payload = b[0]->data + pd->current_data;
/* we need 4 extra bytes for HMAC calculation when ESN are used */
- if ((sa0->flags & IPSEC_SA_FLAG_USE_ESN) && pd->icv_sz &&
+ if (ipsec_sa_is_set_USE_ESN (sa0) && pd->icv_sz &&
(pd->current_data + pd->current_length + 4 > buffer_data_size))
{
b[0]->error = node->errors[ESP_DECRYPT_ERROR_NO_TAIL_SPACE];
op->digest = payload + len;
op->digest_len = cpd.icv_sz;
op->len = len;
- if (PREDICT_TRUE (sa0->flags & IPSEC_SA_FLAG_USE_ESN))
+ if (ipsec_sa_is_set_USE_ESN (sa0))
{
/* shift ICV for 4 bytes to insert ESN */
u8 tmp[ESP_MAX_ICV_SIZE], sz = sizeof (sa0->seq_hi);
clib_memcpy_fast (payload + len, &sa0->seq_hi, sz);
clib_memcpy_fast (payload + len + sz, tmp, ESP_MAX_ICV_SIZE);
op->len += sz;
- op->dst += sz;
+ op->digest += sz;
}
}
vec_add2_aligned (ptd->crypto_ops, op, 1, CLIB_CACHE_LINE_BYTES);
vnet_crypto_op_init (op, sa0->crypto_dec_op_id);
op->key = sa0->crypto_key.data;
- op->key_len = sa0->crypto_key.len;
op->iv = payload;
- op->iv_len = cpd.iv_sz;
op->src = op->dst = payload += cpd.iv_sz;
op->len = len;
op->user_data = b - bufs;
bi = op->user_data;
if (op->status == VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC)
- err = ESP_DECRYPT_ERROR_INTEG_ERROR;
+ err = ESP_DECRYPT_ERROR_DECRYPTION_FAILED;
else
err = ESP_DECRYPT_ERROR_CRYPTO_ENGINE_ERROR;