On Fri, Jan 10, 2025 at 01:03:04AM +0000, David Howells wrote:

Authentication tags are not used at all and should cause EINVAL if used (a
later patch does that).

What do you mean by this? The authentication tag is the checksum
that you're referring to and you appear to be using it in the rfc8009
encrypt/decrypt functions.

For the moment, the kerberos encryption algorithms use separate hash and
cipher algorithms internally, but should really use dual hash+cipher and
cipher+hash algorithms if possible to avoid doing these in series.  Offload
off this may be possible through something like the Intel QAT.

Please elaborate on what you mean by this.  For IPsec, the main
benefit with reframing cbc(aes)+hmac as aead is having a single
code-path that supports both types of algorithms.

So does your use-case support both standard AEAD algorithms such
as GCM as well as these legacy algorithms?

Cheers,
-- 
Email: Herbert Xu [off-list ref]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt