[noise] Implementation: Revision 10 - Noise_IS, with a few deviations

[Jason A. Donenfeld]

Hi folks,

Now that Trevor has merged HKDF to master, I'll share my implementation,
attached here. Please do let me know if you find any mistakes in it. It
should be pretty short and sweet.

Note that it makes the following deviations from Trevor's specification:

   - Blake2b is used instead of SHA2-256 as a HASH function.
      - For HASH, it is truncated to 32 bytes.
      - For HKDF, the full 64 bytes are used.
   - Little endian is used for all fields instead of big endian.
   - No explicit outer-length parameter, since the outer and enclosed IP
   packets already have relevent lengths.
   - There is no maximum length limit, though the MTU controls this
   implicitly.
   - The first handshake message contains a timestamp, to prevent replay
   attacks, as part of its payload.


Looking forward to hearing some feedback.

Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20151016/82466212/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: noise-revision-10.tar.xz
Type: application/x-xz
Size: 5452 bytes
Desc: not available
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20151016/82466212/attachment.bin>