Skip to main content

Module noise

fips_core

Module noise 

Source
Expand description

Noise Protocol Implementations for FIPS

Implements Noise Protocol Framework patterns using secp256k1:

  • IK pattern: Used by FMP (link layer) for hop-by-hop peer authentication. The initiator knows the responder’s static key and sends its encrypted static in msg1. Two-message handshake.

  • XK pattern: Used by FSP (session layer) for end-to-end sessions. The initiator knows the responder’s static key but defers revealing its own identity until msg3, providing stronger identity hiding. Three-message handshake.

  <- s                    (pre-message: responder's static known)
  -> e, es, s, ss         (msg1: ephemeral + encrypted static)
  <- e, ee, se            (msg2: ephemeral)

§XK Handshake Pattern (Session Layer)

  <- s                    (pre-message: responder's static known)
  -> e, es                (msg1: ephemeral + DH with responder's static)
  <- e, ee                (msg2: ephemeral + DH)
  -> s, se                (msg3: encrypted static + DH)

§Separation of Concerns

The IK pattern handles link-layer peer authentication — securing the direct link between neighboring nodes. The XK pattern handles session-layer end-to-end encryption between arbitrary network addresses, with stronger initiator identity protection.

Structs§

CipherState
Symmetric cipher state for post-handshake encryption.
HandshakeState
Handshake state for Noise IK and XK patterns.
NoiseSession
Completed Noise session for transport encryption.
ReplayWindow
Sliding window for replay protection.

Enums§

HandshakeProgress
Handshake state machine states.
HandshakeRole
Role in the handshake.
NoiseError
Errors from Noise protocol operations.
NoisePattern
Which Noise pattern is being used for this handshake.

Constants§

EPOCH_ENCRYPTED_SIZE
Size of encrypted epoch (epoch + AEAD tag).
EPOCH_SIZE
Size of the startup epoch (random bytes for restart detection).
HANDSHAKE_MSG1_SIZE
Size of IK handshake message 1: ephemeral (33) + encrypted static (33 + 16 tag) + encrypted epoch (8 + 16 tag).
HANDSHAKE_MSG2_SIZE
Size of IK handshake message 2: ephemeral (33) + encrypted epoch (8 + 16 tag).
MAX_MESSAGE_SIZE
Maximum message size for noise transport messages.
PUBKEY_SIZE
Size of a public key (compressed secp256k1).
REPLAY_WINDOW_SIZE
Replay window size in packets (matching WireGuard).
TAG_SIZE
Size of the AEAD tag.
XK_HANDSHAKE_MSG1_SIZE
XK msg1: ephemeral only (33 bytes).
XK_HANDSHAKE_MSG2_SIZE
XK msg2: ephemeral (33) + encrypted epoch (8 + 16 tag) = 57 bytes.
XK_HANDSHAKE_MSG3_SIZE
XK msg3: encrypted static (33 + 16 tag) + encrypted epoch (8 + 16 tag) = 73 bytes.