private Smb2Packet DecodeEncryptedSmb2Packet( byte[] messageBytes, Smb2Role role, ulong realSessionId, uint realTreeId, out int consumedLength, out int expectedLength ) { Transform_Header transformHeader; var decryptedBytes = Smb2Crypto.Decrypt(messageBytes, cryptoInfoTable, decodeRole, out transformHeader); if (transformHeader.OriginalMessageSize != decryptedBytes.Length) { throw new InvalidOperationException("[MS-SMB2] section 3.3.5.2.1.1 OriginalMessageSize in TRANSFORM_HEADER does not match received message size."); } byte[] protocolVersion = new byte[sizeof(uint)]; Array.Copy(decryptedBytes, 0, protocolVersion, 0, protocolVersion.Length); SmbVersion version = DecodeVersion(protocolVersion); if (version == SmbVersion.Version2Compressed) { return(DecodeCompressedSmb2Packet( decryptedBytes, role, realSessionId, realTreeId, out consumedLength, out expectedLength, transformHeader )); } else if (version == SmbVersion.Version2) { return(DecodeSmb2Packet( decryptedBytes, role, realSessionId, realTreeId, out consumedLength, out expectedLength, transformHeader )); } else { throw new InvalidOperationException("Unkown ProtocolId!"); } }
private Smb2Packet DecodeEncryptedSmb2Packet( byte[] messageBytes, Smb2Role role, ulong realSessionId, uint realTreeId, out int consumedLength, out int expectedLength ) { Transform_Header transformHeader; var decryptedBytes = Smb2Crypto.Decrypt(messageBytes, cryptoInfoTable, decodeRole, out transformHeader); byte[] protocolVersion = new byte[sizeof(uint)]; Array.Copy(decryptedBytes, 0, protocolVersion, 0, protocolVersion.Length); SmbVersion version = DecodeVersion(protocolVersion); if (version == SmbVersion.Version2Compressed) { return(DecodeCompressedSmb2Packet( decryptedBytes, role, realSessionId, realTreeId, out consumedLength, out expectedLength, transformHeader )); } else if (version == SmbVersion.Version2) { return(DecodeSmb2Packet( decryptedBytes, role, realSessionId, realTreeId, out consumedLength, out expectedLength, transformHeader )); } else { throw new InvalidOperationException("Unkown ProtocolId!"); } }
/// <summary> /// Decode the message except length field which may exist if transport is tcp /// </summary> /// <param name="messageBytes">The received packet</param> /// <param name="role">The role of this decoder, client or server</param> /// <param name="ignoreCompoundFlag">indicate whether decode the packet as a single packet or a compound packet /// when compound flag is set</param> /// <param name="realSessionId">The real sessionId for this packet</param> /// <param name="realTreeId">The real treeId for this packet</param> /// <param name="consumedLength">[OUT]The consumed length of the message</param> /// <param name="expectedLength">[OUT]The expected length</param> /// <returns>A Smb2Packet</returns> public Smb2Packet DecodeCompletePacket( byte[] messageBytes, Smb2Role role, bool ignoreCompoundFlag, ulong realSessionId, uint realTreeId, out int consumedLength, out int expectedLength ) { //protocol version is of 4 bytes len byte[] protocolVersion = new byte[sizeof(uint)]; Array.Copy(messageBytes, 0, protocolVersion, 0, protocolVersion.Length); SmbVersion version = DecodeVersion(protocolVersion); if (version == SmbVersion.Version1) { // SMB Negotiate packet return(DecodeSmbPacket(messageBytes, role, out consumedLength, out expectedLength)); } else if (version == SmbVersion.Version2Encrypted) { // SMB2 encrypted packet return(DecodeEncryptedSmb2Packet( messageBytes, role, ignoreCompoundFlag, realSessionId, realTreeId, out consumedLength, out expectedLength )); } else { // SMB2 packet not encrypted Smb2Packet decodedPacket = DecodeSmb2Packet( messageBytes, role, ignoreCompoundFlag, realSessionId, realTreeId, out consumedLength, out expectedLength ); //For single packet signature verification if (decodedPacket is Smb2SinglePacket) { //verify signature of a single packet Smb2SinglePacket singlePacket = decodedPacket as Smb2SinglePacket; TryVerifySignatureExceptSessionSetupResponse(singlePacket, singlePacket.Header.SessionId, messageBytes); } else if (decodedPacket is Smb2CompoundPacket)//For Compound packet signature verification { //verify signature of the compound packet TryVerifySignature(decodedPacket as Smb2CompoundPacket, messageBytes); } return(decodedPacket); } }