Module: RubySMB::Client::Encryption

Included in:
RubySMB::Client
Defined in:
lib/ruby_smb/client/encryption.rb

Overview

Contains the methods for handling encryption / decryption

Instance Method Summary collapse

Instance Method Details

#smb3_decrypt(th) ⇒ Object



40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# File 'lib/ruby_smb/client/encryption.rb', line 40

def smb3_decrypt(th)
  unless @server_encryption_key
    raise RubySMB::Error::EncryptionError.new('The encryption algorithm has not been set') if @encryption_algorithm.nil?

    key_bit_len = OpenSSL::Cipher.new(@encryption_algorithm).key_len * 8

    case @dialect
    when '0x0300', '0x0302'
      @server_encryption_key = RubySMB::Crypto::KDF.counter_mode(
        @session_key,
        "SMB2AESCCM\x00",
        "ServerOut\x00",
        length: key_bit_len
      )
    when '0x0311'
      @server_encryption_key = RubySMB::Crypto::KDF.counter_mode(
        @session_key,
        "SMBS2CCipherKey\x00",
        @preauth_integrity_hash_value,
        length: key_bit_len
      )
    else
      raise RubySMB::Error::EncryptionError.new('Dialect is incompatible with SMBv3 decryption')
    end
    ######
    # DEBUG
    #puts "Server encryption key = #{@server_encryption_key.each_byte.map {|e| '%02x' % e}.join}"
    ######
  end

  th.decrypt(@server_encryption_key, algorithm: @encryption_algorithm)
end

#smb3_encrypt(data) ⇒ Object



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# File 'lib/ruby_smb/client/encryption.rb', line 5

def smb3_encrypt(data)
  unless @client_encryption_key
    raise RubySMB::Error::EncryptionError.new('The encryption algorithm has not been set') if @encryption_algorithm.nil?

    key_bit_len = OpenSSL::Cipher.new(@encryption_algorithm).key_len * 8

    case @dialect
    when '0x0300', '0x0302'
      @client_encryption_key = RubySMB::Crypto::KDF.counter_mode(
        @session_key,
        "SMB2AESCCM\x00",
        "ServerIn \x00",
        length: key_bit_len
      )
    when '0x0311'
      @client_encryption_key = RubySMB::Crypto::KDF.counter_mode(
        @session_key,
        "SMBC2SCipherKey\x00",
        @preauth_integrity_hash_value,
        length: key_bit_len
      )
    else
      raise RubySMB::Error::EncryptionError.new('Dialect is incompatible with SMBv3 encryption')
    end
    ######
    # DEBUG
    #puts "Client encryption key = #{@client_encryption_key.each_byte.map {|e| '%02x' % e}.join}"
    ######
  end

  th = RubySMB::SMB2::Packet::TransformHeader.new(flags: 1, session_id: @session_id)
  th.encrypt(data, @client_encryption_key, algorithm: @encryption_algorithm)
  th
end