Skip to content
A Rust implementation of the Noise Protocol Framework
Rust Shell
Branch: master
Clone or download

Latest commit

Frando Add XChaChaPoly cipher (#73)
* Add XChaChaPoly cipher

It's behind a feature gate "xchachapoly" because it is a the moment a
quite uncommon cipher for NOISE handshaking (but used in some protocols,
e.g. the Hypercore protocol).

* Fix tests for xchachapoly feature
Latest commit a10103c Apr 22, 2020


Type Name Latest commit message Commit time
Failed to load latest commit information.
benches the great rustfmt. Feb 21, 2020
docs outsource documentation to Jul 19, 2018
examples the great rustfmt. Feb 21, 2020
hfuzz expand fuzzers a little bit more Jun 23, 2019
src Add XChaChaPoly cipher (#73) Apr 22, 2020
tests the great rustfmt. Feb 21, 2020
.gitignore ignore .vscode Jan 16, 2019
.travis.yml Add libsodium resolver (up-to-date) (#75) Feb 19, 2020
Cargo.toml Add XChaChaPoly cipher (#73) Apr 22, 2020
LICENSE LICENSE Apr 5, 2016 add caveat for libsodium in README and workaround in tests Feb 21, 2020 the great rustfmt. Feb 21, 2020 Add XChaChaPoly cipher (#73) Apr 22, 2020
rustfmt.toml the great rustfmt. Feb 21, 2020

Snow Build Status dependency status

totally official snow logo

An implementation of Trevor Perrin's Noise Protocol that is designed to be Hard To Fuck Up™.

🔥 Warning 🔥 This library has not received any formal audit.

What's it look like?

See examples/ for a more complete TCP client/server example.

let mut noise = snow::Builder::new("Noise_NN_25519_ChaChaPoly_BLAKE2s".parse()?)
let mut buf = [0u8; 65535];
// write first handshake message
noise.write_message(&[], &mut buf)?;
// receive response message
let incoming = receive_message_from_the_mysterious_ether();
noise.read_message(&incoming, &mut buf)?;
// complete handshake, and transition the state machine into transport mode
let mut noise = noise.into_transport_mode()?;

See the full documentation at


Snow is currently tracking against Noise spec revision 34.

However, a not all features have been implemented yet (pull requests welcome):


Cryptographic providers are swappable through Builder::with_resolver(), but by default it chooses select, artisanal pure-Rust implementations (see Cargo.toml for a quick overview).

Other Providers


ring is a crypto library based off of BoringSSL and is significantly faster than most of the pure-Rust implementations.

If you enable the ring-resolver feature, Snow will include a resolvers::ring module as well as a RingAcceleratedResolver available to be used with Builder::with_resolver().

If you enable the ring-accelerated feature, Snow will default to choosing ring's crypto implementations when available.


libsodium is a fork of NaCl focused on improved usability and regular maintenance.

Compatibility caveat

libsodium blacklists a set of low-order points that it deems unsafe because they would output an all-zeroes result.

Noise does not validate Curve25519 points, so if another Noise implementation provides an all-zero (or another low-order) public key for some reason (be it testing, or a real life foot-shot), if you use the libsodium backend of snow, it will error in a way that's not fully compatible with the specification.

Resolver primitives supported

default ring libsodium
You can’t perform that action at this time.