in fizz/tool/FizzServerCommand.cpp [244:341]
std::vector<std::string> handshakeSuccessLog() {
auto& state = transport_->getState();
auto serverCert = state.serverCert();
auto clientCert = state.clientCert();
if (clientEarlyTrafficSecret_) {
acceptor_->writeKeyLog(
*state.clientRandom(),
KeyLogWriter::Label::CLIENT_EARLY_TRAFFIC_SECRET,
folly::range(*clientEarlyTrafficSecret_));
}
if (clientHandshakeTrafficSecret_) {
acceptor_->writeKeyLog(
*state.clientRandom(),
KeyLogWriter::Label::CLIENT_HANDSHAKE_TRAFFIC_SECRET,
folly::range(*clientHandshakeTrafficSecret_));
}
if (serverHandshakeTrafficSecret_) {
acceptor_->writeKeyLog(
*state.clientRandom(),
KeyLogWriter::Label::SERVER_HANDSHAKE_TRAFFIC_SECRET,
folly::range(*serverHandshakeTrafficSecret_));
}
if (exporterMasterSecret_) {
acceptor_->writeKeyLog(
*state.clientRandom(),
KeyLogWriter::Label::EXPORTER_SECRET,
folly::range(*exporterMasterSecret_));
}
if (clientAppTrafficSecret_) {
acceptor_->writeKeyLog(
*state.clientRandom(),
KeyLogWriter::Label::CLIENT_TRAFFIC_SECRET_0,
folly::range(*clientAppTrafficSecret_));
}
if (serverAppTrafficSecret_) {
acceptor_->writeKeyLog(
*state.clientRandom(),
KeyLogWriter::Label::SERVER_TRAFFIC_SECRET_0,
folly::range(*serverAppTrafficSecret_));
}
return {
folly::to<std::string>(" TLS Version: ", toString(*state.version())),
folly::to<std::string>(" Cipher Suite: ", toString(*state.cipher())),
folly::to<std::string>(
" Named Group: ",
(state.group() ? toString(*state.group()) : "(none)")),
folly::to<std::string>(
" Signature Scheme: ",
(state.sigScheme() ? toString(*state.sigScheme()) : "(none)")),
folly::to<std::string>(" PSK: ", toString(*state.pskType())),
folly::to<std::string>(
" PSK Mode: ",
(state.pskMode() ? toString(*state.pskMode()) : "(none)")),
folly::to<std::string>(
" Key Exchange Type: ", toString(*state.keyExchangeType())),
folly::to<std::string>(" Early: ", toString(*state.earlyDataType())),
folly::to<std::string>(
" Server identity: ",
(serverCert ? serverCert->getIdentity() : "(none)")),
folly::to<std::string>(
" Client Identity: ",
(clientCert ? clientCert->getIdentity() : "(none)")),
folly::to<std::string>(
" Server Certificate Compression: ",
(state.serverCertCompAlgo() ? toString(*state.serverCertCompAlgo())
: "(none)")),
folly::to<std::string>(" ALPN: ", state.alpn().value_or("(none)")),
folly::to<std::string>(
" Client Random: ", folly::hexlify(*state.clientRandom())),
folly::to<std::string>(" Secrets:"),
folly::to<std::string>(
" External PSK Binder: ", secretStr(externalPskBinder_)),
folly::to<std::string>(
" Resumption PSK Binder: ", secretStr(resumptionPskBinder_)),
folly::to<std::string>(
" Early Exporter: ", secretStr(earlyExporterSecret_)),
folly::to<std::string>(
" Early Client Data: ", secretStr(clientEarlyTrafficSecret_)),
folly::to<std::string>(
" Client Handshake: ", secretStr(clientHandshakeTrafficSecret_)),
folly::to<std::string>(
" Server Handshake: ", secretStr(serverHandshakeTrafficSecret_)),
folly::to<std::string>(
" Exporter Master: ", secretStr(exporterMasterSecret_)),
folly::to<std::string>(
" Resumption Master: ", secretStr(resumptionMasterSecret_)),
folly::to<std::string>(
" Client Traffic: ", secretStr(clientAppTrafficSecret_)),
folly::to<std::string>(
" Server Traffic: ", secretStr(serverAppTrafficSecret_)),
folly::to<std::string>(
"",
state.context()->getECHDecrypter()
? "Encrypted client hello (ECH) is successful."
: "")};
}