public static byte[] EncryptMessage(byte[] key, byte[] nonce, byte[] message, ulong sessionID, out byte[] signature)
{
SMB2TransformHeader transformHeader = CreateTransformHeader(nonce, message.Length, sessionID);
byte[] associatedata = transformHeader.GetAssociatedData();
return(AesCcm.Encrypt(key, nonce, message, associatedata, SMB2TransformHeader.SignatureLength, out signature));
}
/// <summary>
/// Encyrpt message and prefix with SMB2 TransformHeader
/// </summary>
public static byte[] TransformMessage(byte[] key, byte[] message, ulong sessionID)
{
byte[] nonce = GenerateAesCcmNonce();
byte[] encryptedMessage = EncryptMessage(key, nonce, message, sessionID, out byte[] signature);
SMB2TransformHeader transformHeader = CreateTransformHeader(nonce, message.Length, sessionID);
transformHeader.Signature = signature;
byte[] buffer = new byte[SMB2TransformHeader.Length + message.Length];
transformHeader.WriteBytes(buffer, 0);
ByteWriter.WriteBytes(buffer, SMB2TransformHeader.Length, encryptedMessage);
return(buffer);
}
private static SMB2TransformHeader CreateTransformHeader(byte[] nonce, int originalMessageLength, ulong sessionID)
{
byte[] nonceWithPadding = new byte[SMB2TransformHeader.NonceLength];
Array.Copy(nonce, nonceWithPadding, nonce.Length);
SMB2TransformHeader transformHeader = new SMB2TransformHeader();
transformHeader.Nonce = nonceWithPadding;
transformHeader.OriginalMessageSize = (uint)originalMessageLength;
transformHeader.Flags = SMB2TransformHeaderFlags.Encrypted;
transformHeader.SessionId = sessionID;
return(transformHeader);
}
public static byte[] DecryptMessage(byte[] key, SMB2TransformHeader transformHeader, byte[] encryptedMessage)
{
byte[] associatedData = transformHeader.GetAssociatedData();
byte[] aesCcmNonce = ByteReader.ReadBytes(transformHeader.Nonce, 0, AesCcmNonceLength);
return(AesCcm.DecryptAndAuthenticate(key, aesCcmNonce, encryptedMessage, associatedData, transformHeader.Signature));
}