pub trait KeyLog:
Debug
+ Send
+ Sync {
// Required method
fn log(&self, label: &str, client_random: &[u8], secret: &[u8]);
// Provided method
fn will_log(&self, _label: &str) -> bool { ... }
}Expand description
This trait represents the ability to do something useful with key material, such as logging it to a file for debugging.
Naturally, secrets passed over the interface are extremely sensitive and can break the security of past, present and future sessions.
You’ll likely want some interior mutability in your implementation to make this useful.
See KeyLogFile that implements the standard
SSLKEYLOGFILE environment variable behaviour.
Required Methods§
Sourcefn log(&self, label: &str, client_random: &[u8], secret: &[u8])
fn log(&self, label: &str, client_random: &[u8], secret: &[u8])
Log the given secret. client_random is provided for
session identification. label describes precisely what
secret means:
CLIENT_RANDOM:secretis the master secret for a TLSv1.2 session.CLIENT_EARLY_TRAFFIC_SECRET:secretencrypts early data transmitted by a clientSERVER_HANDSHAKE_TRAFFIC_SECRET:secretencrypts handshake messages from the server during a TLSv1.3 handshake.CLIENT_HANDSHAKE_TRAFFIC_SECRET:secretencrypts handshake messages from the client during a TLSv1.3 handshake.SERVER_TRAFFIC_SECRET_0:secretencrypts post-handshake data from the server in a TLSv1.3 session.CLIENT_TRAFFIC_SECRET_0:secretencrypts post-handshake data from the client in a TLSv1.3 session.EXPORTER_SECRET:secretis the post-handshake exporter secret in a TLSv1.3 session.
These strings are selected to match the NSS key log format: https://nss-crypto.org/reference/security/nss/legacy/key_log_format/index.html