Skip to main content

gmcrypto_core/
lib.rs

1//! Constant-time-designed pure-Rust SM2 / SM3 / SM4 primitives.
2//!
3//! See the workspace `README.md` for scope, threat model, and the honest
4//! framing of the in-CI `dudect`-based timing-leak regression harness.
5//!
6//! # Modules
7//!
8//! - [`sm2`] — SM2 elliptic-curve sign / verify / encrypt / decrypt
9//!   (GB/T 32918). Comb-table fixed-base scalar mult (v0.3 W6).
10//! - [`sm3`] — SM3 hash (GB/T 32905) with streaming `new/update/finalize`.
11//! - [`sm4`] — SM4 block cipher (GB/T 32907) + CBC mode (single-shot
12//!   and v0.3 W5 streaming). v0.4 W3 adds an opt-in bitsliced
13//!   (table-less, gate-only) S-box behind the `sm4-bitsliced` feature.
14//! - [`hmac`] — HMAC-SM3 (RFC 2104), single-shot + v0.3 W5 streaming.
15//! - [`kdf`] — PBKDF2-HMAC-SM3 (RFC 8018 §5.2).
16//! - [`asn1`] — strict-canonical DER reader / writer / OID constants
17//!   (v0.3 W1); GM/T 0009 SM2 ciphertext SEQUENCE; RFC 3279 SM2
18//!   signature SEQUENCE.
19//! - [`pem`] — RFC 7468 PEM codec (v0.3 W2; hand-rolled, `no_std`).
20//! - [`spki`] — RFC 5280 `SubjectPublicKeyInfo` for SM2 (v0.3 W2).
21//! - [`sec1`] — RFC 5915 `ECPrivateKey` + SEC1 uncompressed point (v0.3 W2).
22//! - [`pkcs8`] — RFC 5958 `OneAsymmetricKey` + RFC 8018 PBES2 (v0.3 W2).
23//! - [`traits`] — in-crate `Hash` / `Mac` / `BlockCipher` traits
24//!   (v0.3 W5). v0.4 W2 adds RustCrypto-trait fit (`digest::Digest`,
25//!   `digest::Mac`, `cipher::BlockEncrypt`/`BlockDecrypt`) behind the
26//!   opt-in `digest-traits` / `cipher-traits` features.
27//!
28//! # Crate features
29//!
30//! - `default` — `no_std`, `alloc`-only. No optional dependencies.
31//! - `std` — opt-in; reserved for future file-I/O wire-format helpers.
32//! - `digest-traits` — opt-in (v0.4 W2). Implements `digest::Digest` for
33//!   [`sm3::Sm3`] and `digest::Mac` for [`hmac::HmacSm3`]. Pulls
34//!   `digest = "0.10"`.
35//! - `cipher-traits` — opt-in (v0.4 W2). Implements
36//!   `cipher::{BlockEncrypt, BlockDecrypt, BlockSizeUser, KeySizeUser,
37//!   KeyInit}` for [`sm4::Sm4Cipher`]. Pulls `cipher = "0.4"`.
38//! - `sm4-bitsliced` — opt-in (v0.4 W3). Routes the SM4 S-box through
39//!   a bitsliced (table-less, gate-only) Itoh-Tsujii inversion in
40//!   GF(2^8). Byte-identical output to the default linear-scan path;
41//!   constant-time by construction (no table lookups, no branches on
42//!   secret bits).
43//!
44//! # `wasm32-unknown-unknown`
45//!
46//! Builds clean as of v0.4 W1. The crate is `no_std + alloc` only and
47//! does NOT pull `getrandom`'s `wasm_js` backend or `wasm-bindgen` /
48//! `js-sys` into its default dep graph. Wasm callers wire their own
49//! `rand_core::Rng` impl — see the workspace `README.md`.
50
51#![no_std]
52#![deny(missing_docs)]
53#![doc(html_root_url = "https://docs.rs/gmcrypto-core/0.4.0")]
54
55extern crate alloc;
56
57#[cfg(feature = "std")]
58extern crate std;
59
60pub mod asn1;
61pub mod hmac;
62pub mod kdf;
63pub mod pem;
64pub mod pkcs8;
65pub mod sec1;
66pub mod sm2;
67pub mod sm3;
68pub mod sm4;
69pub mod spki;
70pub mod traits;