Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d38de3c6 authored by Aurélien Aptel's avatar Aurélien Aptel Committed by Steve French
Browse files

CIFS: add CONFIG_CIFS_DEBUG_KEYS to dump encryption keys 



Add new config option that dumps AES keys to the console when they are
generated. This is obviously for debugging purposes only, and should not
be enabled otherwise.

Signed-off-by: default avatarAurelien Aptel <aaptel@suse.com>
Signed-off-by: default avatarSteve French <smfrench@gmail.com>
parent 97b37f24

fs/cifs/Kconfig

+9 −0
Original line number Original line Diff line number Diff line
@@ -146,6 +146,15 @@ config CIFS_DEBUG2 
	   option can be turned off unless you are debugging

	   option can be turned off unless you are debugging

	   cifs problems.  If unsure, say N.

	   cifs problems.  If unsure, say N.





config CIFS_DEBUG_DUMP_KEYS

	bool "Dump encryption keys for offline decryption (Unsafe)"

	depends on CIFS_DEBUG && CIFS_SMB2

	help

	   Enabling this will dump the encryption and decryption keys

	   used to communicate on an encrypted share connection on the

	   console. This allows Wireshark to decrypt and dissect

	   encrypted network captures. Enable this carefully.



config CIFS_DFS_UPCALL

config CIFS_DFS_UPCALL

	  bool "DFS feature support"

	  bool "DFS feature support"

	  depends on CIFS && KEYS

	  depends on CIFS && KEYS

fs/cifs/smb2transport.c

+25 −3
Original line number Original line Diff line number Diff line
@@ -335,9 +335,31 @@ generate_smb3signingkey(struct cifs_ses *ses, 
	if (rc)

	if (rc)

		return rc;

		return rc;





	return generate_key(ses, ptriplet->decryption.label,

	rc = generate_key(ses, ptriplet->decryption.label,

			  ptriplet->decryption.context,

			  ptriplet->decryption.context,

			  ses->smb3decryptionkey, SMB3_SIGN_KEY_SIZE);

			  ses->smb3decryptionkey, SMB3_SIGN_KEY_SIZE);



	if (rc)

		return rc;



#ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS

	cifs_dbg(VFS, "%s: dumping generated AES session keys\n", __func__);

	/*

	 * The session id is opaque in terms of endianness, so we can't

	 * print it as a long long. we dump it as we got it on the wire

	 */

	cifs_dbg(VFS, "Session Id    %*ph\n", (int)sizeof(ses->Suid),

			&ses->Suid);

	cifs_dbg(VFS, "Session Key   %*ph\n",

		 SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response);

	cifs_dbg(VFS, "Signing Key   %*ph\n",

		 SMB3_SIGN_KEY_SIZE, ses->smb3signingkey);

	cifs_dbg(VFS, "ServerIn Key  %*ph\n",

		 SMB3_SIGN_KEY_SIZE, ses->smb3encryptionkey);

	cifs_dbg(VFS, "ServerOut Key %*ph\n",

		 SMB3_SIGN_KEY_SIZE, ses->smb3decryptionkey);

#endif

	return rc;

}

}





int

int