Skip to main content

Crate gmcrypto_core

Crate gmcrypto_core 

Source
Expand description

Constant-time-designed pure-Rust SM2 / SM3 / SM4 primitives.

See the workspace README.md for scope, threat model, and the honest framing of the in-CI dudect-based timing-leak regression harness.

§Modules

  • sm2 — SM2 elliptic-curve sign / verify / encrypt / decrypt (GB/T 32918). Comb-table fixed-base scalar mult (v0.3 W6).
  • sm3 — SM3 hash (GB/T 32905) with streaming new/update/finalize.
  • sm4 — SM4 block cipher (GB/T 32907) + CBC mode (single-shot and v0.3 W5 streaming). v0.4 W3 adds an opt-in bitsliced (table-less, gate-only) S-box behind the sm4-bitsliced feature.
  • hmac — HMAC-SM3 (RFC 2104), single-shot + v0.3 W5 streaming.
  • kdf — PBKDF2-HMAC-SM3 (RFC 8018 §5.2).
  • asn1 — strict-canonical DER reader / writer / OID constants (v0.3 W1); GM/T 0009 SM2 ciphertext SEQUENCE; RFC 3279 SM2 signature SEQUENCE.
  • pem — RFC 7468 PEM codec (v0.3 W2; hand-rolled, no_std).
  • spki — RFC 5280 SubjectPublicKeyInfo for SM2 (v0.3 W2).
  • sec1 — RFC 5915 ECPrivateKey + SEC1 uncompressed point (v0.3 W2).
  • pkcs8 — RFC 5958 OneAsymmetricKey + RFC 8018 PBES2 (v0.3 W2).
  • traits — in-crate Hash / Mac / BlockCipher traits (v0.3 W5). v0.4 W2 adds RustCrypto-trait fit (digest::Digest, digest::Mac, cipher::BlockEncrypt/BlockDecrypt) behind the opt-in digest-traits / cipher-traits features.

§Crate features

  • defaultno_std, alloc-only. No optional dependencies.
  • std — opt-in; reserved for future file-I/O wire-format helpers.
  • digest-traits — opt-in (v0.4 W2). Implements digest::Digest for sm3::Sm3 and digest::Mac for hmac::HmacSm3. Pulls digest = "0.10".
  • cipher-traits — opt-in (v0.4 W2). Implements cipher::{BlockEncrypt, BlockDecrypt, BlockSizeUser, KeySizeUser, KeyInit} for sm4::Sm4Cipher. Pulls cipher = "0.4".
  • sm4-bitsliced — opt-in (v0.4 W3). Routes the SM4 S-box through a bitsliced (table-less, gate-only) Itoh-Tsujii inversion in GF(2^8). Byte-identical output to the default linear-scan path; constant-time by construction (no table lookups, no branches on secret bits).

§wasm32-unknown-unknown

Builds clean as of v0.4 W1. The crate is no_std + alloc only and does NOT pull getrandom’s wasm_js backend or wasm-bindgen / js-sys into its default dep graph. Wasm callers wire their own rand_core::Rng impl — see the workspace README.md.

Modules§

asn1
Minimal ASN.1 DER subset.
hmac
HMAC-SM3 — RFC 2104 keyed MAC over GB/T 32905-2016 SM3.
kdf
Key derivation functions.
pem
Hand-rolled PEM (RFC 7468) codec.
pkcs8
PKCS#8 OneAsymmetricKey codec (RFC 5958) + PBES2 encryption (RFC 8018).
sec1
SEC1 ECPrivateKey codec (RFC 5915) for SM2 keys.
sm2
SM2 elliptic curve cryptography (GB/T 32918-2017).
sm3
SM3 hash function (GB/T 32905-2016).
sm4
SM4 block cipher (GB/T 32907-2016) and operating modes.
spki
X.509 SubjectPublicKeyInfo codec (RFC 5280 §4.1.2.7) for SM2 keys.
traits
In-crate streaming primitive traits.