diff options
| author | Steve French <stfrench@microsoft.com> | 2021-04-30 17:14:45 -0500 |
|---|---|---|
| committer | Steve French <stfrench@microsoft.com> | 2021-05-03 11:43:37 -0500 |
| commit | aa22ebc3826be23a4b2f776c7ad5079c75611dec (patch) | |
| tree | fe7468f03aaf3c21d423ffb21dd96f6f87c985d9 /fs/cifs/cifs_ioctl.h | |
| parent | 087f757b0129850c99cc9116df4909dac1bce871 (diff) | |
| download | linux-rpi-aa22ebc3826be23a4b2f776c7ad5079c75611dec.tar.gz linux-rpi-aa22ebc3826be23a4b2f776c7ad5079c75611dec.tar.bz2 linux-rpi-aa22ebc3826be23a4b2f776c7ad5079c75611dec.zip | |
smb3.1.1: allow dumping GCM256 keys to improve debugging of encrypted shares
Previously we were only able to dump CCM or GCM-128 keys (see "smbinfo keys" e.g.)
to allow network debugging (e.g. wireshark) of mounts to SMB3.1.1 encrypted
shares. But with the addition of GCM-256 support, we have to be able to dump
32 byte instead of 16 byte keys which requires adding an additional ioctl
for that.
Reviewed-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'fs/cifs/cifs_ioctl.h')
| -rw-r--r-- | fs/cifs/cifs_ioctl.h | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/fs/cifs/cifs_ioctl.h b/fs/cifs/cifs_ioctl.h index f262c64516bc..4a97fe12006b 100644 --- a/fs/cifs/cifs_ioctl.h +++ b/fs/cifs/cifs_ioctl.h @@ -57,6 +57,12 @@ struct smb_query_info { /* char buffer[]; */ } __packed; +/* + * Dumping the commonly used 16 byte (e.g. CCM and GCM128) keys still supported + * for backlevel compatibility, but is not sufficient for dumping the less + * frequently used GCM256 (32 byte) keys (see the newer "CIFS_DUMP_FULL_KEY" + * ioctl for dumping decryption info for GCM256 mounts) + */ struct smb3_key_debug_info { __u64 Suid; __u16 cipher_type; @@ -65,6 +71,18 @@ struct smb3_key_debug_info { __u8 smb3decryptionkey[SMB3_SIGN_KEY_SIZE]; } __packed; +/* + * Dump full key (32 byte encrypt/decrypt keys instead of 16 bytes) + * is needed if GCM256 (stronger encryption) negotiated + */ +struct smb3_full_key_debug_info { + __u64 Suid; + __u16 cipher_type; + __u8 auth_key[16]; /* SMB2_NTLMV2_SESSKEY_SIZE */ + __u8 smb3encryptionkey[32]; /* SMB3_ENC_DEC_KEY_SIZE */ + __u8 smb3decryptionkey[32]; /* SMB3_ENC_DEC_KEY_SIZE */ +} __packed; + struct smb3_notify { __u32 completion_filter; bool watch_tree; @@ -78,6 +96,7 @@ struct smb3_notify { #define CIFS_QUERY_INFO _IOWR(CIFS_IOCTL_MAGIC, 7, struct smb_query_info) #define CIFS_DUMP_KEY _IOWR(CIFS_IOCTL_MAGIC, 8, struct smb3_key_debug_info) #define CIFS_IOC_NOTIFY _IOW(CIFS_IOCTL_MAGIC, 9, struct smb3_notify) +#define CIFS_DUMP_FULL_KEY _IOWR(CIFS_IOCTL_MAGIC, 10, struct smb3_full_key_debug_info) #define CIFS_IOC_SHUTDOWN _IOR ('X', 125, __u32) /* |