diff --git a/webif/html/settings/modules/advanced/init.hook b/webif/html/settings/modules/advanced/init.hook
index abecda1..03abd9e 100644
--- a/webif/html/settings/modules/advanced/init.hook
+++ b/webif/html/settings/modules/advanced/init.hook
@@ -13,16 +13,30 @@ if {[cgi_get act] eq "xtelnet"} {
if {[cgi_get act] eq "cryptokey"} {
set val [cgi_get cryptokey ""]
- if {[string length "$val"] == 0} {
- set val [system encryptionkey]
- puts "Using native encryption key.
"
+ set nkey [system encryptionkey]
+ if {$val eq "" || [string equal -nocase $val $nkey]} {
+ if {[system customencryptionkey] ne ""} {
+ system customencryptionkey $nkey
+ system nugget cryptokey -init
+ puts "Using native encryption key."
+ } else {
+ puts "Native key unchanged."
+ }
+ set cryptokey ""
} elseif {[string length $val] != 32} {
- puts "Encryption key is too short."
- exit
+ puts "Encryption key must be 32 hexadecimal digits."
+ } else {
+ if {[string equal -nocase $val [system customencryptionkey]]} {
+ puts "Custom key unchanged."
+ } elseif {[set customkey [system customencryptionkey $val]] ne ""} {
+ set cryptokey $customkey
+ system nugget cryptokey -init
+ puts "Installed new encryption key."
+ } else {
+ puts "Failed to install encryption key $val"
}
- file write "/mod/boot/cryptokey" [binary format H* $val]
- system nugget cryptokey -init
- puts "Installed new encryption key."
+ }
+ puts "
"
exit
}
@@ -33,15 +47,7 @@ set logsize [$settings logsize]
set logkeep [$settings logkeep]
set logage [$settings logage]
-set cryptokey [system encryptionkey]
-if {![catch {set ck_fd [open "/mod/boot/cryptokey"]}]} {
- set ck_bytes [$ck_fd read 16]
- $ck_fd close
- binary scan $ck_bytes H* ck_key
- if {[string length $ck_key] == 32} {
- set cryptokey $ck_key
- }
-}
+set cryptokey [system customencryptionkey]
handle_int_update pkgdev $pkgdev "Development Package Display"
handle_int_update rtschedule $rtschedule "Real-time scheduling"
diff --git a/webif/html/settings/modules/advanced/settings.hook b/webif/html/settings/modules/advanced/settings.hook
index 02d0ebe..5e340c8 100755
--- a/webif/html/settings/modules/advanced/settings.hook
+++ b/webif/html/settings/modules/advanced/settings.hook
@@ -60,7 +60,7 @@ puts "
Native encryption key - | [system encryptionkey] | [system encryptionkey] |
---|---|
diff --git a/webif/include/modversion.jim b/webif/include/modversion.jim
index 85c7493..43b5a36 100755
--- a/webif/include/modversion.jim
+++ b/webif/include/modversion.jim
@@ -20,7 +20,10 @@ puts " Loader Version: [system loaderver]" puts " System ID: [system systemid]" puts " Serial Number: [system serialno]" if {$mws::pagetag eq "Diagnostics"} { - puts " Encryption Key: [system encryptionkey]" + puts " Native Encryption Key: [system encryptionkey]" + if {[set customkey [system customencryptionkey]] ne ""} { + puts " Custom Encryption Key: $customkey" + } } puts " Last Boot Reason: [system lastbootreason]" diff --git a/webif/lib/system.class b/webif/lib/system.class index e0ffb9a..581d70e 100644 --- a/webif/lib/system.class +++ b/webif/lib/system.class @@ -143,6 +143,13 @@ proc {system serialno} {} {{serial ""}} { string range $bytes 9 end]" return $serial } +proc {system keybytestostring} {key_bytes} { + binary scan $key_bytes H* key_str + if {[string length $key_str] == 32} { + return $key_str + } + return {} +} proc {system encryptionkey} {} {{key ""}} { if {$key ne ""} { return $key } @@ -152,8 +159,46 @@ proc {system encryptionkey} {} {{key ""}} { $fd seek 0xcb800 append bytes [$fd read 10] $fd close - binary scan $bytes H* key - return $key + return [system keybytestostring $bytes] +} + +proc {system customencryptionkey} {{key ""}} {{keyfile "/mod/boot/cryptokey"}} { + + set ck_fd {} + try { + if {$key eq ""} { + set ck_fd [open $keyfile r] + set ck_bytes [$ck_fd read 16] + return [system keybytestostring $ck_bytes] + } elseif {[string equal -nocase $key [system encryptionkey]]} { + file delete -force $keyfile + return $key + } else { + set ck_bytes [binary format H* $key] + set test [system keybytestostring $ck_bytes] + if {![string equal -nocase $test $key]} { + throw 1 "Invalid custom key" + } + if {[file exists $keyfile]} { + # attempt not to truncate on update until written + set access r+ + } else { + set access w + } + set ck_fd [open $keyfile $access] + $ck_fd seek 0 + $ck_fd puts -nonewline $ck_bytes + $ck_fd close + set ck_fd {} + return $key + } + } on error {msg opts} { + return {} + } finally { + if {$ck_fd ne {}} { + $ck_fd close + } + } } proc {system loaderver} {} {{ver ""}} { diff --git a/webif/lib/ts.class b/webif/lib/ts.class index bcfe270..526814a 100644 --- a/webif/lib/ts.class +++ b/webif/lib/ts.class @@ -863,16 +863,9 @@ ts method getkey {mode} { } if { $mode ne "dlna" } { # also try other keys, such as this - same as active? - try { - set fd [open "/mod/boot/cryptokey"] - set bytes [$fd read 16] - binary scan $bytes H* key - if {[string length $key] == 32} { - ladd keys $key - } - } on error {} { - } finally { - catch {$fd close} + set key [system customencryptionkey] + if {$key ne ""} { + ladd keys $key } # the native key |