pkg crypto/fips140, func WithoutEnforcement(func()) #74630
pkg crypto/hpke, func AES128GCM() AEAD #75300
pkg crypto/hpke, func AES256GCM() AEAD #75300
pkg crypto/hpke, func ChaCha20Poly1305() AEAD #75300
pkg crypto/hpke, func DHKEM(ecdh.Curve) KEM #75300
pkg crypto/hpke, func ExportOnly() AEAD #75300
pkg crypto/hpke, func HKDFSHA256() KDF #75300
pkg crypto/hpke, func HKDFSHA384() KDF #75300

	iv, nonce := random[:16], random[16:]

	var aead cipher.AEAD
	switch keyType {
	case kms.AES256:
		mac := hmac.New(sha256.New, s.key)
		mac.Write(iv)
		sealingKey := mac.Sum(nil)

		block, err := aes.NewCipher(sealingKey)
		if err != nil {
			return nil, err
		}
		aead, err = cipher.NewGCM(block)
		if err != nil {
			return nil, err
		}
	case kms.ChaCha20:

}

// Version returns version information about the KMS.
//
// TODO(aead): refactor this API call since it does not account
// for multiple KMS/KES servers.
func (k *KMS) Version(ctx context.Context) (string, error) {
	return k.conn.Version(ctx)
}

// APIs returns a list of KMS server APIs.
//
// TODO(aead): remove this API since it's hardly useful.

        SMBUtil.writeInt4(this.originalMessageSize, aad, index);
        index += 4;

        // Reserved
        SMBUtil.writeInt2(0, aad, index);
        index += 2;

        // Flags
        SMBUtil.writeInt2(this.flags, aad, index);
        index += 2;

        // Session ID (8 bytes)
        SMBUtil.writeInt8(this.sessionId, aad, index);

        return aad;
    }

	MD5, err := hex.DecodeString(md5Hex)
	if err != nil {
		return nil, BadDigest{ // TODO(aead): Return an error that indicates that an invalid ETag has been specified
			ExpectedMD5:   md5Hex,
			CalculatedMD5: "",
		}
	}
	SHA256, err := hex.DecodeString(sha256Hex)
	if err != nil {
		return nil, SHA256Mismatch{ // TODO(aead): Return an error that indicates that an invalid Content-SHA256 has been specified

        // Verify protocol ID (first 4 bytes) - 0xFD534D42 in little-endian
        assertEquals((byte) 0x42, aad[0]);
        assertEquals((byte) 0x4D, aad[1]);
        assertEquals((byte) 0x53, aad[2]);
        assertEquals((byte) 0xFD, aad[3]);

        // Verify signature is zeroed out (16 bytes of zeros)
        for (int i = 4; i < 20; i++) {

// IsEncrypted reports whether the ETag is encrypted.
func (e ETag) IsEncrypted() bool {
	// An encrypted ETag must be at least 32 bytes long.
	// It contains the encrypted ETag value + an authentication
	// code generated by the AEAD cipher.
	//
	// Here is an incorrect implementation of IsEncrypted:
	//
	//   return len(e) > 16 && !bytes.ContainsRune(e, '-')
	//
	// An encrypted ETag may contain some random bytes - e.g.

	MTime                time.Time // Is only set in POST/PUT operations
	Expires              time.Time // Is only used in POST/PUT operations

	DeleteMarker            bool // Is only set in DELETE operations for delete marker replication
	CheckDMReplicationReady bool // Is delete marker ready to be replicated - set only during HEAD

	golang.org/x/sys v0.32.0
	golang.org/x/term v0.31.0
	golang.org/x/time v0.11.0
	google.golang.org/api v0.230.0
	gopkg.in/yaml.v2 v2.4.0
	gopkg.in/yaml.v3 v3.0.1
)

require (
	aead.dev/mem v0.2.0 // indirect
	aead.dev/minisign v0.3.0 // indirect
	cel.dev/expr v0.23.1 // indirect
	cloud.google.com/go v0.120.1 // indirect
	cloud.google.com/go/auth v0.16.0 // indirect

aead.dev/mem v0.2.0 h1:ufgkESS9+lHV/GUjxgc2ObF43FLZGSemh+W+y27QFMI=
aead.dev/mem v0.2.0/go.mod h1:4qj+sh8fjDhlvne9gm/ZaMRIX9EkmDrKOLwmyDtoMWM=
aead.dev/minisign v0.2.0/go.mod h1:zdq6LdSd9TbuSxchxwhpA9zEb9YXcVGoE8JakuiGaIQ=
aead.dev/minisign v0.3.0 h1:8Xafzy5PEVZqYDNP60yJHARlW1eOQtsKNp/Ph2c0vRA=
aead.dev/minisign v0.3.0/go.mod h1:NLvG3Uoq3skkRMDuc3YHpWUTMTrSExqm+Ij73W13F6Y=
aead.dev/mtls v0.2.1 h1:47NHWciMvrmEhlkpnis8/RGEa9HR9gcbDPfcArG+Yqs=