analyzer/ssl: several improvements

- use better data structures for secret and key material storage
- add documentation to the new methods in the analyzer

src/analyzer/protocol/ssl/SSL.h

@@ -34,12 +34,92 @@ public:
 	static analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new SSL_Analyzer(conn); }
 
-	// Key material for decryption
-	void SetSecret(const u_char* data, int len);
-	void SetKeys(const u_char* data, int len);
+	/**
+	 * Set the secret that should be used to derive keys for the
+	 * connection. (For TLS 1.2 this is the pre-master secret)
+	 *
+	 * @param secret The secret to set
+	 */
+	void SetSecret(StringVal* secret);
 
+	/**
+	 * Set the secret that should be used to derive keys for the
+	 * connection. (For TLS 1.2 this is the pre-master secret)
+	 *
+	 * @param len Length of the secret bytes
+	 *
+	 * @param data Pointer to the secret bytes
+	 */
+	void SetSecret(size_t len, const u_char* data);
+
+	/**
+	 * Set the decryption keys that should be used to decrypt
+	 * TLS application data in the connection.
+	 *
+	 * @param keys The key buffer as derived via TLS PRF (for
+	 * AES_GCM this should be 72 bytes in length)
+	 */
+	void SetKeys(StringVal* keys);
+
+	/**
+	 * Set the decryption keys that should be used to decrypt
+	 * TLS application data in the connection.
+	 *
+	 * @param len Length of the key buffer (for AES_GCM this should
+	 * be 72)
+	 *
+	 * @param data Pointer to the key buffer as derived via TLS PRF
+	 */
+	void SetKeys(size_t len, const u_char* data);
+
+	/**
+	 * Try to decrypt TLS application data from a packet. Requires secret or keys to be set prior
+	 *
+	 * @param len Length of the encrypted bytes to decrypt
+	 *
+	 * @param data Pointer to the encrypted bytes to decrypt
+	 *
+	 * @param is_orig Direction of the connection
+	 *
+	 * @param content_type Content type as given in the TLS packet
+	 *
+	 * @param raw_tls_version Raw TLS version as given in the TLS packets
+	 */
 	bool TryDecryptApplicationData(int len, const u_char* data, bool is_orig, uint8_t content_type, uint16_t raw_tls_version);
+
+	/**
+	 * TLS 1.2 pseudo random function (PRF) used to expand the pre-master secret and derive keys.
+	 * The seed is obtained by concatinating rnd1 and rnd2
+	 *
+	 * @param secret Secret as defined in the TLS RFC
+	 *
+	 * @param label Label as defined in the TLS RFC
+	 *
+	 * @param rnd1 Pointer to the first part of the seed
+	 *
+	 * @param rnd1_len Length of the first part of the seed
+	 *
+	 * @param rnd2 Pointer to the second part of the seed
+	 *
+	 * @param rnd2_len Length of the second part of the seed
+	 *
+	 * @param out Pointer to the derived bytes
+	 *
+	 * @param out_len Length indicating how many bytes should be derived
+	 *
+	 * @return True, if the operation completed successfully, false otherwise
+	 */
 	bool TLS12_PRF(const std::string& secret, const std::string& label, const char* rnd1, size_t rnd1_len, const char* rnd2, size_t rnd2_len, u_char* out, size_t out_len);
+
+	/**
+	 * Forward decrypted TLS application data to child analyzers
+	 *
+	 * @param len Length of the data to forward
+	 *
+	 * @param data Pointer to the data to forward
+	 *
+	 * @param is_orig Direction of the connection
+	 */
 	void ForwardDecryptedData(int len, const u_char* data, bool is_orig);
 
 protected:
@@ -50,8 +130,8 @@ protected:
 	// FIXME: should this be moved into the connection?
 	int c_seq;
 	int s_seq;
-	StringValPtr secret;
-	StringValPtr keys;
+	std::string secret;
+	std::vector<u_char> keys;
 	zeek::analyzer::pia::PIA_TCP *pia;
 };