orion
About
orion is a cryptography library written in pure-Rust which aims to provide easy and usable crypto. 'Usable' meaning exposing high-level API's that are easy to use and hard to misuse. You can read more about orion in the wiki.
Currently supports:
- AEAD: ChaCha20Poly1305, XChaCha20Poly1305
- Stream ciphers: ChaCha20, XChaCha20
- KDF: HKDF-HMAC-SHA512
- Password hashing: PBKDF2-HMAC-SHA512
- MAC: HMAC-SHA512, Poly1305
- XOF: cSHAKE256
Security
This library is not suitable for production code and usage is at own risk.
More information about security regarding orion is available in the wiki.
Features
-
By default orion targets stable Rust and in this case, extra dependency specifications are not required. Using orion with stable Rust does however depend on a C compiler to be available on the system. Features
nightly
andno_std
do not have this dependency. -
no_std
: To use orion in ano_std
context, you need to specify the dependency as such:
[dependencies.orion]
version = "*" # Replace * with the most recent version
default-features = false
features = ["no_std"]
no_std
requires Rust nightly and benefits from the same inline assembly features as when using the nightly
feature.
When orion is used in a no_std
context, access to nearly all functionality, except for that in
hazardous
, is not available. This is because the high-level functionality depends on the OsRng
which is not available in no_std
.
nightly
: The nightly feature enables the use of inline assembly for memory wiping and constant-time comparisons. Usingnightly
is recommended for security. Specify the dependency as such, to use thenightly
feature:
[dependencies.orion]
version = "*" # Replace * with the most recent version
default-features = false
features = ["nightly"]
nightly
requires Rust nightly.
Documentation
Can be viewed here or built with:
cargo doc --no-deps
Tests/Fuzzing
The wiki has details on how orion is tested. To run all tests:
cargo test
Fuzzing is done using libFuzzer with cargo-fuzz. Fuzzing targets can be run with:
cargo +nightly fuzz run -O fuzz_target
Benchmarks
The library can be benchmarked as below. All benchmarking tests are located in benches/
.
cargo +nightly bench
Changelog
Can be found here.
Alternatives
- ring (HMAC, HKDF, PBKDF2, AEAD ChaCha20Poly1305)
- RustCrypto HMAC
- RustCrypto HKDF
- RustCrypto PBKDF2
- sp800-185 (cSHAKE)
- chacha (ChaCha20, XChaCha20)
License
orion is licensed under the MIT license. See the LICENSE
file for more information.