v0.7.0

Major changes

• Experimental post-quantum Hybrid Forward Secrecy, behind the hfs flag.
• Added back AES-GCM support to the default pure-Rust crypto resolver.
• Added XChaChaPoly support behind the xchachapoly flag.

Minor changes

• Builder now implements Send
• Added is_my_turn function in HandshakeState.
• Added the dangerously_get_raw_split method in HandshakeState behind the risky-raw-split, for those who like the live on the wild side and want to deal with the split key material from a completed handshake manually.

Special thanks to @dsprenkels, @sdbondi, @michaelbeaumont, @Frando, @expenses, @BlackHoleFox, and @zserik for your contributions to this release!

As is always the case, there's always more to get into this release but it's been long enough that it seems like a good checkpoint, and we can continue re-hauling the API for 0.8.

v0.6.0

Snow 0.6 was focused on simplification. We managed to net negative 500 lines of code since 0.5.

Major Changes

• Removed Session, which was a wrapper around the handshake and transport state structs. This approach provides better compiler-time guarantees for code correctness.
• Snow's Error enum no longer uses the failure crate.
• AES-GCM is now only supported with the ring based resolver. Thanks to @BlackHoleFox we've finally removed the dependency on rust-crypto, which is no longer maintained.
• Finally upgrade to Rust 2018.

A special thanks to @stusmall, @geogriff-signal, and @Leo-LB for contributing to this release.

P.S., Facebook: I see you're using snow for your new cryptocurrency. Please don't screw us all over.

v0.4.2

The largest change in 0.3 -> 0.4 is the addition of a stateless transport mode, which exposes an API to manage nonces on your own, as opposed to the traditional behavior of noise where nonces are internally managed.

This is particularly useful for using noise over lossy pipes (UDP multimedia streaming, etc.).

v0.3.0

This was a decently large refactor with some important security changes (rollback) and better documentation.

• The handshake state will rollback its internal SymmetricState if read_message() or write_message() failed for any reason, so the state will not be left in a weird or potentially dangerous state.
• NoiseBuilder is now just Builder.
• All errors returned in snow are now a SnowError enum type.
• generate_private_key() is now generate_keypair() in the builder.
• Crypto types must implement Send + Sync now.
• The default resolver is now optional if you implement your own resolver and didn't want it.

v0.2.0

• Refactor of the organization of resolvers
• A few potential performance improvements

v0.1.12

Maintenance release to provide documentation while docs.rs is broken for this crate.

v0.1.11

• Migrated to failure crate from error-chain.
• Added set_psk(location: usize, psk, &[u8]) to Session for cases where the PSK may not be known until midway into the handshake.
• Added is_initiator() convenience function, so you can ask the Session how it was initialized.

v0.1.10

Lots of promising improvements in this release!

• HACL* provider added by @quininer.
• Switched from rust-crypto's X25519 implementation to x25519-dalek as the default.
• Added get_remote_static() to Session, useful in patterns like XX, where the remote static key is not known until it is transmitted, added by @str4d after a prototype from @david415.