1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
//! SM4 block cipher (GB/T 32907-2016) and operating modes.
//!
//! v0.2 ships:
//!
//! - The raw 128-bit block cipher [`cipher::Sm4Cipher`].
//! - SM4-CBC with PKCS#7 padding (single-shot, [`mode_cbc::encrypt`] /
//! [`mode_cbc::decrypt`]).
//!
//! v0.3 W5 adds streaming wrappers:
//!
//! - [`cbc_streaming::Sm4CbcEncryptor`] / [`cbc_streaming::Sm4CbcDecryptor`].
//!
//! v0.7 W2 adds SM4-CTR (counter mode; unauthenticated stream cipher):
//!
//! - [`mode_ctr::encrypt`] / [`mode_ctr::decrypt`] (single-shot).
//!
//! v0.7 W3 adds the streaming SM4-CTR counterpart:
//!
//! - [`ctr_streaming::Sm4CtrCipher`] (symmetric — serves both directions).
//!
//! See [`cipher`]'s module-doc for the constant-time stance, throughput
//! cost, and KAT sources.
// v0.8 W2 — SM4-GCM single-shot AEAD per NIST SP 800-38D + GM/T 0009 /
// RFC 8998. Behind the `sm4-aead` feature flag (additive; zero impact
// on the default-features build). Pulls in `gmcrypto-simd::ghash` for
// the GHASH primitive (v0.8 W1).
// v0.8 W3 — SM4-CCM single-shot AEAD per NIST SP 800-38C / RFC 3610 +
// GM/T 0009 (OID 1.2.156.10197.1.104.9). Same `sm4-aead` feature flag
// as mode_gcm; pure-Rust CBC-MAC + CTR over the existing
// `Sm4Cipher::encrypt_block(s)` path (no GHASH).
// v0.9 W2 — incremental-input buffered SM4-GCM. Same `sm4-aead` gate;
// reuses `mode_gcm` internals (J0 derivation, inc32) and the
// `gmcrypto-simd::ghash` primitive. The encryptor is output-streaming;
// the decryptor is input-incremental / output-buffered (commit-on-
// verify). Single-shot `mode_gcm` stays the simple path.
// v0.4 W3 — Bitsliced (table-less, gate-only) SM4 S-box behind the
// `sm4-bitsliced` feature flag (Q4.9 / Q4.10 / Q4.11 of
// docs/v0.4-scope.md). The module is `pub(crate)` so `cipher.rs`'s
// `tau` can swap to it when the feature is on; not in the public API.
//
// When `sm4-bitsliced-simd` is also enabled, `tau` dispatches into
// `sbox_bitsliced_simd::sbox` instead (which calls the sibling
// crate). The v0.4 W3 module then becomes dead code at the
// non-test build path, but its `tests::bitsliced_matches_table` is
// still useful as an algorithmic correctness gate and as a
// reference for `sbox_bitsliced_simd::tests::simd_sbox_matches_single_block`.
// v0.12 — SM4-XTS single-shot tweakable mode (GB/T 17964-2021 / GM-T OID
// 1.2.156.10197.1.104.10) behind the `sm4-xts` feature. Pure-core; full
// ciphertext stealing; byte-identical to OpenSSL 3.x EVP SM4-XTS
// (xts_standard=GB). The whole-block bulk rides the Sm4Cipher batch API.
pub
// v0.5 W4 — Multi-block SIMD-packed bitsliced SM4 S-box behind the
// `sm4-bitsliced-simd` feature flag (Q5.10–Q5.15 of
// docs/v0.5-scope.md). Phase 1 ships scaffolding only — the module
// delegates transparently to `sbox_bitsliced` so the cfg-dispatch
// path, dudect target, and CI matrix entry land before the AVX2
// (phase 2) / NEON (phase 3) intrinsic implementations.
pub
pub use ;
pub use ;
pub use Sm4CtrCipher;
// v0.9 W1 — GCM tag-length parameterization newtype.
pub use GcmTagLen;
// v0.9 W2 — incremental-input buffered SM4-GCM types.
pub use ;
// v0.12 — SM4-XTS combined key size (Key1 ‖ Key2 = 2×16 bytes).
pub use XTS_KEY_SIZE;