s3:smbd: really support AES-256* in the server

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14764

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 20 16:13:28 UTC 2021 on sn-devel-184

(cherry picked from commit 0ac71061044e2ee47f4de3a319ad2386128066fc)

diff --git a/selftest/knownfail.d/smb2.session b/selftest/knownfail.d/smb2.session
index e0ab185c5436d63334862c07ecb52670c4fc4230..a85fb37bf95429918e01e41363c6fdd039c8e92d 100644 (file)
--- a/selftest/knownfail.d/smb2.session
+++ b/selftest/knownfail.d/smb2.session
@@ -2,6 +2,3 @@
 # we required the same client guid for session binds
 ^samba3.smb2.session.*.bind_negative_smb3signCtoHd
 ^samba3.smb2.session.*.bind_negative_smb3signHtoCd
-# aes-256-* is not fully working yet
-^samba3.smb2.session.*.encryption-aes-256-ccm
-^samba3.smb2.session.*.encryption-aes-256-gcm

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 8cbad36cc7b7cfa14fff2d5e4c794821bb564308..38049e8535f205d22df58ef8f403c27e2d8dff42 100644 (file)
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -346,6 +346,12 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
                case SMB2_ENCRYPTION_AES128_GCM:
                        nonce_size = gnutls_cipher_get_iv_size(GNUTLS_CIPHER_AES_128_GCM);
                        break;
+               case SMB2_ENCRYPTION_AES256_CCM:
+                       nonce_size = SMB2_AES_128_CCM_NONCE_SIZE;
+                       break;
+               case SMB2_ENCRYPTION_AES256_GCM:
+                       nonce_size = gnutls_cipher_get_iv_size(GNUTLS_CIPHER_AES_256_GCM);
+                       break;
                default:
                        nonce_size = 0;
                        break;