Snow

totally official snow logo

An implementation of Trevor Perrin's Noise Protocol that is designed to be Hard To Fuck Up™.

🔥 Warning 🔥 This library has not received any formal audit.

What's it look like?

See examples/simple.rs for a more complete TCP client/server example.

```rust let mut noise = snow::Builder::new("NoiseNN25519ChaChaPolyBLAKE2s".parse()?) .build_initiator()?;

let mut buf = [0u8; 65535];

// write first handshake message noise.write_message(&[], &mut buf)?;

// receive response message let incoming = receivemessagefromthemysteriousether(); noise.readmessage(&incoming, &mut buf)?;

// complete handshake, and transition the state machine into transport mode let mut noise = noise.intotransportmode()?; ```

See the full documentation at https://docs.rs/snow.

Implemented

Snow is currently tracking against Noise spec revision 34.

However, a not all features have been implemented yet (pull requests welcome):

[ ] [The fallback modifier](https://noiseprotocol.org/noise_rev34.html#the-fallback-modifier)

Crypto

Cryptographic providers are swappable through Builder::with_resolver(), but by default it chooses select, artisanal pure-Rust implementations (see Cargo.toml for a quick overview).

Other Providers

ring

ring is a crypto library based off of BoringSSL and is significantly faster than most of the pure-Rust implementations.

If you enable the ring-resolver feature, Snow will include a resolvers::ring module as well as a RingAcceleratedResolver available to be used with Builder::with_resolver().

If you enable the ring-accelerated feature, Snow will default to choosing ring's crypto implementations when available.

libsodium

libsodium is a fork of NaCl focused on improved usability and regular maintenance.

Compatibility caveat

libsodium blacklists a set of low-order points that it deems unsafe because they would output an all-zeroes result.

Noise does not validate Curve25519 points, so if another Noise implementation provides an all-zero (or another low-order) public key for some reason (be it testing, or a real life foot-shot), if you use the libsodium backend of snow, it will error in a way that's not fully compatible with the specification.

Resolver primitives supported

| | default | ring | libsodium | |-----------:|:-------:|:----:|:---------:| | CSPRNG | ✔ | ✔ | ✔ | | 25519 | ✔ | ✔ | ✔ | | 448 | | | | | AESGCM | ✔ | ✔ | | | ChaChaPoly | ✔ | ✔ | ✔ | | SHA256 | ✔ | ✔ | ✔ | | SHA512 | ✔ | ✔ | | | BLAKE2s | ✔ | | | | BLAKE2b | ✔ | | |