From patchwork Tue Sep 24 04:50:46 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve French X-Patchwork-Id: 1166306 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=linux-cifs-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="p6H2AJt2"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46cpft5fZCz9sNF for ; Tue, 24 Sep 2019 14:51:02 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2406351AbfIXEvB (ORCPT ); Tue, 24 Sep 2019 00:51:01 -0400 Received: from mail-io1-f49.google.com ([209.85.166.49]:35696 "EHLO mail-io1-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2405468AbfIXEvB (ORCPT ); Tue, 24 Sep 2019 00:51:01 -0400 Received: by mail-io1-f49.google.com with SMTP id q10so1252454iop.2 for ; Mon, 23 Sep 2019 21:50:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=K9NiVfbpskhHYlk5SvYE6t0BJTl3U6RG02ZbnZDdNqI=; b=p6H2AJt2hhtPqCOcUXnRTOSu6p/COkm3DsCen+FgVZ+7XjNIoTipJwA23xPXI6uv+M bQEWmVogncfnS5fQVw6rdXqT5GucU0IKXGB/WSPiXBY5RhJH8T/IUPrQSFQf1fU6ZSRx yKJAljGzgWDGAPRku6hTGHw0mIXc9v5ljhdnW4Ovqguxz1HeVOAH1sgRmy13NA1i2zcq dJNAXBILPO/9rh9R/V3saTKaL8PREChqaq2e1PeLwpwvLNPl1ypGISzzOHlWpwvWgvJR sVVgEycW1O6aLX5ynrZk8IRSa+4qVOpEsZhwjiFl2bpNk0qrIBoPKgHAiw3dgKVqCrXd Lfqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=K9NiVfbpskhHYlk5SvYE6t0BJTl3U6RG02ZbnZDdNqI=; b=lbIXzSwzlSA9YoEYcTBrE64ElMt13vO3+FDXjn0SjwMRckRSoOJHbJIhW5uaVOOHYP jrCba6f4sEb+qCNtJBvOv5Psn/Bg3/1CtAxVHYV1mvQcM7RCi2rFL46VHkvFFbEiEEOX RABX2G+MznYt+N/Z2hsCXosZWo9fEuw5ncggi/qQLk1Uym4yjsl+CGFkTLWATrjqwg28 V69ytKKXZl1NIKt/DYSlLAEEdWLiu2HnfCLZy++PSpn65pTs187iAO3t1tqa8KuH6msd fuOzpxpd4+n9Y60hu+tRTpFU5aCfZkilWvXpQsIvguQzJLxiCr+lV6/1tO1Z8nu/jPu9 GFRg== X-Gm-Message-State: APjAAAV+py5FQddoepr+KX4BkmRrXJOYd7SFQeqjKradtTgicgfWHRqP OigR2pWEFe4vjWc5AcYscphHDv4iVwNmDVCha9WXAkdE X-Google-Smtp-Source: APXvYqwEKI0jfubpz/4z9udAQj78PIDjakYd9A0NPHf2SKMscMZ+zHBbwsHSJKjBp7GZ7bHIYtSdbQguerf0/zkHlJY= X-Received: by 2002:a02:608:: with SMTP id 8mr1623916jav.88.1569300658192; Mon, 23 Sep 2019 21:50:58 -0700 (PDT) MIME-Version: 1.0 From: Steve French Date: Mon, 23 Sep 2019 23:50:46 -0500 Message-ID: Subject: [PATCH] smbinfo dump encryption keys for using wireshark To: CIFS , samba-technical Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org Updated with feedback from Aurelien and Pavel From 6bf40fd1460489a66a31b6fb43bc4661c8dc597e Mon Sep 17 00:00:00 2001 From: Steve French Date: Thu, 19 Sep 2019 04:21:16 -0500 Subject: [PATCH] smbinfo: print the security information needed to decrypt wireshark trace CCM encryption Session Id: e2 3e ea ae 00 00 00 00 Session Key: 65 7e 0e d5 3c 06 5a 06 50 a3 ef 96 c1 64 3d 1f Server Encryption Key: 5e 42 a7 b5 57 75 d6 56 4a 5d 33 97 e6 45 07 76 Server Decryption Key: 1f 64 db a3 0f 24 e3 4d b6 31 00 ab 9a af 22 47 Signed-off-by: Steve French --- smbinfo.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) diff --git a/smbinfo.c b/smbinfo.c index f9de7fd..c9472e9 100644 --- a/smbinfo.c +++ b/smbinfo.c @@ -54,7 +54,17 @@ struct smb_query_info { /* char buffer[]; */ } __packed; +#define SMB3_SIGN_KEY_SIZE 16 +struct smb3_key_debug_info { + uint64_t Suid; + uint16_t cipher_type; + uint8_t auth_key[16]; /* SMB2_NTLMV2_SESSKEY_SIZE */ + uint8_t smb3encryptionkey[SMB3_SIGN_KEY_SIZE]; + uint8_t smb3decryptionkey[SMB3_SIGN_KEY_SIZE]; +} __attribute__((packed)); + #define CIFS_QUERY_INFO _IOWR(CIFS_IOCTL_MAGIC, 7, struct smb_query_info) +#define CIFS_DUMP_KEY _IOWR(CIFS_IOCTL_MAGIC, 8, struct smb3_key_debug_info) #define INPUT_BUFFER_LENGTH 16384 int verbose; @@ -92,7 +102,9 @@ usage(char *name) " quota:\n" " Prints the quota for a cifs file.\n" " secdesc:\n" - " Prints the security descriptor for a cifs file.\n", + " Prints the security descriptor for a cifs file.\n" + " keys:\n" + " Prints the decryption information needed to view encrypted network traces.\n", name); exit(1); } @@ -1015,6 +1027,43 @@ static void print_snapshots(struct smb_snapshot_array *psnap) printf("\n"); } +static void +dump_keys(int f) +{ + struct smb3_key_debug_info keys_info; + uint8_t *psess_id; + + if (ioctl(f, CIFS_DUMP_KEY, &keys_info) < 0) { + fprintf(stderr, "Querying keys information failed with %s\n", strerror(errno)); + exit(1); + } + + if (keys_info.cipher_type == 1) + printf("CCM encryption"); + else if (keys_info.cipher_type == 2) + printf("GCM encryption"); + else if (keys_info.cipher_type == 0) + printf("SMB3.0 CCM encryption"); + else + printf("unknown encryption type"); + + printf("\nSession Id: "); + psess_id = (uint8_t *)&keys_info.Suid; + for (int i = 0; i < 8; i++) + printf(" %02x", psess_id[i]); + + printf("\nSession Key: "); + for (int i = 0; i < 16; i++) + printf(" %02x", keys_info.auth_key[i]); + printf("\nServer Encryption Key: "); + for (int i = 0; i < SMB3_SIGN_KEY_SIZE; i++) + printf(" %02x", keys_info.smb3encryptionkey[i]); + printf("\nServer Decryption Key: "); + for (int i = 0; i < SMB3_SIGN_KEY_SIZE; i++) + printf(" %02x", keys_info.smb3decryptionkey[i]); + printf("\n"); +} + #define CIFS_ENUMERATE_SNAPSHOTS _IOR(CIFS_IOCTL_MAGIC, 6, struct smb_snapshot_array) #define MIN_SNAPSHOT_ARRAY_SIZE 16 /* See MS-SMB2 section 3.3.5.15.1 */ @@ -1124,6 +1173,8 @@ int main(int argc, char *argv[]) quota(f); else if (!strcmp(argv[optind], "secdesc")) secdesc(f); + else if (!strcmp(argv[optind], "keys")) + dump_keys(f); else { fprintf(stderr, "Unknown command %s\n", argv[optind]); exit(1); -- 2.20.1