Warning
This library is not suitable for production code. There are no guarantees for the security of these implementations. Use at your own risk.
About
orion is a cryptography library written in pure-Rust which aims to provide easy and usable crypto. 'Usable' meaning exposing high-level API's that are easy to use and hard to misuse. You can read more about orion in the wiki.
In case you missed the warning above: don't use orion for production code or instances where you need absolute confidence in security. While security is a top priority goal for this library, the author is no professional. Look in the Alternatives section if this means orion is not for you.
Currently supports:
- AEAD: ChaCha20Poly1305, XChaCha20Poly1305
- Stream ciphers: ChaCha20, XChaCha20
- KDF: HKDF-HMAC-SHA512
- Password hashing: PBKDF2-HMAC-SHA512
- MAC: HMAC-SHA512, Poly1305
- XOF: cSHAKE256
Note on cSHAKE:
The cSHAKE implementation currently relies on the tiny-keccak
crate. Currently this crate
will produce incorrect results on big-endian based systems. See issue here.
Enabling no_std
To use orion in a no_std
context, you need to specify the dependency as such:
orion = { version = "*", default-features = false }
Note that this means you will not have access to the default
API.
This is because the default
API depends on the OsRng
, which in turn depends on std
.
Documentation
Can be viewed here or built with:
cargo doc --no-deps
Tests/Fuzzing
The wiki has details on how orion is tested. To run all tests:
cargo test
Fuzzing is done using libFuzzer with cargo-fuzz. Fuzzing targets can be run with:
cargo +nightly fuzz run -O fuzz_target
Benchmarks
The library can be benchmarked as below. All benchmarking tests are located in benches/
.
cargo +nightly bench
Changelog
Can be found here.
Acknowledgments
- Thanks to @defuse for a quick audit of the code.
- Thanks to @ritalinn for the logo.
Alternatives
- ring (HMAC, HKDF, PBKDF2, AEAD ChaCha20Poly1305)
- RustCrypto HMAC
- RustCrypto HKDF
- RustCrypto PBKDF2
- sp800-185 (cSHAKE)
- chacha (ChaCha20, XChaCha20)
License
orion is licensed under the MIT license. See the LICENSE
file for more information.