ksmbd: Don't log keys in SMB3 signing and encryption key generation (44133611) · Commits · git / linux-nf

fs/smb/server/auth.c

+2 −20

Original line number	Diff line number	Diff line
		@@ -589,12 +589,8 @@ static int generate_smb3signingkey(struct ksmbd_session *sess,
		if (!(conn->dialect >= SMB30_PROT_ID && signing->binding))
		memcpy(chann->smb3signingkey, key, SMB3_SIGN_KEY_SIZE);

		ksmbd_debug(AUTH, "dumping generated AES signing keys\n");
		ksmbd_debug(AUTH, "generated SMB3 signing key\n");
		ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
		ksmbd_debug(AUTH, "Session Key %*ph\n",
		SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
		ksmbd_debug(AUTH, "Signing Key %*ph\n",
		SMB3_SIGN_KEY_SIZE, key);
		return 0;
		}

		@@ -652,23 +648,9 @@ static void generate_smb3encryptionkey(struct ksmbd_conn *conn,
		ptwin->decryption.context,
		sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE);

		ksmbd_debug(AUTH, "dumping generated AES encryption keys\n");
		ksmbd_debug(AUTH, "generated SMB3 encryption/decryption keys\n");
		ksmbd_debug(AUTH, "Cipher type %d\n", conn->cipher_type);
		ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
		ksmbd_debug(AUTH, "Session Key %*ph\n",
		SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
		if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM \|\|
		conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
		ksmbd_debug(AUTH, "ServerIn Key %*ph\n",
		SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3encryptionkey);
		ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
		SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3decryptionkey);
		} else {
		ksmbd_debug(AUTH, "ServerIn Key %*ph\n",
		SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3encryptionkey);
		ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
		SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3decryptionkey);
		}
		}

		void ksmbd_gen_smb30_encryptionkey(struct ksmbd_conn *conn,