pkg crypto/pbkdf2, func Key[$0 hash.Hash](func() $0, string, []uint8, int, int) ([]uint8, error) #69488
pkg crypto/rand, func Text() string #67057
pkg crypto/sha3, func New224() *SHA3 #69982
pkg crypto/sha3, func New256() *SHA3 #69982
pkg crypto/sha3, func New384() *SHA3 #69982
pkg crypto/sha3, func New512() *SHA3 #69982
pkg crypto/sha3, func NewCSHAKE128([]uint8, []uint8) *SHAKE #69982

        assertNotNull(derivedKey);
        assertEquals(16, derivedKey.length);

        // Test with a different key size
        KerberosKey key256 = new KerberosKey(TEST_PRINCIPAL, new byte[32], PacSignature.ETYPE_AES256_CTS_HMAC_SHA1_96, 0);
        byte[] derivedKey256 = PacMac.deriveKeyAES(key256, constant);
        assertNotNull(derivedKey256);
        assertEquals(32, derivedKey256.length);
    }

    /**

	_ "golang.org/x/crypto/sha3"
)

// Specific instances for EC256 and company
var (
	SigningMethodES3256 *jwt.SigningMethodECDSA
	SigningMethodES3384 *jwt.SigningMethodECDSA
	SigningMethodES3512 *jwt.SigningMethodECDSA
)

func init() {
	// ES256
	SigningMethodES3256 = &jwt.SigningMethodECDSA{Name: "ES3256", Hash: crypto.SHA3_256, KeySize: 32, CurveBits: 256}

			{
				DefaultEncryptionAction: EncryptionAction{
					Algorithm: AES256,
				},
			},
		},
	}

	actualAES256Config := &BucketSSEConfig{
		XMLNS: xmlNS,
		XMLName: xml.Name{
			Local: "ServerSideEncryptionConfiguration",
		},
		Rules: []Rule{
			{
				DefaultEncryptionAction: EncryptionAction{
					Algorithm: AES256,
				},
			},
		},
	}

	actualKMSConfig := &BucketSSEConfig{

			xhttp.AmzServerSideEncryptionCustomerAlgorithm: "AES256",
			xhttp.AmzServerSideEncryptionCustomerKey:       "XAm0dRrJsEsyPb1UuFNezv1bl9hxuYsgUVC/MUctE2k=",
			xhttp.AmzServerSideEncryptionCustomerKeyMD5:    "bY4wkxQejw9mUJfo72k53A==",
		},
		metadata: map[string]string{},
	},
	{
		header: map[string]string{
			xhttp.AmzServerSideEncryptionCustomerAlgorithm: "AES256",

		},
		Expected: true,
	}, // 4
	{
		Header: http.Header{
			"X-Amz-Server-Side-Encryption":                []string{"AES256"},
			"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": []string{""},
		},
		Expected: true,
	}, // 5
	{Header: http.Header{"X-Amz-Server-Side-Encryption": []string{"AES256"}}, Expected: false}, // 6
}

func TestKMSIsRequested(t *testing.T) {
	for i, test := range kmsIsRequestedTests {

	"github.com/minio/minio/internal/crypto"
	xhttp "github.com/minio/minio/internal/http"
)

const (
	// AES256 is used with SSE-S3
	AES256 Algorithm = "AES256"
	// AWSKms is used with SSE-KMS
	AWSKms Algorithm = "aws:kms"
)

// Algorithm - represents valid SSE algorithms supported; currently only AES256 is supported
type Algorithm string

// UnmarshalXML - Unmarshals XML tag to valid SSE algorithm

	Metadata       map[string]string

	ExpectedErr error
}{
	{ // 0 - Valid HTTP headers and valid metadata entries for bucket/object
		Headers: http.Header{
			"X-Amz-Server-Side-Encryption-Customer-Algorithm": []string{"AES256"},
			"X-Amz-Server-Side-Encryption-Customer-Key":       []string{"MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ="},
			"X-Amz-Server-Side-Encryption-Customer-Key-Md5":   []string{"7PpPLAK26ONlVUGOWlusfg=="},
		},

        // Test creating context with AES-256 cipher IDs
        byte[] key256 = new byte[32]; // 256-bit key
        new SecureRandom().nextBytes(key256);

        Smb2EncryptionContext context256CCM =
                new Smb2EncryptionContext(Smb2EncryptionContext.CIPHER_AES_256_CCM, DialectVersion.SMB311, key256, key256);
        assertEquals(Smb2EncryptionContext.CIPHER_AES_256_CCM, context256CCM.getCipherId());

	if len(b) == 0 {
		return b, kms.AES256
	}

	if b[0] == '{' && b[len(b)-1] == '}' { // JSON object
		var c ciphertext
		if err := c.UnmarshalJSON(b); err != nil {
			// It may happen that a random ciphertext starts with '{' and ends with '}'.
			// In such a case, parsing will fail but we must not return an error. Instead
			// we return the ciphertext as it is.
			return b, kms.AES256
		}

		b = b[:0]