if ( log.isDebugEnabled() ) {
                    log.debug("Decrypted " + Hexdump.toHexString(trunc));
                }
            }
            catch ( GeneralSecurityException e ) {
                throw new CIFSException("Failed to decrypt MIC", e);
            }
        }

        int expectSeq = this.verifySequence.getAndIncrement();

// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build ppc64le

package cipher_test

import (
	"bytes"
	"crypto/aes"
	"crypto/cipher"
	"crypto/rand"
	"testing"
	"time"
)

var cbcAESFuzzTests = []struct {
	name string
	key  []byte
}{
	{
		"CBC-AES128",
		commonKey128,
	},
	{
		"CBC-AES192",
		commonKey192,

// license that can be found in the LICENSE file.

package cipher_test

import (
	"bytes"
	"crypto/cipher"
	"testing"
)

type noopBlock int

func (b noopBlock) BlockSize() int        { return int(b) }
func (noopBlock) Encrypt(dst, src []byte) { copy(dst, src) }
func (noopBlock) Decrypt(dst, src []byte) { copy(dst, src) }

func inc(b []byte) {
	for i := len(b) - 1; i >= 0; i++ {
		b[i]++

    private final SecDispatcher secDispatcher;

    @Inject
    public MavenSecDispatcherProvider(
            final PlexusCipher plexusCipher, final Map<String, PasswordDecryptor> decryptors) {
        this.secDispatcher = new DefaultSecDispatcher(plexusCipher, decryptors, "~/.m2/settings-security.xml");
    }

    @Override
    public SecDispatcher get() {
        return secDispatcher;
    }

				"Decoded encrypted object",
				"About to decrypt DEK using remote service",
				"DEK decryption succeeded",
				"About to decrypt data using DEK",
				"Data decryption succeeded",
			},
		},
		{
			desc:                     "decrypt with cache miss, simulate KMS plugin failure",
			cacheTTL:                 1 * time.Second,
			simulateKMSPluginFailure: true,
			expected: []string{

		c, err := aes.NewCipher(test.key)
		if err != nil {
			t.Errorf("%s: NewCipher(%d bytes) = %s", test.name, len(test.key), err)
			continue
		}

		decrypter := cipher.NewCBCDecrypter(c, test.iv)

		data := make([]byte, len(test.out))
		copy(data, test.out)

		decrypter.CryptBlocks(data, data)
		if !bytes.Equal(test.in, data) {
			t.Errorf("%s: CBCDecrypter\nhave %x\nwant %x", test.name, data, test.in)
		}
	}

			StabilityLevel: metrics.ALPHA,
		},
		[]string{"transformation_type", "transformer_prefix", "status"},
	)

// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build (amd64 || arm64) && !purego

package aes

import (
	"crypto/cipher"
	"crypto/internal/alias"
	"crypto/subtle"
	"errors"
)

// The following functions are defined in gcm_*.s.

//go:noescape
func gcmAesInit(productTable *[256]byte, ks []uint32)

//go:noescape

package secretbox

import (
	"context"
	"crypto/rand"
	"fmt"

	"golang.org/x/crypto/nacl/secretbox"

	"k8s.io/apiserver/pkg/storage/value"
)

// secretbox implements at rest encryption of the provided values given a 32 byte secret key.
// Uses a standard 24 byte nonce (placed at the beginning of the cipher text) generated
// from crypto/rand. Does not perform authentication of the data at rest.

		Name:           keyID,
		Ciphertext:     kmsKey,
		AssociatedData: kmsContext,
	})
	if err != nil {
		return nil, err
	}
	var objectKey crypto.ObjectKey
	if err = objectKey.Unseal(extKey, sealedKey, crypto.S3.String(), bucket, ""); err != nil {
		return nil, err
	}

	outbuf := bytes.NewBuffer(nil)