orion

About

orion is a cryptography library written in pure-Rust which aims to provide easy and usable crypto. 'Usable' meaning exposing high-level API's that are easy to use and hard to misuse. You can read more about orion in the wiki.

Currently supports:

• AEAD: ChaCha20Poly1305, XChaCha20Poly1305
• Stream ciphers: ChaCha20, XChaCha20
• KDF: HKDF-HMAC-SHA512
• Password hashing: PBKDF2-HMAC-SHA512
• MAC: HMAC-SHA512, Poly1305
• XOF: cSHAKE256

Security

This library is not suitable for production code and usage is at own risk.

More information about security regarding orion is available in the wiki.

Features

• By default orion targets stable Rust and in this case, extra dependency specifications are not required. Using orion with stable Rust does however depend on a C compiler to be available on the system. Features nightly and no_std do not have this dependency.

• no_std: To use orion in a no_std context, you need to specify the dependency as such:

[dependencies.orion]
version = "*" # Replace * with the most recent version
default-features = false
features = ["no_std"]

no_std requires Rust nightly and benefits from the same inline assembly features as when using the nightly feature.

When orion is used in a no_std context, access to nearly all functionality, except for that in hazardous, is not available. This is because the high-level functionality depends on the OsRng which is not available in no_std.

• nightly: The nightly feature enables the use of inline assembly for memory wiping and constant-time comparisons. Using nightly is recommended for security. Specify the dependency as such, to use the nightly feature:

[dependencies.orion]
version = "*" # Replace * with the most recent version
default-features = false
features = ["nightly"]

nightly requires Rust nightly.

Documentation

Can be viewed here or built with:

cargo doc --no-deps

Tests/Fuzzing

The wiki has details on how orion is tested. To run all tests:

cargo test

Fuzzing is done using libFuzzer with cargo-fuzz. Fuzzing targets can be run with:

cargo +nightly fuzz run -O fuzz_target

Benchmarks

The library can be benchmarked as below. All benchmarking tests are located in benches/.

cargo +nightly bench

Changelog

Can be found here.

Alternatives

• ring (HMAC, HKDF, PBKDF2, AEAD ChaCha20Poly1305)
• RustCrypto HMAC
• RustCrypto HKDF
• RustCrypto PBKDF2
• sp800-185 (cSHAKE)
• chacha (ChaCha20, XChaCha20)

License

orion is licensed under the MIT license. See the LICENSE file for more information.