kamu_snap_crypto/lib.rs
1//! Framework-agnostic cryptography for Bank Indonesia SNAP BI integrations.
2//!
3//! This crate is the cryptographic spine shared by every PT IMMER SNAP BI
4//! consumer (client and server). It exposes:
5//!
6//! - [`HmacSigner`] — HMAC-SHA512 sign/verify with constant-time verification.
7//! - [`RsaSigner`] / [`RsaVerifier`] — PKCS#8-only RSA, generic over
8//! [`SignatureScheme`] (PKCS#1-v1.5 and PSS, SHA-256 and SHA-512).
9//! - [`Signature`] + [`Encoding`] — encoding-agnostic signature bytes; callers
10//! pick base64 / base64url-nopad / lowercase-hex at the call site.
11//! - [`snap_bi`] (feature `snap-bi`, default on) — canonical stringToSign
12//! builders, SHA-256/512 lower-hex helpers, Jakarta timestamp formatters, and
13//! SNAP BI header builders.
14//! - [`webhook`] (feature `webhook`, default on) — provider-extensible webhook
15//! signature verification (Inacash, BRI VA paid, etc.).
16//!
17//! # Security guarantees
18//!
19//! - **No `unsafe`** anywhere in this crate (`#![forbid(unsafe_code)]`).
20//! - **PKCS#8 enforcement**: legacy PKCS#1 PEMs are rejected by the upstream
21//! `rsa` crate parsers used here.
22//! - **Constant-time verification**: HMAC verification uses
23//! `hmac::Mac::verify_slice`; RSA verification delegates to
24//! `rsa::signature::Verifier::verify` which is constant-time per upstream
25//! documentation.
26//! - **No `actix-web` or HTTP-framework coupling**: this is a leaf crate.
27//! `wasm32-unknown-unknown` compiles require the downstream consumer to
28//! enable `getrandom/js` (pulled transitively via `rsa`).
29
30#![forbid(unsafe_code)]
31
32pub mod error;
33pub mod hmac;
34pub mod rsa;
35pub mod signature;
36
37#[cfg(feature = "snap-bi")]
38pub mod snap_bi;
39
40#[cfg(feature = "webhook")]
41pub mod webhook;
42
43pub use error::{Error, Result};
44pub use hmac::HmacSigner;
45pub use rsa::{RsaSigner, RsaVerifier, SignatureScheme};
46pub use signature::{Encoding, Signature};