[noise] Kernel-land C implementation of latest noise specification
Jason A. Donenfeld
Jason at zx2c4.com
Mon Jul 6 18:19:32 PDT 2015
Hey folks,
I've done it!
This is part of my larger project -- WireGuard -- a kernel space VPN
with a somewhat unique design. I am NOT ready to "announce" my project
yet. It isn't nearly complete (though it does work and sends packets,
encrypted, very successfully). I do not want to release this code to
the public yet, and I'm not granting any licenses to "use" it or
enabling any kind of "public distribution" of the code. Why? Because
people _will_ use it if I release it, and I don't want anybody
erroneously risking anything by using unaudited pre-alpha
cryptographic software. So, YOU HAVE BEEN WARNED! Don't use it!
With all that said, I'd like to share, privately, with some of the
readers of this list the current state of the project, because it
includes a noise implementation (HandshakeIK). To do so, here's a
username and password. I know there are public archives of this list,
but if you can help it, don't share these credentials. Yada yada.
Description: http://www.wireguard.io/
username: noiselist
password: pleasekeepthisprivate-thecodeisnotreadytobeshared-itsinbadshape
You'll fine the code here:
http://git.zx2c4.com/WireGuard/tree/src
With the bulk of the noise implementation here:
http://git.zx2c4.com/WireGuard/tree/src/noise
I suggest you start with the header file:
http://git.zx2c4.com/WireGuard/tree/src/noise/noise.h
There are a few things different from the actual noise specification:
- I use blake2b instead of HMAC-SHA2-256 and SHA2-256 (blake2b has two
modes - key'd and unkey'd)
- I include a packed and encrypted TAIA timestamp in the initial handshake
- Rather than the prologue containing a length field, I simply have a
"type" field which is a u8 containing the type of message -
handshake-step-X, data, etc
I welcome any and all feedback, criticism, lynchings, praises, or
whatever else you might have to say about this code or the ideas
behind the project or responses to my questions inside of "//TODO:"
comments, or anything at all related.
So, have at it!
And Trevor -- thanks so much for your hard work with the protocol.
It's been a real pleasure these last few weeks to see it mature while
working on an implementation.
Regards,
Jason
More information about the Noise
mailing list