Directions for crypto make_checksum/verify_checksum

Tom Yu tlyu at MIT.EDU
Mon Dec 7 15:12:07 EST 2009

ghudson at MIT.EDU writes:

> Note that cbc_checksum would have to allocate a temporary buffer to
> store the encrypted output in order to compute the resulting ivec,
> which is less efficient than the current mechanism of computing descbc
> checksums.  I think that's a small price to pay for a smaller module
> SPI footprint, since I don't think the descbc checksum type gets any
> significant use.

How about making the enc provider for DES-CBC operate efficiently with
a missing output buffer?  That way you could use it for CBC-MAC by
omitting an output buffer but providing an output ivec.  I'd have to
take a closer look to see if that sort of approach would also make
implementing CCM easier.

More information about the krbdev mailing list