[Bug 1886551] Re: wireshark trace decryption
Ioanna Alifieraki
1886551 at bugs.launchpad.net
Mon Sep 14 12:04:45 UTC 2020
** Merge proposal linked:
https://code.launchpad.net/~joalif/ubuntu/+source/cifs-utils/+git/cifs-utils/+merge/390670
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cifs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1886551
Title:
wireshark trace decryption
Status in cifs-utils package in Ubuntu:
Fix Released
Status in cifs-utils source package in Bionic:
Confirmed
Status in cifs-utils source package in Focal:
Confirmed
Bug description:
[Impact]
For Bionic release, current cifs-utils package version is 6.8-1. This
version is missing below two commits
https://git.samba.org/?p=cifs-utils.git;a=commit;h=74a1ced5f706ea6a9cab885693c7755657b81a2a
https://git.samba.org/?p=cifs-utils.git;a=commit;h=6df98da5cd3fbb33f6f535c6784f037bbadadb84
* Without above feature, we won’t be able to analyze most part of
network traces on a client side in case customers have problems
accessing Azure Files service from VMs running Ubuntu Bionic.
[Test Case]
* Setup an ubuntu bionic vm
* Install the packages:
sudo apt update
sudo apt install samba cifs-utils -y
* With the new cifs-utils package, you should have the smbinfo command available:
ubuntu at bionic-smbinfo:~$ smbinfo
Usage: smbinfo [-v] [-V] <command> <file>
Try 'smbinfo -h' for more information.
* To test the extraction of encryption keys, the HWE kernel (or another kernel version 5 or higher) must be installed:
sudo apt install linux-image-generic-hwe-18.04
* Reboot into the new kernel
sudo reboot
* Setup a share:
echo -e "[myshare]\npath=/myshare\n" | sudo tee -a /etc/samba/smb.conf
sudo mkdir /myshare
echo "Hello World" | sudo tee /myshare/hello.txt
* Create a samba user ubuntu, with a password of your choice (you will be prompted for it):
sudo smbpasswd -a ubuntu
* Mount the new share with encryption options:
ubuntu at bionic-smbinfo:~$ sudo mount //localhost/myshare /mnt -o seal,user=ubuntu
Password for ubuntu@//localhost/myshare: ******
* Confirm with smbstatus that the connection is encrypted:
ubuntu at bionic-smbinfo:~$ sudo smbstatus
Samba version 4.7.6-Ubuntu
PID Username Group Machine Protocol Version Encryption Signing
----------------------------------------------------------------------------------------------------------------------------------------
4516 ubuntu ubuntu 127.0.0.1 (ipv4:127.0.0.1:45794) SMB3_11 partial(AES-128-CCM) partial(AES-128-CMAC)
Service pid Machine Connected at Encryption Signing
---------------------------------------------------------------------------------------------
IPC$ 4516 127.0.0.1 Thu Sep 10 20:41:14 2020 UTC AES-128-CCM AES-128-CMAC
myshare 4516 127.0.0.1 Thu Sep 10 20:41:14 2020 UTC AES-128-CCM AES-128-CMAC
No locked files
* Obtain the encryption keys:
ubuntu at bionic-smbinfo:~$ sudo smbinfo keys /mnt/hello.txt
CCM encryption
Session Id: b6 4c 21 8f 00 00 00 00
Session Key: 42 26 cf 6d d1 55 c7 80 b4 27 10 c2 a8 d2 26 31
Server Encryption Key: c9 37 6c 10 14 0e 1f f6 ea c7 5e d7 e0 76 79 a7
Server Decryption Key: 97 4e 2e 99 ec 27 66 a4 95 b5 a4 f9 8c 17 c7 ee
* There are many other subcommands available in smbinfo. For a list, run:
smbinfo -h
[Regression Potential]
These patches cherry pick and touch 2 files : smbinfo.c and smbinfo.rst.
They add the smbinfo utility which is required for the 2 commits mentioned in the <Impact> section. Since smbinfo does not interact with the rest of the code any regression potential would involve smbinfo itself.
[Other]
The smbinfo utility to work properly requires kernel >5.0 and the
'keys' command which is the one used for dumping session id,
encryption and decryption keys requires kernel > 5.4.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/1886551/+subscriptions
More information about the foundations-bugs
mailing list