Wireshark-commits: [Wireshark-commits] master 3eb94b0: smb2: implement generation of SMB3.1.1 decry
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3eb94b0e4fce06230a871a93904052be909a96f6
Submitter: "Peter Wu <peter@xxxxxxxxxxxxx>"
Changed: branch: master
Repository: wireshark
Commits:
3eb94b0 by Aurelien Aptel (aaptel@xxxxxxxx):
smb2: implement generation of SMB3.1.1 decryption keys
* implement preauth hashing
keep hash state in conversation object
- preauth_hash_con for connection hash state
- preauth_hash_ses for session preauth hash state
- preauth_hash_current points to either one of the above depending
on where we are in the connection state
- store final session preauth hash in session object
store per-packet hash in the saved packet data
object (smb2_saved_info_t) and display it as generated field.
since request and responses share the same pointer, make a hash buffer
for each (preauth_hash_req, preauth_hash_res).
* implement 3.1.1 key derivation
use session preauth hash to generate the keys
* sample
Sample from https://wiki.wireshark.org/SampleCaptures#SMB3.1.1_encryption
can be loaded as follows:
tshark -ouat:smb2_seskey_list:690000ac1c280000,b25a135fc3dc14269f20d7cbc8716b6b -r smb311-aes-128-ccm-filt.pcap
To obtain the session id and key you can compile your kernel with
CIFS_DEBUG_KEYS enabled and all the info should be printed on the
console when cifs.ko generates keys. The patch that adds this
config option merged in Linux 4.13 kernel.
Change-Id: Iee41ef9e2dd93795a0c7953fdd1f5256fe477dd2
Reviewed-on: https://code.wireshark.org/review/31659
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
Actions performed:
from 0751504 test: enable GUI tests on Linux, headless
add 3eb94b0 smb2: implement generation of SMB3.1.1 decryption keys
Summary of changes:
epan/dissectors/packet-smb2.c | 159 +++++++++++++++++++++++++++++++++++++++---
epan/dissectors/packet-smb2.h | 9 +++
2 files changed, 157 insertions(+), 11 deletions(-)