From 0ac71061044e2ee47f4de3a319ad2386128066fc Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 15 Jul 2021 13:20:22 +0200
Subject: [PATCH] s3:smbd: really support AES-256* in the server

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14764

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 20 16:13:28 UTC 2021 on sn-devel-184
---
 selftest/knownfail.d/smb2.session | 3 ---
 source3/smbd/smb2_sesssetup.c     | 6 ++++++
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/selftest/knownfail.d/smb2.session b/selftest/knownfail.d/smb2.session
index e0ab185c543..a85fb37bf95 100644
--- a/selftest/knownfail.d/smb2.session
+++ b/selftest/knownfail.d/smb2.session
@@ -2,6 +2,3 @@
 # we required the same client guid for session binds
 ^samba3.smb2.session.*.bind_negative_smb3signCtoHd
 ^samba3.smb2.session.*.bind_negative_smb3signHtoCd
-# aes-256-* is not fully working yet
-^samba3.smb2.session.*.encryption-aes-256-ccm
-^samba3.smb2.session.*.encryption-aes-256-gcm
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 8cbad36cc7b..38049e8535f 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -346,6 +346,12 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
 		case SMB2_ENCRYPTION_AES128_GCM:
 			nonce_size = gnutls_cipher_get_iv_size(GNUTLS_CIPHER_AES_128_GCM);
 			break;
+		case SMB2_ENCRYPTION_AES256_CCM:
+			nonce_size = SMB2_AES_128_CCM_NONCE_SIZE;
+			break;
+		case SMB2_ENCRYPTION_AES256_GCM:
+			nonce_size = gnutls_cipher_get_iv_size(GNUTLS_CIPHER_AES_256_GCM);
+			break;
 		default:
 			nonce_size = 0;
 			break;