ce88fd8365
- 添加 .github/workflows/ci.yml:多平台测试、MSRV 验证、覆盖率、性能基准、自动发布 - 添加 .github/scripts/sanity_check.sh:安全性扫描脚本 - 更新 README 添加 CI 和覆盖率徽章 - 更新 SECURITY.md 响应时间说明(个人维护,无限期宽限)
2.1 KiB
2.1 KiB
Security Policy
Supported Versions
| Version | Supported |
|---|---|
| 0.3.x | Yes |
| < 0.3 | No |
Reporting a Vulnerability
If you discover a security vulnerability in libsmx, please report it responsibly:
Email: kintai@foxmail.com
Please include:
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Any potential impact assessment
Response timeline:
本项目由个人维护,响应时间不设固定期限。作者会尽快处理所有安全报告,但无法承诺具体的响应时间。
Scope
The following areas are considered in-scope for security reports:
- Timing side-channels: Any operation whose execution time depends on secret data (private keys, plaintext, nonces)
- Memory safety: Buffer overflows, use-after-free, or uninitialized memory reads (note: this crate uses
#![forbid(unsafe_code)]) - Key material leakage: Private keys or intermediate secret values not properly zeroized
- Cryptographic correctness: Deviations from GB/T standards that weaken security guarantees
- Authentication bypass: Incorrect MAC/tag verification in GCM/CCM modes
Out of Scope
- Performance issues that don't affect security
- Dependencies' vulnerabilities (report upstream)
- Attacks requiring physical access to the device
Security Design
libsmx employs the following defenses:
- Constant-time operations: All secret-dependent code uses
subtle::ConstantTimeEq,ConditionallySelectable, and fixed-iteration loops - No table lookups for S-boxes: SM4 uses boolean circuit bitslice implementation to prevent cache-timing attacks
- Automatic key zeroization: All private key types derive
ZeroizeOnDrop - No unsafe code:
#![forbid(unsafe_code)]is enforced at the crate level - Complete EC formulas: SM2 point addition uses branch-free complete addition formulas (Renes-Costello-Batina 2016)
Disclosure Policy
We follow coordinated disclosure. Please do not open public GitHub issues for security vulnerabilities.