diff options
| author |   Steve French <stfrench@microsoft.com> | 2021-04-30 17:14:45 -0500 |
|---|---|---|
| committer | Steve French <stfrench@microsoft.com> | 2021-05-03 11:43:37 -0500 |
| commit | aa22ebc3826be23a4b2f776c7ad5079c75611dec (patch) | |
| tree | fe7468f03aaf3c21d423ffb21dd96f6f87c985d9 /fs/cifs/ioctl.c | |
| parent | cifs: add shutdown support (diff) | |
| download | linux-dev-aa22ebc3826be23a4b2f776c7ad5079c75611dec.tar.xz linux-dev-aa22ebc3826be23a4b2f776c7ad5079c75611dec.zip | |
smb3.1.1: allow dumping GCM256 keys to improve debugging of encrypted shares
Previously we were only able to dump CCM or GCM-128 keys (see "smbinfo keys" e.g.)
to allow network debugging (e.g. wireshark) of mounts to SMB3.1.1 encrypted
shares. But with the addition of GCM-256 support, we have to be able to dump
32 byte instead of 16 byte keys which requires adding an additional ioctl
for that.
Reviewed-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'fs/cifs/ioctl.c')
| -rw-r--r-- | fs/cifs/ioctl.c | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/fs/cifs/ioctl.c b/fs/cifs/ioctl.c index ef41fa878793..7d9654f56edc 100644 --- a/fs/cifs/ioctl.c +++ b/fs/cifs/ioctl.c @@ -218,6 +218,7 @@ long cifs_ioctl(struct file *filep, unsigned int command, unsigned long arg) { struct inode *inode = file_inode(filep); struct smb3_key_debug_info pkey_inf; + struct smb3_full_key_debug_info pfull_key_inf; int rc = -ENOTTY; /* strange error - but the precedent */ unsigned int xid; struct cifsFileInfo *pSMBFile = filep->private_data; @@ -354,6 +355,38 @@ long cifs_ioctl(struct file *filep, unsigned int command, unsigned long arg) else rc = 0; break; + /* + * Dump full key (32 bytes instead of 16 bytes) is + * needed if GCM256 (stronger encryption) negotiated + */ + case CIFS_DUMP_FULL_KEY: + if (pSMBFile == NULL) + break; + if (!capable(CAP_SYS_ADMIN)) { + rc = -EACCES; + break; + } + + tcon = tlink_tcon(pSMBFile->tlink); + if (!smb3_encryption_required(tcon)) { + rc = -EOPNOTSUPP; + break; + } + pfull_key_inf.cipher_type = + le16_to_cpu(tcon->ses->server->cipher_type); + pfull_key_inf.Suid = tcon->ses->Suid; + memcpy(pfull_key_inf.auth_key, tcon->ses->auth_key.response, + 16 /* SMB2_NTLMV2_SESSKEY_SIZE */); + memcpy(pfull_key_inf.smb3decryptionkey, + tcon->ses->smb3decryptionkey, 32 /* SMB3_ENC_DEC_KEY_SIZE */); + memcpy(pfull_key_inf.smb3encryptionkey, + tcon->ses->smb3encryptionkey, 32 /* SMB3_ENC_DEC_KEY_SIZE */); + if (copy_to_user((void __user *)arg, &pfull_key_inf, + sizeof(struct smb3_full_key_debug_info))) + rc = -EFAULT; + else + rc = 0; + break; case CIFS_IOC_NOTIFY: if (!S_ISDIR(inode->i_mode)) { /* Notify can only be done on directories */ |