On Fri, Jan 10, 2025 at 01:03:04AM +0000, David Howells wrote: > > Authentication tags are not used at all and should cause EINVAL if used (a > later patch does that). What do you mean by this? The authentication tag is the checksum that you're referring to and you appear to be using it in the rfc8009 encrypt/decrypt functions. > For the moment, the kerberos encryption algorithms use separate hash and > cipher algorithms internally, but should really use dual hash+cipher and > cipher+hash algorithms if possible to avoid doing these in series. Offload > off this may be possible through something like the Intel QAT. Please elaborate on what you mean by this. For IPsec, the main benefit with reframing cbc(aes)+hmac as aead is having a single code-path that supports both types of algorithms. So does your use-case support both standard AEAD algorithms such as GCM as well as these legacy algorithms? Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
