[tls] Abstract out concept of a TLS authentication header

All TLS cipher types use a common structure for the per-record data that is authenticated in addition to the plaintext itself. This data is used as a prefix in the HMAC calculation for stream and block ciphers, or as additional authenticated data for AEAD ciphers. Define a "TLS authentication header" structure to hold this data as a contiguous block, in order to meet the alignment requirement for AEAD ciphers such as GCM. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2026-02-04 15:09:29 +03:00 · 2022-11-07 18:34:37 +00:00
parent 6a360ebfde
commit b6eef14858
2 changed files with 27 additions and 21 deletions
--- a/src/include/ipxe/tls.h
+++ b/src/include/ipxe/tls.h
@@ -122,6 +122,14 @@ struct tls_header {
 /* TLS renegotiation information extension */
 #define TLS_RENEGOTIATION_INFO 0xff01

+/** TLS authentication header */
+struct tls_auth_header {
+	/** Sequence number */
+	uint64_t seq;
+	/** TLS header */
+	struct tls_header header;
+} __attribute__ (( packed ));
+
 /** TLS verification data */
 struct tls_verify_data {
 	/** Client verification data */