orion 0.17.14

Usable, easy and safe pure-Rust crypto
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213

on:
  # Test on PRs for any branch
  pull_request:
    branches:
      - "*"
  push:
    branches:
      - master

# We don't need to run older workflows for the same PR's, since we always want the output of the newest ones.
concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true

# NOTE: Should we use fail-fast: false?

name: Tests
permissions:
  contents: read

jobs:
  test:
    name: Test release + debug and features
    strategy:
      matrix:
        toolchain:
          - stable
          - beta
          - nightly
          - 1.86.0 # MSRV
        os:
          - ubuntu-latest
          - macos-latest
          - windows-latest

    runs-on: ${{ matrix.os }}
    steps:
      - name: Checkout sources
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      - name: Install toolchain
        env: 
          TARGET_TOOLCHAIN: ${{ matrix.toolchain }}
        run: rustup toolchain install "${TARGET_TOOLCHAIN}"
        shell: bash

      - name: Test debug-mode, default features
        run: cargo test

      - name: Test debug-mode, all features
        run: cargo test --all-features

      - name: Test debug-mode, no default features
        run: cargo test --no-default-features

      - name: Test debug-mode, no-default + alloc feature
        run: cargo test --no-default-features --features alloc --tests

      - name: Test debug-mode, no-default + serde feature (enables alloc)
        run: cargo test --no-default-features --features serde --tests

      - name: Test debug-mode, no-default + safe_api (without zeroize)
        run: cargo test --no-default-features --features safe_api --tests
      
      - name: Test debug-mode, no-default + zeroize (zeroize-only)
        run: cargo test --no-default-features --features zeroize --tests

      - name: Test debug-mode, no-default + alloc + zeroize
        run: cargo test --no-default-features --features alloc,zeroize --tests

      - name: Test release-mode, default features
        run: cargo test --release

      - name: Test release-mode, all features
        run: cargo test --release --all-features

      - name: Test release-mode, no default features
        run: cargo test --release --no-default-features

      - name: Test release-mode, no-default + alloc feature
        run: cargo test --release --no-default-features --features alloc --tests

      - name: Test release-mode, no-default + serde feature (enables alloc)
        run: cargo test --release --no-default-features --features serde --tests

      - name: Test release-mode, no-default + safe_api (without zeroize)
        run: cargo test --release --no-default-features --features safe_api --tests
      
      - name: Test release-mode, no-default + zeroize (zeroize-only)
        run: cargo test --release --no-default-features --features zeroize --tests

      - name: Test release-mode, no-default + alloc + zeroize
        run: cargo test --release --no-default-features --features alloc,zeroize --tests

  sanitizers:
    name: Tests w. sanitizers
    runs-on: ubuntu-latest
    steps:
      - name: Checkout sources
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      - name: Install toolchain
        run: rustup toolchain install nightly && rustup target add x86_64-unknown-linux-gnu

      # Release (LeakSanitizer is enabled by default with AddressSanitizer for x86_64 Linux builds)
      # https://github.com/google/sanitizers/wiki/AddressSanitizerLeakSanitizer
      - run: RUSTFLAGS="-Z sanitizer=address" ASAN_OPTIONS="detect_odr_violation=0" cargo +nightly test --all-features --tests --release --target x86_64-unknown-linux-gnu
      - run: RUSTFLAGS="-Z sanitizer=address" ASAN_OPTIONS="detect_odr_violation=0" cargo +nightly test --no-default-features --tests --release --target x86_64-unknown-linux-gnu

  no_std:
    name: no_std build
    runs-on: ubuntu-latest
    strategy:
      matrix:
        toolchain:
          - stable
          - nightly
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      - uses: houseabsolute/actions-rust-cross@a8cc74d61047fa553b4e908b4b10e70029f00ca6 # v1.0.6
        with:
          command: build
          target: thumbv7em-none-eabi
          args: "--release --no-default-features"

  cross_compilation:
    name: Linux/ARM - Release tests
    runs-on: ubuntu-latest
    strategy:
      matrix:
        arch:
          - i686-unknown-linux-gnu
          - armv7-unknown-linux-gnueabihf
          - powerpc64-unknown-linux-gnu
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      - uses: houseabsolute/actions-rust-cross@a8cc74d61047fa553b4e908b4b10e70029f00ca6 # v1.0.6
        with:
          command: test
          target: ${{ matrix.arch }}
          args: "--release"

  # https://rustwasm.github.io/docs/book/reference/add-wasm-support-to-crate.html#maintaining-ongoing-support-for-webassembly
  web_assembly:
    name: WebAssembly - Release build
    runs-on: ubuntu-latest
    strategy:
      matrix:
        arch:
          - wasm32-unknown-unknown
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      - name: Install toolchain
        env: 
          TARGET_ARCH: ${{ matrix.arch }}
        run: rustup toolchain install stable && rustup target add "${TARGET_ARCH}"
        shell: bash

      - run: cargo check --no-default-features --target ${WASM_TARGET}
        # Remediation for potential template-injection: https://docs.zizmor.sh/audits/#template-injection
        env:
          WASM_TARGET: ${{ matrix.arch }}

  docs:
    name: Build documentation
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      - name: Install toolchain
        run: rustup toolchain install stable

      - run: cargo doc --no-deps --all-features

  benches:
    name: Build and check benchmarks
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      - name: Install toolchain
        run: rustup toolchain install stable

      - run: cargo test --benches

  semver_checks:
    name: Check SemVer
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      - uses: obi1kenobi/cargo-semver-checks-action@6b69fcf40e9b5fb17adeb57e4b6ecd020649a239 # v2.9
      
      - run: cargo semver-checks