7c159343f8
新增功能: - rustls CryptoProvider:完整 rustls 0.23.x 支持 - SM3 Hash/Context trait 实现 - SM3 HMAC trait 实现 - SM4-GCM/CCM AEAD 密码套件 - SM2 ECDHE 密钥交换 - SM2 签名/验签算法 - SM3 流式 HMAC(HmacSm3) - SM2 SPKI DER 编码 - SM2 DEFAULT_ID 常量 文档更新: - README 依赖版本更新为 0.3 - CHANGELOG 添加 v0.3.0 变更记录 - SECURITY 更新版本支持表
57 lines
2.1 KiB
Markdown
57 lines
2.1 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
| Version | Supported |
|
|
|---------|-----------|
|
|
| 0.3.x | Yes |
|
|
| 0.2.x | Yes |
|
|
| 0.1.x | Yes |
|
|
| < 0.1 | No |
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you discover a security vulnerability in libsmx, please report it responsibly:
|
|
|
|
**Email**: [kintai@foxmail.com](mailto:kintai@foxmail.com)
|
|
|
|
**Please include**:
|
|
- Description of the vulnerability
|
|
- Steps to reproduce
|
|
- Affected versions
|
|
- Any potential impact assessment
|
|
|
|
**Response timeline**:
|
|
|
|
This project is maintained by an individual. No fixed response time is guaranteed. The author will handle all security reports as soon as possible, but cannot commit to specific timelines.
|
|
|
|
## Scope
|
|
|
|
The following areas are considered in-scope for security reports:
|
|
|
|
- **Timing side-channels**: Any operation whose execution time depends on secret data (private keys, plaintext, nonces)
|
|
- **Memory safety**: Buffer overflows, use-after-free, or uninitialized memory reads (note: this crate uses `#![forbid(unsafe_code)]`)
|
|
- **Key material leakage**: Private keys or intermediate secret values not properly zeroized
|
|
- **Cryptographic correctness**: Deviations from GB/T standards that weaken security guarantees
|
|
- **Authentication bypass**: Incorrect MAC/tag verification in GCM/CCM modes
|
|
|
|
## Out of Scope
|
|
|
|
- Performance issues that don't affect security
|
|
- Dependencies' vulnerabilities (report upstream)
|
|
- Attacks requiring physical access to the device
|
|
|
|
## Security Design
|
|
|
|
libsmx employs the following defenses:
|
|
|
|
- **Constant-time operations**: All secret-dependent code uses `subtle::ConstantTimeEq`, `ConditionallySelectable`, and fixed-iteration loops
|
|
- **No table lookups for S-boxes**: SM4 uses boolean circuit bitslice implementation to prevent cache-timing attacks
|
|
- **Automatic key zeroization**: All private key types derive `ZeroizeOnDrop`
|
|
- **No unsafe code**: `#![forbid(unsafe_code)]` is enforced at the crate level
|
|
- **Complete EC formulas**: SM2 point addition uses branch-free complete addition formulas (Renes-Costello-Batina 2016)
|
|
|
|
## Disclosure Policy
|
|
|
|
We follow coordinated disclosure. Please do **not** open public GitHub issues for security vulnerabilities.
|