+/**
+ * Decrypt data in place supporting AEAD (operates on opaque key).
+ *
+ * @param [in] context Library context
+ * @param [in] key Encryption key
+ * @param [in] usage Key usage (see @ref KRB5_KEYUSAGE types)
+ * @param [in] cipher_state Cipher state; specify NULL if not needed
+ * @param [in,out] data IOV array. Modified in-place.
+ * @param [in] num_data Size of @a data
+ *
+ * This function decrypts the data block @a data and stores the output in-place.
+ * The actual decryption key will be derived from @a key and @a usage
+ * if key derivation is specified for the encryption type. If non-null, @a
+ * cipher_state specifies the beginning state for the decryption operation, and
+ * is updated with the state to be passed as input to the next operation.
+ * The caller must allocate the right number of krb5_crypto_iov
+ * structures before calling into this API.
+ *
+ * @note On return from a krb5_c_decrypt_iov() call, the @a data->length in the
+ * iov structure are adjusted to reflect actual lengths of the ciphertext used.
+ * For example, if the padding length is too large, the length will be reduced.
+ * Lengths are never increased.
+ *
+ * @note This function is similar to krb5_c_decrypt_iov(), but operates
+ * on opaque key @a key.
+ *
+ * @sa krb5_k_encrypt_iov()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_k_decrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage,
+ const krb5_data *cipher_state, krb5_crypto_iov *data,
+ size_t num_data);
+/**
+ * Compute a checksum (operates on opaque key).
+ *
+ * @param [in] context Library context
+ * @param [in] cksumtype Checksum type (0 for mandatory type)
+ * @param [in] key Encryption key for a keyed checksum
+ * @param [in] usage Key usage (see @ref KRB5_KEYUSAGE types)
+ * @param [in] input Input data
+ * @param [out] cksum Generated checksum
+ *
+ * This function computes a checksum of type @a cksumtype over @a input, using
+ * @a key if the checksum type is a keyed checksum. If @a cksumtype is 0 and
+ * @a key is non-null, the checksum type will be the mandatory-to-implement
+ * checksum type for the key's encryption type. The actual checksum key will
+ * be derived from @a key and @a usage if key derivation is specified for the
+ * checksum type. The newly created @a cksum must be released by calling
+ * krb5_free_checksum_contents() when it is no longer needed.
+ *
+ * @note This function is similar to krb5_c_make_checksum(), but operates
+ * on opaque @a key.
+ *
+ * @sa krb5_c_verify_checksum()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_k_make_checksum(krb5_context context, krb5_cksumtype cksumtype,