A minimalistic encryption protocol for rust async streams / packets, based on noise protocol and snow.
Snowstorm allows you to secure any streams implemented AsyncRead + AsyncWrite + Unpin. For example, TcpStream in Tokio. Note that the underlying connections need to be reliable.
``rust
// Noise protocol params, see: http://www.noiseprotocol.org/noise.html#protocol-names-and-modifiers
// UseKK` to enable bidirectional identity verification
static PATTERN: &str = "NoiseKK25519ChaChaPolyBLAKE2s";
// Generate a private / public key pair let keypair = snowstorm::Builder::new(PATTERN.parse()?).generatekeypair().unwrap() ```
```rust
// Connect to the peer let stream = TcpStream::connect("127.0.0.1:12345").await?;
// The client should build an initiator to launch the handshake process let initiator = snowstorm::Builder::new(PATTERN.parse()?) .localprivatekey(localprivatekey) .remotepublickey(remotepublickey) .build_initiator()?;
// Start handshaking let mut secured_stream = NoiseStream::handshake(stream, initiator).await?;
// A secured stream NoiseStream<T> will be return once the handshake is done
securedstream.writeall(b"hello world").await?;
```
```rust
// Accept a TcpStream from the listener
let listener = TcpListener::bind("127.0.0.1:12345").await?;
let (stream, _) = listener.accept().await?;
// The server needs a responder to handle handshake reqeusts from clients let responder = snowstorm::Builder::new(PATTERN.parse()?) .localprivatekey(localprivatekey) .remotepublickey(remotepublickey) .build_responder()?;
// Start handshaking let mut secured_stream = NoiseStream::handshake(stream, responder).await?;
let mut buf = [0; 1024]; secured_stream.read(&mut buf).await?;
```
[ length (2 bytes, little endian) ] [ noise message (length bytes) ]
[ nonce (8 bytes) ] [ noise message ]