/**
     * Kerberos checksum type for HMAC-SHA1-96 with AES-128.
     */
    public static final int HMAC_SHA1_96_AES128 = 0x0000000F;
    /**
     * Kerberos checksum type for HMAC-SHA1-96 with AES-256.
     */
    public static final int HMAC_SHA1_96_AES256 = 0x00000010;

    /**
     * Kerberos encryption type for ARCFOUR-HMAC (RC4-HMAC).
     */
    public static final int ETYPE_ARCFOUR_HMAC = 23;
    /**

@DisplayName("CIFSUnsupportedCryptoException Tests")
class CIFSUnsupportedCryptoExceptionTest extends BaseTest {

    private static final String CRYPTO_ERROR_MESSAGE = "Unsupported cryptographic algorithm: AES-256-GCM";
    private static final String ALGORITHM_NAME = "AES-256-GCM";

    @Test
    @DisplayName("Default constructor should create exception with null message and cause")
    void testDefaultConstructor() {
        // Given & When

                        while (buffer[bufferIndex + len] != (byte) 0x00 || buffer[bufferIndex + len + 1] != (byte) 0x00) {
                            len += 2;
                            if (len > 256) {
                                throw new RuntimeException("zero termination not found");
                            }
                        }

This is based on RFC 4253, section 6.4, but with hmac-md5 variants removed because they have 
reached the end of their useful life.

Valid values: 

```
hmac-sha2-256******@****.***
******@****.***
hmac-sha2-256
hmac-sha2-512
hmac-sha1
hmac-sha1-96
```

### Certificate-based authentication

    }

    @Test
    @DisplayName("Test context encoding")
    public void testEncoding() {
        byte[] buffer = new byte[256];
        int encodedSize = context.encode(buffer, 0);

        assertTrue(encodedSize > 8); // Minimum size: count + padding + flags + algorithms
        assertEquals(context.size(), encodedSize);
    }

    @Test

- [PRF](#prf): HMAC-SHA-256
- [AEAD](#aead): AES-256-GCM if the CPU supports AES-NI, ChaCha20-Poly1305 otherwise. More specifically AES-256-GCM is only selected for X86-64 CPUs with AES-NI extension.

Further any secret key (apart from the KMS-generated ones) is 256 bits long. The KMS-generated keys may be 256 bits but this depends on the KMS capabilities and configuration.

    fun X509Certificate.sha256Hash(): ByteString = publicKey.encoded.toByteString().sha256()

    /**
     * Returns the SHA-256 of `certificate`'s public key.
     *
     * In OkHttp 3.1.2 and earlier, this returned a SHA-1 hash of the public key. Both types are
     * supported, but SHA-256 is preferred.
     */
    @JvmStatic
    fun pin(certificate: Certificate): String {

import (
	"crypto/md5"
	"encoding/hex"

	"github.com/minio/minio/internal/hash/sha256"
)

// getSHA256Hash returns SHA-256 hash in hex encoding of given data.
func getSHA256Hash(data []byte) string {
	return hex.EncodeToString(getSHA256Sum(data))
}

// getSHA256Hash returns SHA-256 sum of given data.
func getSHA256Sum(data []byte) []byte {
	hash := sha256.New()
	hash.Write(data)
	return hash.Sum(nil)
}

    }

    @Test
    void testReadLength_LongForm() throws IOException {
        // Definite-length long form (length 256)
        InputStream s = new ByteArrayInputStream(new byte[] { (byte) 0x82, 0x01, 0x00 });
        int length = ASN1Util.readLength(s, 500, false);
        assertEquals(256, length);
    }

    @Test
    void testReadLength_Indefinite() throws IOException {
        // Indefinite-length

/**
 * Benchmarks for comparing instance creation of {@link MessageDigest}s.
 *
 * @author Kurt Alfred Kluever
 */
@NullUnmarked
public class MessageDigestCreationBenchmark {

  @Param({"MD5", "SHA-1", "SHA-256", "SHA-384", "SHA-512"})
  private String algorithm;

  private MessageDigest md;

  @BeforeExperiment
  void setUp() throws Exception {
    md = MessageDigest.getInstance(algorithm);
  }

  @Benchmark