> No, meaning we need to take the key usage into account for the > checksum > and the encryption. We do. However per the NIST document the same (derived) key is used for both. See dk/dk_ccm.c. I guess there is a problem if you attempt to use AES CBC as a standalone checksum mechanism. I can fix this... -- Luke