Improve processing and display of custom encryption key

This commit is contained in:
df 2021-10-01 15:45:13 +01:00
parent ee4c121a54
commit bbff98d04b
4 changed files with 59 additions and 24 deletions

View File

@ -13,16 +13,19 @@ if {[cgi_get act] eq "xtelnet"} {
if {[cgi_get act] eq "cryptokey"} {
set val [cgi_get cryptokey ""]
if {[string length "$val"] == 0} {
if {$val eq ""} {
set val [system encryptionkey]
puts "Using native encryption key.<br>"
} elseif {[string length $val] != 32} {
puts "Encryption key is too short."
exit
}
file write "/mod/boot/cryptokey" [binary format H* $val]
system nugget cryptokey -init
puts "Installed new encryption key."
if {[system customencryptionkey $val] ne ""} {
system nugget cryptokey -init
puts "Installed new encryption key."
} else {
puts "Failed to install encryption key $val"
}
exit
}
@ -34,13 +37,8 @@ set logkeep [$settings logkeep]
set logage [$settings logage]
set cryptokey [system encryptionkey]
if {![catch {set ck_fd [open "/mod/boot/cryptokey"]}]} {
set ck_bytes [$ck_fd read 16]
$ck_fd close
binary scan $ck_bytes H* ck_key
if {[string length $ck_key] == 32} {
set cryptokey $ck_key
}
if {[set customkey [system customencryptionkey]] ne ""} {
set cryptokey $customkey
}
handle_int_update pkgdev $pkgdev "Development Package Display"

View File

@ -20,7 +20,10 @@ puts "<br>Loader Version: [system loaderver]"
puts "<br>System ID: [system systemid]"
puts "<br>Serial Number: [system serialno]"
if {$mws::pagetag eq "Diagnostics"} {
puts "<br>Encryption Key: [system encryptionkey]"
puts "<br>Native Encryption Key: [system encryptionkey]"
if {[set customkey [system customencryptionkey]] ne ""} {
puts "<br>Custom Encryption Key: $customkey"
}
}
puts "<br>Last Boot Reason: [system lastbootreason]"

View File

@ -143,6 +143,13 @@ proc {system serialno} {} {{serial ""}} {
string range $bytes 9 end]"
return $serial
}
proc {system keybytestostring} {key_bytes} {
binary scan $key_bytes H* key_str
if {[string length $key_str] == 32} {
return $key_str
}
return {}
}
proc {system encryptionkey} {} {{key ""}} {
if {$key ne ""} { return $key }
@ -152,8 +159,42 @@ proc {system encryptionkey} {} {{key ""}} {
$fd seek 0xcb800
append bytes [$fd read 10]
$fd close
binary scan $bytes H* key
return $key
return [system keybytestostring $bytes]
}
proc {system customencryptionkey} {{key ""}} {
proc open_keyfile {{access r}} {
return [open "/mod/boot/cryptokey" $access]
}
set ck_fd {}
try {
if {$key ne ""} {
set ck_bytes [binary format H* $key]
set test [system keybytestostring $ck_bytes]
if {![string equal -nocase $test $key]} {
throw 1 "Invalid custom key"
}
# attempt not to truncate on update until written
set ck_fd [open_keyfile a]
$ck_fd seek 0
$ck_fd puts -nonewline $ck_bytes
$ck_fd close
set ck_fd {}
return $key
} else {
set ck_fd [open_keyfile]
set ck_bytes [$ck_fd read 16]
return [system keybytestostring $ck_bytes]
}
} on error {msg opts} {
return {}
} finally {
if {$ck_fd ne {}} {
$ck_fd close
}
}
}
proc {system loaderver} {} {{ver ""}} {

View File

@ -863,16 +863,9 @@ ts method getkey {mode} {
}
if { $mode ne "dlna" } {
# also try other keys, such as this - same as active?
try {
set fd [open "/mod/boot/cryptokey"]
set bytes [$fd read 16]
binary scan $bytes H* key
if {[string length $key] == 32} {
ladd keys $key
}
} on error {} {
} finally {
catch {$fd close}
set key [system customencryptionkey]
if {$key ne ""} {
ladd keys $key
}
# the native key