Snowstorm
A minimalistic encryption protocol for rust async streams / packets, based on noise protocol and snow.
Quickstart
Snowstorm allows you to secure any streams implemented AsyncRead + AsyncWrite + Unpin
. For example, TcpStream
in Tokio. Note that the underlying connections need to be reliable.
Create a Key Pair
// Noise protocol params, see: http://www.noiseprotocol.org/noise.html#protocol-names-and-modifiers
// Use `KK` to enable bidirectional identity verification
static PATTERN: &str = "Noise_KK_25519_ChaChaPoly_BLAKE2s";
// Generate a private / public key pair
let key_pair = new.generate_keypair.unwrap
Client
// Connect to the peer
let stream = connect.await?;
// The client should build an initiator to launch the handshake process
let initiator = new
.local_private_key
.remote_public_key
.build_initiator?;
// Start handshaking
let mut secured_stream = handshake.await?;
// A secured stream `NoiseStream<T>` will be return once the handshake is done
secured_stream.write_all.await?;
Server
// Accept a `TcpStream` from the listener
let listener = bind.await?;
let = listener.accept.await?;
// The server needs a responder to handle handshake reqeusts from clients
let responder = new
.local_private_key
.remote_public_key
.build_responder?;
// Start handshaking
let mut secured_stream = handshake.await?;
let mut buf = ;
secured_stream.read.await?;
Spec
Stream
[ length
(2 bytes, little endian) ] [ noise message
(length
bytes) ]
Packet
[ nonce
(8 bytes) ] [ noise message
]
Todo
- UDP Support
- Documentation
- Benchmarks
- Async-std support