[Bug 1886551] Re: wireshark trace decryption

Andreas Hasenack 1886551 at bugs.launchpad.net
Thu Sep 10 13:28:51 UTC 2020 

** Merge proposal linked:
   https://code.launchpad.net/~joalif/ubuntu/+source/cifs-utils/+git/cifs-utils/+merge/390551

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cifs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1886551

Title:
   wireshark trace decryption

Status in cifs-utils package in Ubuntu:
  Fix Released
Status in cifs-utils source package in Bionic:
  Confirmed
Status in cifs-utils source package in Focal:
  Confirmed

Bug description:
  [Impact]

  For Bionic release, current cifs-utils package version is 6.8-1. This
  version is missing below two commits

  https://git.samba.org/?p=cifs-utils.git;a=commit;h=74a1ced5f706ea6a9cab885693c7755657b81a2a
  https://git.samba.org/?p=cifs-utils.git;a=commit;h=6df98da5cd3fbb33f6f535c6784f037bbadadb84

  
   * Without above feature, we won’t be able to analyze most part of network traces on a client side in case customers have problems accessing Azure Files service from VMs running Ubuntu Bionic.

  [Test Case]
  Setup a windows vm to share a directory and an ubuntu host with cifs-utils installed.

  # mount -v -t cifs //<widnows-IP>/<windows-share>/ /path/to/mount -o
  username=<username>,password=<password>,domain=<domain>,seal,vers=3.0

  Once the share is mounted successfully, we can manually test the various commands available in smbinfo utility.
  The syntax is :
  # smbinfo <command> <file>

  For the available smbinfo commands :
  # smbinfo -h

  For example :

  # smbinfo keys joalif.txt
  SMB3.0 CCM encryption
  Session Id:   69 00 00 1c 00 18 00 00
  Session Key:  d7 a5 b3 11 06 a0 3b 94 6a 52 3a 01 98 73 6b d3
  Server Encryption Key:  9d eb 4c 89 28 62 39 66 a9 e0 0d 57 b9 33 30 40
  Server Decryption Key:  e6 9a a9 46 c1 a4 7b 6c 3d 2b 18 54 b4 93 a2 42

  
  [Regression Potential]

  These patches cherry pick and touch 2 files : smbinfo.c and smbinfo.rst.
  They add the smbinfo utility which is required for the 2 commits mentioned in the <Impact> section. Since smbinfo does not interact with the rest of the code any regression potential would involve smbinfo itself.

  [Other]

  The smbinfo utility to work properly requires kernel >5.0  and the
  'keys' command which is the one used for dumping session id,
  encryption and decryption keys requires kernel > 5.4.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/1886551/+subscriptions

More information about the foundations-bugs mailing list