From a396255a8a85aa8c01e934c58ad5c597ee2db419 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 8 Sep 2021 15:10:14 +0200
Subject: [PATCH] docs-xml: use upper case for "{client,server} smb3
 {signing,encryption} algorithms" values
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This matches what smbstatus prints out. Note there's also the removal of
an '-' in "hmac-sha-256" => HMAC-SHA256".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14825
RN: "{client,server} smb3 {signing,encryption} algorithms" should use the same strings as smbstatus output

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Sep  8 16:37:07 UTC 2021 on sn-devel-184

(cherry picked from commit 867c6ff9f3f28ab4bfa0cb1660889f3f5be0d111)
---
 .../security/clientsmbencryptionalgos.xml          |  8 ++++----
 .../smbdotconf/security/clientsmbsigningalgos.xml  | 10 +++++-----
 .../security/serversmbencryptionalgos.xml          |  8 ++++----
 .../smbdotconf/security/serversmbsigningalgos.xml  | 10 +++++-----
 lib/param/loadparm.h                               |  4 ++--
 libcli/smb/util.c                                  | 14 +++++++-------
 6 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml b/docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml
index 27da51ad625..78df3f909e9 100644
--- a/docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml
+++ b/docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml
@@ -9,13 +9,13 @@
 	<para>It is also possible to remove individual algorithms from the default list,
 	by prefixing them with '-'. This can avoid having to specify a hardcoded list.
 	</para>
-	<para>Note: that the removal of aes-128-ccm from the list will result
+	<para>Note: that the removal of AES-128-CCM from the list will result
 	in SMB3_00 and SMB3_02 being unavailable, as it is the default and only
 	available algorithm for these dialects.
 	</para>
 </description>
 
-<value type="default">aes-128-gcm, aes-128-ccm, aes-256-gcm, aes-256-ccm</value>
-<value type="example">aes-256-gcm</value>
-<value type="example">-aes-128-gcm -aes-128-ccm</value>
+<value type="default">AES-128-GCM, AES-128-CCM, AES-256-GCM, AES-256-CCM</value>
+<value type="example">AES-256-GCM</value>
+<value type="example">-AES-128-GCM -AES-128-CCM</value>
 </samba:parameter>
diff --git a/docs-xml/smbdotconf/security/clientsmbsigningalgos.xml b/docs-xml/smbdotconf/security/clientsmbsigningalgos.xml
index 1ad6c09626f..f7c61f3e661 100644
--- a/docs-xml/smbdotconf/security/clientsmbsigningalgos.xml
+++ b/docs-xml/smbdotconf/security/clientsmbsigningalgos.xml
@@ -9,14 +9,14 @@
 	<para>It is also possible to remove individual algorithms from the default list,
 	by prefixing them with '-'. This can avoid having to specify a hardcoded list.
 	</para>
-	<para>Note: that the removal of aes-128-cmac from the list will result
-	in SMB3_00 and SMB3_02 being unavailable, and the removal od hmac-sha-256
+	<para>Note: that the removal of AES-128-CMAC from the list will result
+	in SMB3_00 and SMB3_02 being unavailable, and the removal of HMAC-SHA256
 	will result in SMB2_02 and SMB2_10 being unavailable, as these are the default and only
 	available algorithms for these dialects.
 	</para>
 </description>
 
-<value type="default">aes-128-gmac, aes-128-cmac, hmac-sha-256</value>
-<value type="example">aes-128-cmac, hmac-sha-256</value>
-<value type="example">-aes-128-cmac</value>
+<value type="default">AES-128-GMAC, AES-128-CMAC, HMAC-SHA256</value>
+<value type="example">AES-128-CMAC, HMAC-SHA256</value>
+<value type="example">-AES-128-CMAC</value>
 </samba:parameter>
diff --git a/docs-xml/smbdotconf/security/serversmbencryptionalgos.xml b/docs-xml/smbdotconf/security/serversmbencryptionalgos.xml
index 3217970d4e7..2dd2db98cc5 100644
--- a/docs-xml/smbdotconf/security/serversmbencryptionalgos.xml
+++ b/docs-xml/smbdotconf/security/serversmbencryptionalgos.xml
@@ -9,13 +9,13 @@
 	<para>It is also possible to remove individual algorithms from the default list,
 	by prefixing them with '-'. This can avoid having to specify a hardcoded list.
 	</para>
-	<para>Note: that the removal of aes-128-ccm from the list will result
+	<para>Note: that the removal of AES-128-CCM from the list will result
 	in SMB3_00 and SMB3_02 being unavailable, as it is the default and only
 	available algorithm for these dialects.
 	</para>
 </description>
 
-<value type="default">aes-128-gcm, aes-128-ccm, aes-256-gcm, aes-256-ccm</value>
-<value type="example">aes-256-gcm</value>
-<value type="example">-aes-128-gcm -aes-128-ccm</value>
+<value type="default">AES-128-GCM, AES-128-CCM, AES-256-GCM, AES-256-CCM</value>
+<value type="example">AES-256-GCM</value>
+<value type="example">-AES-128-GCM -AES-128-CCM</value>
 </samba:parameter>
diff --git a/docs-xml/smbdotconf/security/serversmbsigningalgos.xml b/docs-xml/smbdotconf/security/serversmbsigningalgos.xml
index e73d4f04242..7884e603b5b 100644
--- a/docs-xml/smbdotconf/security/serversmbsigningalgos.xml
+++ b/docs-xml/smbdotconf/security/serversmbsigningalgos.xml
@@ -9,14 +9,14 @@
 	<para>It is also possible to remove individual algorithms from the default list,
 	by prefixing them with '-'. This can avoid having to specify a hardcoded list.
 	</para>
-	<para>Note: that the removal of aes-128-cmac from the list will result
-	in SMB3_00 and SMB3_02 being unavailable, and the removal od hmac-sha-256
+	<para>Note: that the removal of AES-128-CMAC from the list will result
+	in SMB3_00 and SMB3_02 being unavailable, and the removal of HMAC-SHA256
 	will result in SMB2_02 and SMB2_10 being unavailable, as these are the default and only
 	available algorithms for these dialects.
 	</para>
 </description>
 
-<value type="default">aes-128-gmac, aes-128-cmac, hmac-sha-256</value>
-<value type="example">aes-128-cmac, hmac-sha-256</value>
-<value type="example">-aes-128-cmac</value>
+<value type="default">AES-128-GMAC, AES-128-CMAC, HMAC-SHA256</value>
+<value type="example">AES-128-CMAC, HMAC-SHA256</value>
+<value type="example">-AES-128-CMAC</value>
 </samba:parameter>
diff --git a/lib/param/loadparm.h b/lib/param/loadparm.h
index a942eaf9472..a3331436229 100644
--- a/lib/param/loadparm.h
+++ b/lib/param/loadparm.h
@@ -285,8 +285,8 @@ enum samba_weak_crypto {
 #define DEFAULT_SMB2_MAX_TRANSACT (8*1024*1024)
 #define DEFAULT_SMB2_MAX_CREDITS 8192
 
-#define DEFAULT_SMB3_SIGNING_ALGORITHMS "aes-128-gmac aes-128-cmac hmac-sha-256"
-#define DEFAULT_SMB3_ENCRYPTION_ALGORITHMS "aes-128-gcm aes-128-ccm aes-256-gcm aes-256-ccm"
+#define DEFAULT_SMB3_SIGNING_ALGORITHMS "AES-128-GMAC AES-128-CMAC HMAC-SHA256"
+#define DEFAULT_SMB3_ENCRYPTION_ALGORITHMS "AES-128-GCM AES-128-CCM AES-256-GCM AES-256-CCM"
 
 #define LOADPARM_EXTRA_LOCALS						\
 	int usershare;							\
diff --git a/libcli/smb/util.c b/libcli/smb/util.c
index 061f478c92d..e1c0f124236 100644
--- a/libcli/smb/util.c
+++ b/libcli/smb/util.c
@@ -466,9 +466,9 @@ enum smb_encryption_setting smb_encryption_setting_translate(const char *str)
 }
 
 static const struct enum_list enum_smb3_signing_algorithms[] = {
-	{SMB2_SIGNING_AES128_GMAC, "aes-128-gmac"},
-	{SMB2_SIGNING_AES128_CMAC, "aes-128-cmac"},
-	{SMB2_SIGNING_HMAC_SHA256, "hmac-sha-256"},
+	{SMB2_SIGNING_AES128_GMAC, "AES-128-GMAC"},
+	{SMB2_SIGNING_AES128_CMAC, "AES-128-CMAC"},
+	{SMB2_SIGNING_HMAC_SHA256, "HMAC-SHA256"},
 	{-1, NULL}
 };
 
@@ -488,10 +488,10 @@ const char *smb3_signing_algorithm_name(uint16_t algo)
 }
 
 static const struct enum_list enum_smb3_encryption_algorithms[] = {
-	{SMB2_ENCRYPTION_AES128_GCM, "aes-128-gcm"},
-	{SMB2_ENCRYPTION_AES128_CCM, "aes-128-ccm"},
-	{SMB2_ENCRYPTION_AES256_GCM, "aes-256-gcm"},
-	{SMB2_ENCRYPTION_AES256_CCM, "aes-256-ccm"},
+	{SMB2_ENCRYPTION_AES128_GCM, "AES-128-GCM"},
+	{SMB2_ENCRYPTION_AES128_CCM, "AES-128-CCM"},
+	{SMB2_ENCRYPTION_AES256_GCM, "AES-256-GCM"},
+	{SMB2_ENCRYPTION_AES256_CCM, "AES-256-CCM"},
 	{-1, NULL}
 };
 
-- 
2.31.1