3.3.5.2.1.1 Decrypting the Message

This section is applicable for only the SMB 3.x dialect family.<221>

If IsEncryptionSupported is TRUE and Connection.CipherId is not zero, the server MUST perform the following:

  • If the size of the message received from the client is not greater than the size of the SMB2 TRANSFORM_HEADER as specified in section 2.2.41, the server MUST disconnect the connection as specified in section 3.3.7.1.

  • If the Flags/EncryptionAlgorithm in the SMB2 TRANSFORM_HEADER is not 0x0001, the server MUST disconnect the connection as specified in section 3.3.7.1.

  • The server MUST look up the session in the Connection.SessionTable using the SessionId in the SMB2 TRANSFORM_HEADER of the request. If the session is not found, the server MUST disconnect the connection as specified in section 3.3.7.1.

  • The server MUST decrypt the message using Session.DecryptionKey. If Connection.Dialect is less than "3.1.1", then AES-128-CCM MUST be used, as specified in [RFC4309]. Otherwise, the algorithm specified by the Connection.CipherId MUST be used. The server passes in the Nonce, OriginalMessageSize, Flags/EncryptionAlgorithm, and SessionId fields of the SMB2 TRANSFORM_HEADER as the Optional Authenticated Data input for the algorithm. If decryption succeeds, the server MUST compare the signature in the SMB2 TRANSFORM_HEADER with the signature returned by the decryption algorithm. If the signature verification fails, the server MUST disconnect the connection as specified in section 3.3.7.1. If the signature verification succeeds, the server MUST continue processing the decrypted packet.

  • If the OriginalMessageSize field in the SMB2 TRANSFORM_HEADER is not equal to the size of the decrypted message, the server SHOULD<222> disconnect the connection as specified in section 3.3.7.1.

  • If ProtocolId in the header of the decrypted message is 0x424D53FC indicating a nested compressed message, IsCompressionSupported is TRUE, and Connection.CompressionIds is not empty, the server MUST decompress the message as specified in section 3.3.5.2.1.2. If decompression succeeds, the server MUST further validate the message:

    • The server MUST verify if any of the following conditions are true and, if so, the server MUST disconnect the connection as specified in section 3.3.7.1:

      • For a singleton request and the first operation of a compounded request,

        • The size of the decrypted message is less than the size of the SMB2 Header

        • SMB2_FLAGS_RELATED_OPERATIONS is set in the Flags field of the SMB2 header of the request

        • The SessionId field in the SMB2 header of the request is not equal to Request.TransformSessionId.

        • In a compounded request, for each operation in the compounded chain except the first one, SMB2_FLAGS_RELATED_OPERATIONS is not set in the Flags field of the SMB2 header of the operation and SessionId in the SMB2 header of the operation is not equal to Request.TransformSessionId.

    • If ProtocolId in the header of the decrypted message is 0x424D53FE indicating an SMB2 header, the server MUST further validate the decrypted message:

      • The server MUST verify if any of the following conditions are true and, if so, the server MUST disconnect the connection as specified in section 3.3.7.1:

        • For a singleton request and the first operation of a compounded request,

          • The size of the decrypted message is less than the size of the SMB2 Header

          • SMB2_FLAGS_RELATED_OPERATIONS is set in the Flags field of the SMB2 header of the request

          • The SessionId field in the SMB2 header of the request is not equal to Request.TransformSessionId.

        • In a compounded request, for each operation in the compounded chain except the first one, SMB2_FLAGS_RELATED_OPERATIONS is not set in the Flags field of the SMB2 header of the operation and SessionId in the SMB2 header of the operation is not equal to Request.TransformSessionId.

Otherwise the server MUST disconnect the connection as specified in section 3.3.7.1.