Lib.rs

Cryptography
#aead #mac #hash #stream-cipher #crypto #key-exchange

no-std orion

Usable, easy and safe pure-Rust crypto

by Johannes and 13 contributors

16 releases

0.17.6 Sep 19, 2023
0.17.5 Jul 4, 2023
0.17.4 Mar 4, 2023
0.17.3 Dec 7, 2022
0.1.42 Mar 20, 2018

#25 in Cryptography

Download history 23623/week @ 2023-12-11 24098/week @ 2023-12-18 17702/week @ 2023-12-25 21929/week @ 2024-01-01 25388/week @ 2024-01-08 25557/week @ 2024-01-15 23873/week @ 2024-01-22 37520/week @ 2024-01-29 31702/week @ 2024-02-05 31977/week @ 2024-02-12 33568/week @ 2024-02-19 39724/week @ 2024-02-26 42748/week @ 2024-03-04 44029/week @ 2024-03-11 46243/week @ 2024-03-18 36630/week @ 2024-03-25

173,246 downloads per month
Used in 47 crates (15 directly)

MIT license

1MB
14K SLoC

orion

Tests Daily tests dudect Audit codecov Documentation Crates.io Safety Dance MSRV Matrix

About

Orion is a cryptography library written in pure Rust. It aims to provide easy and usable crypto while trying to minimize the use of unsafe code. You can read more about Orion in the wiki.

Currently supports:

  • AEAD: (X)ChaCha20-Poly1305.
  • Hashing: BLAKE2b, SHA2, SHA3.
  • KDF: HKDF, PBKDF2, Argon2i.
  • Key exchange: X25519.
  • MAC: HMAC, Poly1305.
  • Stream ciphers: (X)ChaCha20.
  • KEM: DHKEM(X25519, HKDF-SHA256).

Experimental support (with experimental feature enabled):

  • Committing AEAD: (X)ChaCha20-Poly1305-BLAKE2b.

Security

This library has not undergone any third-party security audit. Usage is at own risk.

Orion uses formally verified arithmetic, generated by Fiat Crypto, for the X25519 and Poly1305 implementations.

See the SECURITY.md regarding recommendations on correct use, reporting security issues and more. Additional information about security regarding Orion is available in the wiki.

Minimum Supported Rust Version

Rust 1.70 or later is supported however, the majority of testing happens with latest stable Rust.

MSRV may be changed at any point and will not be considered a SemVer breaking change.

Crate Features

  • default/safe_api: All functionality, requires std.
  • serde: Requires either alloc or default/safe_api.
  • alloc: Argon2i in hazardous when default/safe_api is not available.
  • no_std: Implicit feature that represents no heap allocations. Enabled by disabling default features and not selecting any additional features.
  • experimental: These APIs may contain breaking changes in any non SemVer-breaking crate releases.

More detailed explanation of the features in the wiki.

Documentation

Can be viewed here or built with:

RUSTDOCFLAGS='--cfg docsrs' cargo +nightly doc --no-deps --all-features

Tests and Fuzzing

The wiki has details on how Orion is tested. To run all tests:

cargo test

Fuzzing is done using honggfuzz-rs in orion-fuzz. See orion-fuzz on how to start fuzzing Orion.

Constant-time execution tests can be found at orion-dudect and orion-sidefuzz.

Benchmarks

An overview of the performance that can be expected from Orion can be seen here.

The library can be benchmarked with Criterion as below. All benchmarking tests are located in benches/.

cargo bench

Changelog

Please refer to the CHANGELOG.md list.

Contributing

Please refer to the guidelines in CONTRIBUTING.md for information on how to contribute to Orion.

License

Orion is licensed under the MIT license. See the LICENSE file for more information.

Dependencies

~4MB
~83K SLoC