Add support for MACsec traffic decryption
The current implementation of the MACsec dissector is very limited as it simply shows the encrypted data / wrapped data as well as the ICV (the signature or MAC (message authentication code)).
This change will bring the MACsec decryption support.
- If an encryption key is provided: The dissector will try to authenticate the traffic. If the traffic is encrypted traffic, the dissector will try to decrypt the traffic as well. If the traffic is successfully authenticated, macsec.auth_status is set to PROTO_CHECKSUM_E_GOOD and the dissector will try to continue dissecting the traffic.
- If an encryption key is not provided: The dissector will simply show the traffic without trying to authenticate or decrypt the traffic. macsec.auth_status is set to PROTO_CHECKSUM_E_UNVERIFIED.
The encryption key is added under the Preferences -> Protocols -> MACsec
I have provided some traffic to validate the change.
The encryption key for the sample traffic is: 82683001643483472227515285280057
To validate the change:
- Not entering the encryption key, the dissector should work the same as the dissector without the change.
- Use a random encryption key, you should see all the MACsec traffic shows as "Authentication fail"
- Use the actual encryption key to dissect the traffic, for MACsec_sample_1.pcapng, the MACsec traffic should show as UDP traffic. For MACsec_sample_2.pcapng, we should see the MACsec traffic show as UDP traffic or DHCP traffic. Packet 1 and 11 are shown as "Authentication fail" as we purposely faked these packets.