-
Notifications
You must be signed in to change notification settings - Fork 30
Testing suite
orion is always tested with the latest stable and nightly Rust versions.
The entire test suite is run with Travis CI using latest stable and nightly Rust. On nightly Rust (with the nightly both enabled and not), all tests (except for doctests) are run with AddressSanitizer(with ODR violation detection disabled) and LeakSanitizer.
For LeakSanitizer to be more effective, the opt-level for tests are set to 1 in Cargo.toml via. [profile.dev]. MemorySanitizer and ThreadSanitizer are not included when testing. See rust-san for more information.
orion is also tested with targets:
-
thumbv7em-none-eabihf(to ensure building asno_stdworks) i686-unknown-linux-gnu-
x86_64-apple-darwin(OSX)
On stable Rust, cargo-audit is used to check for dependencies with reported vulnerabilities.
Automated code coverage is provided by tarpaulin and Codecov.
- HMAC: RFC 4231.
- cSHAKE: KeccakCodePackage.
- ChaCha20: RFC 8439.
- Poly1305: RFC 8439.
- ChaCha20Poly1305: RFC 8439.
- PBKDF2: These test vectors have been generated with the cryptography.io Python package. More information here.
- HKDF: Test vectors from here. Other test vectors from here.
- Poly1305: Monocypher test vectors. BoringSSL test vectors.
- ChaCha20: BoringSSL test vectors.
- ChaCha20Poly1305: BoringSSL test vectors. Wycheproof test vectors.
- HChaCha20: Monocypher test vectors.
- XChaCha20: draft RFC test vectors.
- XChaCha20Poly1305: sodiumoxide test vectors. BoringSSL test vectors.
orion is fuzzed using libFuzzer through cargo-fuzz. Fuzzing is done both to detect unwanted behavior but also verify results. Below is a list of other libraries that are used to cross-check the results that orion produces:
- HMAC: ring.
- HKDF: ring.
- PBKDF2: ring.
- cSHAKE: sp800-185.
- Poly1305: sodiumoxide (binding to libsodium).
- ChaCha20: chacha.
- ChaCha20Poly1305: ring.
- HChaCha20: None currently.
- XChaCha20: chacha.
- XChaCha20Poly1305: sodiumoxide (binding to libsodium).