third_party/rust_crates/vendor/rustls/src/keylog.rs - fuchsia - Git at Google

 use std::env;
 use std::fs::{File, OpenOptions};
 use std::path::Path;
 use std::io;
 use std::io::Write;
 use std::sync::Mutex;

 #[cfg(feature = "logging")]
 use crate::log::warn;

 /// This trait represents the ability to do something useful
 /// with key material, such as logging it to a file for debugging.
 ///
 /// Naturally, secrets passed over the interface are *extremely*
 /// sensitive and can break the security of past, present and
 /// future sessions.
 ///
 /// You'll likely want some interior mutability in your
 /// implementation to make this useful.
 ///
 /// See `KeyLogFile` that implements the standard `SSLKEYLOGFILE`
 /// environment variable behaviour.
 pub trait KeyLog : Send + Sync {
     /// Log the given `secret`.  `client_random` is provided for
     /// session identification.  `label` describes precisely what
     /// `secret` means:
     ///
     /// - `CLIENT_RANDOM`: `secret` is the master secret for a TLSv1.2 session.
     /// - `CLIENT_EARLY_TRAFFIC_SECRET`: `secret` encrypts early data
     ///   transmitted by a client
     /// - `SERVER_HANDSHAKE_TRAFFIC_SECRET`: `secret` encrypts
     ///   handshake messages from the server during a TLSv1.3 handshake.
     /// - `CLIENT_HANDSHAKE_TRAFFIC_SECRET`: `secret` encrypts
     ///   handshake messages from the client during a TLSv1.3 handshake.
     /// - `SERVER_TRAFFIC_SECRET_0`: `secret` encrypts post-handshake data
     ///   from the server in a TLSv1.3 session.
     /// - `CLIENT_TRAFFIC_SECRET_0`: `secret` encrypts post-handshake data
     ///   from the client in a TLSv1.3 session.
     /// - `EXPORTER_SECRET`: `secret` is the post-handshake exporter secret
     ///   in a TLSv1.3 session.
     ///
     /// These strings are selected to match the NSS key log format:
     /// https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
     fn log(&self, label: &str, client_random: &[u8], secret: &[u8]);

     /// Indicates whether the secret with label `label` will be logged.
     ///
     /// If `will_log` returns true then `log` will be called with the secret.
     /// Otherwise, `log` will not be called for the secret. This is a
     /// performance optimization.
     fn will_log(&self, _label: &str) -> bool { true }
 }

 /// KeyLog that does exactly nothing.
 pub struct NoKeyLog;

 impl KeyLog for NoKeyLog {
     fn log(&self, _: &str, _: &[u8], _: &[u8]) {}
     #[inline]
     fn will_log(&self, _label: &str) -> bool { false }
 }

 // Internal mutable state for KeyLogFile
 struct KeyLogFileInner {
     file: Option<File>,
     buf: Vec<u8>,
 }

 impl KeyLogFileInner {
     fn new() -> Self {
         let var = env::var("SSLKEYLOGFILE");
         let path = match var {
             Ok(ref s) => Path::new(s),
             Err(env::VarError::NotUnicode(ref s)) => Path::new(s),
             Err(env::VarError::NotPresent) => {
                 return KeyLogFileInner {
                     file: None,
                     buf: Vec::new(),
                 };
             }
         };

         #[cfg_attr(not(feature = "logging"), allow(unused_variables))]
         let file = match OpenOptions::new()
             .append(true)
             .create(true)
             .open(path) {
             Ok(f) => Some(f),
             Err(e) => {
                 warn!("unable to create key log file '{:?}': {}", path, e);
                 None
             }
         };

         KeyLogFileInner {
             file,
             buf: Vec::new(),
         }
     }

     fn try_write(&mut self, label: &str, client_random: &[u8], secret: &[u8]) -> io::Result<()> {
         let mut file = match self.file {
             None => { return Ok(()); }
             Some(ref f) => f,
         };

         self.buf.truncate(0);
         write!(self.buf, "{} ", label)?;
         for b in client_random.iter() {
             write!(self.buf, "{:02x}", b)?;
         }
         write!(self.buf, " ")?;
         for b in secret.iter() {
             write!(self.buf, "{:02x}", b)?;
         }
         writeln!(self.buf)?;
         file.write_all(&self.buf)
     }
 }

 /// `KeyLog` implementation that opens a file whose name is
 /// given by the `SSLKEYLOGFILE` environment variable, and writes
 /// keys into it.
 ///
 /// If `SSLKEYLOGFILE` is not set, this does nothing.
 ///
 /// If such a file cannot be opened, or cannot be written then
 /// this does nothing but logs errors at warning-level.
 pub struct KeyLogFile(Mutex<KeyLogFileInner>);

 impl KeyLogFile {
     /// Makes a new `KeyLogFile`.  The environment variable is
     /// inspected and the named file is opened during this call.
     pub fn new() -> Self {
         KeyLogFile(Mutex::new(KeyLogFileInner::new()))
     }
 }

 impl KeyLog for KeyLogFile {
     fn log(&self, label: &str, client_random: &[u8], secret: &[u8]) {
         #[cfg_attr(not(feature = "logging"), allow(unused_variables))]
         match self.0.lock()
             .unwrap()
             .try_write(label, client_random, secret) {
             Ok(()) => {},
             Err(e) => {
                 warn!("error writing to key log file: {}", e);
             }
         }
     }
 }
	use std::env;
	use std::fs::{File, OpenOptions};
	use std::path::Path;
	use std::io;
	use std::io::Write;
	use std::sync::Mutex;

	#[cfg(feature = "logging")]
	use crate::log::warn;

	/// This trait represents the ability to do something useful
	/// with key material, such as logging it to a file for debugging.
	///
	/// Naturally, secrets passed over the interface are extremely
	/// sensitive and can break the security of past, present and
	/// future sessions.
	///
	/// You'll likely want some interior mutability in your
	/// implementation to make this useful.
	///
	/// See `KeyLogFile` that implements the standard `SSLKEYLOGFILE`
	/// environment variable behaviour.
	pub trait KeyLog : Send + Sync {
	/// Log the given `secret`. `client_random` is provided for
	/// session identification. `label` describes precisely what
	/// `secret` means:
	///
	/// - `CLIENT_RANDOM`: `secret` is the master secret for a TLSv1.2 session.
	/// - `CLIENT_EARLY_TRAFFIC_SECRET`: `secret` encrypts early data
	/// transmitted by a client
	/// - `SERVER_HANDSHAKE_TRAFFIC_SECRET`: `secret` encrypts
	/// handshake messages from the server during a TLSv1.3 handshake.
	/// - `CLIENT_HANDSHAKE_TRAFFIC_SECRET`: `secret` encrypts
	/// handshake messages from the client during a TLSv1.3 handshake.
	/// - `SERVER_TRAFFIC_SECRET_0`: `secret` encrypts post-handshake data
	/// from the server in a TLSv1.3 session.
	/// - `CLIENT_TRAFFIC_SECRET_0`: `secret` encrypts post-handshake data
	/// from the client in a TLSv1.3 session.
	/// - `EXPORTER_SECRET`: `secret` is the post-handshake exporter secret
	/// in a TLSv1.3 session.
	///
	/// These strings are selected to match the NSS key log format:
	/// https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
	fn log(&self, label: &str, client_random: &[u8], secret: &[u8]);

	/// Indicates whether the secret with label `label` will be logged.
	///
	/// If `will_log` returns true then `log` will be called with the secret.
	/// Otherwise, `log` will not be called for the secret. This is a
	/// performance optimization.
	fn will_log(&self, _label: &str) -> bool { true }
	}

	/// KeyLog that does exactly nothing.
	pub struct NoKeyLog;

	impl KeyLog for NoKeyLog {
	fn log(&self, _: &str, _: &[u8], _: &[u8]) {}
	#[inline]
	fn will_log(&self, _label: &str) -> bool { false }
	}

	// Internal mutable state for KeyLogFile
	struct KeyLogFileInner {
	file: Option<File>,
	buf: Vec<u8>,
	}

	impl KeyLogFileInner {
	fn new() -> Self {
	let var = env::var("SSLKEYLOGFILE");
	let path = match var {
	Ok(ref s) => Path::new(s),
	Err(env::VarError::NotUnicode(ref s)) => Path::new(s),
	Err(env::VarError::NotPresent) => {
	return KeyLogFileInner {
	file: None,
	buf: Vec::new(),
	};
	}
	};

	#[cfg_attr(not(feature = "logging"), allow(unused_variables))]
	let file = match OpenOptions::new()
	.append(true)
	.create(true)
	.open(path) {
	Ok(f) => Some(f),
	Err(e) => {
	warn!("unable to create key log file '{:?}': {}", path, e);
	None
	}
	};

	KeyLogFileInner {
	file,
	buf: Vec::new(),
	}
	}

	fn try_write(&mut self, label: &str, client_random: &[u8], secret: &[u8]) -> io::Result<()> {
	let mut file = match self.file {
	None => { return Ok(()); }
	Some(ref f) => f,
	};

	self.buf.truncate(0);
	write!(self.buf, "{} ", label)?;
	for b in client_random.iter() {
	write!(self.buf, "{:02x}", b)?;
	}
	write!(self.buf, " ")?;
	for b in secret.iter() {
	write!(self.buf, "{:02x}", b)?;
	}
	writeln!(self.buf)?;
	file.write_all(&self.buf)
	}
	}

	/// `KeyLog` implementation that opens a file whose name is
	/// given by the `SSLKEYLOGFILE` environment variable, and writes
	/// keys into it.
	///
	/// If `SSLKEYLOGFILE` is not set, this does nothing.
	///
	/// If such a file cannot be opened, or cannot be written then
	/// this does nothing but logs errors at warning-level.
	pub struct KeyLogFile(Mutex<KeyLogFileInner>);

	impl KeyLogFile {
	/// Makes a new `KeyLogFile`. The environment variable is
	/// inspected and the named file is opened during this call.
	pub fn new() -> Self {
	KeyLogFile(Mutex::new(KeyLogFileInner::new()))
	}
	}

	impl KeyLog for KeyLogFile {
	fn log(&self, label: &str, client_random: &[u8], secret: &[u8]) {
	#[cfg_attr(not(feature = "logging"), allow(unused_variables))]
	match self.0.lock()
	.unwrap()
	.try_write(label, client_random, secret) {
	Ok(()) => {},
	Err(e) => {
	warn!("error writing to key log file: {}", e);
	}
	}
	}
	}