And updated patch for cifs-utils ("smbinfo keys <filename>") On Fri, Sep 20, 2019 at 2:07 AM Steve French <smfrench@xxxxxxxxx> wrote: > > kernel patch updated to check if encryption is enabled > > In order to debug certain problems it is important to be able > to decrypt network traces (e.g. wireshark) but to do this we > need to be able to dump out the encryption/decryption keys. > Dumping them to an ioctl is safer than dumping then to dmesg, > (and better than showing all keys in a pseudofile). > > Restrict this to root (CAP_SYS_ADMIN), and only for a mount > that this admin has access to. > > Sample smbinfo output: > SMB3.0 encryption > Session Id: 0x82d2ec52 > Session Key: a5 6d 81 d0 e c1 ca e1 d8 13 aa 20 e8 f2 cc 71 > Server Encryption Key: 1a c3 be ba 3d fc dc 3c e bc 93 9e 50 9e 19 c1 > Server Decryption Key: e0 d4 d9 43 1b a2 1b e3 d8 76 77 49 56 f7 20 88 > > > -- > Thanks, > > Steve -- Thanks, Steve
From 3c2f15537850ede5cca0feb1dc008cc76042c67f Mon Sep 17 00:00:00 2001 From: Steve French <stfrench@xxxxxxxxxxxxx> Date: Thu, 19 Sep 2019 04:21:16 -0500 Subject: [PATCH] smbinfo: print the security information needed to decrypt wireshark trace Sample output: SMB3.0 encryption Session Id: 0x82d2ec52 Session Key: a5 6d 81 d0 e c1 ca e1 d8 13 aa 20 e8 f2 cc 71 Server Encryption Key: 1a c3 be ba 3d fc dc 3c e bc 93 9e 50 9e 19 c1 Server Decryption Key: e0 d4 d9 43 1b a2 1b e3 d8 76 77 49 56 f7 20 88 Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx> merge --- smbinfo.c | 47 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) diff --git a/smbinfo.c b/smbinfo.c index f9de7fd..383df33 100644 --- a/smbinfo.c +++ b/smbinfo.c @@ -54,7 +54,17 @@ struct smb_query_info { /* char buffer[]; */ } __packed; +#define SMB3_SIGN_KEY_SIZE 16 +struct smb3_key_debug_info { + uint64_t Suid; + uint16_t cipher_type; + uint8_t auth_key[16]; /* SMB2_NTLMV2_SESSKEY_SIZE */ + uint8_t smb3encryptionkey[SMB3_SIGN_KEY_SIZE]; + uint8_t smb3decryptionkey[SMB3_SIGN_KEY_SIZE]; +} __attribute__((packed)); + #define CIFS_QUERY_INFO _IOWR(CIFS_IOCTL_MAGIC, 7, struct smb_query_info) +#define CIFS_DUMP_KEY _IOWR(CIFS_IOCTL_MAGIC, 8, struct smb3_key_debug_info) #define INPUT_BUFFER_LENGTH 16384 int verbose; @@ -92,7 +102,9 @@ usage(char *name) " quota:\n" " Prints the quota for a cifs file.\n" " secdesc:\n" - " Prints the security descriptor for a cifs file.\n", + " Prints the security descriptor for a cifs file.\n" + " keys:\n" + " Prints the decryption information needed to view encrypted network traces.\n", name); exit(1); } @@ -1015,6 +1027,37 @@ static void print_snapshots(struct smb_snapshot_array *psnap) printf("\n"); } +static void +dump_keys(int f) +{ + struct smb3_key_debug_info keys_info; + + if (ioctl(f, CIFS_DUMP_KEY, &keys_info) < 0) { + fprintf(stderr, "Querying keys information failed with %s\n", strerror(errno)); + exit(1); + } + + if (keys_info.cipher_type == 1) + printf("CCM encryption"); + else if (keys_info.cipher_type == 2) + printf("GCM encryption"); + else if (keys_info.cipher_type == 0) + printf("SMB3.0 encryption"); + else + printf("unknown encryption type"); + printf("\nSession Id: 0x%lx", keys_info.Suid); + printf("\nSession Key: "); + for (int i = 0; i < 16; i++) + printf(" %x", keys_info.auth_key[i]); + printf("\nServer Encryption Key: "); + for (int i = 0; i < SMB3_SIGN_KEY_SIZE; i++) + printf(" %x", keys_info.smb3encryptionkey[i]); + printf("\nServer Decryption Key: "); + for (int i = 0; i < SMB3_SIGN_KEY_SIZE; i++) + printf(" %x", keys_info.smb3decryptionkey[i]); + printf("\n"); +} + #define CIFS_ENUMERATE_SNAPSHOTS _IOR(CIFS_IOCTL_MAGIC, 6, struct smb_snapshot_array) #define MIN_SNAPSHOT_ARRAY_SIZE 16 /* See MS-SMB2 section 3.3.5.15.1 */ @@ -1124,6 +1167,8 @@ int main(int argc, char *argv[]) quota(f); else if (!strcmp(argv[optind], "secdesc")) secdesc(f); + else if (!strcmp(argv[optind], "keys")) + dump_keys(f); else { fprintf(stderr, "Unknown command %s\n", argv[optind]); exit(1); -- 2.20.1