Skip to main content

kamu_snap_crypto/
lib.rs

1//! Framework-agnostic cryptography for Bank Indonesia SNAP BI integrations.
2//!
3//! This crate is the cryptographic spine shared by every PT IMMER SNAP BI
4//! consumer (client and server). It exposes:
5//!
6//! - [`HmacSigner`] — HMAC-SHA512 sign/verify with constant-time verification.
7//! - [`RsaSigner`] / [`RsaVerifier`] — PKCS#8-only RSA, generic over
8//!   [`SignatureScheme`] (PKCS#1-v1.5 and PSS, SHA-256 and SHA-512).
9//! - [`Signature`] + [`Encoding`] — encoding-agnostic signature bytes; callers
10//!   pick base64 / base64url-nopad / lowercase-hex at the call site.
11//! - [`snap_bi`] (feature `snap-bi`, default on) — canonical stringToSign
12//!   builders, SHA-256/512 lower-hex helpers, Jakarta timestamp formatters, and
13//!   SNAP BI header builders.
14//! - [`webhook`] (feature `webhook`, default on) — provider-extensible webhook
15//!   signature verification (Inacash, BRI VA paid, etc.).
16//!
17//! # Security guarantees
18//!
19//! - **No `unsafe`** anywhere in this crate (`#![forbid(unsafe_code)]`).
20//! - **PKCS#8 enforcement**: legacy PKCS#1 PEMs are rejected by the upstream
21//!   `rsa` crate parsers used here.
22//! - **Constant-time verification**: HMAC verification uses
23//!   `hmac::Mac::verify_slice`; RSA verification delegates to
24//!   `rsa::signature::Verifier::verify` which is constant-time per upstream
25//!   documentation.
26//! - **No `actix-web` or HTTP-framework coupling**: this is a leaf crate.
27//!   `wasm32-unknown-unknown` compiles require the downstream consumer to
28//!   enable `getrandom/js` (pulled transitively via `rsa`).
29
30#![forbid(unsafe_code)]
31
32pub mod error;
33pub mod hmac;
34pub mod rsa;
35pub mod signature;
36
37#[cfg(feature = "snap-bi")]
38pub mod snap_bi;
39
40#[cfg(feature = "webhook")]
41pub mod webhook;
42
43pub use error::{Error, Result};
44pub use hmac::HmacSigner;
45pub use rsa::{RsaSigner, RsaVerifier, SignatureScheme};
46pub use signature::{Encoding, Signature};