linux/fs/cifs/cifs_ioctl.h
Steve French aa22ebc382 smb3.1.1: allow dumping GCM256 keys to improve debugging of encrypted shares
Previously we were only able to dump CCM or GCM-128 keys (see "smbinfo keys" e.g.)
to allow network debugging (e.g. wireshark) of mounts to SMB3.1.1 encrypted
shares.  But with the addition of GCM-256 support, we have to be able to dump
32 byte instead of 16 byte keys which requires adding an additional ioctl
for that.

Reviewed-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-05-03 11:43:37 -05:00

116 lines
3.6 KiB
C

/*
* fs/cifs/cifs_ioctl.h
*
* Structure definitions for io control for cifs/smb3
*
* Copyright (c) 2015 Steve French <steve.french@primarydata.com>
*
* This library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published
* by the Free Software Foundation; either version 2.1 of the License, or
* (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
* the GNU Lesser General Public License for more details.
*
*/
struct smb_mnt_fs_info {
__u32 version; /* 0001 */
__u16 protocol_id;
__u16 tcon_flags;
__u32 vol_serial_number;
__u32 vol_create_time;
__u32 share_caps;
__u32 share_flags;
__u32 sector_flags;
__u32 optimal_sector_size;
__u32 max_bytes_chunk;
__u32 fs_attributes;
__u32 max_path_component;
__u32 device_type;
__u32 device_characteristics;
__u32 maximal_access;
__u64 cifs_posix_caps;
} __packed;
struct smb_snapshot_array {
__u32 number_of_snapshots;
__u32 number_of_snapshots_returned;
__u32 snapshot_array_size;
/* snapshots[]; */
} __packed;
/* query_info flags */
#define PASSTHRU_QUERY_INFO 0x00000000
#define PASSTHRU_FSCTL 0x00000001
#define PASSTHRU_SET_INFO 0x00000002
struct smb_query_info {
__u32 info_type;
__u32 file_info_class;
__u32 additional_information;
__u32 flags;
__u32 input_buffer_length;
__u32 output_buffer_length;
/* char buffer[]; */
} __packed;
/*
* Dumping the commonly used 16 byte (e.g. CCM and GCM128) keys still supported
* for backlevel compatibility, but is not sufficient for dumping the less
* frequently used GCM256 (32 byte) keys (see the newer "CIFS_DUMP_FULL_KEY"
* ioctl for dumping decryption info for GCM256 mounts)
*/
struct smb3_key_debug_info {
__u64 Suid;
__u16 cipher_type;
__u8 auth_key[16]; /* SMB2_NTLMV2_SESSKEY_SIZE */
__u8 smb3encryptionkey[SMB3_SIGN_KEY_SIZE];
__u8 smb3decryptionkey[SMB3_SIGN_KEY_SIZE];
} __packed;
/*
* Dump full key (32 byte encrypt/decrypt keys instead of 16 bytes)
* is needed if GCM256 (stronger encryption) negotiated
*/
struct smb3_full_key_debug_info {
__u64 Suid;
__u16 cipher_type;
__u8 auth_key[16]; /* SMB2_NTLMV2_SESSKEY_SIZE */
__u8 smb3encryptionkey[32]; /* SMB3_ENC_DEC_KEY_SIZE */
__u8 smb3decryptionkey[32]; /* SMB3_ENC_DEC_KEY_SIZE */
} __packed;
struct smb3_notify {
__u32 completion_filter;
bool watch_tree;
} __packed;
#define CIFS_IOCTL_MAGIC 0xCF
#define CIFS_IOC_COPYCHUNK_FILE _IOW(CIFS_IOCTL_MAGIC, 3, int)
#define CIFS_IOC_SET_INTEGRITY _IO(CIFS_IOCTL_MAGIC, 4)
#define CIFS_IOC_GET_MNT_INFO _IOR(CIFS_IOCTL_MAGIC, 5, struct smb_mnt_fs_info)
#define CIFS_ENUMERATE_SNAPSHOTS _IOR(CIFS_IOCTL_MAGIC, 6, struct smb_snapshot_array)
#define CIFS_QUERY_INFO _IOWR(CIFS_IOCTL_MAGIC, 7, struct smb_query_info)
#define CIFS_DUMP_KEY _IOWR(CIFS_IOCTL_MAGIC, 8, struct smb3_key_debug_info)
#define CIFS_IOC_NOTIFY _IOW(CIFS_IOCTL_MAGIC, 9, struct smb3_notify)
#define CIFS_DUMP_FULL_KEY _IOWR(CIFS_IOCTL_MAGIC, 10, struct smb3_full_key_debug_info)
#define CIFS_IOC_SHUTDOWN _IOR ('X', 125, __u32)
/*
* Flags for going down operation
*/
#define CIFS_GOING_FLAGS_DEFAULT 0x0 /* going down */
#define CIFS_GOING_FLAGS_LOGFLUSH 0x1 /* flush log but not data */
#define CIFS_GOING_FLAGS_NOLOGFLUSH 0x2 /* don't flush log nor data */
static inline bool cifs_forced_shutdown(struct cifs_sb_info *sbi)
{
if (CIFS_MOUNT_SHUTDOWN & sbi->mnt_cifs_flags)
return true;
else
return false;
}