Re: [SMB3][PATCH] dump encryption keys to allow wireshark debugging of encrypted

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks, this is very useful functionality! A couple comments below.

kernel patch:

+ cifs_dbg(VFS, "ioctl dumpkey\n"); /* BB REMOVEME */

please remove this or change to FYI.

user space patch:

+ if (keys_info.cipher_type == 1)
+ printf("CCM encryption");
+ else if (keys_info.cipher_type == 2)
+ printf("GCM encryption");
+ else if (keys_info.cipher_type == 0)
+ printf("SMB3.0 encryption");
^^^
SMB3.0 encryption is CCM, so, let's not confuse users and print "CCM
encryption" for both cipher_type values of 0 and 1.


Best regards,
Pavel Shilovskiy

пт, 20 сент. 2019 г. в 00:20, Steve French via samba-technical
<samba-technical@xxxxxxxxxxxxxxx>:
>
> And updated patch for cifs-utils ("smbinfo keys <filename>")
>
>
> On Fri, Sep 20, 2019 at 2:07 AM Steve French <smfrench@xxxxxxxxx> wrote:
> >
> > kernel patch updated to check if encryption is enabled
> >
> > In order to debug certain problems it is important to be able
> > to decrypt network traces (e.g. wireshark) but to do this we
> > need to be able to dump out the encryption/decryption keys.
> > Dumping them to an ioctl is safer than dumping then to dmesg,
> > (and better than showing all keys in a pseudofile).
> >
> > Restrict this to root (CAP_SYS_ADMIN), and only for a mount
> > that this admin has access to.
> >
> > Sample smbinfo output:
> > SMB3.0 encryption
> > Session Id:   0x82d2ec52
> > Session Key:  a5 6d 81 d0 e c1 ca e1 d8 13 aa 20 e8 f2 cc 71
> > Server Encryption Key:  1a c3 be ba 3d fc dc 3c e bc 93 9e 50 9e 19 c1
> > Server Decryption Key:  e0 d4 d9 43 1b a2 1b e3 d8 76 77 49 56 f7 20 88
> >
> >
> > --
> > Thanks,
> >
> > Steve
>
>
>
> --
> Thanks,
>
> Steve




[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux