Snow
An implementation of Trevor Perrin's Noise Protocol that is designed to be Hard To Fuck Upβ’.
π₯ Warning π₯ This library has not received any formal audit.
What's it look like?
See examples/simple.rs for a more complete TCP client/server example.
let mut noise = snow::Builder::new("Noise_NN_25519_ChaChaPoly_BLAKE2s".parse()?)
.build_initiator()?;
let mut buf = [0u8; 65535];
// write first handshake message
noise.write_message(&[], &mut buf)?;
// receive response message
let incoming = receive_message_from_the_mysterious_ether();
noise.read_message(&incoming, &mut buf)?;
// complete handshake, and transition the state machine into transport mode
let mut noise = noise.into_transport_mode()?;See the full documentation at https://docs.rs/snow.
Implemented
Snow is currently tracking against Noise spec revision 34.
However, a not all features have been implemented yet (pull requests welcome):
Crypto
Cryptographic providers are swappable through Builder::with_resolver(), but by default
it chooses select, artisanal pure-Rust implementations (see Cargo.toml for a quick
overview).
Other Providers
ring
ring is a crypto library based off of BoringSSL and is significantly faster than most of the pure-Rust implementations.
If you enable the ring-resolver feature, Snow will include a resolvers::ring module
as well as a RingAcceleratedResolver available to be used with
Builder::with_resolver().
If you enable the ring-accelerated feature, Snow will default to choosing ring's
crypto implementations when available.
libsodium
libsodium is a fork of NaCl focused on improved usability and regular maintenance.
Compatibility caveat
libsodium blacklists a set of low-order points that it deems unsafe because they would output an all-zeroes result.
Noise does not validate Curve25519 points, so if another Noise implementation provides an all-zero (or another low-order) public key for some reason (be it testing, or a real life foot-shot), if you use the libsodium backend of snow, it will error in a way that's not fully compatible with the specification.
Resolver primitives supported
| default | ring | libsodium | |
|---|---|---|---|
| CSPRNG | β | β | β |
| 25519 | β | β | β |
| 448 | |||
| AESGCM | β | β | |
| ChaChaPoly | β | β | β |
| SHA256 | β | β | β |
| SHA512 | β | β | |
| BLAKE2s | β | ||
| BLAKE2b | β |
License
Licensed under either of:
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.