Decode PVA in TLS via ALPN

[mdavidsaver]

Add decoding of PVA within TLS using the tls.alpn table provisionally using pva/1 as the protocol name string.

The test/pva-tls.pcapng.gz capture contains a TLS 1.3 session with the associated session keys embedded to it. So it can be dissected like any other capture.

wireshark -X lua_script:pva.lua test/pva-tls.pcapng.gz

The process to capture and embed session keys was:

wireshark -X lua_script:pva.lua &   # save capture as /tmp/pva.pcapng.gz
SSLKEYLOGFILE=/tmp/pva-secrets \
 pvget ...
editcap --inject-secrets tls,/tmp/pva-secrets /tmp/pva.pcapng.gz test/pva-tls.pcapng.gz

Alternately, the raw capture and keylog can be analyzed separately. (the keylog path can also be set through the GUI)

wireshark -X lua_script:pva.lua -o tls.keylog_file:/tmp/pva-secrets /tmp/pva.pcapng.gz

@kasemir @george-mcintyre To my mind, this wireshark feature alone is sufficient to justify using the ALPN extension.

see https://wiki.wireshark.org/TLS

[mdavidsaver]

Updated test/pva-tls.pcapng.gz with a session using client certificate and intermediate CA.

[mdavidsaver]

At this point I think the usage of TLS + ALPN "pva/1" is firm enough.