[Bug 1886551] Re: wireshark trace decryption

Ioanna Alifieraki 1886551 at bugs.launchpad.net
Mon Sep 28 12:14:43 UTC 2020 

# VERIFICATION FOCAL

Installed package from -proposed :

# dpkg -l | grep cifs
ii  cifs-utils                           2:6.9-1ubuntu0.1                  amd64        Common Internet File System utilities


Following the test case from bug description : 

# smbinfo keys /mnt/hello.txt
CCM encryption
Session Id:   54 8a 53 82 00 00 00 00
Session Key:  47 7a e8 3c 4f 69 5e c2 49 ba 7a 07 e5 46 7b d6
Server Encryption Key:  73 30 12 28 a8 2d 23 7d 9c 9d 5c fa c4 02 d0 e1
Server Decryption Key:  17 b3 6c 0e 00 02 d3 4d f5 b2 7b 24 43 39 61 00


** Tags removed: verification-needed verification-needed-focal
** Tags added: verification-done verification-done-focal

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cifs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1886551

Title:
   wireshark trace decryption

Status in cifs-utils package in Ubuntu:
  Fix Released
Status in cifs-utils source package in Bionic:
  Fix Committed
Status in cifs-utils source package in Focal:
  Fix Committed

Bug description:
  [Impact]

  For Bionic release, current cifs-utils package version is 6.8-1. This
  version is missing below two commits

  https://git.samba.org/?p=cifs-utils.git;a=commit;h=74a1ced5f706ea6a9cab885693c7755657b81a2a
  https://git.samba.org/?p=cifs-utils.git;a=commit;h=6df98da5cd3fbb33f6f535c6784f037bbadadb84

   * Without above feature, we won’t be able to analyze most part of
  network traces on a client side in case customers have problems
  accessing Azure Files service from VMs running Ubuntu Bionic.

  [Test Case]
  * Setup an ubuntu vm, of the release you are going to test

  * Install the packages:
  sudo apt update
  sudo apt install samba cifs-utils -y

  * With the new cifs-utils package, you should have the smbinfo command available:
  ubuntu at bionic-smbinfo:~$ smbinfo
  Usage: smbinfo [-v] [-V] <command> <file>
  Try 'smbinfo -h' for more information.

  * To test the extraction of encryption keys, the HWE kernel in the case of bionic (or another kernel version 5 or higher) must be installed (focal already has the right kernel version, so no change needed there):
  sudo apt install linux-image-generic-hwe-18.04

  * Reboot into the new kernel if you were on an older one, like in bionic:
  sudo reboot

  * Setup a share:
  echo -e "[myshare]\npath=/myshare\n" | sudo tee -a /etc/samba/smb.conf
  sudo mkdir /myshare
  echo "Hello World" | sudo tee /myshare/hello.txt

  * Create a samba user ubuntu, with a password of your choice (you will be prompted for it):
  sudo smbpasswd -a ubuntu

  * Mount the new share with encryption options:
  ubuntu at bionic-smbinfo:~$ sudo mount //localhost/myshare /mnt -o seal,user=ubuntu
  Password for ubuntu@//localhost/myshare:  ******

  * Confirm with smbstatus that the connection is encrypted:
  ubuntu at bionic-smbinfo:~$ sudo smbstatus

  Samba version 4.7.6-Ubuntu
  PID     Username     Group        Machine                                   Protocol Version  Encryption           Signing
  ----------------------------------------------------------------------------------------------------------------------------------------
  4516    ubuntu       ubuntu       127.0.0.1 (ipv4:127.0.0.1:45794)          SMB3_11           partial(AES-128-CCM) partial(AES-128-CMAC)

  Service      pid     Machine       Connected at                     Encryption   Signing
  ---------------------------------------------------------------------------------------------
  IPC$         4516    127.0.0.1     Thu Sep 10 20:41:14 2020 UTC     AES-128-CCM  AES-128-CMAC
  myshare      4516    127.0.0.1     Thu Sep 10 20:41:14 2020 UTC     AES-128-CCM  AES-128-CMAC

  No locked files

  * Obtain the encryption keys:
  ubuntu at bionic-smbinfo:~$ sudo smbinfo keys /mnt/hello.txt
  CCM encryption
  Session Id:   b6 4c 21 8f 00 00 00 00
  Session Key:  42 26 cf 6d d1 55 c7 80 b4 27 10 c2 a8 d2 26 31
  Server Encryption Key:  c9 37 6c 10 14 0e 1f f6 ea c7 5e d7 e0 76 79 a7
  Server Decryption Key:  97 4e 2e 99 ec 27 66 a4 95 b5 a4 f9 8c 17 c7 ee

  * There are many other subcommands available in smbinfo. For a list, run:
  smbinfo -h

  [Regression Potential]

  These patches cherry pick and touch 2 files : smbinfo.c and smbinfo.rst.
  They add the smbinfo utility which is required for the 2 commits mentioned in the <Impact> section. Since smbinfo does not interact with the rest of the code any regression potential would involve smbinfo itself.

  [Other]

  The smbinfo utility to work properly requires kernel >5.0  and the 'keys' command which is the one used for dumping session id, encryption and decryption keys requires kernel > 5.4.
  For Bionic the backport includes some extra functionalities from smbinfo, apart from the 'keys' command which dumps the encryption and decryption keys. The rational behind this is that smbinfo is a standalone utility and backporting just the required commits could introduce the risk of adding bugs in the process.
  For Focal the (extra) compression commands are backported to be in line with Bionic.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/1886551/+subscriptions

More information about the foundations-bugs mailing list