Skip to content

Testing suite

Jump to bottom
brycx edited this page Jan 19, 2022 · 34 revisions

Continuous Integration (CI)

The entire test suite is run with GitHub Actions using the latest stable and nightly Rust. On nightly Rust (with the nightly feature both enabled and not), all tests (except for doctests) are run with AddressSanitizer(with ODR violation detection disabled) and LeakSanitizer.

For LeakSanitizer to be more effective, the opt-level for tests is set to 1 in Cargo.toml via. [profile.dev]. MemorySanitizer and ThreadSanitizer are not included when testing. See rust-san for more information.

Orion is also tested with targets:

  • thumbv7em-none-eabihf (to ensure building as no_std works)
  • i686-unknown-linux-gnu (32-bit)
  • x86_64-apple-darwin (OSX)
  • mips64-unknown-linux-gnuabi64 (Big-endian)
  • armv7-unknown-linux-gnueabihf
  • x86_64-pc-windows-msvc (Windows, Visual Studio 2019)
  • wasm32-unknown-unknown (WebAssembly)

On stable Rust, cargo-audit is used to check for dependencies with reported vulnerabilities.

Automated code coverage is provided by tarpaulin and Codecov.

Official test vectors

Custom test vectors

  • PBKDF2: These test vectors have been generated with the cryptography.io Python package. More information here.
  • HKDF: Test vectors from here. Other test vectors from here. Wycheproof test vectors.

Other test vectors

Fuzzing

Orion is fuzzed using honggfuzz-rs in orion-fuzz.

Fuzzing is done both to detect unwanted behavior but also verify results. Below is a list of other libraries that are used to cross-check the results that Orion produces:

Testing for timing-based side-channel vulnerabilities

Orion is tested in CI, to ensure that relevant parts execute in constant-time. These tests use dudect and can be found in orion-dudect. Orion is also tested for constant-time execution with WASM at orion-sidefuzz.

Clone this wiki locally