[PATCH] smb3.1.1: allow dumping GCM256 keys to improve debugging of encrypted shares
Stefan Metzmacher
metze at samba.org
Fri May 7 00:17:45 UTC 2021
Hi Steve,
> +/*
> + * Dump full key (32 byte encrypt/decrypt keys instead of 16 bytes)
> + * is needed if GCM256 (stronger encryption) negotiated
> + */
> +struct smb3_full_key_debug_info {
> + __u64 Suid;
> + __u16 cipher_type;
> + __u8 auth_key[16]; /* SMB2_NTLMV2_SESSKEY_SIZE */
Why this? With kerberos the authentication key can be 32 bytes too.
Why are you exporting it at all?
> + __u8 smb3encryptionkey[SMB3_ENC_DEC_KEY_SIZE];
> + __u8 smb3decryptionkey[SMB3_ENC_DEC_KEY_SIZE];
> +} __packed;
> +
As encryption and decryption is relative wouldn't
something like smb3_s2c_cipherkey and smb3_c2s_cipherkey be better names?
They are derived with SMBS2CCipherKey and SMBC2SCipherKey as labels.
metze
More information about the samba-technical
mailing list