forked from hummypkg/webif
Improve processing and display of custom encryption key
This commit is contained in:
parent
ee4c121a54
commit
f6126ce871
|
@ -13,16 +13,30 @@ if {[cgi_get act] eq "xtelnet"} {
|
||||||
|
|
||||||
if {[cgi_get act] eq "cryptokey"} {
|
if {[cgi_get act] eq "cryptokey"} {
|
||||||
set val [cgi_get cryptokey ""]
|
set val [cgi_get cryptokey ""]
|
||||||
if {[string length "$val"] == 0} {
|
set nkey [system encryptionkey]
|
||||||
set val [system encryptionkey]
|
if {$val eq "" || [string equal -nocase $val $nkey]} {
|
||||||
puts "Using native encryption key.<br>"
|
if {[system customencryptionkey] ne ""} {
|
||||||
|
system customencryptionkey $nkey
|
||||||
|
system nugget cryptokey -init
|
||||||
|
puts "Using native encryption key."
|
||||||
|
} else {
|
||||||
|
puts "Native key unchanged."
|
||||||
|
}
|
||||||
|
set cryptokey ""
|
||||||
} elseif {[string length $val] != 32} {
|
} elseif {[string length $val] != 32} {
|
||||||
puts "Encryption key is too short."
|
puts "Encryption key must be 32 hexadecimal digits."
|
||||||
exit
|
} else {
|
||||||
|
if {[string equal -nocase $val [system customencryptionkey]]} {
|
||||||
|
puts "Custom key unchanged."
|
||||||
|
} elseif {[set customkey [system customencryptionkey $val]] ne ""} {
|
||||||
|
set cryptokey $customkey
|
||||||
|
system nugget cryptokey -init
|
||||||
|
puts "Installed new encryption key."
|
||||||
|
} else {
|
||||||
|
puts "Failed to install encryption key $val"
|
||||||
}
|
}
|
||||||
file write "/mod/boot/cryptokey" [binary format H* $val]
|
}
|
||||||
system nugget cryptokey -init
|
puts "<br>"
|
||||||
puts "Installed new encryption key."
|
|
||||||
exit
|
exit
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -33,15 +47,7 @@ set logsize [$settings logsize]
|
||||||
set logkeep [$settings logkeep]
|
set logkeep [$settings logkeep]
|
||||||
set logage [$settings logage]
|
set logage [$settings logage]
|
||||||
|
|
||||||
set cryptokey [system encryptionkey]
|
set cryptokey [system customencryptionkey]
|
||||||
if {![catch {set ck_fd [open "/mod/boot/cryptokey"]}]} {
|
|
||||||
set ck_bytes [$ck_fd read 16]
|
|
||||||
$ck_fd close
|
|
||||||
binary scan $ck_bytes H* ck_key
|
|
||||||
if {[string length $ck_key] == 32} {
|
|
||||||
set cryptokey $ck_key
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
handle_int_update pkgdev $pkgdev "Development Package Display"
|
handle_int_update pkgdev $pkgdev "Development Package Display"
|
||||||
handle_int_update rtschedule $rtschedule "Real-time scheduling"
|
handle_int_update rtschedule $rtschedule "Real-time scheduling"
|
||||||
|
|
|
@ -60,7 +60,7 @@ puts "
|
||||||
<table>
|
<table>
|
||||||
<tr><th class=key>
|
<tr><th class=key>
|
||||||
Native encryption key
|
Native encryption key
|
||||||
</th><td>[system encryptionkey]</td></tr>
|
</th><td><span id=nativekey>[system encryptionkey]</span></td></tr>
|
||||||
<tr>
|
<tr>
|
||||||
<form class=auto id=cryptokey method=post action=$env(SCRIPT_NAME)>
|
<form class=auto id=cryptokey method=post action=$env(SCRIPT_NAME)>
|
||||||
<input type=hidden name=act value=cryptokey>
|
<input type=hidden name=act value=cryptokey>
|
||||||
|
@ -71,7 +71,21 @@ puts "
|
||||||
<small><input value=set type=submit></small>
|
<small><input value=set type=submit></small>
|
||||||
<div id=cryptokey_output></div>
|
<div id=cryptokey_output></div>
|
||||||
</td>
|
</td>
|
||||||
</form>
|
</form>"
|
||||||
|
puts {
|
||||||
|
<script>
|
||||||
|
$(document).ajaxSuccess(
|
||||||
|
function(ev, jqXHR) {
|
||||||
|
var ip;
|
||||||
|
if ((jqXHR.responseText.indexOf("ative ") >= 0) &&
|
||||||
|
($("#nativekey").html() == (ip = $("input[name=cryptokey]")).prop("value"))) {
|
||||||
|
ip.prop("value", "");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
);
|
||||||
|
</script>
|
||||||
|
}
|
||||||
|
puts "
|
||||||
</tr><tr>
|
</tr><tr>
|
||||||
<td></td>
|
<td></td>
|
||||||
<td class=blood>
|
<td class=blood>
|
||||||
|
|
|
@ -20,7 +20,10 @@ puts "<br>Loader Version: [system loaderver]"
|
||||||
puts "<br>System ID: [system systemid]"
|
puts "<br>System ID: [system systemid]"
|
||||||
puts "<br>Serial Number: [system serialno]"
|
puts "<br>Serial Number: [system serialno]"
|
||||||
if {$mws::pagetag eq "Diagnostics"} {
|
if {$mws::pagetag eq "Diagnostics"} {
|
||||||
puts "<br>Encryption Key: [system encryptionkey]"
|
puts "<br>Native Encryption Key: [system encryptionkey]"
|
||||||
|
if {[set customkey [system customencryptionkey]] ne ""} {
|
||||||
|
puts "<br>Custom Encryption Key: $customkey"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
puts "<br>Last Boot Reason: [system lastbootreason]"
|
puts "<br>Last Boot Reason: [system lastbootreason]"
|
||||||
|
|
||||||
|
|
|
@ -143,6 +143,13 @@ proc {system serialno} {} {{serial ""}} {
|
||||||
string range $bytes 9 end]"
|
string range $bytes 9 end]"
|
||||||
return $serial
|
return $serial
|
||||||
}
|
}
|
||||||
|
proc {system keybytestostring} {key_bytes} {
|
||||||
|
binary scan $key_bytes H* key_str
|
||||||
|
if {[string length $key_str] == 32} {
|
||||||
|
return $key_str
|
||||||
|
}
|
||||||
|
return {}
|
||||||
|
}
|
||||||
|
|
||||||
proc {system encryptionkey} {} {{key ""}} {
|
proc {system encryptionkey} {} {{key ""}} {
|
||||||
if {$key ne ""} { return $key }
|
if {$key ne ""} { return $key }
|
||||||
|
@ -152,8 +159,46 @@ proc {system encryptionkey} {} {{key ""}} {
|
||||||
$fd seek 0xcb800
|
$fd seek 0xcb800
|
||||||
append bytes [$fd read 10]
|
append bytes [$fd read 10]
|
||||||
$fd close
|
$fd close
|
||||||
binary scan $bytes H* key
|
return [system keybytestostring $bytes]
|
||||||
return $key
|
}
|
||||||
|
|
||||||
|
proc {system customencryptionkey} {{key ""}} {{keyfile "/mod/boot/cryptokey"}} {
|
||||||
|
|
||||||
|
set ck_fd {}
|
||||||
|
try {
|
||||||
|
if {$key eq ""} {
|
||||||
|
set ck_fd [open $keyfile r]
|
||||||
|
set ck_bytes [$ck_fd read 16]
|
||||||
|
return [system keybytestostring $ck_bytes]
|
||||||
|
} elseif {[string equal -nocase $key [system encryptionkey]]} {
|
||||||
|
file delete -force $keyfile
|
||||||
|
return $key
|
||||||
|
} else {
|
||||||
|
set ck_bytes [binary format H* $key]
|
||||||
|
set test [system keybytestostring $ck_bytes]
|
||||||
|
if {![string equal -nocase $test $key]} {
|
||||||
|
throw 1 "Invalid custom key"
|
||||||
|
}
|
||||||
|
if {[file exists $keyfile]} {
|
||||||
|
# attempt not to truncate on update until written
|
||||||
|
set access r+
|
||||||
|
} else {
|
||||||
|
set access w
|
||||||
|
}
|
||||||
|
set ck_fd [open $keyfile $access]
|
||||||
|
$ck_fd seek 0
|
||||||
|
$ck_fd puts -nonewline $ck_bytes
|
||||||
|
$ck_fd close
|
||||||
|
set ck_fd {}
|
||||||
|
return $key
|
||||||
|
}
|
||||||
|
} on error {msg opts} {
|
||||||
|
return {}
|
||||||
|
} finally {
|
||||||
|
if {$ck_fd ne {}} {
|
||||||
|
$ck_fd close
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
proc {system loaderver} {} {{ver ""}} {
|
proc {system loaderver} {} {{ver ""}} {
|
||||||
|
|
|
@ -863,16 +863,9 @@ ts method getkey {mode} {
|
||||||
}
|
}
|
||||||
if { $mode ne "dlna" } {
|
if { $mode ne "dlna" } {
|
||||||
# also try other keys, such as this - same as active?
|
# also try other keys, such as this - same as active?
|
||||||
try {
|
set key [system customencryptionkey]
|
||||||
set fd [open "/mod/boot/cryptokey"]
|
if {$key ne ""} {
|
||||||
set bytes [$fd read 16]
|
ladd keys $key
|
||||||
binary scan $bytes H* key
|
|
||||||
if {[string length $key] == 32} {
|
|
||||||
ladd keys $key
|
|
||||||
}
|
|
||||||
} on error {} {
|
|
||||||
} finally {
|
|
||||||
catch {$fd close}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# the native key
|
# the native key
|
||||||
|
|
Loading…
Reference in New Issue