Function bearssl::br_ssl_key_export [−] [src]

pub unsafe extern "C" fn br_ssl_key_export(
    cc: *mut br_ssl_engine_context, 
    dst: *mut c_void, 
    len: usize, 
    label: *const c_char, 
    context: *const c_void, 
    context_len: usize
) -> c_int

\brief Export key material from a connected SSL engine (RFC 5705).

This calls compute a secret key of arbitrary length from the master secret of a connected SSL engine. If the provided context is not currently in "application data" state (initial handshake is not finished, another handshake is ongoing, or the connection failed or was closed), then this function returns 0. Otherwise, a secret key of length len bytes is computed and written in the buffer pointed to by dst, and 1 is returned.

The computed key follows the specification described in RFC 5705. That RFC includes two key computations, with and without a "context value". If context is NULL, then the variant without context is used; otherwise, the context_len bytes located at the address pointed to by context are used in the computation. Note that it is possible to have a "with context" key with a context length of zero bytes, by setting context to a non-NULL value but context_len to 0.

When context bytes are used, the context length MUST NOT exceed 65535 bytes.

\param cc SSL engine context. \param dst destination buffer for exported key. \param len exported key length (in bytes). \param label disambiguation label. \param context context value (or NULL). \param context_len context length (in bytes). \return 1 on success, 0 on error.