java.util.Arrays.fill(this.nonce, (byte) 0);
            System.arraycopy(nonce, 0, this.nonce, 0, 12);
        } else if (nonce.length == 16) {
            // For GCM cipher, use full 16-byte nonce
            System.arraycopy(nonce, 0, this.nonce, 0, 16);
        } else {
            throw new IllegalArgumentException("Nonce must be 12 bytes (CCM) or 16 bytes (GCM)");
        }

            }

            final String nonce = (String) claimsSet.getClaim("nonce");
            if (logger.isDebugEnabled()) {
                logger.debug("nonce={}", nonce);
            }
            if (StringUtils.isEmpty(nonce) || !nonce.equals(stateData.getNonce())) {
                throw new SsoLoginException("could not validate nonce");
            }

        return metrics;
    }

    /**
     * Generate a unique nonce for encryption following SMB3 specification.
     * Uses SMB3-compliant nonce generation with guaranteed uniqueness.
     *
     * @return nonce appropriate for the dialect (16 bytes for GCM, 12 bytes for CCM)
     */
    public byte[] generateNonce() {
        final byte[] nonce = new byte[isGCMCipher() ? 16 : 12];

        if (isGCMCipher()) {

            byte[] nonce = context.generateNonce();
            assertNotNull(nonce, "Nonce should not be null");
            assertTrue(nonce.length > 0, "Nonce should have length > 0");

            // Convert to string for uniqueness check
            String nonceStr = Arrays.toString(nonce);
            assertFalse(nonces.contains(nonceStr), "Nonce should be unique");
            nonces.add(nonceStr);

			return
		}
		copy(objectEncryptionKey[:], key)

		var nonce [12]byte
		tmp := sha256.Sum256(fmt.Append(nil, uploadID, partID))
		copy(nonce[:], tmp[:12])

		partEncryptionKey := objectEncryptionKey.DerivePartKey(uint32(partID))
		encReader, err := sio.EncryptReader(reader, sio.Config{
			Key:   partEncryptionKey[:],
			Nonce: &nonce,
		})
		if err != nil {

     * @param password
     *            The user's password.
     * @param challenge
     *            The server challenge.
     * @param clientChallenge
     *            The client challenge (nonce).
     * @return the calculated response
     * @throws GeneralSecurityException if a cryptographic error occurs
     */

- **Pre-Authentication Integrity**: SMB 3.1.1 PAI for preventing downgrade attacks
- **Automatic Detection**: Encryption automatically enabled when servers require it
- **Secure Key Management**: Proper key derivation and nonce generation

### Core Features
- **Per-context configuration**: No global state, each context encapsulates configuration
- **Authentication**: NTLM, Kerberos, SPNEGO unified subsystem

tTable, aes.EncryptionKeySchedul(&g.cipher)) } func seal(out []byte, g *GCM, nonce, plaintext, data []byte) { if !supportsAESGCM { sealGeneric(out, g, nonce, plaintext, data) return } var counter, tagMask [gcmBlockSize]byte if len(nonce) == gcmStandardNonceSize { // Init counter to nonce||1 copy(counter[:], nonce) counter[gcmBlockSize-1] = 1 } else { // Otherwise counter = GHASH(nonce) gcmAesData(&g.productTable, nonce, &counter) gcmAesFinish(&g.productTable, &tagMask, &counter, uint64(len(nonce)),...

tTable, aes.EncryptionKeySchedul(&g.cipher)) } func seal(out []byte, g *GCM, nonce, plaintext, data []byte) { if !supportsAESGCM { sealGeneric(out, g, nonce, plaintext, data) return } var counter, tagMask [gcmBlockSize]byte if len(nonce) == gcmStandardNonceSize { // Init counter to nonce||1 copy(counter[:], nonce) counter[gcmBlockSize-1] = 1 } else { // Otherwise counter = GHASH(nonce) gcmAesData(&g.productTable, nonce, &counter) gcmAesFinish(&g.productTable, &tagMask, &counter, uint64(len(nonce)),...

		}

		stream, err := sio.AES_256_GCM.Stream(key[:])
		if err != nil {
			bugLogIf(ctx, err)
			return
		}
		// Zero nonce, we only use each key once, and 32 bytes is plenty.
		nonce := make([]byte, stream.NonceSize())
		encw := stream.EncryptWriter(w, nonce, nil)
		defer encw.Close()

		// Initialize a zip writer which will provide a zipped content
		// of profiling data of all nodes