Skip to content

Add export_keying_material#41

Merged
jesup merged 1 commit into
mozilla:mainfrom
jesup:add_keying_material
May 1, 2026
Merged

Add export_keying_material#41
jesup merged 1 commit into
mozilla:mainfrom
jesup:add_keying_material

Conversation

@jesup
Copy link
Copy Markdown
Member

@jesup jesup commented Apr 29, 2026

Needed for WebTransport, was previously part of the neqo PR which was already r+'d

Copilot AI review requested due to automatic review settings April 29, 2026 14:42
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Apr 29, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 83.33333% with 3 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (main@7cc1c33). Learn more about missing BASE report.

Files with missing lines Patch % Lines
src/agent.rs 83.33% 0 Missing and 3 partials ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main      #41   +/-   ##
=======================================
  Coverage        ?   67.95%           
=======================================
  Files           ?       25           
  Lines           ?     3074           
  Branches        ?     3074           
=======================================
  Hits            ?     2089           
  Misses          ?      797           
  Partials        ?      188
Flag Coverage Δ
freebsd 67.95% <83.33%> (?)
linux 67.95% <83.33%> (?)
macos 67.95% <83.33%> (?)
windows 67.95% <83.33%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Copilot AI reviewed Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds support for exporting TLS 1.3 keying material (RFC 8446 §7.5) to unblock WebTransport usage, with corresponding NSS binding exposure and tests.

Changes:

  • Expose SSL_ExportKeyingMaterial via generated bindings.
  • Add SecretAgent::export_keying_material() wrapper that returns exported bytes after handshake completion.
  • Add tests validating exporter behavior (length, label/context variation, client/server consistency, invalid state).

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
tests/agent.rs Adds exporter-focused integration tests and a small connected client/server helper.
src/err.rs Introduces Error::InvalidState for invalid operation state handling.
src/agent.rs Implements export_keying_material() using NSS SSL_ExportKeyingMaterial.
bindings/bindings.toml Adds SSL_ExportKeyingMaterial to the bindgen allowlist.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/agent.rs Outdated
Comment thread src/err.rs
@jesup jesup force-pushed the add_keying_material branch from a2cc7a7 to 77dd52d Compare April 29, 2026 15:25
@jesup jesup mentioned this pull request Apr 29, 2026
Open
@jesup jesup force-pushed the add_keying_material branch from 77dd52d to 45e3efc Compare April 29, 2026 16:58
@martinthomson
Copy link
Copy Markdown
Member

martinthomson commented Apr 29, 2026

You'll need to appease the format gods for this to land, but it looks good to me.

@jesup jesup force-pushed the add_keying_material branch from 45e3efc to 6a287a7 Compare May 1, 2026 14:02
@jesup jesup merged commit e320ffa into mozilla:main May 1, 2026
43 of 44 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@martinthomson martinthomson martinthomson approved these changes

@beurdouche beurdouche Awaiting requested review from beurdouche beurdouche is a code owner

@jschanck jschanck Awaiting requested review from jschanck jschanck is a code owner

@larseggert larseggert Awaiting requested review from larseggert larseggert is a code owner

@Not-Nik Not-Nik Awaiting requested review from Not-Nik Not-Nik is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jesup @codecov-commenter @martinthomson