Add SM2 support to the Rust wolfCrypt wrapper

[somes]

Description

Add SM2 support to the Rust wolfCrypt wrapper.

This adds:

• SM2 key generation
• Shared-secret derivation
• SM2 digest creation
• Hash signing and verification
• Capability detection for the available SM2 APIs
• SM2 integration and error-path tests

The implementation reuses the existing ECC key ownership and allocation model.

Testing

Tested against a local wolfSSL master and wolfSM build with SM2 enabled. WOLFSSL_PREFIX was configured to reference this installation.

cargo test \
  --features alloc,rand_core,aead,cipher,digest,mac,signature,password-hash,kem \
  -- --test-threads=1

cargo clippy \
  --features alloc,rand_core,aead,cipher,digest,mac,signature,password-hash,kem

All 7 SM2 integration tests pass. The complete Rust wrapper test suite, including documentation tests, also passes.

Clippy completes successfully. The remaining warnings originate from bindgen-generated bindings.

Checklist

• added tests
• updated/added doxygen — not applicable; the Rust API includes Rustdoc documentation
• updated appropriate READMEs
• Updated manual and documentation — not applicable

[wolfSSL-Bot]

Can one of the admins verify this patch?

[dgarske]

Hi @somes , thank you for this code contribution. I have asked @holtrop-wolfssl to look it over. Can you tell us more about your project and use of our Rust wrapper? In order to accept this code we need to have a signed contributor agreement. Please email support at wolfssl dot com and reference this pull request.
Thanks, David Garske, wolfSSL

[Copilot]

Pull request overview

Adds SM2 support to the wolfssl-wolfcrypt Rust wrapper, aligning with the crate’s existing pattern of capability detection via build.rs-emitted cfg(...) flags and reusing the existing ECC key allocation/ownership model.

Changes:

• Introduces a new wolfssl_wolfcrypt::sm2 module exposing SM2 keygen, shared-secret derivation, digest creation, and hash sign/verify.
• Extends build.rs capability scanning and bindgen header set to detect and bind SM2 APIs when present.
• Adds SM2 integration and error-path tests, plus README/CHANGELOG and distribution manifest updates.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
wrapper/rust/wolfssl-wolfcrypt/tests/test_sm2.rs	Adds SM2 integration tests for keygen, digest, sign/verify, shared secret, and small-buffer error paths.
wrapper/rust/wolfssl-wolfcrypt/src/sm2.rs	New SM2 Rust wrapper built on the existing ECC key wrapper and wolfCrypt SM2 APIs.
wrapper/rust/wolfssl-wolfcrypt/src/lib.rs	Exposes the new sm2 module behind cfg(sm2).
wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs	Adds crate-private ECC::new() / ECC::new_ex() constructors for allocating an unpopulated ECC key (used by SM2).
wrapper/rust/wolfssl-wolfcrypt/README.md	Documents SM2 as supported functionality.
wrapper/rust/wolfssl-wolfcrypt/headers.h	Adds wolfssl/wolfcrypt/sm2.h to bindgen’s header set.
wrapper/rust/wolfssl-wolfcrypt/CHANGELOG.md	Notes the new SM2 wrapper module.
wrapper/rust/wolfssl-wolfcrypt/build.rs	Adds SM2 symbol-based cfg detection (sm2, sm2_dh, sm2_sign, sm2_verify, sm2_digest).
wrapper/rust/include.am	Includes the new SM2 source and test files in distribution manifests.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

MemBrowse Memory Report

No memory changes detected for:

• gcc-arm-cortex-m0plus
• gcc-arm-cortex-m3
• gcc-arm-cortex-m4
• gcc-arm-cortex-m4-baremetal
• gcc-arm-cortex-m4-crypto-only
• gcc-arm-cortex-m4-dtls13
• gcc-arm-cortex-m4-min-ecc
• gcc-arm-cortex-m4-openssl-compat
• gcc-arm-cortex-m4-pkcs7
• gcc-arm-cortex-m4-pq
• gcc-arm-cortex-m4-rsa-only
• gcc-arm-cortex-m4-sp-math
• gcc-arm-cortex-m4-tls12
• gcc-arm-cortex-m4-tls13
• gcc-arm-cortex-m7
• gcc-arm-cortex-m7-pq
• gcc-arm-cortex-m7-tls13
• linuxkm-pie
• linuxkm-standard
• stm32-sim-stm32h753