3.1.4.1 Signing An Outgoing Message

  • Article

If the client or server sending the message requires that the message be signed, it provides the message length, the buffer containing the message, and the key to use for signing. The following steps describe the signing process:

  1. The sender MUST zero out the 16-byte signature field in the SMB2 Header of the message to be sent prior to generating the signature.

  2. If Connection.Dialect belongs to the SMB 3.x dialect family

    • If Connection.Dialect is “3.1.1” and Connection.SigningAlgorithmId is not empty, the sender MUST use Connection.SigningAlgorithmId to generate the signature. If Connection.SigningAlgorithmId is AES-GMAC, Nonce specified in [RFC4543], MUST be initialized to 12 bytes with the following syntax:

      • First 8 bytes are set to MessageId.

      • Following 4 bytes are set as follows: If the sender is a client, least significant bit is set to zero, otherwise set to 1. If the message is SMB2 CANCEL request, the penultimate bit is set to 1, otherwise set to zero. Remaining 30 bits are set to zero.

    • Otherwise, the sender MUST use AES-128-CMAC as specified in [RFC4493] to generate the signature.

    • A 16-byte hash MUST be computed over the entire message, beginning with the SMB2 Header from step 1, and using the key provided. If the message is part of a compounded chain, any padding at the end of the message MUST be used in the hash computation. The sender MUST copy the 16-byte hash into the signature field of the SMB2 Header.

  3. If Connection.Dialect is "2.0.2" or "2.1", the sender MUST compute a 32-byte hash using HMAC-SHA256 over the entire message, beginning with the SMB2 Header from step 1, and using the key provided. The HMAC-SHA256 is specified in [FIPS180-4] and [RFC2104]. If the message is part of a compounded chain, any padding at the end of the message MUST be used in the hash computation. The first 16 bytes (the high-order portion) of the hash MUST be copied (beginning with the first, most significant, byte) into the 16-byte signature field of the SMB2 Header.

Determining when a client will sign an outgoing message is specified in 3.2.4.1.1, and determining when a server will sign an outgoing message is specified in 3.3.4.1.1.