Files
libsmx/SECURITY.md
T
huangxt a58fe8275e 发布 v0.2.0:新增 BLS 签名与 FPE 格式保留加密
新增功能:
- BLS 签名:基于 BN256 配对的最小签名尺寸变体
- BLS 门限签名:Shamir 秘密分享 + Lagrange 插值聚合
- Hash-to-Curve:RFC 9380 兼容,SM3 消息扩展
- FPE 格式保留加密:基于 SM4 的 Feistel 密码
- SM9 Fp 平方根:Tonelli-Shanks 算法

文档更新:
- README 添加 BLS/FPE 算法描述
- CHANGELOG 添加 v0.2.0 变更记录
- SECURITY 更新版本支持表
2026-03-08 20:02:06 +08:00

2.1 KiB

Security Policy

Supported Versions

Version Supported
0.2.x Yes
0.1.x Yes
< 0.1 No

Reporting a Vulnerability

If you discover a security vulnerability in libsmx, please report it responsibly:

Email: kintai@foxmail.com

Please include:

  • Description of the vulnerability
  • Steps to reproduce
  • Affected versions
  • Any potential impact assessment

Response timeline:

This project is maintained by an individual. No fixed response time is guaranteed. The author will handle all security reports as soon as possible, but cannot commit to specific timelines.

Scope

The following areas are considered in-scope for security reports:

  • Timing side-channels: Any operation whose execution time depends on secret data (private keys, plaintext, nonces)
  • Memory safety: Buffer overflows, use-after-free, or uninitialized memory reads (note: this crate uses #![forbid(unsafe_code)])
  • Key material leakage: Private keys or intermediate secret values not properly zeroized
  • Cryptographic correctness: Deviations from GB/T standards that weaken security guarantees
  • Authentication bypass: Incorrect MAC/tag verification in GCM/CCM modes

Out of Scope

  • Performance issues that don't affect security
  • Dependencies' vulnerabilities (report upstream)
  • Attacks requiring physical access to the device

Security Design

libsmx employs the following defenses:

  • Constant-time operations: All secret-dependent code uses subtle::ConstantTimeEq, ConditionallySelectable, and fixed-iteration loops
  • No table lookups for S-boxes: SM4 uses boolean circuit bitslice implementation to prevent cache-timing attacks
  • Automatic key zeroization: All private key types derive ZeroizeOnDrop
  • No unsafe code: #![forbid(unsafe_code)] is enforced at the crate level
  • Complete EC formulas: SM2 point addition uses branch-free complete addition formulas (Renes-Costello-Batina 2016)

Disclosure Policy

We follow coordinated disclosure. Please do not open public GitHub issues for security vulnerabilities.