SMB 3.1.1 Encryption in Windows 10


SMB 3 encryption offers data packet confidentiality and prevents an attacker from both tampering with and eavesdropping on any data packet. Encryption has been enhanced in SMB 3.1.1. The cipher can now be negotiated during connection establishment. In addition to AES-128-CCM for SMB 3.0.x compatibility, Windows 10 (and Windows Server 2016) added AES-128-GCM in SMB 3.1.1. The GCM mode offers a significant performance gain. Both ciphers [RFC5084] provide authenticated encryption, i.e. message integrity (signing). This blog takes a protocol walk on the enhancement and provides sample test vectors.
NOTE: This is written based on Windows 10, and Windows Server 2016 Technical Preview 3.

Encryption capability negotiate context

  • SMB 3.1.1 client and server negotiate encryption support via SMB2_ENCRYPTION_CAPABILITIES negotiate context in the NEGOTIATE request and response. 
  • The client advertises its list of supported cipher IDs in the order of most preferred encryption algorithm. Windows 10 implements cipher IDs 0x0002 (AES-128-GCM) and 0x0001 (AES-128-CCM). 
  • If the client sends 3.0.x in the dialect array and supports encryption, it must advertise the SMB2_GLOBAL_CAP_ENCRYPTION capability flag as well since it does not know yet what dialect the server supports.
  • If the server selects dialect 3.1.1 and supports encryption, it responds with the encryption negotiate context. SMB2_GLOBAL_CAP_ENCRYPTION capability flag should not be set because it is valid for the SMB 3.0 and 3.0.2 dialects.
  • The encryption capability negotiate context has the same format in the Negotiate request and response, except that the response context must have CipherCount set to 1, and the cipher ID that conveys the server’s selection.

Multichannel encryption 

  • Session binding (multichannel) requires that all channels bound to a given session negotiate the same encryption cipher as the master session’s connection.
  • As in SMB 3.0.x, all SMB 3.1.1 channels (primary and alternate) bound to a given master session share the same encryption and decryption keys.
  • The cipher ID is kept consistent as multichannel traffic can be spread across channels.

Server-wide or per-share encryption

  • For a global level encryption, SessionSetup_response.SessionFlags includes SMB2_SESSION_FLAG_ENCRYPT_DATA. Encryption is enforced on the whole server.
  • For a per-share level encryption, TreeConnect_response.ShareFlags includes SMB2_SHAREFLAG_ENCRYPT_DATA.
  • If server-wide encryption is configured, share level encryption will not have any effect. This means, when global encryption is enabled, you cannot selectively disable encryption for certain shares.
  • Encryption enforcement can be bypassed if “unencrypted access” is allowed. See RejectUnencryptedAccess.

Configuration

PowerShell cmdlets can be used to configure encryption on both Windows 10 and Windows Server 2016:

Global level encryption on the server:
Set-SmbServerConfiguration -EncryptData <0|1>

Share level encryption:
Set-SmbShare -Name <share name> -EncryptData <0|1>
Share level encryption enabled at creation:
New-SmbShare -Name <share name> -Path <pathname> -EncryptData 1

Unencrypted access:
Set-SmbServerConfiguration -RejectUnencryptedAccess <0|1>
See notes in Section “Unencrypted access”.

Encryption keys

Upon successful SessionSetup (Session.EncryptData), or successful TreeConnect (Share.EncryptData), the server and client generate EncryptionKey and DecryptionKey as specified in [MS-SMB2].
The key derivation in SMB 3.1.1 uses the same function as in SMB 3.0.x with new labels and context as follows. The context Session.PreauthIntegrityHashValue is derived from pre-authentication integrity hashing. The respective labels are shown in the following key formulas.

  • EncryptionKey (Client) = DecryptionKey (Server) = SMB3KDF (SessionKey, “SMBC2ScipherKey\0”, Session.PreauthIntegrityHashValue)
  • DecryptionKey (Client) = EncryptionKey (Server) = SMB3KDF ( SessionKey, “SMBS2CCipherKey\0”, Session.PreauthIntegrityHashValue)

Note that SMB3KDF() and the calculation of Session.PreauthIntegrityHashValue are described in the blog post:
SMB 3.1.1 Pre-authentication integrity in Windows 10
http://blogs.msdn.com/b/openspecification/archive/2015/08/11/smb-3-1-1-pre-authentication-integrity-in-windows-10.aspx

Transformed message

A transformed message consists of a transform_header followed by its encrypted SMB2 message.
A transform_header has the same size and most of the same fields as defined for dialect 3.0.x with two specific changes for dialect 3.1.1:
ProtocolId (4 bytes):  0xFD534D42 (in network order)
Signature (16 bytes):  Signature of the encrypted message.
Nonce (16 bytes):  An implementation-specific value unique for this encrypted message.
OriginalMessageSize (4 bytes):  The size in bytes of the SMB2 message.
Reserved (2 bytes):  Set to zeros and ignored.
Flags (2 bytes): This field indicates how the SMB2 message was transformed.
SessionId (8 bytes):  Uniquely identifies the established session for the command.

The two changes to the transform_header for SMB 3.1.1 are as follows:

Nonce (16 bytes) field: If CipherId is AES-128-GCM, the nonce used for encryption is the leftmost 12 bytes of the Nonce field, AES128GCM_Nonce (12 bytes), and the remaining 4 bytes are reserved. If CipherId is AES-128-CCM, the nonce used for encryption is the leftmost 11 bytes of the Nonce field, AES128CCM_Nonce (11 bytes), and the remaining 5 bytes are reserved.

Flags (2 bytes): this field repurposes the EncryptionAlgorithm (2 bytes) field used in SMB 3.0.x. When Flags’ value is set to 0x0001, it indicates that the message is encrypted using the negotiated cipher ID.

Encrypting the message

The sender encrypts the message with these specifics:
– The encryption algorithm specified by Connection.CipherId (AES-GCM or AES-CCM) is called with the following inputs:
– AES key: Session.EncryptionKey.
– AES-nonce or IV: AES128CCM_Nonce for AES-CCM, AES128GCM_Nonce for AES-GCM.
– Plaintext: The SMB2 message including the header and the payload.
– The optional authenticated data (AAD):  The SMB2 transform_header excluding the ProtocolId and Signature fields; these are the 32 bytes starting from the Nonce field.

The AES-CCM or AES-GCM outputs are:
– Ciphertext: the encrypted SMB2 message
– Message authentication code: the Signature field of the transform_header.

The sender appends the encrypted SMB2 message to the transform_header and sends it to the receiver.

Decrypting the message

The message is decrypted using:
– The encryption algorithm specified by Connection.CipherId.
– The Session.DecryptionKey of the Session that corresponds to the SessionId in the transform_header.
– The AAD passed to the algorithm is the transform_header excluding the ProtocolId and Signature fields.
– The nonce passed to the algorithm is based on CipherId as previously described.

The signature returned by the decryption algorithm is then verified against the Signature in the transform_header.

Encryption clauses

The encryption clauses are generally the same as for SMB 3.0.x. See the blog post at:
Encryption in SMB 3.0: A protocol perspective
http://blogs.msdn.com/b/openspecification/archive/2012/10/05/encryption-in-smb-3-0-a-protocol-perspective.aspx

Unencrypted Access: RejectUnencryptedAccess

Set-SmbServerConfiguration -RejectUnencryptedAccess <0|1>
The behavior is mainly unchanged in Windows Server 2016. The default value of RejectUnencryptedAccess is TRUE. When encryption is required (per share or server wide), the server returns ACCESS_DENIED for an unencrypted access attempt. A value of FALSE allows access from clients which do not support encryption or are not encryption-capable (e.g. SMB 1, SMB2 dialects 2.02, 2.1, SMB 3.x without encryption).
This configuration item is meant for a transition phase to support down-level clients which use older dialects (SMB 2.1 or earlier) by literally “allowing any unencrypted access” whenever the deployment scenario requires.
Note that if RejectUnencryptedAccess is disabled (FALSE), it opens the possibility for a man-in-the-middle (MITM) attacker to prevent the connection from negotiating encryption. If SMB 3.x is negotiated, the Windows 10 client will leverage negotiate validation or pre-authentication integrity to verify the properties of the connection with the server. In SMB 2.x.x, the encryption feature is not available even if the Windows 10 client still performs secure negotiate validation.
However, setting RejectUnencryptedAccess to FALSE makes it un-detectible if the MITM downgrades the connection’s dialect to SMB1, thus preventing encryption negotiation and allowing “clear text” eavesdropping. 
As a result, it is recommended to disable SMB1 on the client as soon as it is no longer needed.

Conclusion

Encryption is a very important feature whenever data confidentiality is required. This is the case when transferring high business impact data over untrusted networks. The addition of encryption negotiate context in SMB 3.1.1 is an enhancement that would interest many implementers. It also makes the feature extensible as new cryptographic ciphers become available and adopted. Some benchmark testing showed that AES-128-GCM provides as much as two times performance improvement over AES-128-CCM, while providing authenticated encryption at the same time.

Appendix A. Test vector for SMB 3.1.1 encryption

This sample data should be considered “as-is”. It should also be noted that examples do not replace normative protocol specifications. The authoritative reference is [MS-SMB2].

The test client negotiates SMB 3.1.1 and communicates with a Windows 2016 server. It opens a file and WRITEs the following content. It then READs back the file.
This is the content written and read:
Smb3 encryption testing
Hex value:
536D623320656E6372797074696F6E2074657374696E67

These outputs show pre-authentication integrity phase for key derivation, then the encryption and decryption of the WRITE and READ commands.
The decrypted content is verified to be same at the end of the SMB2 READ response.

Appendix A.1 Test vector with AES-GCM

 — Key derivation —

Header.Command 0x0000 NEGOTIATE

Preauth integrity hash —
PreauthIntegrityCaps.HashAlgorithmCount 0x1
PreauthIntegrityCaps.SaltLength 0x20
PreauthIntegrityCaps.HashAlgorithms 0x0001
PreauthIntegrityCaps.Salt
D1709D7196E1BD0B6EBF95213D76553435763514392649FD6F216ED8BF269CD8

Encryption capabilites —
EncryptionCaps.CipherCount 0x2
EncryptionCaps.Ciphers[0] 0x0002
EncryptionCaps.Ciphers[1] 0x0001

Connection.PreauthIntegrityHashId 0x0001

NEGOTIATE Request

Preauth integrity hash —
Current
Connection.PreauthIntegrityHashValue
00000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
Negotiate request packet
FE534D4240000100000000000000010000000000000000000000000000000000FFFE000000000000
0000000000000000000000000000000000000000000000002400050001000000660000004F0D7FA0
09F5B246B2EF62551D7D7C0970000000020000000202100200030203110300000100260000000000
010020000100D1709D7196E1BD0B6EBF95213D76553435763514392649FD6F216ED8BF269CD80000
0200060000000000020002000100
Concatenate Connection.PreauthIntegrityHashValue and Negotiate request packet
SHA-512 Input Hash Data
00000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000FE534D42400001000000000000000100
00000000000000000000000000000000FFFE00000000000000000000000000000000000000000000
00000000000000002400050001000000660000004F0D7FA009F5B246B2EF62551D7D7C0970000000
020000000202100200030203110300000100260000000000010020000100D1709D7196E1BD0B6EBF
95213D76553435763514392649FD6F216ED8BF269CD800000200060000000000020002000100
New
Connection.PreauthIntegrityHashValue
550442DAF311412870AD9E58E602B0312D61328D6B1AC28F22AF46D6EA581F23A9BFABE0CC041197
6BF3F9DA23D3433352CB48CF00B8659BC1A3695E1B1A52A8

NEGOTIATE Response

Updating Preauth integrity hash —
Current
Connection.PreauthIntegrityHashValue
550442DAF311412870AD9E58E602B0312D61328D6B1AC28F22AF46D6EA581F23A9BFABE0CC041197
6BF3F9DA23D3433352CB48CF00B8659BC1A3695E1B1A52A8
Negotiate response packet
FE534D4240000100000000000000010001000000000000000000000000000000FFFE000000000000
000000000000000000000000000000000000000000000000410001001103020039CBCAF329714942
BDCE5D60F09AB3FB27000000000080000000800000008000D1168E69CDAED00109094AB095AED001
80004001C00100006082013C06062B0601050502A08201303082012CA01A3018060A2B0601040182
3702021E060A2B06010401823702020AA282010C048201084E45474F455854530100000000000000
6000000070000000807CC0FD06D6362D02DDE1CF343BFE29C16AA4EA4741FB0EF645DC5C5D3C3E6A
8DE5D0BAEF7A06DC070076174356EDA0000000000000000060000000010000000000000000000000
5C33530DEAF90D4DB2EC4AE3786EC3084E45474F4558545303000000010000004000000098000000
807CC0FD06D6362D02DDE1CF343BFE295C33530DEAF90D4DB2EC4AE3786EC3084000000058000000
3056A05430523027802530233121301F06035504031318546F6B656E205369676E696E6720507562
6C6963204B65793027802530233121301F06035504031318546F6B656E205369676E696E67205075
626C6963204B65790100260000000000010020000100B51C002C28941192737A08344B05CE90786E
EC146D99CDB60AE44E5A86127D270000020004000000000001000200
Concatenate Connection.PreauthIntegrityHashValue and Negotiate response packet
SHA-512 Input Hash Data
550442DAF311412870AD9E58E602B0312D61328D6B1AC28F22AF46D6EA581F23A9BFABE0CC041197
6BF3F9DA23D3433352CB48CF00B8659BC1A3695E1B1A52A8FE534D42400001000000000000000100
01000000000000000000000000000000FFFE00000000000000000000000000000000000000000000
0000000000000000410001001103020039CBCAF329714942BDCE5D60F09AB3FB2700000000008000
0000800000008000D1168E69CDAED00109094AB095AED00180004001C00100006082013C06062B06
01050502A08201303082012CA01A3018060A2B06010401823702021E060A2B06010401823702020A
A282010C048201084E45474F4558545301000000000000006000000070000000807CC0FD06D6362D
02DDE1CF343BFE29C16AA4EA4741FB0EF645DC5C5D3C3E6A8DE5D0BAEF7A06DC070076174356EDA0
0000000000000000600000000100000000000000000000005C33530DEAF90D4DB2EC4AE3786EC308
4E45474F4558545303000000010000004000000098000000807CC0FD06D6362D02DDE1CF343BFE29
5C33530DEAF90D4DB2EC4AE3786EC30840000000580000003056A05430523027802530233121301F
06035504031318546F6B656E205369676E696E67205075626C6963204B6579302780253023312130
1F06035504031318546F6B656E205369676E696E67205075626C6963204B65790100260000000000
010020000100B51C002C28941192737A08344B05CE90786EEC146D99CDB60AE44E5A86127D270000
020004000000000001000200
New
Connection.PreauthIntegrityHashValue
ABE4DA6E875F6FB05033AF04DCC38C92888B4E13D1EAB7AA05CADE142064974CB3EAB0782600549B
A27207AA213B0D190B9950FA36D45BE32A888BFEE8389B74

Add NEW SessionId 0x100000000025 to Preauth Integrity hash table with value
Connection.PreauthIntegrityHashValue
ABE4DA6E875F6FB05033AF04DCC38C92888B4E13D1EAB7AA05CADE142064974CB3EAB0782600549B
A27207AA213B0D190B9950FA36D45BE32A888BFEE8389B74

SESSION SETUP Request
PreauthSession.SessionId 0x100000000025
Current
PreauthSession.PreauthIntegrityHashValue
ABE4DA6E875F6FB05033AF04DCC38C92888B4E13D1EAB7AA05CADE142064974CB3EAB0782600549B
A27207AA213B0D190B9950FA36D45BE32A888BFEE8389B74
SessionSetup request packet
FE534D4240000100000000000100800000000000000000000100000000000000FFFE000000000000
00000000000000000000000000000000000000000000000019000001010000000000000058004A00
0000000000000000604806062B0601050502A03E303CA00E300C060A2B06010401823702020AA22A
04284E544C4D5353500001000000978208E200000000000000000000000000000000060380250000
000F
Concatenate PreauthSession.PreauthIntegrityHashValue and Session Setup request packet
SHA-512 Input Hash Data 
ABE4DA6E875F6FB05033AF04DCC38C92888B4E13D1EAB7AA05CADE142064974CB3EAB0782600549B
A27207AA213B0D190B9950FA36D45BE32A888BFEE8389B74FE534D42400001000000000001008000
00000000000000000100000000000000FFFE00000000000000000000000000000000000000000000
000000000000000019000001010000000000000058004A000000000000000000604806062B060105
0502A03E303CA00E300C060A2B06010401823702020AA22A04284E544C4D53535000010000009782
08E200000000000000000000000000000000060380250000000F
PreauthSession.PreauthIntegrityHashValue
A5E8AB87E2ADB8FA5F4545D20F1FD2019D66CCD0F4DFD1F762F1DFC8DCB15B98D0BD1F1450F6A0AF
C70F80B353C2D959217681949CF22DF35F31257A281C6A80

SESSION SETUP Response

 — STATUS_MORE_PROCESSING_REQUIRED – Updating Preauth integrity hash —
PreauthSession.SessionId 0x100000000025
Current
PreauthSession.PreauthIntegrityHashValue
A5E8AB87E2ADB8FA5F4545D20F1FD2019D66CCD0F4DFD1F762F1DFC8DCB15B98D0BD1F1450F6A0AF
C70F80B353C2D959217681949CF22DF35F31257A281C6A80
SessionSetup response packet
FE534D4240000100160000C00100010001000000000000000100000000000000FFFE000000000000
250000000010000000000000000000000000000000000000090000004800B300A181B03081ADA003
0A0101A10C060A2B06010401823702020AA281970481944E544C4D53535000020000000C000C0038
00000015828AE25FC0CB7F886E93D6000000000000000050005000440000000A0092270000000F53
005500540033003100310002000C0053005500540033003100310001000C00530055005400330031
00310004000C0053005500540033003100310003000C005300550054003300310031000700080024
8D5C6CCDAED00100000000
SessionSetup response header signature 0x00000000000000000000000000000000
Concatenate PreauthSession.PreauthIntegrityHashValue and Session Setup response packet
SHA-512 Input Hash Data
A5E8AB87E2ADB8FA5F4545D20F1FD2019D66CCD0F4DFD1F762F1DFC8DCB15B98D0BD1F1450F6A0AF
C70F80B353C2D959217681949CF22DF35F31257A281C6A80FE534D4240000100160000C001000100
01000000000000000100000000000000FFFE00000000000025000000001000000000000000000000
0000000000000000090000004800B300A181B03081ADA0030A0101A10C060A2B0601040182370202
0AA281970481944E544C4D53535000020000000C000C003800000015828AE25FC0CB7F886E93D600
0000000000000050005000440000000A0092270000000F53005500540033003100310002000C0053
005500540033003100310001000C0053005500540033003100310004000C00530055005400330031
00310003000C0053005500540033003100310007000800248D5C6CCDAED00100000000
PreauthSession.PreauthIntegrityHashValue
9A095455244172898902B0FBDF5FEFAFD8435BB66A47EB55CB7542732A423F58B12B3ED698BEF387
8D8A346FD9F5CC882DA37AAF2A939290E98B935FC72B3944

SESSION SETUP Request
PreauthSession.SessionId 0x100000000025
Current
PreauthSession.PreauthIntegrityHashValue
9A095455244172898902B0FBDF5FEFAFD8435BB66A47EB55CB7542732A423F58B12B3ED698BEF387
8D8A346FD9F5CC882DA37AAF2A939290E98B935FC72B3944
SessionSetup request packet
FE534D4240000100000000000100800000000000000000000200000000000000FFFE000000000000
2500000000100000000000000000000000000000000000001900000101000000000000005800CF01
0000000000000000A18201CB308201C7A0030A0101A28201AA048201A64E544C4D53535000030000
001800180090000000EE00EE00A80000000C000C00580000001A001A0064000000120012007E0000
001000100096010000158288E2060380250000000FA5E34268EF143BE5816251D02C564E9B530055
005400330031003100610064006D0069006E006900730074007200610074006F0072004400520049
005600450052003300310031000000000000000000000000000000000000000000000000002C263D
A5C2D54785E8EDA0552472D3A30101000000000000248D5C6CCDAED001BEA7A53E2DC098EB000000
0002000C0053005500540033003100310001000C0053005500540033003100310004000C00530055
00540033003100310003000C0053005500540033003100310007000800248D5C6CCDAED001060004
00020000000800300030000000000000000000000000300000B61FEFCAA857EA57BF1EDCEBF8974B
8E0EBA5A6DFD9D07A31D11B548F8C9D0CC0A00100000000000000000000000000000000000090016
0063006900660073002F00530055005400330031003100000000000000000000000000133FA6EA15
4880BB44576C6E2490BDE7A31204100100000067890BD408F5680D00000000
Concatenate PreauthSession.PreauthIntegrityHashValue and Session Setup request packet
SHA-512 Input Hash Data 
9A095455244172898902B0FBDF5FEFAFD8435BB66A47EB55CB7542732A423F58B12B3ED698BEF387
8D8A346FD9F5CC882DA37AAF2A939290E98B935FC72B3944FE534D42400001000000000001008000
00000000000000000200000000000000FFFE00000000000025000000001000000000000000000000
00000000000000001900000101000000000000005800CF010000000000000000A18201CB308201C7
A0030A0101A28201AA048201A64E544C4D53535000030000001800180090000000EE00EE00A80000
000C000C00580000001A001A0064000000120012007E0000001000100096010000158288E2060380
250000000FA5E34268EF143BE5816251D02C564E9B530055005400330031003100610064006D0069
006E006900730074007200610074006F007200440052004900560045005200330031003100000000
0000000000000000000000000000000000000000002C263DA5C2D54785E8EDA0552472D3A3010100
0000000000248D5C6CCDAED001BEA7A53E2DC098EB0000000002000C005300550054003300310031
0001000C0053005500540033003100310004000C0053005500540033003100310003000C00530055
00540033003100310007000800248D5C6CCDAED00106000400020000000800300030000000000000
000000000000300000B61FEFCAA857EA57BF1EDCEBF8974B8E0EBA5A6DFD9D07A31D11B548F8C9D0
CC0A001000000000000000000000000000000000000900160063006900660073002F005300550054
00330031003100000000000000000000000000133FA6EA154880BB44576C6E2490BDE7A312041001
00000067890BD408F5680D00000000
PreauthSession.PreauthIntegrityHashValue
B23F3CBFD69487D9832B79B1594A367CDD950909B774C3A4C412B4FCEA9EDDDBA7DB256BA2EA30E9
77F11F9B113247578E0E915C6D2A513B8F2FCA5707DC8770

SESSION SETUP Response
SessionId 0x100000000025 COMPLETED
SessionSetup response packet
FE534D4240000100000000000100800009000000000000000200000000000000FFFE000000000000
25000000001000006B85A4519A0F3EEA35BA946DD3AFE6B80900000048001D00A11B3019A0030A01
00A3120410010000003932A87523AB660100000000
SessionSetup response header signature 0x6B85A4519A0F3EEA35BA946DD3AFE6B8
PreauthSession.PreauthIntegrityHashValue
B23F3CBFD69487D9832B79B1594A367CDD950909B774C3A4C412B4FCEA9EDDDBA7DB256BA2EA30E9
77F11F9B113247578E0E915C6D2A513B8F2FCA5707DC8770

Input cryptographicKey (SessionKey) 0x419FDDF34C1E001909D362AE7FB6AF79
(queried from GSS authenticated context)

— Dialect 0x0311 —
preauthIntegrityHashValue
B23F3CBFD69487D9832B79B1594A367CDD950909B774C3A4C412B4FCEA9EDDDBA7DB256BA2EA30E9
77F11F9B113247578E0E915C6D2A513B8F2FCA5707DC8770
CypherId 0x0002
SessionKey 0x419FDDF34C1E001909D362AE7FB6AF79
SigningKey 0x8765949DFEAEE105CE9118B45BE988F0
EncryptionKey 0xA2F5E80E5D59103034F32E52F698E5EC
DecryptionKey 0x748C50868C90F302962A5C35F5F9A8BF
ApplicationKey 0x099D610789FBE82055B313601C3E8CC4

— Encryption —

SessionId 0x100000000025
SessionKey 0x419FDDF34C1E001909D362AE7FB6AF79
SigningKey 0x8765949DFEAEE105CE9118B45BE988F0
EncryptionKey 0xA2F5E80E5D59103034F32E52F698E5EC
DecryptionKey 0x748C50868C90F302962A5C35F5F9A8BF
ApplicationKey 0x099D610789FBE82055B313601C3E8CC4
Header.Command 0x0009 WRITE

Encryption of the request —

Key 0xA2F5E80E5D59103034F32E52F698E5EC

Nonce Length 0xc
AES-128-GCM nonce 0xC7D6822D269CAF48904C664C

SMB2 packet
FE534D4240000100000000000900010008000000000000000500000000000000FFFE000001000000
25000000001000000000000000000000000000000000000031007000170000000000000000000000
0600000004000000010000000400000000000000000000007000000000000000536D623320656E63
72797074696F6E2074657374696E67
transform_header.ProtocolId 0x424d53fd
transform_header.Signature 0xBD73D97D2BC9001BCAFAC0FDFF5FEEBC
transform_header.Nonce 0xC7D6822D269CAF48904C664C00000000
transform_header.OriginalMessageSize 0x87
transform_header.Reserved 0x0
transform_header.Flags 0x0001
transform_header.SessionId 0x100000000025
Encrypted message
6ECDD2A7AFC7B47763057A041B8FD4DAFFE990B70C9E09D36C084E02D14EF247F8BDE38ACF6256F8
B1D3B56F77FBDEB312FEA5E92CBCC1ED8FB2EBBFAA75E49A4A394BB44576545567C24D4C014D47C9
FBDFDAFD2C4F9B72F8D256452620A299F48E29E53D6B61D1C13A19E91AF013F00D17E3ABC2FC3D36
C8C1B6B93973253852DBD442E46EE8

Transformed message
FD534D42BD73D97D2BC9001BCAFAC0FDFF5FEEBCC7D6822D269CAF48904C664C0000000087000000
0000010025000000001000006ECDD2A7AFC7B47763057A041B8FD4DAFFE990B70C9E09D36C084E02
D14EF247F8BDE38ACF6256F8B1D3B56F77FBDEB312FEA5E92CBCC1ED8FB2EBBFAA75E49A4A394BB4
4576545567C24D4C014D47C9FBDFDAFD2C4F9B72F8D256452620A299F48E29E53D6B61D1C13A19E9
1AF013F00D17E3ABC2FC3D36C8C1B6B93973253852DBD442E46EE8

Decryption of the response —

Transformed message
FD534D42ACBE1CB7ED343ADF1725EF144D90D4B0E06831DD2E8EB7B4000000000000000050000000
00000100250000000010000026BBBF949983A6C1C796559D0F2C510CB651D1F7B6AC8DED32A2A0B8
F2D793A815C6F6B848D69767A215841A42D400AE6DDB5F0B44173A014973321FDD7950DA6179159B
82E03C9E18A050FF0EA1C967
transform_header.ProtocolId 0x424d53fd
transform_header.Signature 0xACBE1CB7ED343ADF1725EF144D90D4B0
transform_header.Nonce 0xE06831DD2E8EB7B40000000000000000
transform_header.OriginalMessageSize 0x50
transform_header.Reserved 0x0
transform_header.Flags 0x0001
transform_header.SessionId 0x100000000025

Key 0x748C50868C90F302962A5C35F5F9A8BF

Nonce Length 0xc
AES-128-GCM nonce 0xE06831DD2E8EB7B400000000
Decrypted SMB2 packet
FE534D4240000100000000000900010001000000000000000500000000000000FFFE000001000000
25000000001000000000000000000000000000000000000011000000170000000000000000000000
Header.Command 0x0008 READ

Encryption of the request —

Key 0xA2F5E80E5D59103034F32E52F698E5EC

Nonce Length 0xc
AES-128-GCM nonce 0xD7AA8C6D36859243B715E0A6

SMB2 packet
FE534D4240000100000000000800010008000000000000000600000000000000FFFE000001000000
25000000001000000000000000000000000000000000000031000000170000000000000000000000
060000000400000001000000040000000000000000000000000000000000000000
transform_header.ProtocolId 0x424d53fd
transform_header.Signature 0x6DAC0B6FD85A3ED42BB917DA38FE0386
transform_header.Nonce 0xD7AA8C6D36859243B715E0A600000000
transform_header.OriginalMessageSize 0x71
transform_header.Reserved 0x0
transform_header.Flags 0x0001
transform_header.SessionId 0x100000000025
Encrypted message
88A47BF09CA3C3141CDD7306BE9D9475AB24FCCB833D77461C041F8FB983D0C188F0729272B31D9D
3D0DC6B687C069EEE0CC8EACA2C536D019ACC9E185D1EB630E0FCB793EEECEB06D82A1D77706E700
DBEBFB4FEB54D7AD2D97E7288804F90757FE4D08D6A84A3FF433E7451E768E4699

Transformed message
FD534D426DAC0B6FD85A3ED42BB917DA38FE0386D7AA8C6D36859243B715E0A60000000071000000
00000100250000000010000088A47BF09CA3C3141CDD7306BE9D9475AB24FCCB833D77461C041F8F
B983D0C188F0729272B31D9D3D0DC6B687C069EEE0CC8EACA2C536D019ACC9E185D1EB630E0FCB79
3EEECEB06D82A1D77706E700DBEBFB4FEB54D7AD2D97E7288804F90757FE4D08D6A84A3FF433E745
1E768E4699

Decryption of the response —

Transformed message
FD534D427F714B3B9D8FA1198584E71C2BAA1CB6E16831DD2E8EB7B4000000000000000067000000
000001002500000000100000FECEDF4D03BB11A6CC5D8A53BE33D6D8701986342B4197D306E16F9C
BB218E92F7F8281F51CE68BB85A20D87DE90EBBF80538066D1C37513C0A58D70936D537B624F5500
202A612B6CD30D448A82791A0B2E049ED512AFAEFB06E98AB3D6F931D7D50DB2DBD36A
transform_header.ProtocolId 0x424d53fd
transform_header.Signature 0x7F714B3B9D8FA1198584E71C2BAA1CB6
transform_header.Nonce 0xE16831DD2E8EB7B40000000000000000
transform_header.OriginalMessageSize 0x67
transform_header.Reserved 0x0
transform_header.Flags 0x0001
transform_header.SessionId 0x100000000025

Key 0x748C50868C90F302962A5C35F5F9A8BF

Nonce Length 0xc
AES-128-GCM nonce 0xE16831DD2E8EB7B400000000
Decrypted SMB2 packet
FE534D4240000100000000000800010001000000000000000600000000000000FFFE000001000000
25000000001000000000000000000000000000000000000011005000170000000000000000000000
536D623320656E6372797074696F6E2074657374696E67 

Appendix A.2 Test vector with AES-CCM

— Key derivation —

Header.Command 0x0000 NEGOTIATE

Preauth integrity hash —
PreauthIntegrityCaps.HashAlgorithmCount 0x1
PreauthIntegrityCaps.SaltLength 0x20
PreauthIntegrityCaps.HashAlgorithms 0x0001
PreauthIntegrityCaps.Salt
1A05A92392E1554C072AE7B186EE7DC02CB90BEF2E639CCC94B7A9DC7B393442

Encryption capabilites —
EncryptionCaps.CipherCount 0x2
EncryptionCaps.Ciphers[0] 0x0001
EncryptionCaps.Ciphers[1] 0x0002

Connection.PreauthIntegrityHashId 0x0001

NEGOTIATE Request

Preauth integrity hash —
Current
Connection.PreauthIntegrityHashValue
00000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
Negotiate request packet
FE534D4240000100000000000000010000000000000000000000000000000000FFFE000000000000
00000000000000000000000000000000000000000000000024000500010000006600000078EA16AC
6877C34A95F7160F73EA377270000000020000000202100200030203110300000100260000000000
0100200001001A05A92392E1554C072AE7B186EE7DC02CB90BEF2E639CCC94B7A9DC7B3934420000
0200060000000000020001000200
Concatenate Connection.PreauthIntegrityHashValue and Negotiate request packet
SHA-512 Input Hash Data
00000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000FE534D42400001000000000000000100
00000000000000000000000000000000FFFE00000000000000000000000000000000000000000000
000000000000000024000500010000006600000078EA16AC6877C34A95F7160F73EA377270000000
0200000002021002000302031103000001002600000000000100200001001A05A92392E1554C072A
E7B186EE7DC02CB90BEF2E639CCC94B7A9DC7B39344200000200060000000000020001000200
New
Connection.PreauthIntegrityHashValue
A3A8A769FEA693B3D037406EF945E115D2B7A4A9318564D2CAAA4B1FE0EC36D8D92A4802619EDCF2
9E2410534D2D3749E71F76ADF5212F959210D291097A6355

NEGOTIATE Response

Updating Preauth integrity hash —
Current
Connection.PreauthIntegrityHashValue
A3A8A769FEA693B3D037406EF945E115D2B7A4A9318564D2CAAA4B1FE0EC36D8D92A4802619EDCF2
9E2410534D2D3749E71F76ADF5212F959210D291097A6355
Negotiate response packet
FE534D4240000100000000000000010001000000000000000000000000000000FFFE000000000000
000000000000000000000000000000000000000000000000410001001103020039CBCAF329714942
BDCE5D60F09AB3FB27000000000080000000800000008000D04C8443CCAED00109094AB095AED001
80004001C00100006082013C06062B0601050502A08201303082012CA01A3018060A2B0601040182
3702021E060A2B06010401823702020AA282010C048201084E45474F455854530100000000000000
60000000700000007F7CC0FD06D6362D02DDE1CF343BFE2973007DCF55CA793E082B7A257DEFE6E8
E18291ABF112C0599108C772F55CBB2A000000000000000060000000010000000000000000000000
5C33530DEAF90D4DB2EC4AE3786EC3084E45474F4558545303000000010000004000000098000000
7F7CC0FD06D6362D02DDE1CF343BFE295C33530DEAF90D4DB2EC4AE3786EC3084000000058000000
3056A05430523027802530233121301F06035504031318546F6B656E205369676E696E6720507562
6C6963204B65793027802530233121301F06035504031318546F6B656E205369676E696E67205075
626C6963204B6579010026000000000001002000010088AFA422ECC239CB16F30BA641AE4B6EE79F
5A4AF74FE18A301E9790515D07F70000020004000000000001000100
Concatenate Connection.PreauthIntegrityHashValue and Negotiate response packet
SHA-512 Input Hash Data
A3A8A769FEA693B3D037406EF945E115D2B7A4A9318564D2CAAA4B1FE0EC36D8D92A4802619EDCF2
9E2410534D2D3749E71F76ADF5212F959210D291097A6355FE534D42400001000000000000000100
01000000000000000000000000000000FFFE00000000000000000000000000000000000000000000
0000000000000000410001001103020039CBCAF329714942BDCE5D60F09AB3FB2700000000008000
0000800000008000D04C8443CCAED00109094AB095AED00180004001C00100006082013C06062B06
01050502A08201303082012CA01A3018060A2B06010401823702021E060A2B06010401823702020A
A282010C048201084E45474F45585453010000000000000060000000700000007F7CC0FD06D6362D
02DDE1CF343BFE2973007DCF55CA793E082B7A257DEFE6E8E18291ABF112C0599108C772F55CBB2A
0000000000000000600000000100000000000000000000005C33530DEAF90D4DB2EC4AE3786EC308
4E45474F45585453030000000100000040000000980000007F7CC0FD06D6362D02DDE1CF343BFE29
5C33530DEAF90D4DB2EC4AE3786EC30840000000580000003056A05430523027802530233121301F
06035504031318546F6B656E205369676E696E67205075626C6963204B6579302780253023312130
1F06035504031318546F6B656E205369676E696E67205075626C6963204B65790100260000000000
01002000010088AFA422ECC239CB16F30BA641AE4B6EE79F5A4AF74FE18A301E9790515D07F70000
020004000000000001000100
New
Connection.PreauthIntegrityHashValue
A21419AD43D5A4975326E07142734EADA33D0927738F3C1B05A65B003CCAAAE225B547045260356C
2014A21E0A3DFA9EF7B192C375BFFC5F5E766AC3261F0457

Add NEW SessionId 0x100000000021 to Preauth Integrity hash table with value
Connection.PreauthIntegrityHashValue
A21419AD43D5A4975326E07142734EADA33D0927738F3C1B05A65B003CCAAAE225B547045260356C
2014A21E0A3DFA9EF7B192C375BFFC5F5E766AC3261F0457

SESSION SETUP Request
PreauthSession.SessionId 0x100000000021
Current
PreauthSession.PreauthIntegrityHashValue
A21419AD43D5A4975326E07142734EADA33D0927738F3C1B05A65B003CCAAAE225B547045260356C
2014A21E0A3DFA9EF7B192C375BFFC5F5E766AC3261F0457
SessionSetup request packet
FE534D4240000100000000000100800000000000000000000100000000000000FFFE000000000000
00000000000000000000000000000000000000000000000019000001010000000000000058004A00
0000000000000000604806062B0601050502A03E303CA00E300C060A2B06010401823702020AA22A
04284E544C4D5353500001000000978208E200000000000000000000000000000000060380250000
000F
Concatenate PreauthSession.PreauthIntegrityHashValue and Session Setup request packet
SHA-512 Input Hash Data 
A21419AD43D5A4975326E07142734EADA33D0927738F3C1B05A65B003CCAAAE225B547045260356C
2014A21E0A3DFA9EF7B192C375BFFC5F5E766AC3261F0457FE534D42400001000000000001008000
00000000000000000100000000000000FFFE00000000000000000000000000000000000000000000
000000000000000019000001010000000000000058004A000000000000000000604806062B060105
0502A03E303CA00E300C060A2B06010401823702020AA22A04284E544C4D53535000010000009782
08E200000000000000000000000000000000060380250000000F
PreauthSession.PreauthIntegrityHashValue
FD10D68FFBB5D94DD483DE14DC8AF92B4D2D8517A5D245FE091C93050AC56239B3B829F74CB25451
276248F12279DCC027C9B53841A67052A617C32C93CBA8C2

SESSION SETUP Response

 — STATUS_MORE_PROCESSING_REQUIRED – Updating Preauth integrity hash —
PreauthSession.SessionId 0x100000000021
Current
PreauthSession.PreauthIntegrityHashValue
FD10D68FFBB5D94DD483DE14DC8AF92B4D2D8517A5D245FE091C93050AC56239B3B829F74CB25451
276248F12279DCC027C9B53841A67052A617C32C93CBA8C2
SessionSetup response packet
FE534D4240000100160000C00100010001000000000000000100000000000000FFFE000000000000
210000000010000000000000000000000000000000000000090000004800B300A181B03081ADA003
0A0101A10C060A2B06010401823702020AA281970481944E544C4D53535000020000000C000C0038
00000015828AE29296836B33F712E0000000000000000050005000440000000A0092270000000F53
005500540033003100310002000C0053005500540033003100310001000C00530055005400330031
00310004000C0053005500540033003100310003000C005300550054003300310031000700080019
C69C43CCAED00100000000
SessionSetup response header signature 0x00000000000000000000000000000000
Concatenate PreauthSession.PreauthIntegrityHashValue and Session Setup response packet
SHA-512 Input Hash Data
FD10D68FFBB5D94DD483DE14DC8AF92B4D2D8517A5D245FE091C93050AC56239B3B829F74CB25451
276248F12279DCC027C9B53841A67052A617C32C93CBA8C2FE534D4240000100160000C001000100
01000000000000000100000000000000FFFE00000000000021000000001000000000000000000000
0000000000000000090000004800B300A181B03081ADA0030A0101A10C060A2B0601040182370202
0AA281970481944E544C4D53535000020000000C000C003800000015828AE29296836B33F712E000
0000000000000050005000440000000A0092270000000F53005500540033003100310002000C0053
005500540033003100310001000C0053005500540033003100310004000C00530055005400330031
00310003000C005300550054003300310031000700080019C69C43CCAED00100000000
PreauthSession.PreauthIntegrityHashValue
2AA0A0D736D4A3BE4A2FA06B20EEBF02635543C0310F72595ACEAF9893BBE647D9C753175215BB24
71DF365D4FC77AB8D168ECC91ABC02C4611D2AAC33181967

SESSION SETUP Request
PreauthSession.SessionId 0x100000000021
Current
PreauthSession.PreauthIntegrityHashValue
2AA0A0D736D4A3BE4A2FA06B20EEBF02635543C0310F72595ACEAF9893BBE647D9C753175215BB24
71DF365D4FC77AB8D168ECC91ABC02C4611D2AAC33181967
SessionSetup request packet
FE534D4240000100000000000100800000000000000000000200000000000000FFFE000000000000
2100000000100000000000000000000000000000000000001900000101000000000000005800CF01
0000000000000000A18201CB308201C7A0030A0101A28201AA048201A64E544C4D53535000030000
001800180090000000EE00EE00A80000000C000C00580000001A001A0064000000120012007E0000
001000100096010000158288E2060380250000000F3E492B87B2606D263031D0D12B6AD267530055
005400330031003100610064006D0069006E006900730074007200610074006F0072004400520049
005600450052003300310031000000000000000000000000000000000000000000000000009AEF57
4DBD2E8A323B017ED361EEA14B010100000000000019C69C43CCAED00176AC9CBD38378531000000
0002000C0053005500540033003100310001000C0053005500540033003100310004000C00530055
00540033003100310003000C005300550054003300310031000700080019C69C43CCAED001060004
00020000000800300030000000000000000000000000300000B61FEFCAA857EA57BF1EDCEBF8974B
8E0EBA5A6DFD9D07A31D11B548F8C9D0CC0A00100000000000000000000000000000000000090016
0063006900660073002F005300550054003300310031000000000000000000000000005E621187A7
5CC18E3982494ECC4793B7A3120410010000005C661B9E6BE0F1E500000000
Concatenate PreauthSession.PreauthIntegrityHashValue and Session Setup request packet
SHA-512 Input Hash Data 
2AA0A0D736D4A3BE4A2FA06B20EEBF02635543C0310F72595ACEAF9893BBE647D9C753175215BB24
71DF365D4FC77AB8D168ECC91ABC02C4611D2AAC33181967FE534D42400001000000000001008000
00000000000000000200000000000000FFFE00000000000021000000001000000000000000000000
00000000000000001900000101000000000000005800CF010000000000000000A18201CB308201C7
A0030A0101A28201AA048201A64E544C4D53535000030000001800180090000000EE00EE00A80000
000C000C00580000001A001A0064000000120012007E0000001000100096010000158288E2060380
250000000F3E492B87B2606D263031D0D12B6AD267530055005400330031003100610064006D0069
006E006900730074007200610074006F007200440052004900560045005200330031003100000000
0000000000000000000000000000000000000000009AEF574DBD2E8A323B017ED361EEA14B010100
000000000019C69C43CCAED00176AC9CBD383785310000000002000C005300550054003300310031
0001000C0053005500540033003100310004000C0053005500540033003100310003000C00530055
0054003300310031000700080019C69C43CCAED00106000400020000000800300030000000000000
000000000000300000B61FEFCAA857EA57BF1EDCEBF8974B8E0EBA5A6DFD9D07A31D11B548F8C9D0
CC0A001000000000000000000000000000000000000900160063006900660073002F005300550054
003300310031000000000000000000000000005E621187A75CC18E3982494ECC4793B7A312041001
0000005C661B9E6BE0F1E500000000
PreauthSession.PreauthIntegrityHashValue
DECF98A420718718F22090D3580FCC5E484BD310FA1268210C6E86335A8891E767F5BCD99FA5A785
9D665AD07A73EA94E1BCDB7CFA69A6962A28A244138340B1

SESSION SETUP Response
SessionId 0x100000000021 COMPLETED
SessionSetup response packet
FE534D4240000100000000000100800009000000000000000200000000000000FFFE000000000000
21000000001000003676196AEE8CA17E5D50A53642EF2BE40900000048001D00A11B3019A0030A01
00A3120410010000000F57444342A2717E00000000
SessionSetup response header signature 0x3676196AEE8CA17E5D50A53642EF2BE4
PreauthSession.PreauthIntegrityHashValue
DECF98A420718718F22090D3580FCC5E484BD310FA1268210C6E86335A8891E767F5BCD99FA5A785
9D665AD07A73EA94E1BCDB7CFA69A6962A28A244138340B1

Input cryptographicKey (SessionKey) 0x07B7F69C1E2581662DF6987E88F9E891
(queried from GSS authenticated context)

— Dialect 0x0311 —
preauthIntegrityHashValue
DECF98A420718718F22090D3580FCC5E484BD310FA1268210C6E86335A8891E767F5BCD99FA5A785
9D665AD07A73EA94E1BCDB7CFA69A6962A28A244138340B1
CypherId 0x0001
SessionKey 0x07B7F69C1E2581662DF6987E88F9E891
SigningKey 0x3DCC82C5795AE27F383242761078C59B
EncryptionKey 0xDFAAA31AAE40A2485D47AC4DF09FDA1D
DecryptionKey 0x95C544AEF6072680DA1CE49A68A97FA6
ApplicationKey 0x7A2F0F73EC2D530879B2913BBFCE242F

— Encryption —

SessionId 0x100000000021
SessionKey 0x07B7F69C1E2581662DF6987E88F9E891
SigningKey 0x3DCC82C5795AE27F383242761078C59B
EncryptionKey 0xDFAAA31AAE40A2485D47AC4DF09FDA1D
DecryptionKey 0x95C544AEF6072680DA1CE49A68A97FA6
ApplicationKey 0x7A2F0F73EC2D530879B2913BBFCE242F
Header.Command 0x0009 WRITE

Encryption of the request —

Key 0xDFAAA31AAE40A2485D47AC4DF09FDA1D

Nonce Length 0xb
AES-128-CCM nonce 0x9F6F1EAAD7E9F24AACD38F

SMB2 packet
FE534D4240000100000000000900010008000000000000000500000000000000FFFE000001000000
21000000001000000000000000000000000000000000000031007000170000000000000000000000
0500000004000000010000000400000000000000000000007000000000000000536D623320656E63
72797074696F6E2074657374696E67
transform_header.ProtocolId 0x424d53fd
transform_header.Signature 0xE89551D666DAB8993488F5A97103116C
transform_header.Nonce 0x9F6F1EAAD7E9F24AACD38F0000000000
transform_header.OriginalMessageSize 0x87
transform_header.Reserved 0x0
transform_header.Flags 0x0001
transform_header.SessionId 0x100000000021
Encrypted message
56A74778199A9D2B6E9C3A376FD88D27680694FED253A313BEB07381AE8689F973ACDB8D716E4477
803BCE53A92E1B81FA3E965AD9AF2C89C08CE66A344664453B8FC88118EDC9814CF58E92AA465E6E
FB09958A9FDAD96FBD55B36A710C30D5E7C64AD7B9449F9F17EDD024FE8BA79154F340A82740D1D5
180C69B0A2DE6A4BA893BD55D3210E

Transformed message
FD534D42E89551D666DAB8993488F5A97103116C9F6F1EAAD7E9F24AACD38F000000000087000000
00000100210000000010000056A74778199A9D2B6E9C3A376FD88D27680694FED253A313BEB07381
AE8689F973ACDB8D716E4477803BCE53A92E1B81FA3E965AD9AF2C89C08CE66A344664453B8FC881
18EDC9814CF58E92AA465E6EFB09958A9FDAD96FBD55B36A710C30D5E7C64AD7B9449F9F17EDD024
FE8BA79154F340A82740D1D5180C69B0A2DE6A4BA893BD55D3210E

Decryption of the response —

Transformed message
FD534D42DD33EC41A927DD51476FE887C2D3C136D96831DD2E8EB7B4000000000000000050000000
000001002100000000100000F783157E0F6F1C055D746753CA16D20C21088E2A67564E056C2F68A7
F14F226C3BD809B7A2D52E5FE4ECF49821BC6001733430CF174E2764B3CCB213AAD8BB9FBAF6C15E
13D9120965390E004A96A3F7
transform_header.ProtocolId 0x424d53fd
transform_header.Signature 0xDD33EC41A927DD51476FE887C2D3C136
transform_header.Nonce 0xD96831DD2E8EB7B40000000000000000
transform_header.OriginalMessageSize 0x50
transform_header.Reserved 0x0
transform_header.Flags 0x0001
transform_header.SessionId 0x100000000021

Key 0x95C544AEF6072680DA1CE49A68A97FA6

Nonce Length 0xb
AES-128-CCM nonce 0xD96831DD2E8EB7B4000000
Decrypted SMB2 packet
FE534D4240000100000000000900010001000000000000000500000000000000FFFE000001000000
21000000001000000000000000000000000000000000000011000000170000000000000000000000
Header.Command 0x0008 READ

Encryption of the request —

Key 0xDFAAA31AAE40A2485D47AC4DF09FDA1D

Nonce Length 0xb
AES-128-CCM nonce 0xA0F92E964EDC3049B86E19

SMB2 packet
FE534D4240000100000000000800010008000000000000000600000000000000FFFE000001000000
21000000001000000000000000000000000000000000000031000000170000000000000000000000
050000000400000001000000040000000000000000000000000000000000000000
transform_header.ProtocolId 0x424d53fd
transform_header.Signature 0x35BF9600C841F0CDA9BD1BC3727B7E36
transform_header.Nonce 0xA0F92E964EDC3049B86E190000000000
transform_header.OriginalMessageSize 0x71
transform_header.Reserved 0x0
transform_header.Flags 0x0001
transform_header.SessionId 0x100000000021
Encrypted message
C4CCD3EB483A0638E69C99E391E7F64BCC10D6BEE46FEEA258C4BCAF792CB5A6E69283924081806D
AB64827E9D14A5345D5221AB6DAFCB0E89FC2606B63D92163F4F6C93D1213D86ABF123B93EAD3AEF
9A3471EFD68A423A00A6E0064D9AE3C842EFFFAD236A3BF25D37F4CD054C97DE18

Transformed message
FD534D4235BF9600C841F0CDA9BD1BC3727B7E36A0F92E964EDC3049B86E19000000000071000000
000001002100000000100000C4CCD3EB483A0638E69C99E391E7F64BCC10D6BEE46FEEA258C4BCAF
792CB5A6E69283924081806DAB64827E9D14A5345D5221AB6DAFCB0E89FC2606B63D92163F4F6C93
D1213D86ABF123B93EAD3AEF9A3471EFD68A423A00A6E0064D9AE3C842EFFFAD236A3BF25D37F4CD
054C97DE18

Decryption of the response —

Transformed message
FD534D42E241A13C7E1EE42ECF1FD69F3B8668C6DA6831DD2E8EB7B4000000000000000067000000
00000100210000000010000015D67234FC8358D7BA1BF037ABC8EFD41A0A8F9BB04B16DEB1E85606
BD8C2770823FE6239A286CB3E3D5762ABBD53FD8DE11ED491FE905E146A8FFCE09414AB741103D63
7E28B19C6BA759B399DCC21FAE24CF2A455A13B215FC2857ABB513927F9F271D1C208B
transform_header.ProtocolId 0x424d53fd
transform_header.Signature 0xE241A13C7E1EE42ECF1FD69F3B8668C6
transform_header.Nonce 0xDA6831DD2E8EB7B40000000000000000
transform_header.OriginalMessageSize 0x67
transform_header.Reserved 0x0
transform_header.Flags 0x0001
transform_header.SessionId 0x100000000021

Key 0x95C544AEF6072680DA1CE49A68A97FA6

Nonce Length 0xb
AES-128-CCM nonce 0xDA6831DD2E8EB7B4000000
Decrypted SMB2 packet
FE534D4240000100000000000800010001000000000000000600000000000000FFFE000001000000
21000000001000000000000000000000000000000000000011005000170000000000000000000000
536D623320656E6372797074696F6E2074657374696E67 

Appendix B. How to disable SMB1 on Windows

 See [KB2696547] https://support.microsoft.com/en-us/kb/2696547

In Windows 8.1 / Server 2012 R2:
•To remove SMB1, use the following PowerShell cmdlet:
Remove-WindowsFeature FS-SMB1
•To add SMB1 feature:
Add-WindowsFeature FS-SMB1

Windows Client

•To disable SMBv1 on the SMB client, run the following commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled

•To enable SMBv1 on the SMB client, run the following commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb10 start= auto

Windows Server

In Windows Server 2012 R2:
Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol
•To disable SMBv1 on the SMB server, run the following cmdlet:
Set-SmbServerConfiguration -EnableSMB1Protocol $false
•To enable SMBv1 on the SMB server, run the following cmdlet:
Set-SmbServerConfiguration -EnableSMB1Protocol $true

In older server versions:
•To disable SMBv1 on the SMB server, run the following cmdlet:
Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Type DWORD -Value 0 –Force
•To enable SMBv1 on the SMB server, run the following cmdlet:
Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Type DWORD -Value 1 –Force

[References]

Encryption in SMB 3.0: A protocol perspective
http://blogs.msdn.com/b/openspecification/archive/2012/10/05/encryption-in-smb-3-0-a-protocol-perspective.aspx

What’s new in SMB 3.1.1 in the Windows Server 2016 Technical Preview 2
http://blogs.technet.com/b/josebda/archive/2015/05/05/what-s-new-in-smb-3-1-1-in-the-windows-server-technical-preview-2.aspx

[MS-SMB2]: Server Message Block (SMB) Protocol Versions 2 and 3 Specification

https://msdn.microsoft.com/en-us/library/cc246482.aspx 

[SP800-108] National Institute of Standards and Technology. “Special Publication 800-108, Recommendation for Key Derivation Using Pseudorandom Functions”, October 2009, http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf

[RFC5084] Housley, R., “Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS)”, RFC 5084, November 2007, http://www.ietf.org/rfc/rfc5084.txt

SMB3 Secure Dialect Negotiation
http://blogs.msdn.com/b/openspecification/archive/2012/06/28/smb3-secure-dialect-negotiation.aspx

How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012
https://support.microsoft.com/en-us/kb/2696547

SMB3 PowerShell changes in Windows Server 2012 R2: SMB1 can now be completely removed
http://blogs.technet.com/b/josebda/archive/2014/08/11/smb3-powershell-changes-in-windows-server-2012-r2-smb1-can-now-be-completely-removed.aspx

 

Comments (0)

Skip to main content