[tls] Abstract out concept of a TLS authentication header

All TLS cipher types use a common structure for the per-record data that is authenticated in addition to the plaintext itself. This data is used as a prefix in the HMAC calculation for stream and block ciphers, or as additional authenticated data for AEAD ciphers. Define a "TLS authentication header" structure to hold this data as a contiguous block, in order to meet the alignment requirement for AEAD ciphers such as GCM. Signed-off-by: Michael Brown <mcb30@ipxe.org>
author: Michael Brown <mcb30@ipxe.org> 2022-11-07 18:34:37 +0000
committer: Michael Brown <mcb30@ipxe.org> 2022-11-08 13:48:45 +0000
commit: b6eef1485808093f9dae4fe9d6b685e01a6d65a4 (patch)
tree: 412bf41dea752f04f3cca2cc658aedac5bebac9a /src/include/ipxe/tls.h
parent: 6a360ebfde9921b9cacbee724fe25d646e4499d5 (diff)
download: ipxe-b6eef1485808093f9dae4fe9d6b685e01a6d65a4.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h
index 8bb1ccceb..be192b7ef 100644
--- a/src/include/ipxe/tls.h
+++ b/src/include/ipxe/tls.h
@@ -122,6 +122,14 @@ struct tls_header {
 /* TLS renegotiation information extension */
 #define TLS_RENEGOTIATION_INFO 0xff01
 
+/** TLS authentication header */
+struct tls_auth_header {
+	/** Sequence number */
+	uint64_t seq;
+	/** TLS header */
+	struct tls_header header;
+} __attribute__ (( packed ));
+
 /** TLS verification data */
 struct tls_verify_data {
 	/** Client verification data */
author	Michael Brown <mcb30@ipxe.org>	2022-11-07 18:34:37 +0000
committer	Michael Brown <mcb30@ipxe.org>	2022-11-08 13:48:45 +0000
commit	b6eef1485808093f9dae4fe9d6b685e01a6d65a4 (patch)
tree	412bf41dea752f04f3cca2cc658aedac5bebac9a /src/include/ipxe/tls.h
parent	6a360ebfde9921b9cacbee724fe25d646e4499d5 (diff)
download	ipxe-b6eef1485808093f9dae4fe9d6b685e01a6d65a4.tar.gz