Files
libsmx/CHANGELOG.md
T
huangxt 21e7e65b32 添加 GitHub Pages 文档与 CI 修复
新增功能:
- docs/ 目录:GitHub Pages 静态页面
  - index.html:项目主页
  - og-image.png/svg:社交分享图片
- tests/rustls_provider.rs:rustls CryptoProvider 集成测试
- rustls_provider 模块增强:
  - hash.rs:新增测试和文档
  - hmac.rs:新增测试和文档
  - kx.rs:新增测试和文档
  - sign.rs:新增测试和文档
  - verify.rs:新增测试和文档

CI 修复:
- rustls 依赖改为 git 源,避免本地路径依赖问题
- 简化 SM3 HMAC 流式测试,移除 alloc 依赖
- 移除未使用的 extern crate alloc
- 代码格式化

文档更新:
- README.md:添加 GitHub Pages 链接
- CHANGELOG.md:更新变更记录
- Cargo.toml:添加 dev-dependencies
2026-03-09 18:51:40 +08:00

7.3 KiB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

0.3.0 - 2025-03-09

Added

  • rustls CryptoProvider (rustls_provider module, requires rustls feature)
    • Full rustls 0.23.x CryptoProvider implementation for TLCP (Chinese TLS)
    • hash.rs: SM3 Hash and Context trait implementations
    • hmac.rs: SM3 HMAC trait implementation
    • tls13.rs: SM4-GCM/CCM AEAD cipher suites (TLS13_SM4_GCM_SM3, TLS13_SM4_CCM_SM3)
    • kx.rs: SM2 ECDHE key exchange
    • sign.rs: SM2 signing algorithm
    • verify.rs: SM2 signature verification
    • mod.rs: crypto_provider() function returning complete CryptoProvider
  • SM3 streaming HMAC (HmacSm3)
    • update(): Streaming data input
    • finalize(): Final HMAC computation
  • SM2 SPKI DER encoding
    • public_key_to_spki_der(): Encode public key as RFC 5480 SubjectPublicKeyInfo
  • SM2 DEFAULT_ID constant
    • DEFAULT_ID: Default user ID "1234567812345678" (16 bytes)

Changed

  • Cargo.toml: Added rustls optional feature with dependencies

0.2.1 - 2025-03-08

Added

  • SM2 key exchange (sm2::key_exchange module)
    • exchange_a / exchange_b: GB/T 32918.3 full key exchange protocol with confirmation hash
    • ecdh: Simple SM2-ECDH shared secret computation (TLS/rustls compatible)
    • ecdh_from_slice: Slice-based ECDH for TLS integration
    • EphemeralKey: Ephemeral key pair with ZeroizeOnDrop
  • SM2 DER codec (sm2::der module)
    • sig_to_der / sig_from_der: Signature DER encoding/decoding
    • private_key_from_sec1_der: RFC 5915 SEC1 private key parsing
    • private_key_from_pkcs8_der: RFC 5958 PKCS#8 private key parsing
  • SM2 convenience API (sm2 module)
    • sign_message / verify_message: One-step sign/verify with automatic Z-value computation
  • HKDF-SM3 (sm3::hkdf module)
    • hkdf_extract / hkdf_expand / hkdf: RFC 5869 compatible
  • SM3 Hasher enhancements
    • reset() / finalize_reset(): Streaming hasher reuse
  • SM4 AEAD combined format
    • sm4_encrypt_gcm_combined / sm4_decrypt_gcm_combined: TLS format (ciphertext||tag)
    • sm4_encrypt_ccm_combined / sm4_decrypt_ccm_combined: Same format for CCM

0.2.0 - 2025-03-08

Added

  • BLS signatures (bls module, requires alloc feature)
    • bls_keygen / bls_sign / bls_verify: minimal-signature-size variant (sig ∈ G1, pk ∈ G2)
    • bls_aggregate / bls_aggregate_verify: multi-message aggregate signatures
    • bls_fast_aggregate_verify: fast aggregate verification for same-message multi-signer
    • BlsSignature::to_bytes / from_bytes: 65-byte serialization (uncompressed G1 point)
    • BlsPubKey::to_bytes / from_bytes: 128-byte serialization (uncompressed G2 point)
  • BLS threshold signatures (bls::threshold module)
    • bls_threshold_keygen: Trusted Dealer mode, Shamir polynomial secret sharing
    • bls_partial_sign / bls_combine_signatures: Lagrange interpolation based aggregation
    • Supports (t+1, n) threshold configurations
  • Hash-to-Curve (bls::hash_to_curve module)
    • hash_to_g1: RFC 9380 compliant, maps arbitrary message to BN256 G1 point
    • expand_message_xmd: RFC 9380 §5.3.1, message expansion using SM3 as hash
    • map_to_curve_svdw: Shallue-van de Woestijne mapping for BN256 (a=0 curve)
  • fp_sqrt in sm9::fields::fp
    • Tonelli-Shanks modular square root for SM9 BN256 Fp (p ≡ 1 mod 4)
    • fp_is_square: Euler criterion based quadratic residue test
  • FPE format-preserving encryption (fpe module)
    • FpeKey: 7-round Luby-Rackoff Feistel cipher based on SM4
    • Supports 1~128 bit plaintext/ciphertext domains
    • expand_tweak: arbitrary-length tweak via SM4 hash
    • Automatic key zeroization on drop (ZeroizeOnDrop)

Security

  • BLS signature DST separation: signing uses BLS_SIG_SM9G1_XMD:SM3_SVDW_RO_NUL_, PoP uses a different tag
  • BN256 security note: ~100-bit actual security level documented in API docs

0.1.1 - 2025-03-07

Fixed

  • Fixed cargo test --no-default-features --lib compilation error
    • SM3 tests: removed alloc dependency, use manual hex parsing
    • SM4 modes tests: added #[cfg(feature = "alloc")]

Changed

  • MSRV raised to 1.83.0 (required by crypto-bigint 0.6.x for ConstMontyForm constant-time Montgomery arithmetic)
  • Use Rust 1.83+ built-in div_ceil method instead of manual implementation
  • Optimized sanity_check.sh to skip test code, avoiding false positives

0.1.0 - 2025-03-07

Added

  • SM2 elliptic curve cryptography (GB/T 32918.1-5-2016)
    • Key generation, digital signature (with Z-value), public key encryption/decryption
    • Complete addition formulas for constant-time point operations
    • Fixed-window (w=4) base point scalar multiplication with precomputed table
    • Mixed Jacobian-Affine addition for optimized verification (Shamir's trick)
    • Point compression/decompression (GB/T 32918.1 section 4.2.10)
  • SM3 cryptographic hash (GB/T 32905-2016)
    • Streaming and one-shot hashing API
    • HMAC-SM3 with automatic key material zeroization
  • SM4 block cipher (GB/T 32907-2016)
    • Boolean circuit bitslice S-box (cache-timing resistant)
    • 8 modes of operation: ECB, CBC, OFB, CFB, CTR, GCM, CCM, XTS
    • GCM/CCM authenticated encryption with constant-time tag verification
  • SM9 identity-based cryptography (GB/T 38635.1-2-2020)
    • BN256 pairing (optimal Ate with Miller loop + final exponentiation)
    • Fp12 tower extension: Fp -> Fp2(u^2+2) -> Fp6(v^3-u) -> Fp12(w^2-v)
    • Identity-based signing and verification
    • Identity-based encryption and decryption
  • Unified Error enum with Display and conditional std::error::Error impl
  • no_std support with optional alloc and std features
  • #![forbid(unsafe_code)] enforced at crate level
  • Automatic private key zeroization via zeroize::ZeroizeOnDrop
  • GB/T standard test vectors for all algorithms
  • Criterion benchmarks for all algorithms with baseline performance data:
    • SM3: 374 MiB/s throughput (64 KiB)
    • SM4-ECB: 27 MiB/s throughput (64 KiB)
    • SM2 sign: 258 µs, verify: 316 µs
    • SM9 sign: 3.44 ms, verify: 5.50 ms

Changed

  • MSRV raised to 1.83.0 (required by crypto-bigint 0.6.x for ConstMontyForm constant-time Montgomery arithmetic)

Security

  • GCM gf128_mul: replaced secret-dependent if branches with mask arithmetic
  • SM2 is_infinity: replaced short-circuit Iterator::all with ConstantTimeEq
  • SM2 add: replaced 3 conditional branches with complete addition formulas + conditional_select
  • SM2 double: replaced if is_infinity() with conditional_select
  • HMAC-SM3: added zeroize for k_pad/ipad/opad key material on stack
  • CCM: reject AAD > 510 bytes instead of silently skipping
  • XTS: reject non-16-byte-aligned input instead of silently truncating
  • SM9 hash_to_range: replaced variable-iteration while loop with constant-time conditional select