pub trait KeyLog: Send + Sync {
    fn log(&self, label: &str, client_random: &[u8], secret: &[u8]);

    fn will_log(&self, _label: &str) -> bool { ... }
}
Expand description

This trait represents the ability to do something useful with key material, such as logging it to a file for debugging.

Naturally, secrets passed over the interface are extremely sensitive and can break the security of past, present and future sessions.

You’ll likely want some interior mutability in your implementation to make this useful.

See KeyLogFile that implements the standard SSLKEYLOGFILE environment variable behaviour.

Required methods

Log the given secret. client_random is provided for session identification. label describes precisely what secret means:

  • CLIENT_RANDOM: secret is the master secret for a TLSv1.2 session.
  • CLIENT_EARLY_TRAFFIC_SECRET: secret encrypts early data transmitted by a client
  • SERVER_HANDSHAKE_TRAFFIC_SECRET: secret encrypts handshake messages from the server during a TLSv1.3 handshake.
  • CLIENT_HANDSHAKE_TRAFFIC_SECRET: secret encrypts handshake messages from the client during a TLSv1.3 handshake.
  • SERVER_TRAFFIC_SECRET_0: secret encrypts post-handshake data from the server in a TLSv1.3 session.
  • CLIENT_TRAFFIC_SECRET_0: secret encrypts post-handshake data from the client in a TLSv1.3 session.
  • EXPORTER_SECRET: secret is the post-handshake exporter secret in a TLSv1.3 session.

These strings are selected to match the NSS key log format: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format

Provided methods

Indicates whether the secret with label label will be logged.

If will_log returns true then log will be called with the secret. Otherwise, log will not be called for the secret. This is a performance optimization.

Implementors