Decibel is an Elixir implementation of the Noise Protocol Framework.
Noise is a framework for building crypto protocols. Noise protocols support mutual and optional authentication, identity hiding, forward secrecy, zero round-trip encryption, and other advanced features.
Decibel supports all the handshakes listed in r34 of the specification, including fundamental, deferred and one-way handshakes. In addition it has support for fallback protocols and multiple pre-shared symmetric keys.
It’s test-suite includes the cacophony and snow test vectors, totalling over 1300 tests.
It’s currently at 0.1.0, but at this point I don’t anticipate any breaking api changes, rather just improvements to documentation before going to 1.0.0.
8 Likes
# Somehow send this message to the responder and get the response
magically_send_msg(rsp_proc, msg1)
msg2 = magically_recv_msg(rsp_proc)
Is there any chance you could also release this library!
Oh, question: It’s not immediately clear, but can I use this for an unreliable channel, or where messages will arrive out of order? Think UDP alike datagrams?
Oh, question: It’s not immediately clear, but can I use this for an unreliable channel, or where messages will arrive out of order? Think UDP alike datagrams?
The simplest thing would be to sequence the messages yourself and re-assemble them at the other end, feeding only contiguously-sequenced packets into the decryption. This should just work.
In theory it’s even possible to decrypt out-of-order messages - but 0.1.0 does not currently support getting/setting the n value of the internal CipherState object through the public api, although I intend to address this before 1.0.0.
I pushed 0.1.1 (decibel | Hex) which allows to read and write the current n value of either the inbound or outbound channel (CipherState) of the current session. I added a test to show how to decrypt messages if they arrive out of order, by setting the n value.
A couple of notes:
- This assumes that the
n value travels in the clear with each ciphertext, which is a requirement already outlined in the spec. In addition, I used a byte representation of that sequence number as the AAD.
- You still have to solve any unreliability of the handshake itself.
Hi, but does that mean the protocol cannot tolerate a completely missing message? Needs to re-initialise the handshake? (presumably anything sent between the missing message and the new handshake cannot be decrypted?)
I was under the impression there were noise modes which were tolerant of missing messages?
Once the handshake is complete and the session established, it absolutely can tolerate missing messages.
Providing every packet contains the nonce value alongside the encrypted data, the recipient reads both, and sets the nonce before decrypting.
1 Like
Decibel 0.2.0 has been released.
This release was mainly focused on proving support for Compound Protocols, in particular Noise Pipes:
- AEAD decryption failures raise
Decibel.DecryptionError rather than RuntimeError.
- Additional test-cases for fallback protocols, using vectors from noise-c
- Improved documentation around Noise Pipes including examples
- Improved documentation around Connectionless Transports
2 Likes
