Skip to main content

Crate gmcrypto_core

Crate gmcrypto_core 

Source
Expand description

Constant-time-designed pure-Rust SM2 / SM3 / SM4 primitives.

See the workspace README.md for scope, threat model, and the honest framing of the in-CI dudect-based timing-leak regression harness.

§Modules

  • sm2 — SM2 elliptic-curve sign / verify / encrypt / decrypt (GB/T 32918). Comb-table fixed-base scalar mult (v0.3 W6). The opt-in sm2-key-exchange feature (v1.1) adds sm2::key_exchange — GM/T 0003.3 key agreement with key confirmation (Sm2KxInitiator / Sm2KxResponder role state-machines).
  • sm3 — SM3 hash (GB/T 32905) with streaming new/update/finalize.
  • x509 (the module appears with the feature of the same name, v1.3) — X.509-with-SM2 LEAF certificate parse + SM2-with-SM3 signature verify over the exact wire tbsCertificate bytes. No trust decisions (no chains / time checks / extension interpretation / revocation).
  • sm4 — SM4 block cipher (GB/T 32907) + CBC and CTR modes (single-shot and streaming). The opt-in sm4-aead feature adds SM4-GCM (single-shot + incremental-input buffered) and SM4-CCM; the opt-in sm4-xts feature adds SM4-XTS (GB/T 17964-2021, single-shot + in-place multi-sector). v0.4 W3 adds an opt-in bitsliced (table-less, gate-only) S-box behind the sm4-bitsliced feature.
  • hmac — HMAC-SM3 (RFC 2104), single-shot + v0.3 W5 streaming.
  • kdf — PBKDF2-HMAC-SM3 (RFC 8018 §5.2).
  • asn1 — strict-canonical DER reader / writer / OID constants (v0.3 W1); GM/T 0009 SM2 ciphertext SEQUENCE; RFC 3279 SM2 signature SEQUENCE.
  • pem — RFC 7468 PEM codec (v0.3 W2; hand-rolled, no_std).
  • spki — RFC 5280 SubjectPublicKeyInfo for SM2 (v0.3 W2).
  • sec1 — RFC 5915 ECPrivateKey + SEC1 uncompressed point (v0.3 W2).
  • pkcs8 — RFC 5958 OneAsymmetricKey + RFC 8018 PBES2 (v0.3 W2).
  • [traits] — in-crate Hash / Mac / BlockCipher traits (v0.3 W5). v0.4 W2 adds RustCrypto-trait fit (digest::Digest, digest::Mac, cipher::BlockCipherEncrypt/BlockCipherDecrypt) behind the opt-in digest-traits / cipher-traits features (migrated to digest 0.11 / cipher 0.5 in v0.11).

§Crate features

  • defaultno_std, alloc-only. No optional dependencies.
  • digest-traits — opt-in (v0.4 W2). Implements digest::Digest for sm3::Sm3 and digest::Mac for hmac::HmacSm3. Pulls digest = "0.11" — a pre-1.0 ecosystem crate, so a breaking digest release is not covered by gmcrypto-core’s SemVer (bump your own).
  • cipher-traits — opt-in (v0.4 W2). Implements cipher::{BlockCipherEncrypt, BlockCipherDecrypt, BlockSizeUser, KeySizeUser, KeyInit} for sm4::Sm4Cipher. Pulls cipher = "0.5" — a pre-1.0 ecosystem crate, so a breaking cipher release is not covered by gmcrypto-core’s SemVer (bump your own).
  • sm4-bitsliced — opt-in (v0.4 W3). Routes the SM4 S-box through a bitsliced (table-less, gate-only) Itoh-Tsujii inversion in GF(2^8). Byte-identical output to the default linear-scan path; constant-time by construction (no table lookups, no branches on secret bits).
  • sm4-bitsliced-simd — opt-in (v0.5 W4 scaffolding; AVX2 / NEON intrinsic implementations land in v0.5.x). Implies sm4-bitsliced. Default-off.
  • crypto-bigint-scalar — opt-in (v0.5 W5). Exposes sm2::Sm2PrivateKey::from_scalar which takes a crypto_bigint::U256 directly. Default-off; the always-on from_bytes_be constructor is the recommended path for callers who don’t want a transitive crypto-bigint dep.
  • sm4-aead — opt-in (v0.8). SM4-GCM (sm4::mode_gcm, plus the v0.9 incremental-input buffered sm4::gcm_streaming) and SM4-CCM (sm4::mode_ccm) authenticated encryption. Pulls the workspace-internal gmcrypto-simd for the GHASH primitive (CLMUL / PMULL / constant-time software fallback).
  • sm4-xts — opt-in (v0.12). SM4-XTS tweakable disk/sector mode (sm4::mode_xts; GB/T 17964-2021, bit-reflected α-doubling — not IEEE 1619), single-shot + the v0.15 in-place multi-sector helpers. Pure-core, no new dependency. Confidentiality only — XTS does not authenticate.
  • sm2-key-exchange — opt-in (v1.1). GM/T 0003.3 ≡ GB/T 32918.3-2016 key agreement with mandatory key confirmation (sm2::key_exchange): consume-on-transition role state-machines, single-use ephemerals, commit-on-confirm key release, ZeroizeOnDrop agreed key. Pure-core, no new dependency; byte-identical to the GM/T 0003.5 recommended-curve worked example. The C ABI projection ships in gmcrypto-c (v1.2).
  • x509 — opt-in (v1.3). X.509-with-SM2 leaf certificate parse + signature verify (GM/T 0015 profile): strict in-repo DER, v3-only, sm2-sign-with-sm3 outer==inner, SPKI delegated to spki. Pure-core, no new dependency, public inputs only (no constant-time obligations arise). NO trust decisions — see the module docs.

§wasm32-unknown-unknown

Builds clean as of v0.4 W1. The crate is no_std + alloc only and does NOT pull getrandom’s wasm_js backend or wasm-bindgen / js-sys into its default dep graph. Wasm callers wire their own rand_core::Rng impl — see the workspace README.md.

Modules§

asn1
Minimal ASN.1 DER subset.
hmac
HMAC-SM3 — RFC 2104 keyed MAC over GB/T 32905-2016 SM3.
kdf
Key derivation functions.
pem
Hand-rolled PEM (RFC 7468) codec.
pkcs8
PKCS#8 OneAsymmetricKey codec (RFC 5958) + PBES2 encryption (RFC 8018).
sec1
SEC1 ECPrivateKey codec (RFC 5915) for SM2 keys.
sm2
SM2 elliptic curve cryptography (GB/T 32918-2017).
sm3
SM3 hash function (GB/T 32905-2016).
sm4
SM4 block cipher (GB/T 32907-2016) and operating modes.
spki
X.509 SubjectPublicKeyInfo codec (RFC 5280 §4.1.2.7) for SM2 keys.
x509
X.509-with-SM2: leaf certificate parse + SM2-with-SM3 signature verify (v1.3; GM/T 0015 profile over the RFC 5280 structure).

Enums§

Error
Workspace-wide failure type (v0.5 W5).