rustls/
key_log.rs

1/// This trait represents the ability to do something useful
2/// with key material, such as logging it to a file for debugging.
3///
4/// Naturally, secrets passed over the interface are *extremely*
5/// sensitive and can break the security of past, present and
6/// future sessions.
7///
8/// You'll likely want some interior mutability in your
9/// implementation to make this useful.
10///
11/// See [`KeyLogFile`](crate::KeyLogFile) that implements the standard
12/// `SSLKEYLOGFILE` environment variable behaviour.
13pub trait KeyLog: Send + Sync {
14    /// Log the given `secret`.  `client_random` is provided for
15    /// session identification.  `label` describes precisely what
16    /// `secret` means:
17    ///
18    /// - `CLIENT_RANDOM`: `secret` is the master secret for a TLSv1.2 session.
19    /// - `CLIENT_EARLY_TRAFFIC_SECRET`: `secret` encrypts early data
20    ///   transmitted by a client
21    /// - `SERVER_HANDSHAKE_TRAFFIC_SECRET`: `secret` encrypts
22    ///   handshake messages from the server during a TLSv1.3 handshake.
23    /// - `CLIENT_HANDSHAKE_TRAFFIC_SECRET`: `secret` encrypts
24    ///   handshake messages from the client during a TLSv1.3 handshake.
25    /// - `SERVER_TRAFFIC_SECRET_0`: `secret` encrypts post-handshake data
26    ///   from the server in a TLSv1.3 session.
27    /// - `CLIENT_TRAFFIC_SECRET_0`: `secret` encrypts post-handshake data
28    ///   from the client in a TLSv1.3 session.
29    /// - `EXPORTER_SECRET`: `secret` is the post-handshake exporter secret
30    ///   in a TLSv1.3 session.
31    ///
32    /// These strings are selected to match the NSS key log format:
33    /// <https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format>
34    fn log(&self, label: &str, client_random: &[u8], secret: &[u8]);
35
36    /// Indicates whether the secret with label `label` will be logged.
37    ///
38    /// If `will_log` returns true then `log` will be called with the secret.
39    /// Otherwise, `log` will not be called for the secret. This is a
40    /// performance optimization.
41    fn will_log(&self, _label: &str) -> bool {
42        true
43    }
44}
45
46/// KeyLog that does exactly nothing.
47pub struct NoKeyLog;
48
49impl KeyLog for NoKeyLog {
50    fn log(&self, _: &str, _: &[u8], _: &[u8]) {}
51    #[inline]
52    fn will_log(&self, _label: &str) -> bool {
53        false
54    }
55}