Skip to content

Commit 4413361

Browse files
tobluxsmfrench
toblux
authored and
smfrench
committed
ksmbd: Don't log keys in SMB3 signing and encryption key generation
When KSMBD_DEBUG_AUTH logging is enabled, generate_smb3signingkey() and generate_smb3encryptionkey() log the session, signing, encryption, and decryption key bytes. Remove the logs to avoid exposing credentials. Fixes: e2f3448 ("cifsd: add server-side procedures for SMB3") Cc: [email protected] Signed-off-by: Thorsten Blum <[email protected]> Acked-by: Namjae Jeon <[email protected]> Signed-off-by: Steve French <[email protected]>
1 parent 1e689a5 commit 4413361

1 file changed

Lines changed: 2 additions & 20 deletions

File tree

fs/smb/server/auth.c

Lines changed: 2 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -589,12 +589,8 @@ static int generate_smb3signingkey(struct ksmbd_session *sess,
589589
if (!(conn->dialect >= SMB30_PROT_ID && signing->binding))
590590
memcpy(chann->smb3signingkey, key, SMB3_SIGN_KEY_SIZE);
591591

592-
ksmbd_debug(AUTH, "dumping generated AES signing keys\n");
592+
ksmbd_debug(AUTH, "generated SMB3 signing key\n");
593593
ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
594-
ksmbd_debug(AUTH, "Session Key %*ph\n",
595-
SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
596-
ksmbd_debug(AUTH, "Signing Key %*ph\n",
597-
SMB3_SIGN_KEY_SIZE, key);
598594
return 0;
599595
}
600596

@@ -652,23 +648,9 @@ static void generate_smb3encryptionkey(struct ksmbd_conn *conn,
652648
ptwin->decryption.context,
653649
sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE);
654650

655-
ksmbd_debug(AUTH, "dumping generated AES encryption keys\n");
651+
ksmbd_debug(AUTH, "generated SMB3 encryption/decryption keys\n");
656652
ksmbd_debug(AUTH, "Cipher type %d\n", conn->cipher_type);
657653
ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
658-
ksmbd_debug(AUTH, "Session Key %*ph\n",
659-
SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
660-
if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
661-
conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
662-
ksmbd_debug(AUTH, "ServerIn Key %*ph\n",
663-
SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3encryptionkey);
664-
ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
665-
SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3decryptionkey);
666-
} else {
667-
ksmbd_debug(AUTH, "ServerIn Key %*ph\n",
668-
SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3encryptionkey);
669-
ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
670-
SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3decryptionkey);
671-
}
672654
}
673655

674656
void ksmbd_gen_smb30_encryptionkey(struct ksmbd_conn *conn,

0 commit comments

Comments
 (0)