Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d38de3c6 authored by Aurélien Aptel's avatar Aurélien Aptel Committed by Steve French
Browse files

CIFS: add CONFIG_CIFS_DEBUG_KEYS to dump encryption keys



Add new config option that dumps AES keys to the console when they are
generated. This is obviously for debugging purposes only, and should not
be enabled otherwise.

Signed-off-by: default avatarAurelien Aptel <aaptel@suse.com>
Signed-off-by: default avatarSteve French <smfrench@gmail.com>
parent 97b37f24
Loading
Loading
Loading
Loading
+9 −0
Original line number Original line Diff line number Diff line
@@ -146,6 +146,15 @@ config CIFS_DEBUG2
	   option can be turned off unless you are debugging
	   option can be turned off unless you are debugging
	   cifs problems.  If unsure, say N.
	   cifs problems.  If unsure, say N.


config CIFS_DEBUG_DUMP_KEYS
	bool "Dump encryption keys for offline decryption (Unsafe)"
	depends on CIFS_DEBUG && CIFS_SMB2
	help
	   Enabling this will dump the encryption and decryption keys
	   used to communicate on an encrypted share connection on the
	   console. This allows Wireshark to decrypt and dissect
	   encrypted network captures. Enable this carefully.

config CIFS_DFS_UPCALL
config CIFS_DFS_UPCALL
	  bool "DFS feature support"
	  bool "DFS feature support"
	  depends on CIFS && KEYS
	  depends on CIFS && KEYS
+25 −3
Original line number Original line Diff line number Diff line
@@ -335,9 +335,31 @@ generate_smb3signingkey(struct cifs_ses *ses,
	if (rc)
	if (rc)
		return rc;
		return rc;


	return generate_key(ses, ptriplet->decryption.label,
	rc = generate_key(ses, ptriplet->decryption.label,
			  ptriplet->decryption.context,
			  ptriplet->decryption.context,
			  ses->smb3decryptionkey, SMB3_SIGN_KEY_SIZE);
			  ses->smb3decryptionkey, SMB3_SIGN_KEY_SIZE);

	if (rc)
		return rc;

#ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS
	cifs_dbg(VFS, "%s: dumping generated AES session keys\n", __func__);
	/*
	 * The session id is opaque in terms of endianness, so we can't
	 * print it as a long long. we dump it as we got it on the wire
	 */
	cifs_dbg(VFS, "Session Id    %*ph\n", (int)sizeof(ses->Suid),
			&ses->Suid);
	cifs_dbg(VFS, "Session Key   %*ph\n",
		 SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response);
	cifs_dbg(VFS, "Signing Key   %*ph\n",
		 SMB3_SIGN_KEY_SIZE, ses->smb3signingkey);
	cifs_dbg(VFS, "ServerIn Key  %*ph\n",
		 SMB3_SIGN_KEY_SIZE, ses->smb3encryptionkey);
	cifs_dbg(VFS, "ServerOut Key %*ph\n",
		 SMB3_SIGN_KEY_SIZE, ses->smb3decryptionkey);
#endif
	return rc;
}
}


int
int