// Determine key size based on cipher ID for AES-256 support
        int keyLength = getKeyLength();
        String transformation;

        // Select appropriate AES algorithm based on key length
        if (keyLength == 32) {
            // AES-256 support
            transformation = "AES/GCM/NoPadding";
        } else if (keyLength == 16) {
            // AES-128 (existing)

            ms_usage = 8;
        case 23:
            ms_usage = 13;
        }
        return ms_usage;
    }

    /**
     * Calculates a MAC using HMAC-SHA1 with AES key derivation.
     * This method supports both AES-128 and AES-256 encryption types.
     *
     * @param usage the Kerberos key usage number for this operation
     * @param baseKey the base Kerberos key for key derivation

    public static final int NEGO_CTX_ENC_TYPE = 0x2;

    /**
     * AES 128 CCM
     */
    public static final int CIPHER_AES128_CCM = 0x1;

    /**
     * AES 128 GCM
     */
    public static final int CIPHER_AES128_GCM = 0x2;

    /**
     * AES 256 CCM
     */
    public static final int CIPHER_AES256_CCM = 0x3;

    /**
     * AES 256 GCM
     */
    public static final int CIPHER_AES256_GCM = 0x4;

- Configurable: Min/max versions can be set via configuration properties

### SMB3 Encryption Support
- **SMB2 Transform Header**: Encrypted message wrapping
- **AES-CCM/GCM Support**: Both AES-128-CCM (SMB 3.0/3.0.2) and AES-128-GCM (SMB 3.1.1) cipher suites
- **Encryption Context**: Per-session encryption state management
- **Key Derivation**: SMB3 KDF implementation with dialect-specific parameters

    }

    @Test
    @DisplayName("Should handle AES encryption operations")
    void testAESOperations() throws Exception {
        // Given
        byte[] key = new byte[16]; // 128-bit key
        byte[] iv = new byte[16]; // 128-bit IV
        byte[] plaintext = "This is test data for AES encryption test".getBytes();

        new SecureRandom().nextBytes(key);

        byte[] key2 = new byte[16];
        new SecureRandom().nextBytes(key1);
        new SecureRandom().nextBytes(key2);

        keyManager.storeSessionKey(sessionId1, key1, "AES");
        keyManager.storeSessionKey(sessionId2, key2, "AES");

        byte[] retrieved1 = keyManager.getRawKey(sessionId1);
        byte[] retrieved2 = keyManager.getRawKey(sessionId2);

 *
 * // Decrypt text
 * String decrypted = cipher.decryptText(encrypted);
 *
 * // For AES encryption
 * CachedCipher aesCipher = new CachedCipher();
 * aesCipher.setAlgorithm("AES");
 * aesCipher.setTransformation("AES");
 * aesCipher.setKey("0123456789abcdef"); // 16-byte key for AES-128
 * </pre>
 *
 * @author higa
 */
public class CachedCipher {

    /**

@DisplayName("CIFSUnsupportedCryptoException Tests")
class CIFSUnsupportedCryptoExceptionTest extends BaseTest {

    private static final String CRYPTO_ERROR_MESSAGE = "Unsupported cryptographic algorithm: AES-256-GCM";
    private static final String ALGORITHM_NAME = "AES-256-GCM";

    @Test
    @DisplayName("Default constructor should create exception with null message and cause")
    void testDefaultConstructor() {
        // Given & When

 * supporting various checksum algorithms including HMAC-MD5 and HMAC-SHA1 with AES.
 */
public class PacSignature {

    /**
     * Kerberos checksum type for HMAC-MD5 (ARCFOUR-HMAC).
     */
    public static final int KERB_CHECKSUM_HMAC_MD5 = 0xFFFFFF76;
    /**
     * Kerberos checksum type for HMAC-SHA1-96 with AES-128.
     */
    public static final int HMAC_SHA1_96_AES128 = 0x0000000F;
    /**

//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package kms

import (
	"context"
	"crypto/aes"
	"crypto/cipher"
	"crypto/hmac"
	"encoding/base64"
	"encoding/json"
	"errors"
	"strconv"
	"strings"
	"sync/atomic"

	"github.com/secure-io/sio-go/sioutil"
	"golang.org/x/crypto/chacha20"