Add an API for programmatically adding ESP SAs (most likely from a private

dissector).

Also, speed up ESP decryption in several ways:
- store gcrypt_cipher_hd in the SA struct, rather than continually
open, setkey and close for each PDU
- don't convert the key string from ascii to hex each time - do it upon
during update callback and keep
- do the decryption in-place, avoiding the need to allocate, memcpy and
free a separate buffer for encrypted data
- when matching addresses, avoid doing a strlen until after we check
whether or not we're matching against "*"

Change-Id: Ibb66663ec21326351abc761be78a0d57f7797fa5
Reviewed-on: https://code.wireshark.org/review/1421
Reviewed-by: Anders Broman <a.broman58@gmail.com>

1 files changed, 9 insertions, 4 deletions

diff --git a/epan/dissectors/packet-ipsec.h b/epan/dissectors/packet-ipsec.h
index 29f7f446d7..e8516a054d 100644
--- a/epan/dissectors/packet-ipsec.h
+++ b/epan/dissectors/packet-ipsec.h
@@ -23,9 +23,14 @@
 #ifndef __PACKET_IPSEC_H__
 #define __PACKET_IPSEC_H__
 
-/* XXX - TEMPORARILY EMPTY BECAUSE EXISTING FUNCTION WAS REMOVED, BUT A NEW ONE FOR
-   COMPLETELY DIFFERENT FUNCTIONALITY SHOULD REPLACE IT SHORTLY SO FILE SHOULDN'T
-   BE REMOVED
- */
+/* Configure a new SA (programmatically, most likely from a private dissector).
+   The arugments here are deliberately in the same string formats as the UAT fields
+   in order to keep code paths common.
+   Note that an attempt to match with these entries will be made *before* entries
+   added through the UAT entry interface/file. */
+WS_DLL_PUBLIC void esp_sa_record_add_from_dissector(guint8 protocol, const gchar *srcIP, const char *dstIP,
+                                                    gchar *spi,
+                                                    guint8 encryption_algo, const gchar *encryption_key,
+                                                    guint8 authentication_algo, const gchar *authentication_key);
 
 #endif