特性 KeyLog 

pub trait KeyLog:
    Debug
    + Send
    + Sync {
    // Required method
    fn log(&self, label: &str, client_random: &[u8], secret: &[u8]);

    // Provided method
    fn will_log(&self, _label: &str) -> bool { ... }
}

此 trait represents the ability 到 do something useful with 密钥材料, such as logging it 到 一个 file 用于 debugging.

Naturally, secrets passed over the interface are extremely sensitive 并 can break the security of past, present 并 future sessions.

You’ll likely want some interior mutability in your implementation 到 make this useful.

，请参见KeyLogFile that implements 标准 SSLKEYLOGFILE environment variable behaviour.

必需方法

fn log(&self, label: &str, client_random: &[u8], secret: &[u8])

Log the given secret。 client_random ， 用于 session identification. label describes precisely what secret means:

• CLIENT_RANDOM: secret is the master secret for a TLSv1.2 session.
• CLIENT_EARLY_TRAFFIC_SECRET: secret encrypts early data transmitted by a client
• SERVER_HANDSHAKE_TRAFFIC_SECRET: secret encrypts handshake messages from the server during a TLSv1.3 handshake.
• CLIENT_HANDSHAKE_TRAFFIC_SECRET: secret encrypts handshake messages from the client during a TLSv1.3 handshake.
• SERVER_TRAFFIC_SECRET_0: secret encrypts post-handshake data from the server in a TLSv1.3 session.
• CLIENT_TRAFFIC_SECRET_0: secret encrypts post-handshake data from the client in a TLSv1.3 session.
• EXPORTER_SECRET: secret is the post-handshake exporter secret in a TLSv1.3 session.

These strings are selected 到 match the NSS key log format: https://nss-crypto.org/reference/security/nss/legacy/key_log_format/index.html

提供方法

fn will_log(&self, _label: &str) -> bool

指明是否会记录标签为 label 的密钥

If will_log 返回 true then log ， called with 密钥. Otherwise, log 不会为该密钥调用 This 是 performance optimization.

实现者

impl KeyLog for KeyLogFile

impl KeyLog for NoKeyLog