tls exported keying material

2022-08-19 ยท 1 min read

RFC 5705 - Keying Material Exporters for TLS

what #

Exposes a KDF on the TLS connection shared secret that the client and server agreed upon.

API #

rustls::Connection::export_keying_material

impl Connection {
    /// Derives key material from the agreed connection secrets.
    ///
    /// This function fills in `output` with `output.len()` bytes of
    /// key material derived from the master session secret using
    /// `label` and `context` for diversification.
    pub fn export_keying_material(
        &self,
        output: &mut [u8],
        label: &[u8],
        context: Option<&[u8]>,
    ) -> Result<(), Error>;
}