diff options
| author | Michael Brown <mcb30@ipxe.org> | 2022-11-07 18:34:37 +0000 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2022-11-08 13:48:45 +0000 |
| commit | b6eef1485808093f9dae4fe9d6b685e01a6d65a4 (patch) | |
| tree | 412bf41dea752f04f3cca2cc658aedac5bebac9a /src/include | |
| parent | 6a360ebfde9921b9cacbee724fe25d646e4499d5 (diff) | |
| download | ipxe-b6eef1485808093f9dae4fe9d6b685e01a6d65a4.zip ipxe-b6eef1485808093f9dae4fe9d6b685e01a6d65a4.tar.gz ipxe-b6eef1485808093f9dae4fe9d6b685e01a6d65a4.tar.bz2 | |
[tls] Abstract out concept of a TLS authentication header
All TLS cipher types use a common structure for the per-record data
that is authenticated in addition to the plaintext itself. This data
is used as a prefix in the HMAC calculation for stream and block
ciphers, or as additional authenticated data for AEAD ciphers.
Define a "TLS authentication header" structure to hold this data as a
contiguous block, in order to meet the alignment requirement for AEAD
ciphers such as GCM.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/ipxe/tls.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h index 8bb1ccc..be192b7 100644 --- a/src/include/ipxe/tls.h +++ b/src/include/ipxe/tls.h @@ -122,6 +122,14 @@ struct tls_header { /* TLS renegotiation information extension */ #define TLS_RENEGOTIATION_INFO 0xff01 +/** TLS authentication header */ +struct tls_auth_header { + /** Sequence number */ + uint64_t seq; + /** TLS header */ + struct tls_header header; +} __attribute__ (( packed )); + /** TLS verification data */ struct tls_verify_data { /** Client verification data */ |