[SMB3][PATCH] dump encryption keys to allow wireshark debugging of encrypted
Pavel Shilovsky
pavel.shilovsky at gmail.com
Fri Sep 20 17:14:09 UTC 2019
Thanks, this is very useful functionality! A couple comments below.
kernel patch:
+ cifs_dbg(VFS, "ioctl dumpkey\n"); /* BB REMOVEME */
please remove this or change to FYI.
user space patch:
+ if (keys_info.cipher_type == 1)
+ printf("CCM encryption");
+ else if (keys_info.cipher_type == 2)
+ printf("GCM encryption");
+ else if (keys_info.cipher_type == 0)
+ printf("SMB3.0 encryption");
^^^
SMB3.0 encryption is CCM, so, let's not confuse users and print "CCM
encryption" for both cipher_type values of 0 and 1.
Best regards,
Pavel Shilovskiy
пт, 20 сент. 2019 г. в 00:20, Steve French via samba-technical
<samba-technical at lists.samba.org>:
>
> And updated patch for cifs-utils ("smbinfo keys <filename>")
>
>
> On Fri, Sep 20, 2019 at 2:07 AM Steve French <smfrench at gmail.com> wrote:
> >
> > kernel patch updated to check if encryption is enabled
> >
> > In order to debug certain problems it is important to be able
> > to decrypt network traces (e.g. wireshark) but to do this we
> > need to be able to dump out the encryption/decryption keys.
> > Dumping them to an ioctl is safer than dumping then to dmesg,
> > (and better than showing all keys in a pseudofile).
> >
> > Restrict this to root (CAP_SYS_ADMIN), and only for a mount
> > that this admin has access to.
> >
> > Sample smbinfo output:
> > SMB3.0 encryption
> > Session Id: 0x82d2ec52
> > Session Key: a5 6d 81 d0 e c1 ca e1 d8 13 aa 20 e8 f2 cc 71
> > Server Encryption Key: 1a c3 be ba 3d fc dc 3c e bc 93 9e 50 9e 19 c1
> > Server Decryption Key: e0 d4 d9 43 1b a2 1b e3 d8 76 77 49 56 f7 20 88
> >
> >
> > --
> > Thanks,
> >
> > Steve
>
>
>
> --
> Thanks,
>
> Steve
More information about the samba-technical
mailing list