Snow
An implementation of Trevor Perrin's Noise Protocol that is designed to be Hard To Fuck Upâ„¢.
🔥 Warning 🔥 This library has not received any formal audit, and its API is subject to change whenever it's prudent to or if the winds blow at the right heading.
What's it look like?
See examples/simple.rs
for a more complete TCP client/server example.
let mut noise = new
.build_initiator?;
let mut buf = ;
// write first handshake message
noise.write_message?;
// receive response message
let incoming = receive_message_from_the_mysterious_ether;
noise.read_message?;
// complete handshake, and transition the state machine into transport mode
let mut noise = noise.into_transport_mode?;
See the full documentation at https://docs.rs/snow.
Implemented
Snow is currently tracking against Noise spec revision 34.
However, a few features have yet to be implemented (pull requests welcome):
Crypto
Cryptographic providers are swappable through Builder::with_resolver()
, but by default it chooses select, artisanal
pure-Rust implementations (see Cargo.toml
for a quick overview).
Providers
ring
ring is a crypto library based off of BoringSSL and is significantly faster than most of the pure-Rust implementations.
If you enable the ring-resolver
feature, Snow will include a ring_wrapper
module as well as a RingAcceleratedResolver
available to be used with Builder::with_resolver()
.
If you enable the ring-accelerated
feature, Snow will default to choosing ring
's crypto implementations when available.
HACL*
HACL* is a formally verified cryptographic library, accessed via the rust-hacl-star
wrapper crate.
If you enable the hacl-resolver
feature, Snow will include a hacl_wrapper
module as well as a HaclStarResolver
available to be used with Builder::with_resolver()
.
Similar to ring, if you enable the hacl-accelerated
feature, Snow will default to choosing HACL* implementations when available.
Resolver primitives supported
default | ring | hacl* | |
---|---|---|---|
CSPRNG | ✔ | ||
25519 | ✔ | ✔ | ✔ |
448 | |||
AESGCM | ✔ | ✔ | |
ChaChaPoly | ✔ | ✔ | ✔ |
SHA256 | ✔ | ✔ | ✔ |
SHA512 | ✔ | ✔ | ✔ |
BLAKE2s | ✔ | ||
BLAKE2b | ✔ |