3.2.5.1.1.1 Decrypting the Message

This section is applicable for only the SMB 3.x dialect family.<178>

If IsEncryptionSupported is TRUE and Connection.CipherId is not zero, the client MUST perform the following:

  • If the size of the message received from the server is not greater than the size of SMB2 TRANSFORM_HEADER as specified in section 2.2.41, the client MUST disconnect the connection as specified in section 3.2.7.1.

  • If the Flags/EncryptionAlgorithm in the SMB2 TRANSFORM_HEADER is not 0x0001, the client MUST disconnect the connection as specified in section 3.2.7.1.

  • The client MUST look up the session in the Connection.SessionTable using the SessionId in the SMB2 TRANSFORM_HEADER of the response. If the session is not found, the client MUST disconnect the connection as specified in section 3.2.7.1.

  • The client MUST decrypt the message using Session.DecryptionKey. If Connection.Dialect is "3.1.1", the algorithm specified by Connection.CipherId is used. Otherwise, the AES-128-CCM algorithm is used. The client passes in the Nonce, OriginalMessageSize, Flags/EncryptionAlgorithm, and SessionId fields of the SMB2 TRANSFORM_HEADER and the encrypted SMB2 message as the Optional Authenticated Data input for the algorithm. If decryption succeeds, the client MUST compare the signature in the SMB2 TRANSFORM_HEADER with the signature returned by the decryption algorithm. If signature verification fails, the client MUST disconnect the connection as specified in section 3.2.7.1.

  • If signature verification succeeds, the client MUST perform the following:

    • If ProtocolId in the header of the decrypted message is 0x424D53FD indicating a nested encrypted message, the client MUST disconnect the connection as specified in section 3.2.7.1.

    • If ProtocolId in the header of the decrypted message is 0x424D53FC indicating a nested compressed message, the client MUST decompress the message as specified in section 3.2.5.1.1.2.

      If decompression succeeds, the client MUST disconnect the connection as specified in section 3.2.7.1 if any of the following conditions is TRUE:

      • If the NextCommand field in the first SMB2 header of the message is equal to 0 and SessionId of the first SMB2 header is not equal to the SessionId field in SMB2 TRANSFORM_HEADER of response.

      • For each response in a compounded response, if the SessionId field of SMB2 header is not equal to the SessionId field in the SMB2 TRANSFORM_HEADER.

      • Each response in a compounded response chain, except the first one, does not start at an 8-byte aligned boundary.

    • If ProtocolId in the header of the decrypted message is 0x424D53FE indicating an SMB2 header, the client MUST further validate the decrypted message:

      • If the NextCommand field in the first SMB2 header of the message is equal to 0 and SessionId of the first SMB2 header is not equal to the SessionId field in SMB2 TRANSFORM_HEADER of response, the client MUST disconnect the connection as specified in section 3.2.7.1.

      • For each response in a compounded response, if the SessionId field of SMB2 header is not equal to the SessionId field in the SMB2 TRANSFORM_HEADER, the client SHOULD<179> disconnect the connection as specified in section 3.2.7.1.

      • If each response in the compounded chain, except the first one, does not start at an 8-byte aligned boundary, the client MUST disconnect the connection as specified in section 3.2.7.1.

Otherwise, the client MUST disconnect the connection as specified in section 3.2.7.1.