diff --git a/webif/html/settings/modules/advanced/init.hook b/webif/html/settings/modules/advanced/init.hook
index abecda1..128015b 100644
--- a/webif/html/settings/modules/advanced/init.hook
+++ b/webif/html/settings/modules/advanced/init.hook
@@ -13,16 +13,19 @@ if {[cgi_get act] eq "xtelnet"} {
if {[cgi_get act] eq "cryptokey"} {
set val [cgi_get cryptokey ""]
- if {[string length "$val"] == 0} {
+ if {$val eq ""} {
set val [system encryptionkey]
puts "Using native encryption key.
"
} elseif {[string length $val] != 32} {
puts "Encryption key is too short."
exit
}
- file write "/mod/boot/cryptokey" [binary format H* $val]
- system nugget cryptokey -init
- puts "Installed new encryption key."
+ if {[system customencryptionkey $val] ne ""} {
+ system nugget cryptokey -init
+ puts "Installed new encryption key."
+ } else {
+ puts "Failed to install encryption key $val"
+ }
exit
}
@@ -34,13 +37,8 @@ set logkeep [$settings logkeep]
set logage [$settings logage]
set cryptokey [system encryptionkey]
-if {![catch {set ck_fd [open "/mod/boot/cryptokey"]}]} {
- set ck_bytes [$ck_fd read 16]
- $ck_fd close
- binary scan $ck_bytes H* ck_key
- if {[string length $ck_key] == 32} {
- set cryptokey $ck_key
- }
+if {[set customkey [system customencryptionkey]] ne ""} {
+ set cryptokey $customkey
}
handle_int_update pkgdev $pkgdev "Development Package Display"
diff --git a/webif/include/modversion.jim b/webif/include/modversion.jim
index 85c7493..43b5a36 100755
--- a/webif/include/modversion.jim
+++ b/webif/include/modversion.jim
@@ -20,7 +20,10 @@ puts "
Loader Version: [system loaderver]"
puts "
System ID: [system systemid]"
puts "
Serial Number: [system serialno]"
if {$mws::pagetag eq "Diagnostics"} {
- puts "
Encryption Key: [system encryptionkey]"
+ puts "
Native Encryption Key: [system encryptionkey]"
+ if {[set customkey [system customencryptionkey]] ne ""} {
+ puts "
Custom Encryption Key: $customkey"
+ }
}
puts "
Last Boot Reason: [system lastbootreason]"
diff --git a/webif/lib/system.class b/webif/lib/system.class
index e0ffb9a..1a08edc 100644
--- a/webif/lib/system.class
+++ b/webif/lib/system.class
@@ -143,6 +143,13 @@ proc {system serialno} {} {{serial ""}} {
string range $bytes 9 end]"
return $serial
}
+proc {system keybytestostring} {key_bytes} {
+ binary scan $key_bytes H* key_str
+ if {[string length $key_str] == 32} {
+ return $key_str
+ }
+ return {}
+}
proc {system encryptionkey} {} {{key ""}} {
if {$key ne ""} { return $key }
@@ -152,8 +159,42 @@ proc {system encryptionkey} {} {{key ""}} {
$fd seek 0xcb800
append bytes [$fd read 10]
$fd close
- binary scan $bytes H* key
- return $key
+ return [system keybytestostring $bytes]
+}
+
+proc {system customencryptionkey} {{key ""}} {
+
+ proc open_keyfile {{access r}} {
+ return [open "/mod/boot/cryptokey" $access]
+ }
+
+ set ck_fd {}
+ try {
+ if {$key ne ""} {
+ set ck_bytes [binary format H* $key]
+ set test [system keybytestostring $ck_bytes]
+ if {![string equal -nocase $test $key]} {
+ throw 1 "Invalid custom key"
+ }
+ # attempt not to truncate on update until written
+ set ck_fd [open_keyfile a]
+ $ck_fd seek 0
+ $ck_fd puts -nonewline $ck_bytes
+ $ck_fd close
+ set ck_fd {}
+ return $key
+ } else {
+ set ck_fd [open_keyfile]
+ set ck_bytes [$ck_fd read 16]
+ return [system keybytestostring $ck_bytes]
+ }
+ } on error {msg opts} {
+ return {}
+ } finally {
+ if {$ck_fd ne {}} {
+ $ck_fd close
+ }
+ }
}
proc {system loaderver} {} {{ver ""}} {
diff --git a/webif/lib/ts.class b/webif/lib/ts.class
index bcfe270..526814a 100644
--- a/webif/lib/ts.class
+++ b/webif/lib/ts.class
@@ -863,16 +863,9 @@ ts method getkey {mode} {
}
if { $mode ne "dlna" } {
# also try other keys, such as this - same as active?
- try {
- set fd [open "/mod/boot/cryptokey"]
- set bytes [$fd read 16]
- binary scan $bytes H* key
- if {[string length $key] == 32} {
- ladd keys $key
- }
- } on error {} {
- } finally {
- catch {$fd close}
+ set key [system customencryptionkey]
+ if {$key ne ""} {
+ ladd keys $key
}
# the native key