From b6eef1485808093f9dae4fe9d6b685e01a6d65a4 Mon Sep 17 00:00:00 2001
From: Michael Brown <mcb30@ipxe.org>
Date: Mon, 7 Nov 2022 18:34:37 +0000
Subject: [tls] Abstract out concept of a TLS authentication header

All TLS cipher types use a common structure for the per-record data
that is authenticated in addition to the plaintext itself.  This data
is used as a prefix in the HMAC calculation for stream and block
ciphers, or as additional authenticated data for AEAD ciphers.

Define a "TLS authentication header" structure to hold this data as a
contiguous block, in order to meet the alignment requirement for AEAD
ciphers such as GCM.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/include/ipxe/tls.h | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/include')

diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h
index 8bb1ccc..be192b7 100644
--- a/src/include/ipxe/tls.h
+++ b/src/include/ipxe/tls.h
@@ -122,6 +122,14 @@ struct tls_header {
 /* TLS renegotiation information extension */
 #define TLS_RENEGOTIATION_INFO 0xff01
 
+/** TLS authentication header */
+struct tls_auth_header {
+	/** Sequence number */
+	uint64_t seq;
+	/** TLS header */
+	struct tls_header header;
+} __attribute__ (( packed ));
+
 /** TLS verification data */
 struct tls_verify_data {
 	/** Client verification data */
-- 
cgit v1.1