Using native encryption key.<br>"
+	} elseif {[string length $val] != 32} {
+		puts "Encryption key is too short."
+		exit
+	}
+	file write "/mod/boot/cryptokey" [binary format H* $val]
+	system nugget cryptokey -init
+	puts "Installed new encryption key."
+	exit
+}
+
 set pkgdev [$settings pkgdev]
 set rtschedule [$settings rtschedule]
 set logsize [$settings logsize]
 set logkeep [$settings logkeep]
 
+set cryptokey [system encryptionkey]
+if {![catch {set ck_fd [open "/mod/boot/cryptokey"]}]} {
+	set ck_bytes [$ck_fd read 16]
+	$ck_fd close
+	binary scan $ck_bytes H* ck_key
+	if {[string length $ck_key] == 32} {
+		set cryptokey $ck_key
+	}
+}
+
 handle_int_update pkgdev $pkgdev "Development Package Display"
 handle_int_update rtschedule $rtschedule "Real-time scheduling"
 handle_int_update logsize $logsize "Log rotation size"

webif/html/settings/modules/advanced/settings.hook

@@ -31,9 +31,7 @@ foreach size $sizes {
 }
 puts "
 		</select>
-		<small>
-		<input value=\"set\" type=submit>
-		</small>
+		<small><input value=\"set\" type=submit></small>
 		<div id=logsize_output></div>
 		</td>
 	</form>
@@ -48,6 +46,36 @@ if {[system modversion 1] >= 214} {
 	    [file exists /mod/boot/xtelnet] 0 1
 }
 
+puts "
+	</table>
+	</fieldset>
+	<fieldset style=\"display: inline\">
+	<legend> Encryption Key </legend>
+	<table>
+	<tr><th class=key>
+		Native encryption key
+	</th><td>[system encryptionkey]</td></tr>
+	<tr>
+	<form class=auto id=cryptokey method=post action=$env(SCRIPT_NAME)>
+		<input type=hidden name=act value=cryptokey>
+		<th class=key>Custom encryption key</th>
+		<td><input name=cryptokey size=40 maxlength=32
+		    class=\"text ui-widget-content ui-corner-all\"
+		    value=\"$cryptokey\">
+			<small><input value=set type=submit></small>
+			<div id=cryptokey_output></div>
+		</td>
+	</form>
+	</tr><tr>
+		<td></td>
+		<td class=blood>
+			NB: For fastest direct decryption, set the second half
+			<br>
+			of the key to the same as the first half.
+		</td>
+	</tr>
+"
+
 puts "
 	</table>
 	</fieldset>

webif/lib/auto/plugin/decrypt/queue.hook

@@ -104,7 +104,26 @@ proc ::decrypt::dequeue {q ts} {
 		if {$helper} { system dlnahelper -release }
 	} else {
 		log "  Direct decryption" 0
-		if {[catch {exec /mod/bin/stripts -@@ "$rfile" "$tmp/[\
+		set keys {}
+		if {![catch {set fd [open "/mod/boot/cryptokey"]}]} {
+			set bytes [$fd read 16]
+			$fd close
+			binary scan $bytes H* key
+			if {[string length $key] == 32} {
+				lappend keys $key
+			}
+		}
+		lappend keys [string range [system nugget cryptokey -key] 0 31]
+		lappend keys [system encryptionkey]
+		foreach key $keys {
+			::auto::log "Testing key ($key)" 2
+			if {[catch {
+			    set ret [exec /mod/bin/stripts -q/ $key $rfile]
+			}]} continue
+			if {$ret eq "1"} break
+		}
+		::auto::log "Using key ($key)" 2
+		if {[catch {exec /mod/bin/stripts -@ $key $rfile "$tmp/[\
 		    file rootname $bfile]" } msg opts]} {
 			::auto::log "Decrypt error - $msg - $opts"
 			system endop decrypt
@@ -134,8 +153,7 @@ proc ::decrypt::dequeue {q ts} {
 		return {"DEFER" "Recording in use"}
 	}
 
-	# Copy the HMT file over for stripts - can be removed once
-	# stripts can work without a .hmt - XXX
+	# Copy the HMT file over for stripts
 	set thmt "$tmp/[file rootname $bfile].hmt"
 	if {![file exists $thmt]} { file copy "$rfile.hmt" $thmt }
 	# Check that the file is no longer encrypted by analysing it.

webif/lib/rsv.class

@@ -101,9 +101,7 @@ proc {rsv dbhandle} {args} {
 alias {rsv cleanup} rsv dbhandle -close
 
 rsv method status {} {
-	set stat -1
-	catch {set stat [exec /mod/bin/nugget schedule.timers.status $ulslot]}
-	switch -- $stat {
+	switch -- [system nugget schedule.timers.status $ulslot] {
 		"0,0"	{ return "idle" }
 		"1,1"	{ return "ready" }
 		"2,1"	{ return "arwatch" }
@@ -1061,7 +1059,7 @@ proc {rsv restore} {file} {
 	puts "Restoring scheduled events from <i>$file</i>..."
 
 	# Disable RTS until next restart.
-	catch { exec /mod/bin/nugget quit }
+	system nugget quit
 
 	# Clear tables
 	foreach tab {TBL_RESERVATION pending skip} {

webif/lib/system.class

@@ -653,11 +653,15 @@ proc {system connectivity} {{site "hpkg.tv"} {port 80} {ret "0"}} {
 
 proc {system nuggeted} {} {
 	if {![system pkginst nugget]} { return 0 }
-	set ret 0
-	catch {
-		if {[exec /mod/bin/nugget ping] eq "PONG"} {
-			set ret 1
-		}
+	if {[system nugget ping] eq "PONG"} {
+		return 1
+	}
+	return 0
+}
+
+proc {system nugget} {args} {
+	if {[catch {set ret [exec /mod/bin/nugget {*}$args]} msg]} {
+		return ""
 	}
 	return $ret
 }