ssl: rudimentary decryption for TLS 1.2

Several limitations still apply:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is the only supported cipher suite
- Some tests are broken due to a failing assertion regarding bytestring
- No newly written tests for decryption (the patch was tested extensively for our paper)
- Several small open technical questions marked with FIXME
- Architecture in the ssl module might not be optimal

src/analyzer/protocol/ssl/functions.bif

@@ -16,3 +16,25 @@ function set_ssl_established%(c: connection%): any
 		static_cast<zeek::analyzer::ssl::SSL_Analyzer*>(sa)->StartEncryption();
 	return nullptr;
 	%}
+
+function set_secret%(c: connection, secret: string%): bool
+	%{
+	analyzer::Analyzer* sa = c->FindAnalyzer("SSL");
+	if ( sa )
+	{
+		static_cast<zeek::analyzer::ssl::SSL_Analyzer*>(sa)->SetSecret(secret->Bytes(), secret->Len());
+		return zeek::val_mgr->True();
+	}
+	return zeek::val_mgr->False();
+	%}
+
+function set_keys%(c: connection, keys: string%): bool
+	%{
+	analyzer::Analyzer* sa = c->FindAnalyzer("SSL");
+	if ( sa )
+	{
+		static_cast<zeek::analyzer::ssl::SSL_Analyzer*>(sa)->SetKeys(keys->Bytes(), keys->Len());
+		return zeek::val_mgr->True();
+	}
+	return zeek::val_mgr->False();
+	%}