tls: Separate TLS protection to abstracted AEAD modes

To better separate the code path for different TLS versions and modes of
operation, we introduce a TLS AEAD abstraction. We provide three implementations
using traditional transforms, and get prepared for TLS AEAD modes.

1 files changed, 4 insertions, 6 deletions

diff --git a/src/libtls/tls_protection.h b/src/libtls/tls_protection.h
index 05cf3df45..3280fb5a9 100644
--- a/src/libtls/tls_protection.h
+++ b/src/libtls/tls_protection.h
@@ -26,6 +26,7 @@
 typedef struct tls_protection_t tls_protection_t;
 
 #include "tls.h"
+#include "tls_aead.h"
 #include "tls_alert.h"
 #include "tls_compression.h"
 
@@ -62,15 +63,12 @@ struct tls_protection_t {
 					  tls_content_type_t *type, chunk_t *data);
 
 	/**
-	 * Set a new cipher, including encryption and integrity algorithms.
+	 * Set a new transforms to use at protection layer
 	 *
 	 * @param inbound	TRUE to use cipher for inbound data, FALSE for outbound
-	 * @param signer	new signer to use, gets owned by protection layer
-	 * @param crypter	new crypter to use, gets owned by protection layer
-	 * @param iv		initial IV for crypter, gets owned by protection layer
+	 * @param aead		new AEAD transform
 	 */
-	void (*set_cipher)(tls_protection_t *this, bool inbound, signer_t *signer,
-					   crypter_t *crypter, chunk_t iv);
+	void (*set_cipher)(tls_protection_t *this, bool inbound, tls_aead_t *aead);
 
 	/**
 	 * Set the TLS version negotiated, used for MAC calculation.