Was this page helpful?
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

3.1.4.1 Sending Any Message

Unless otherwise stated, all SMB messages sent by the client and the server MUST comply with the following rules:

  • SMB messages MUST be composed of three parts:

    • An SMB_Header, as specified in section 2.2.3.1.

    • An SMB_Parameters block, as specified in section 2.2.3.2.

    • An SMB_Data block, as specified in section 2.2.3.3.

  • The SMB_Header MUST be included in full.

  • At minimum, the WordCount field of the SMB Parameters block MUST be included. The remainder of the SMB_Parameters block MUST be two times WordCount bytes in length. If WordCount is 0x00, then zero parameter bytes MUST be included in the SMB_Parameters block.

  • At minimum, the ByteCount field of the SMB_Data block MUST be included. The remainder of the SMB_Data block MUST be ByteCount bytes in length. If ByteCount is 0x0000, then zero data bytes MUST be included in the SMB_Data block.

Thus, the minimum size of an SMB message is 35 bytes. Section 2.2.3.1 lists required values for some SMB Header fields. See the individual command descriptions for specific per-message requirements.

If a message is sent and IsSigningActive is TRUE, the message MUST be signed.

This logic MUST be applied for messages sent in response to any of the higher-layer actions and in compliance with the message sequencing rules.

  • The client or server that sends the message MUST provide the 32-bit sequence number for this message, as specified in sections 3.2.4.1 and 3.3.4.1.

  • The SMB_FLAGS2_SMB_SECURITY_SIGNATURE flag in the header MUST be set.

  • To generate the signature, a 32-bit sequence number is copied into the least significant 32 bits of the SecuritySignature field and the remaining 4 bytes are set to 0x00.

  • The MD5 algorithm, as specified in [RFC1321], MUST be used to generate a hash of the SMB message from the start of the SMB Header, which is defined as follows.

  •  CALL MD5Init( md5context )
     CALL MD5Update( md5context, Connection.SigningSessionKey )
     CALL MD5Update( md5context, Connection.SigningChallengeResponse )
     CALL MD5Update( md5context, SMB message )
     CALL MD5Final( digest, md5context )
     SET signature TO the first 8 bytes of the digest
      
    

The resulting 8-byte signature MUST be copied into the SecuritySignature field of the SMB Header, after which the message can be transmitted.

Show:
© 2016 Microsoft