Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

CIFS: add CONFIG_CIFS_DEBUG_KEYS to dump encryption keys

Add new config option that dumps AES keys to the console when they are
generated. This is obviously for debugging purposes only, and should not
be enabled otherwise.

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Aurélien Aptel 8 years ago
parent
97b37f2416
commit
d38de3c615
2 changed files with 34 additions and 3 deletions
Split View Show Diff Stats
  1. 9 0
      fs/cifs/Kconfig
  2. 25 3
      fs/cifs/smb2transport.c

+ 9 - 0
fs/cifs/Kconfig
View File 

@@ -146,6 +146,15 @@ config CIFS_DEBUG2
 
 	   option can be turned off unless you are debugging
 
 	   cifs problems.  If unsure, say N.
 
 
+config CIFS_DEBUG_DUMP_KEYS
 
+	bool "Dump encryption keys for offline decryption (Unsafe)"
 
+	depends on CIFS_DEBUG && CIFS_SMB2
 
+	help
 
+	   Enabling this will dump the encryption and decryption keys
 
+	   used to communicate on an encrypted share connection on the
 
+	   console. This allows Wireshark to decrypt and dissect
 
+	   encrypted network captures. Enable this carefully.
 
+
 
 config CIFS_DFS_UPCALL
 
 	  bool "DFS feature support"
 
 	  depends on CIFS && KEYS

+ 25 - 3
fs/cifs/smb2transport.c
View File 

@@ -335,9 +335,31 @@ generate_smb3signingkey(struct cifs_ses *ses,
 
 	if (rc)
 
 		return rc;
 
 
-	return generate_key(ses, ptriplet->decryption.label,
 
-			    ptriplet->decryption.context,
 
-			    ses->smb3decryptionkey, SMB3_SIGN_KEY_SIZE);
 
+	rc = generate_key(ses, ptriplet->decryption.label,
 
+			  ptriplet->decryption.context,
 
+			  ses->smb3decryptionkey, SMB3_SIGN_KEY_SIZE);
 
+
 
+	if (rc)
 
+		return rc;
 
+
 
+#ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS
 
+	cifs_dbg(VFS, "%s: dumping generated AES session keys\n", __func__);
 
+	/*
 
+	 * The session id is opaque in terms of endianness, so we can't
 
+	 * print it as a long long. we dump it as we got it on the wire
 
+	 */
 
+	cifs_dbg(VFS, "Session Id    %*ph\n", (int)sizeof(ses->Suid),
 
+			&ses->Suid);
 
+	cifs_dbg(VFS, "Session Key   %*ph\n",
 
+		 SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response);
 
+	cifs_dbg(VFS, "Signing Key   %*ph\n",
 
+		 SMB3_SIGN_KEY_SIZE, ses->smb3signingkey);
 
+	cifs_dbg(VFS, "ServerIn Key  %*ph\n",
 
+		 SMB3_SIGN_KEY_SIZE, ses->smb3encryptionkey);
 
+	cifs_dbg(VFS, "ServerOut Key %*ph\n",
 
+		 SMB3_SIGN_KEY_SIZE, ses->smb3decryptionkey);
 
+#endif
 
+	return rc;
 
 }
 
 
 int