dkB := dk.dk[:0]

	for i := range s {
		dkB = polyByteEncode(dkB, s[i])
	}

	for i := range t {
		dkB = polyByteEncode(dkB, t[i])
	}
	dkB = append(dkB, ρ...)

	H := sha3.New256()
	H.Write(dkB[decryptionKeySize:])
	dkB = H.Sum(dkB)

	dkB = append(dkB, z[:]...)

	if len(dkB) != len(dk.dk) {
		panic("mlkem768: internal error: invalid decapsulation key size")
	}

	return dk

		},
		Expected: true,
	}, // 4
	{
		Header: http.Header{
			"X-Amz-Server-Side-Encryption":                []string{"AES256"},
			"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": []string{""},
		},
		Expected: true,
	}, // 5
	{Header: http.Header{"X-Amz-Server-Side-Encryption": []string{"AES256"}}, Expected: false}, // 6
}

func TestKMSIsRequested(t *testing.T) {
	for i, test := range kmsIsRequestedTests {

			xhttp.AmzServerSideEncryptionCustomerAlgorithm: "AES256",
			xhttp.AmzServerSideEncryptionCustomerKey:       "XAm0dRrJsEsyPb1UuFNezv1bl9hxuYsgUVC/MUctE2k=",
			xhttp.AmzServerSideEncryptionCustomerKeyMD5:    "bY4wkxQejw9mUJfo72k53A==",
		},
		metadata: map[string]string{},
	},
	{
		header: map[string]string{
			xhttp.AmzServerSideEncryptionCustomerAlgorithm: "AES256",

	defer s.Close()

	want := Configuration{
		Issuer:        exampleIssuer,
		JWKSURI:       jwksURI,
		ResponseTypes: []string{"id_token"},
		SubjectTypes:  []string{"public"},
		SigningAlgs:   []string{"ES256", "RS256"},
	}

	reqURL := s.URL + "/.well-known/openid-configuration"

	resp, err := http.Get(reqURL)
	if err != nil {
		t.Fatalf("Get(%s) = %v, %v want: <response>, <nil>", reqURL, resp, err)
	}

	kexAlgoCurve25519SHA256LibSSH = "******@****.***"
	kexAlgoCurve25519SHA256       = "curve25519-sha256"

	chacha20Poly1305ID = "******@****.***"
	gcm256CipherID     = "aes256******@****.***"
	aes128cbcID        = "aes128-cbc"
	tripledescbcID     = "3des-cbc"
)

var (
	errSFTPPublicKeyBadFormat = errors.New("the public key provided could not be parsed")

Roland Shoemaker <******@****.***> 1715710936 -0700

	AmzServerSideEncryptionCopyCustomerKeyMD5    = "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5"

	AmzEncryptionAES = "AES256"
	AmzEncryptionKMS = "aws:kms"

	// Signature v2 related constants
	AmzSignatureV2 = "Signature"
	AmzAccessKeyID = "AWSAccessKeyId"

	// Response request id.
	AmzRequestID     = "x-amz-request-id"

            javaChecksum = sun.security.krb5.internal.crypto.Aes128.calculateChecksum(keybytes, usage, bytes, 0, bytes.length);

        }
        else {
            javaChecksum = sun.security.krb5.internal.crypto.Aes256.calculateChecksum(keybytes, usage, bytes, 0, bytes.length);
        }

        byte[] mac = PacMac.calculateMacHMACAES(usage, makeKey(keybytes, keybytes.length == 16 ? 17 : 18), bytes);
        checkBytes(javaChecksum, mac);

	}

	return signer, nil
}

func signerFromECDSAPrivateKey(keyPair *ecdsa.PrivateKey) (jose.Signer, error) {
	var alg jose.SignatureAlgorithm
	switch keyPair.Curve {
	case elliptic.P256():
		alg = jose.ES256
	case elliptic.P384():
		alg = jose.ES384
	case elliptic.P521():
		alg = jose.ES512
	default:
		return nil, fmt.Errorf("unknown private key curve, must be 256, 384, or 521")
	}

	{0xA184AC2473B529B1, 0xAE9672ABA3D0C320}, // 1e253
	{0xC9E5D72D90A2741E, 0xDA3C0F568CC4F3E8}, // 1e254
	{0x7E2FA67C7A658892, 0x8865899617FB1871}, // 1e255
	{0xDDBB901B98FEEAB7, 0xAA7EEBFB9DF9DE8D}, // 1e256
	{0x552A74227F3EA565, 0xD51EA6FA85785631}, // 1e257
	{0xD53A88958F87275F, 0x8533285C936B35DE}, // 1e258
	{0x8A892ABAF368F137, 0xA67FF273B8460356}, // 1e259
	{0x2D2B7569B0432D85, 0xD01FEF10A657842C}, // 1e260