Decrypting the Message

This section is applicable for only the SMB 3.x dialect family.<146>

If the ProtocolId in the header of the received message is 0x424d53FD, the client MUST perform the following:

  • If the size of the message received from the server is not greater than the size of SMB2 TRANSFORM_HEADER as specified in section 2.2.41, the client MUST discard the message.

  • If the Flags/EncryptionAlgorithm in the SMB2 TRANSFORM_HEADER is not 0x0001, the client MUST discard the message.

  • The client MUST look up the session in the Connection.SessionTable using the SessionId in the SMB2 TRANSFORM_HEADER of the response. If the session is not found, the response MUST be discarded.

  • The client MUST decrypt the message using Session.DecryptionKey. If Connection.Dialect is "3.1.1", the algorithm specified by Connection.CipherId is used. Otherwise, the AES-128-CCM algorithm is used. The client passes in the TRANSFORM_HEADER, excluding the Signature and ProtocolId fields, and the encrypted SMB2 message as the Optional Authenticated Data input for the algorithm. If decryption succeeds, the client MUST compare the signature in the transform header with the signature returned by the decryption algorithm. If signature verification succeeds, the client MUST then continue processing the decrypted packet, as specified in subsequent sections. If signature verification fails, the client MUST fail the application request with an implementation-specific error.

  • If the NextCommand field in the first SMB2 header of the message is equal to 0 and SessionId of the first SMB2 header is not equal to the SessionId field in SMB2 TRANSFORM_HEADER of response, the client MUST discard the message.