}
    }

    private static byte[] deriveKey(final byte[] masterKey, final String cnst) {
        final MessageDigest md5 = Crypto.getMD5();
        md5.update(masterKey);
        md5.update(cnst.getBytes(StandardCharsets.US_ASCII));
        md5.update((byte) 0);
        return md5.digest();
    }

    @Override
    public boolean supportsIntegrity() {
        return true;
    }

    @Override

			"X-Amz-Server-Side-Encryption-Customer-Algorithm": []string{"AES256"},
			"X-Amz-Server-Side-Encryption-Customer-Key":       []string{"MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ="},
			"X-Amz-Server-Side-Encryption-Customer-Key-Md5":   []string{"7PpPLAK26ONlVUGOWlusfg=="},
		},
		Bucket: "bucket",
		Object: "object",
		Metadata: map[string]string{

    /**
     * Flag for resource groups in logon information.
     */
    int LOGON_RESOURCE_GROUPS = 0x200;

    /**
     * Kerberos salt type for MD5 checksums.
     */
    int MD5_KRB_SALT = 17;
    /**
     * MD5 block length in bytes.
     */
    int MD5_BLOCK_LENGTH = 64;

            throw new CIFSUnsupportedCryptoException(e);
        }
    }

    /**
     * Get an MD5 message digest instance.
     * @return MD5 digest instance
     */
    public static MessageDigest getMD5() {
        try {
            return MessageDigest.getInstance("MD5");
        } catch (final NoSuchAlgorithmException e) {
            throw new CIFSUnsupportedCryptoException(e);
        }
    }

 * This class parses and holds signature information from Kerberos PAC data,
 * supporting various checksum algorithms including HMAC-MD5 and HMAC-SHA1 with AES.
 */
public class PacSignature {

    /**
     * Kerberos checksum type for HMAC-MD5 (ARCFOUR-HMAC).
     */
    public static final int KERB_CHECKSUM_HMAC_MD5 = 0xFFFFFF76;
    /**
     * Kerberos checksum type for HMAC-SHA1-96 with AES-128.

		// Empty Content-Md5 header.
		{mustNewSignedEmptyMD5Request(http.MethodPut, "http://127.0.0.1:9000/", 5, bytes.NewReader([]byte("hello")), t), ErrInvalidDigest},
		// Short Content-Md5 header.
		{mustNewSignedShortMD5Request(http.MethodPut, "http://127.0.0.1:9000/", 5, bytes.NewReader([]byte("hello")), t), ErrInvalidDigest},
		// When request is properly signed, but has bad Content-MD5 header.

		}
		// Test passes as expected, but the output values are verified for correctness here.
		if actualErr == nil {
			// Asserting whether the md5 output is correct.
			if expectedMD5, ok := testCase.inputMeta["etag"]; ok && expectedMD5 != objInfo.ETag {
				t.Errorf("Test %d: %s: Calculated Md5 different from the actual one %s.", i, instanceType, objInfo.ETag)
				continue
			}
		}
	}
}

github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY=
github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8=
github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
github.com/minio/minio-go/v7 v7.0.83 h1:W4Kokksvlz3OKf3OqIlzDNKd4MERlC2oN8YptwJ0+GA=

//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package crypto

import (
	"bytes"
	"context"
	"crypto/md5"
	"encoding/base64"
	"net/http"

	xhttp "github.com/minio/minio/internal/http"
	"github.com/minio/minio/internal/logger"
)

type ssec struct{}

var (

	AmzServerSideEncryptionCopyCustomerAlgorithm = "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm"
	AmzServerSideEncryptionCopyCustomerKey       = "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key"
	AmzServerSideEncryptionCopyCustomerKeyMD5    = "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5"

	AmzEncryptionAES = "AES256"
	AmzEncryptionKMS = "aws:kms"