Improve processing and display of custom encryption key
This commit is contained in:
parent
ee4c121a54
commit
bbff98d04b
@ -13,16 +13,19 @@ if {[cgi_get act] eq "xtelnet"} {
|
||||
|
||||
if {[cgi_get act] eq "cryptokey"} {
|
||||
set val [cgi_get cryptokey ""]
|
||||
if {[string length "$val"] == 0} {
|
||||
if {$val eq ""} {
|
||||
set val [system encryptionkey]
|
||||
puts "Using native encryption key.<br>"
|
||||
} elseif {[string length $val] != 32} {
|
||||
puts "Encryption key is too short."
|
||||
exit
|
||||
}
|
||||
file write "/mod/boot/cryptokey" [binary format H* $val]
|
||||
system nugget cryptokey -init
|
||||
puts "Installed new encryption key."
|
||||
if {[system customencryptionkey $val] ne ""} {
|
||||
system nugget cryptokey -init
|
||||
puts "Installed new encryption key."
|
||||
} else {
|
||||
puts "Failed to install encryption key $val"
|
||||
}
|
||||
exit
|
||||
}
|
||||
|
||||
@ -34,13 +37,8 @@ set logkeep [$settings logkeep]
|
||||
set logage [$settings logage]
|
||||
|
||||
set cryptokey [system encryptionkey]
|
||||
if {![catch {set ck_fd [open "/mod/boot/cryptokey"]}]} {
|
||||
set ck_bytes [$ck_fd read 16]
|
||||
$ck_fd close
|
||||
binary scan $ck_bytes H* ck_key
|
||||
if {[string length $ck_key] == 32} {
|
||||
set cryptokey $ck_key
|
||||
}
|
||||
if {[set customkey [system customencryptionkey]] ne ""} {
|
||||
set cryptokey $customkey
|
||||
}
|
||||
|
||||
handle_int_update pkgdev $pkgdev "Development Package Display"
|
||||
|
@ -20,7 +20,10 @@ puts "<br>Loader Version: [system loaderver]"
|
||||
puts "<br>System ID: [system systemid]"
|
||||
puts "<br>Serial Number: [system serialno]"
|
||||
if {$mws::pagetag eq "Diagnostics"} {
|
||||
puts "<br>Encryption Key: [system encryptionkey]"
|
||||
puts "<br>Native Encryption Key: [system encryptionkey]"
|
||||
if {[set customkey [system customencryptionkey]] ne ""} {
|
||||
puts "<br>Custom Encryption Key: $customkey"
|
||||
}
|
||||
}
|
||||
puts "<br>Last Boot Reason: [system lastbootreason]"
|
||||
|
||||
|
@ -143,6 +143,13 @@ proc {system serialno} {} {{serial ""}} {
|
||||
string range $bytes 9 end]"
|
||||
return $serial
|
||||
}
|
||||
proc {system keybytestostring} {key_bytes} {
|
||||
binary scan $key_bytes H* key_str
|
||||
if {[string length $key_str] == 32} {
|
||||
return $key_str
|
||||
}
|
||||
return {}
|
||||
}
|
||||
|
||||
proc {system encryptionkey} {} {{key ""}} {
|
||||
if {$key ne ""} { return $key }
|
||||
@ -152,8 +159,42 @@ proc {system encryptionkey} {} {{key ""}} {
|
||||
$fd seek 0xcb800
|
||||
append bytes [$fd read 10]
|
||||
$fd close
|
||||
binary scan $bytes H* key
|
||||
return $key
|
||||
return [system keybytestostring $bytes]
|
||||
}
|
||||
|
||||
proc {system customencryptionkey} {{key ""}} {
|
||||
|
||||
proc open_keyfile {{access r}} {
|
||||
return [open "/mod/boot/cryptokey" $access]
|
||||
}
|
||||
|
||||
set ck_fd {}
|
||||
try {
|
||||
if {$key ne ""} {
|
||||
set ck_bytes [binary format H* $key]
|
||||
set test [system keybytestostring $ck_bytes]
|
||||
if {![string equal -nocase $test $key]} {
|
||||
throw 1 "Invalid custom key"
|
||||
}
|
||||
# attempt not to truncate on update until written
|
||||
set ck_fd [open_keyfile a]
|
||||
$ck_fd seek 0
|
||||
$ck_fd puts -nonewline $ck_bytes
|
||||
$ck_fd close
|
||||
set ck_fd {}
|
||||
return $key
|
||||
} else {
|
||||
set ck_fd [open_keyfile]
|
||||
set ck_bytes [$ck_fd read 16]
|
||||
return [system keybytestostring $ck_bytes]
|
||||
}
|
||||
} on error {msg opts} {
|
||||
return {}
|
||||
} finally {
|
||||
if {$ck_fd ne {}} {
|
||||
$ck_fd close
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
proc {system loaderver} {} {{ver ""}} {
|
||||
|
@ -863,16 +863,9 @@ ts method getkey {mode} {
|
||||
}
|
||||
if { $mode ne "dlna" } {
|
||||
# also try other keys, such as this - same as active?
|
||||
try {
|
||||
set fd [open "/mod/boot/cryptokey"]
|
||||
set bytes [$fd read 16]
|
||||
binary scan $bytes H* key
|
||||
if {[string length $key] == 32} {
|
||||
ladd keys $key
|
||||
}
|
||||
} on error {} {
|
||||
} finally {
|
||||
catch {$fd close}
|
||||
set key [system customencryptionkey]
|
||||
if {$key ne ""} {
|
||||
ladd keys $key
|
||||
}
|
||||
|
||||
# the native key
|
||||
|
Loading…
Reference in New Issue
Block a user