public class PreauthIntegrityNegotiateContext implements NegotiateContextRequest, NegotiateContextResponse {

    /**
     * Context type
     */
    public static final int NEGO_CTX_PREAUTH_TYPE = 0x1;

    /**
     * SHA-512
     */
    public static final int HASH_ALGO_SHA512 = 0x1;

    private int[] hashAlgos;
    private byte[] salt;

    /**
     * Constructs a preauth integrity negotiate context with the specified parameters.

`updatemaxprocs=0` will disable periodic updates.

Go 1.25 disabled SHA-1 signature algorithms in TLS 1.2 according to RFC 9155.
The default can be reverted using the `tlssha1=1` setting.

Go 1.25 switched to SHA-256 to fill in missing SubjectKeyId in
crypto/x509.CreateCertificate. The setting `x509sha256skid=0` reverts to SHA-1.

Go 1.25 corrected the semantics of contention reports for runtime-internal locks,

      - name: checkout-step
        uses: actions/checkout@v4

      - name: setup-go-step
        uses: actions/setup-go@v5
        with:
          go-version: 1.24.x

      - name: github sha short
        id: vars
        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT

      - name: build-minio
        run: |

         * Returns the algorithm name, usually used as key, never {@code null} value. The name is a standard name of
         * algorithm (if applicable) or any other designator that is algorithm commonly referred with. Example: "SHA-1".
         */
        @Nonnull
        String getName();

        /**
         * Returns the file extension to be used for given checksum file (without leading dot), never {@code null}. The

        });
    }

    @Test
    @DisplayName("Test hash algorithm names")
    public void testHashAlgorithmNames() {
        assertEquals("SHA-512", PreauthIntegrityService.getHashAlgorithmName(PreauthIntegrityService.HASH_ALGO_SHA512));
        assertTrue(PreauthIntegrityService.getHashAlgorithmName(0xFF).startsWith("Unknown"));
    }

    @Test

    private byte[] calculateBindingHash(byte[] bindingInfo) throws IOException {
        try {
            MessageDigest digest = MessageDigest.getInstance("SHA-256");
            return digest.digest(bindingInfo);
        } catch (NoSuchAlgorithmException e) {
            throw new IOException("SHA-256 not available", e);
        }
    }

    private void performHealthCheck() {
        for (ChannelInfo channel : channels.values()) {

        if (context != null) {
            System.arraycopy(context, 0, input, pos, context.length);
        }

        // Use SHA-256 for derivation (placeholder)
        try {
            java.security.MessageDigest md = java.security.MessageDigest.getInstance("SHA-256");
            byte[] hash = md.digest(input);
            System.arraycopy(hash, 0, derived, 0, Math.min(length, hash.length));

    private byte[] calculateBindingHash(byte[] bindingInfo) throws IOException {
        try {
            MessageDigest digest = MessageDigest.getInstance("SHA-256");
            return digest.digest(bindingInfo);
        } catch (NoSuchAlgorithmException e) {
            throw new IOException("SHA-256 not available", e);
        }
    }
    
    public ChannelInfo selectChannel(SMBMessage message) {

			return false
		}
	}
	return true
}

// BitrotAlgorithm specifies a algorithm used for bitrot protection.
type BitrotAlgorithm uint

const (
	// SHA256 represents the SHA-256 hash function
	SHA256 BitrotAlgorithm = 1 + iota
	// HighwayHash256 represents the HighwayHash-256 hash function
	HighwayHash256
	// HighwayHash256S represents the Streaming HighwayHash-256 hash function

- [PRF](#prf): HMAC-SHA-256
- [AEAD](#aead): AES-256-GCM if the CPU supports AES-NI, ChaCha20-Poly1305 otherwise. More specifically AES-256-GCM is only selected for X86-64 CPUs with AES-NI extension.