3.2.5.11 Receiving an SMB2 READ Response

If Connection.Dialect belongs to the SMB 3.x dialect family, the underlying transport is RDMA, and Request.BufferDescriptorList is not empty, then the processing specified in [MS-SMBD] section 3.1.4.4 Deregister Buffer MUST be used to deregister the buffer before returning to the application.

If the Status field of the SMB2 header of the response indicates an error, the client MUST return the received status code to the calling application.

If the Status field of the SMB2 header of the response indicates success, the client MUST do the following:

  • If the underlying transport is not RDMA and SMB2_READFLAG_RESPONSE_RDMA_TRANSFORM bit is set in the Flags field, the client MUST return STATUS_INVALID_NETWORK_RESPONSE to the calling application.

  • If the underlying transport is not RDMA, copy the received information in the SMB2 READ Response following the SMB2 header described by DataOffset and DataLength into the buffer that is provided by the calling application. The client MUST return success and DataLength to the application.

  • If Connection.Dialect is "3.1.1", the underlying transport is RDMA, DataRemaining is greater than zero, and SMB2_READFLAG_RESPONSE_RDMA_TRANSFORM bit is set in the Flags field, the client MUST do the following:

    • The buffer at the offset specified by DataOffset MUST be interpreted as SMB2_RDMA_TRANSFORM structure. The client MUST return STATUS_INVALID_NETWORK_RESPONSE to the calling application if any of the following is TRUE:

      • Connection.RDMATransformIds is empty.

      • TransformCount in SMB2_RDMA_TRANSFORM structure is zero.

      • SMB2_RDMA_CRYPTO_TRANSFORM structure with TransformType equal to SMB2_RDMA_TRANSFORM_TYPE_ENCRYPTION is present and the response received is not encrypted.

      • SMB2_RDMA_CRYPTO_TRANSFORM structure with TransformType equal to SMB2_RDMA_TRANSFORM_TYPE_SIGNING is present and the response received is encrypted.

      • Connection.RDMATransformIds includes SMB2_RDMA_TRANSFORM_ENCRYPTION, the response received is encrypted, and SMB2_RDMA_CRYPTO_TRANSFORM structure with TransformType equal to SMB2_RDMA_TRANSFORM_TYPE_ENCRYPTION is not present.

      • Connection.RDMATransformIds includes SMB2_RDMA_TRANSFORM_SIGNING and SMB2_RDMA_CRYPTO_TRANSFORM structure with TransformType equal to SMB2_RDMA_TRANSFORM_TYPE_SIGNING is not present.

      • SMB2_RDMA_TRANSFORM structure is followed by more than one SMB2_RDMA_CRYPTO_TRANSFORM structure.

      • SMB2_RDMA_TRANSFORM structure is followed by a transform not specified in section 2.2.43.

      • Connection.RDMATransformIds includes SMB2_RDMA_TRANSFORM_ENCRYPTION, SMB2_RDMA_CRYPTO_TRANSFORM structure with TransformType equal to SMB2_RDMA_TRANSFORM_TYPE_ENCRYPTION is present, and one of the following is TRUE:

        • SignatureLength field is greater than 16.

        • Connection.CipherId is AES-128-CCM or AES-256-CCM, and the NonceLength field is not equal to 11.

        • Connection.CipherId is AES-128-GCM or AES-256-GCM, and the NonceLength field is not equal to 12.

      • If Connection.RDMATransformIds includes SMB2_RDMA_TRANSFORM_SIGNING and the SMB2_RDMA_CRYPTO_TRANSFORM structure with TransformType equal to SMB2_RDMA_TRANSFORM_TYPE_SIGNING is present, the server MUST verify the received data as specified in section 3.1.5.1 except that the computed signature is compared with the value in the Signature field of SMB2_RDMA_CRYPTO_TRANSFORM. If the signature verification fails, the server MUST fail the request with STATUS_INVALID_SIGNATURE.

    • If Connection.RDMATransformIds includes SMB2_RDMA_TRANSFORM_ENCRYPTION and the SMB2_RDMA_CRYPTO_TRANSFORM structure with TransformType equal to SMB2_RDMA_TRANSFORM_TYPE_ENCRYPTION is present, the data received in the buffer registered with [MS-SMBD] MUST be decrypted using Session.DecryptionKey with the algorithm specified in Connection.CipherId and by passing encrypted data and Signature, Nonce from the received SMB2_RDMA_CRYPTO_TRANSFORM structure.

    • If the size of the decrypted data is not equal to the DataRemaining field in the response, the client MUST fail the application request.

  • If the underlying transport is RDMA, the client MUST return success, DataRemaining, and the data to the application.