pub trait KeyLog: Send + Sync {
fn log(&self, label: &str, client_random: &[u8], secret: &[u8]);
fn will_log(&self, _label: &str) -> bool { ... }
}
Expand description
This trait represents the ability to do something useful with key material, such as logging it to a file for debugging.
Naturally, secrets passed over the interface are extremely sensitive and can break the security of past, present and future sessions.
You’ll likely want some interior mutability in your implementation to make this useful.
See KeyLogFile
that implements the standard
SSLKEYLOGFILE
environment variable behaviour.
Required methods
Log the given secret
. client_random
is provided for
session identification. label
describes precisely what
secret
means:
CLIENT_RANDOM
:secret
is the master secret for a TLSv1.2 session.CLIENT_EARLY_TRAFFIC_SECRET
:secret
encrypts early data transmitted by a clientSERVER_HANDSHAKE_TRAFFIC_SECRET
:secret
encrypts handshake messages from the server during a TLSv1.3 handshake.CLIENT_HANDSHAKE_TRAFFIC_SECRET
:secret
encrypts handshake messages from the client during a TLSv1.3 handshake.SERVER_TRAFFIC_SECRET_0
:secret
encrypts post-handshake data from the server in a TLSv1.3 session.CLIENT_TRAFFIC_SECRET_0
:secret
encrypts post-handshake data from the client in a TLSv1.3 session.EXPORTER_SECRET
:secret
is the post-handshake exporter secret in a TLSv1.3 session.
These strings are selected to match the NSS key log format: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format