A minimalistic encryption protocol for rust async streams/packets, based on noise protocol and snow.

Overview

Snowstorm

A minimalistic encryption protocol for rust async streams / packets, based on noise protocol and snow.

Quickstart

Snowstorm allows you to secure any streams implemented AsyncRead + AsyncWrite + Unpin. For example, TcpStream in Tokio. Note that the underlying connections need to be reliable.

Create a Key Pair

// Noise protocol params, see: http://www.noiseprotocol.org/noise.html#protocol-names-and-modifiers
// Use `KK` to enable bidirectional identity verification
static PATTERN: &str = "Noise_KK_25519_ChaChaPoly_BLAKE2s"; 

// Generate a private / public key pair
let key_pair = snowstorm::Builder::new(PATTERN.parse()?).generate_keypair().unwrap()

Client

// Connect to the peer
let stream = TcpStream::connect("127.0.0.1:12345").await?;

// The client should build an initiator to launch the handshake process
let initiator = snowstorm::Builder::new(PATTERN.parse()?)
    .local_private_key(local_private_key)
    .remote_public_key(remote_public_key)
    .build_initiator()?;

// Start handshaking
let mut secured_stream = NoiseStream::handshake(stream, initiator).await?;

// A secured stream `NoiseStream<T>` will be return once the handshake is done
secured_stream.write_all(b"hello world").await?;

Server

// Accept a `TcpStream` from the listener
let listener = TcpListener::bind("127.0.0.1:12345").await?;
let (stream, _) = listener.accept().await?;

// The server needs a responder to handle handshake reqeusts from clients
let responder = snowstorm::Builder::new(PATTERN.parse()?)
    .local_private_key(local_private_key)
    .remote_public_key(remote_public_key)
    .build_responder()?;

// Start handshaking
let mut secured_stream = NoiseStream::handshake(stream, responder).await?;

let mut buf = [0; 1024];
secured_stream.read(&mut buf).await?;

Spec

Stream

[ length (2 bytes, little endian) ] [ noise message (length bytes) ]

Packet

[ nonce (8 bytes) ] [ noise message ]

Todo

  • UDP Support
  • Documentation
  • Benchmarks
  • Async-std support
You might also like...
Peer-to-peer communications library for Rust based on QUIC protocol

qp2p Crate Documentation MaidSafe website SAFE Dev Forum SAFE Network Forum Overview This library provides an API to simplify common tasks when creati

A simple tool in Rust to split urls in their protocol, host, port, path and query parts.

rexturl A simple tool to split urls in their protocol, host, port, path and query parts. Install cargo install rexturl or clone the source code and r

🥧 Savoury implementation of the QUIC transport protocol and HTTP/3

quiche is an implementation of the QUIC transport protocol and HTTP/3 as specified by the IETF. It provides a low level API for processing QUIC packet

The Graph is a protocol for building decentralized applications (dApps) quickly on Ethereum and IPFS using GraphQL.

Graph Node The Graph is a protocol for building decentralized applications (dApps) quickly on Ethereum and IPFS using GraphQL. Graph Node is an open s

IDP2P is a peer-to-peer identity protocol which enables a controller to create, manage and share its own proofs as well as did documents
IDP2P is a peer-to-peer identity protocol which enables a controller to create, manage and share its own proofs as well as did documents

IDP2P Experimental, inspired by ipfs, did:peer and keri Background See also (related topics): Decentralized Identifiers (DIDs) Verifiable Credentials

UDP proxy with Proxy Protocol and mmproxy support
UDP proxy with Proxy Protocol and mmproxy support

udppp UDP proxy with Proxy Protocol and mmproxy support. Features Async Support Proxy Protocol V2 SOCKET preserve client IP addresses in L7 proxies(mm

Easy protocol definitions in Rust

protocol Documentation Easy protocol definitions in Rust. This crate adds a custom derive that can be added to types, allowing structured data to be s

A Constrained Application Protocol(CoAP) library implemented in Rust.

coap-rs A fast and stable Constrained Application Protocol(CoAP) library implemented in Rust. Features: CoAP core protocol RFC 7252 CoAP Observe optio

A Rust library for parsing the SOME/IP network protocol (without payload interpretation).

someip_parse A Rust library for parsing the SOME/IP network protocol (without payload interpretation). Usage Add the following to your Cargo.toml: [de

Comments
  • Wrong start index for ReadState::ServingPayload in NoiseStream

    Wrong start index for ReadState::ServingPayload in NoiseStream

    In my opinion, code in line 302 of stream.rs may be wrong: https://github.com/black-binary/snowstorm/blob/5b2a3c0f261cb2792d76dae8da4058d1fc538587/src/stream.rs#L302

    For your reference, code around this line is https://github.com/black-binary/snowstorm/blob/5b2a3c0f261cb2792d76dae8da4058d1fc538587/src/stream.rs#L298-L308

    Maybe we should read from index start? For example:

     read_buf.put_slice(&read_payload_buffer[*start..*start + buf_remaining]);
    
    opened by wlh320 7
  • panic in handshake

    panic in handshake

    thread 'main' panicked at 'range end index 20291 out of range for slice of length 1024', /cargo/registry/src/github.com-1ecc6299db9ec823/snowstorm-0.1.3/src/stream.rs:92:39
    
    opened by rapiz1 1
Owner
Black Binary
Reverse-Engineering/CTFer C/C++/Rust/Go Dev
Black Binary
Dropping GFW DNS contaminated packets based on Rust + eBPF

Dropping GFW DNS contaminated packets based on Rust + eBPF

ihc童鞋@提不起劲 1k Jan 3, 2023
A multi-targets ping tool and library, which supports 10,000 packets/second, accurate latency

mping-rs a multi-targets ping tool, which supports 10,000 packets/second, accurate latency. 一个高频ping工具,支持多个目标。 正常的ping一般用来做探测工具,mping还可以用来做压测工具。 Go版本:

smallnest 25 Oct 29, 2023
Replay packets from pcap -file to network interface

pktreplay can be used to read packets from pcap file or interface and write them into interface. By default packets are written with the same rate they have been saved into the pcap file, or, when reading from interface, as fast as they are received.

Jukka Taimisto 3 Nov 23, 2022
Transforms UDP stream into (fake) TCP streams that can go through Layer 3 & Layer 4 (NAPT) firewalls/NATs.

Phantun A lightweight and fast UDP to TCP obfuscator. Table of Contents Phantun Latest release Overview Usage 1. Enable Kernel IP forwarding 2. Add re

Datong Sun 782 Dec 30, 2022
A simple, single threaded and minimalistic port checker

A simple, single threaded and minimalistic port checker

null 1 Feb 12, 2022
A fast, stable, efficient, and lightweight intranet penetration, port forwarding tool supports multiple connections, cascading proxy, and transmission encryption

A fast, stable, efficient, and lightweight intranet penetration, port forwarding tool supports multiple connections, cascading proxy, and transmission encryption

editso 1.3k Dec 30, 2022
An async, user-friendly Let's Encrypt/ACMEv2 library written in Rust

lers An async, user-friendly Let's Encrypt/ACMEv2 library written in Rust. The API and implementation were inspired by acme2, acme-micro, and lego. Fe

Alexander Krantz 20 Apr 3, 2023
Async-friendly WebTransport implementation in Rust

WTransport WebTransport protocol, pure-rust, async-friendly. Introduction WebTransport is a new protocol being developed to enable low-latency, bidire

Biagio Festa 19 Jun 15, 2023
A mini async telnet client.

mini-telnet A mini async telnet client.

kolapapa 15 May 5, 2022
Redis backed session store for async-session using fred.rs.

async-fred-session Redis backed session store for async-session using fred.rs. This work is mostly based on async-redis-session. use async_fred_sessio

void* 4 Feb 28, 2023