[noise] writing a Rust sans-IO Noise protocol

Trevor Perrin trevp at trevp.net
Mon May 28 10:30:18 PDT 2018


On Sun, May 27, 2018 at 9:12 PM, dawuud <dawuud at riseup.net> wrote:
>
> Hi,
>
> I am currently writing a Rust SANS-IO Noise based wire protocol using Snow.
[...]
> Therefore I later will be able to create an async io AND blocking io
> protocol libraries that reuse the core crypto protocol code.

Cool, looking forward to it.


> I am implementing this:
> https://github.com/katzenpost/docs/blob/master/specs/wire-protocol.rst
> However I'm using "Noise_XX_25519_ChaChaPoly_BLAKE2b" instead of
> "Noise_XXhfs_25519+NewHopeSimple_ChaChaPoly_Blake2b". But I might
> later decide to use the rust serde crate for wire command
> serialization if I give up on being bitwise compatible with the golang
> Katzenpost implementation. ( work-in-progress: https://github.com/david415/modem )
>
> Speaking of bitwise compatibility... I noticed that the Noise protocol
> specification does not specify if the prologue is to go before or after
> the handshake message. I have noticed that the golang flynn noise library
> puts the prologue before the handshake ciphertext and the rust snow library
> puts the prologue after the handshake ciphertext.

The Noise specification doesn't say anything about where the prologue
comes from, it's just an abstract input that you can use as you
please.


> Shouldn't the Noise protocol specify things to the degree that we can
> easiy achieve bitwise compatiblity between language protocol implemenations?

For interop, take a look at the NoiseSocket and NLS drafts in the
wiki.  These define some conventions around framing and padding
(NoiseSocket), and add a negotiation language on top of that (NLS).

With these additional layers, you can define an NLS profile (like
NoiseLink, NoiseZeroLink, NoiseAuthBox, etc) and get bitwise
compatibility / interop.


Trevor


More information about the Noise mailing list