Module: RubySMB::Server::ServerClient::Encryption

Included in:
RubySMB::Server::ServerClient
Defined in:
lib/ruby_smb/server/server_client/encryption.rb

Overview

Contains the methods for handling encryption / decryption

Instance Method Summary collapse

Instance Method Details

#smb3_decrypt(encrypted_request, session) ⇒ Object

Raises:



36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
# File 'lib/ruby_smb/server/server_client/encryption.rb', line 36

def smb3_decrypt(encrypted_request, session)
  encryption_algorithm = SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP[@cipher_id]
  raise RubySMB::Error::EncryptionError.new('The encryption algorithm has not been set') if encryption_algorithm.nil?

  key_bit_len = OpenSSL::Cipher.new(encryption_algorithm).key_len * 8

  case @dialect
  when '0x0300', '0x0302'
    client_encryption_key = RubySMB::Crypto::KDF.counter_mode(
      session.key,
      "SMB2AESCCM\x00",
      "ServerIn \x00",
      length: key_bit_len
    )
  when '0x0311'
    client_encryption_key = RubySMB::Crypto::KDF.counter_mode(
      session.key,
      "SMBC2SCipherKey\x00",
      @preauth_integrity_hash_value,
      length: key_bit_len
    )
  else
    raise RubySMB::Error::EncryptionError.new('Dialect is incompatible with SMBv3 encryption')
  end

  encrypted_request.decrypt(client_encryption_key, algorithm: encryption_algorithm)
end

#smb3_encrypt(data, session) ⇒ Object

Raises:



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/ruby_smb/server/server_client/encryption.rb', line 6

def smb3_encrypt(data, session)
  encryption_algorithm = SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP[@cipher_id]
  raise RubySMB::Error::EncryptionError.new('The encryption algorithm has not been set') if encryption_algorithm.nil?

  key_bit_len = OpenSSL::Cipher.new(encryption_algorithm).key_len * 8

  case @dialect
  when '0x0300', '0x0302'
    server_encryption_key = RubySMB::Crypto::KDF.counter_mode(
      session.key,
      "SMB2AESCCM\x00",
      "ServerOut\x00",
      length: key_bit_len
    )
  when '0x0311'
    server_encryption_key = RubySMB::Crypto::KDF.counter_mode(
      session.key,
      "SMBS2CCipherKey\x00",
      @preauth_integrity_hash_value,
      length: key_bit_len
    )
  else
    raise RubySMB::Error::EncryptionError.new('Dialect is incompatible with SMBv3 decryption')
  end

  th = RubySMB::SMB2::Packet::TransformHeader.new(flags: 1, session_id: session.id)
  th.encrypt(data, server_encryption_key, algorithm: encryption_algorithm)
  th
end