From: Steve French <smfrench@gmail.com>
To: CIFS <linux-cifs@vger.kernel.org>,
samba-technical <samba-technical@lists.samba.org>
Subject: [PATCH] smbinfo dump encryption keys for using wireshark
Date: Mon, 23 Sep 2019 23:50:46 -0500 [thread overview]
Message-ID: <CAH2r5mvfb3nkdz8r8sAUXGJkx678XZkt4dn=4xiuq0UD2vxFrw@mail.gmail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 68 bytes --]
Updated with feedback from Aurelien and Pavel
--
Thanks,
Steve
[-- Attachment #2: 0001-smbinfo-print-the-security-information-needed-to-dec.patch --]
[-- Type: text/x-patch, Size: 3300 bytes --]
From 6bf40fd1460489a66a31b6fb43bc4661c8dc597e Mon Sep 17 00:00:00 2001
From: Steve French <stfrench@microsoft.com>
Date: Thu, 19 Sep 2019 04:21:16 -0500
Subject: [PATCH] smbinfo: print the security information needed to decrypt
wireshark trace
CCM encryption
Session Id: e2 3e ea ae 00 00 00 00
Session Key: 65 7e 0e d5 3c 06 5a 06 50 a3 ef 96 c1 64 3d 1f
Server Encryption Key: 5e 42 a7 b5 57 75 d6 56 4a 5d 33 97 e6 45 07 76
Server Decryption Key: 1f 64 db a3 0f 24 e3 4d b6 31 00 ab 9a af 22 47
Signed-off-by: Steve French <stfrench@microsoft.com>
---
smbinfo.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 52 insertions(+), 1 deletion(-)
diff --git a/smbinfo.c b/smbinfo.c
index f9de7fd..c9472e9 100644
--- a/smbinfo.c
+++ b/smbinfo.c
@@ -54,7 +54,17 @@ struct smb_query_info {
/* char buffer[]; */
} __packed;
+#define SMB3_SIGN_KEY_SIZE 16
+struct smb3_key_debug_info {
+ uint64_t Suid;
+ uint16_t cipher_type;
+ uint8_t auth_key[16]; /* SMB2_NTLMV2_SESSKEY_SIZE */
+ uint8_t smb3encryptionkey[SMB3_SIGN_KEY_SIZE];
+ uint8_t smb3decryptionkey[SMB3_SIGN_KEY_SIZE];
+} __attribute__((packed));
+
#define CIFS_QUERY_INFO _IOWR(CIFS_IOCTL_MAGIC, 7, struct smb_query_info)
+#define CIFS_DUMP_KEY _IOWR(CIFS_IOCTL_MAGIC, 8, struct smb3_key_debug_info)
#define INPUT_BUFFER_LENGTH 16384
int verbose;
@@ -92,7 +102,9 @@ usage(char *name)
" quota:\n"
" Prints the quota for a cifs file.\n"
" secdesc:\n"
- " Prints the security descriptor for a cifs file.\n",
+ " Prints the security descriptor for a cifs file.\n"
+ " keys:\n"
+ " Prints the decryption information needed to view encrypted network traces.\n",
name);
exit(1);
}
@@ -1015,6 +1027,43 @@ static void print_snapshots(struct smb_snapshot_array *psnap)
printf("\n");
}
+static void
+dump_keys(int f)
+{
+ struct smb3_key_debug_info keys_info;
+ uint8_t *psess_id;
+
+ if (ioctl(f, CIFS_DUMP_KEY, &keys_info) < 0) {
+ fprintf(stderr, "Querying keys information failed with %s\n", strerror(errno));
+ exit(1);
+ }
+
+ if (keys_info.cipher_type == 1)
+ printf("CCM encryption");
+ else if (keys_info.cipher_type == 2)
+ printf("GCM encryption");
+ else if (keys_info.cipher_type == 0)
+ printf("SMB3.0 CCM encryption");
+ else
+ printf("unknown encryption type");
+
+ printf("\nSession Id: ");
+ psess_id = (uint8_t *)&keys_info.Suid;
+ for (int i = 0; i < 8; i++)
+ printf(" %02x", psess_id[i]);
+
+ printf("\nSession Key: ");
+ for (int i = 0; i < 16; i++)
+ printf(" %02x", keys_info.auth_key[i]);
+ printf("\nServer Encryption Key: ");
+ for (int i = 0; i < SMB3_SIGN_KEY_SIZE; i++)
+ printf(" %02x", keys_info.smb3encryptionkey[i]);
+ printf("\nServer Decryption Key: ");
+ for (int i = 0; i < SMB3_SIGN_KEY_SIZE; i++)
+ printf(" %02x", keys_info.smb3decryptionkey[i]);
+ printf("\n");
+}
+
#define CIFS_ENUMERATE_SNAPSHOTS _IOR(CIFS_IOCTL_MAGIC, 6, struct smb_snapshot_array)
#define MIN_SNAPSHOT_ARRAY_SIZE 16 /* See MS-SMB2 section 3.3.5.15.1 */
@@ -1124,6 +1173,8 @@ int main(int argc, char *argv[])
quota(f);
else if (!strcmp(argv[optind], "secdesc"))
secdesc(f);
+ else if (!strcmp(argv[optind], "keys"))
+ dump_keys(f);
else {
fprintf(stderr, "Unknown command %s\n", argv[optind]);
exit(1);
--
2.20.1
next reply other threads:[~2019-09-24 4:51 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-24 4:50 Steve French [this message]
2019-09-24 15:18 ` [PATCH] smbinfo dump encryption keys for using wireshark Pavel Shilovsky
2019-10-04 0:21 ` Pavel Shilovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAH2r5mvfb3nkdz8r8sAUXGJkx678XZkt4dn=4xiuq0UD2vxFrw@mail.gmail.com' \
--to=smfrench@gmail.com \
--cc=linux-cifs@vger.kernel.org \
--cc=samba-technical@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).