32 releases (5 breaking)

0.6.1 Sep 5, 2018
0.5.2 Aug 22, 2018
0.4.2 Jul 26, 2018
0.1.42 Mar 20, 2018

#62 in Cryptography

Download history 7/week @ 2018-09-16 44/week @ 2018-09-23 145/week @ 2018-09-30 57/week @ 2018-10-07 22/week @ 2018-10-14 320/week @ 2018-10-21 8/week @ 2018-10-28 146/week @ 2018-11-04 172/week @ 2018-11-11 103/week @ 2018-11-18 84/week @ 2018-11-25 151/week @ 2018-12-02 117/week @ 2018-12-09

360 downloads per month
Used in 1 crate

MIT license

190KB
3K SLoC

orion

dependency status

About

orion is a cryptography library written in pure-Rust which aims to provide easy and usable crypto. 'Usable' meaning exposing high-level API's that are easy to use and hard to misuse. You can read more about orion in the wiki.

Currently supports:

  • AEAD: ChaCha20Poly1305, XChaCha20Poly1305
  • Stream ciphers: ChaCha20, XChaCha20
  • KDF: HKDF-HMAC-SHA512
  • Password hashing: PBKDF2-HMAC-SHA512
  • MAC: HMAC-SHA512, Poly1305
  • XOF: cSHAKE256

Security

This library is not suitable for production code and usage is at own risk.

More information about security regarding orion is available in the wiki.

Features

  • By default orion targets stable Rust and in this case, extra dependency specifications are not required. Using orion with stable Rust does however depend on a C compiler to be available on the system. Features nightly and no_std do not have this dependency.

  • no_std: To use orion in a no_std context, you need to specify the dependency as such:

[dependencies.orion]
version = "*" # Replace * with the most recent version
default-features = false
features = ["no_std"]

no_std requires Rust nightly and benefits from the same inline assembly features as when using the nightly feature.

When orion is used in a no_std context, access to nearly all functionality, except for that in hazardous, is not available. This is because the high-level functionality depends on the OsRng which is not available in no_std.

  • nightly: The nightly feature enables the use of inline assembly for memory wiping and constant-time comparisons. Using nightly is recommended for security. Specify the dependency as such, to use the nightly feature:
[dependencies.orion]
version = "*" # Replace * with the most recent version
default-features = false
features = ["nightly"]

nightly requires Rust nightly.

Documentation

Can be viewed here or built with:

cargo doc --no-deps

Tests/Fuzzing

The wiki has details on how orion is tested. To run all tests:

cargo test

Fuzzing is done using libFuzzer with cargo-fuzz. Fuzzing targets can be run with:

cargo +nightly fuzz run -O fuzz_target

Benchmarks

The library can be benchmarked as below. All benchmarking tests are located in benches/.

cargo +nightly bench

Changelog

Can be found here.

Alternatives

License

orion is licensed under the MIT license. See the LICENSE file for more information.

Dependencies

~687KB
~13K SLoC