2.2.43.1 SMB2_RDMA_ENCRYPTION_TRANSFORM

The SMB2_RDMA_ENCRYPTION_TRANSFORM is used by the client or server to send/receive encrypted RDMA payload in READ/WRITE operations. The SMB2_RDMA_ENCRYPTION_TRANSFORM is optional and only valid for the SMB 3.1.1 dialect when connection supports encryption.<77>


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

TransformType

SignatureLength

NonceLength

Reserved

Signature (variable)

Reserved1

Nonce (variable)

Padding (variable)

TransformType (2 bytes): This field MUST be set to SMB2_RDMA_TRANSFORM_TYPE_ENCRYPTION (0x0001), indicating an RDMA transform of type encryption.

SignatureLength (2 bytes): The length, in bytes, of Signature field.

NonceLength (2 bytes): The length, in bytes, of Nonce field.

Reserved (2 bytes): This field MUST NOT be used and MUST be reserved. The sender MUST set this to zero, and the receiver MUST ignore it on receipt.

Signature (variable): The signature of the encrypted data generated using Session.EncryptionKey. The length of this field MUST be less than or equal to 16 bytes.

Nonce (variable): An implementation-specific value assigned for encrypted data. This MUST NOT be reused for an encrypted SMB2 message within a session.

Padding (variable): This optional field is present after Nonce field so the channel information, if any, after this structure starts at the first 8-byte aligned offset. The sender MUST set this to zero, and the receiver MUST ignore it on receipt.