stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

up the blokcing tasks
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Notify Smoke Test / Notifier Service Tests (push) Has been cancelled
Details
Notify Smoke Test / Notification Smoke Test (push) Has been cancelled
Details
Notify Smoke Test / Notify Unit Tests (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
Manifest Integrity / Validate Schema Integrity (push) Has been cancelled
Details
Manifest Integrity / Validate Contract Documents (push) Has been cancelled
Details
Manifest Integrity / Validate Pack Fixtures (push) Has been cancelled
Details
Manifest Integrity / Audit SHA256SUMS Files (push) Has been cancelled
Details
Manifest Integrity / Verify Merkle Roots (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Risk Bundle CI / risk-bundle-build (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Risk Bundle CI / risk-bundle-offline-kit (push) Has been cancelled
Details
Risk Bundle CI / publish-checksums (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details
devportal-offline / build-offline (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-11 02:32:18 +02:00
parent 92bc4d3a07
commit 49922dff5a
474 changed files with 76071 additions and 12411 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
src/__Libraries/StellaOps.Cryptography.Plugin.SimRemote/SimRemoteHttpClient.cs Normal file
View File

@@ -0,0 +1,38 @@
using System.Net.Http.Json;
namespace StellaOps.Cryptography.Plugin.SimRemote;
public sealed class SimRemoteHttpClient
{
private readonly HttpClient client;
public SimRemoteHttpClient(HttpClient client)
{
this.client = client ?? throw new ArgumentNullException(nameof(client));
}
public async Task<string> SignAsync(string algorithmId, byte[] data, CancellationToken cancellationToken)
{
var payload = new SignRequest(Convert.ToBase64String(data), algorithmId);
var response = await client.PostAsJsonAsync("/sign", payload, cancellationToken).ConfigureAwait(false);
response.EnsureSuccessStatusCode();
var result = await response.Content.ReadFromJsonAsync<SignResponse>(cancellationToken: cancellationToken).ConfigureAwait(false)
?? throw new InvalidOperationException("Empty response from simulation signer.");
return result.SignatureBase64;
}
public async Task<bool> VerifyAsync(string algorithmId, byte[] data, string signatureBase64, CancellationToken cancellationToken)
{
var payload = new VerifyRequest(Convert.ToBase64String(data), signatureBase64, algorithmId);
var response = await client.PostAsJsonAsync("/verify", payload, cancellationToken).ConfigureAwait(false);
response.EnsureSuccessStatusCode();
var result = await response.Content.ReadFromJsonAsync<VerifyResponse>(cancellationToken: cancellationToken).ConfigureAwait(false)
?? throw new InvalidOperationException("Empty response from simulation verifier.");
return result.Ok;
}
private sealed record SignRequest(string MessageBase64, string Algorithm);
private sealed record SignResponse(string SignatureBase64, string Algorithm);
private sealed record VerifyRequest(string MessageBase64, string SignatureBase64, string Algorithm);
private sealed record VerifyResponse(bool Ok, string Algorithm);
}

69
src/__Libraries/StellaOps.Cryptography.Plugin.SimRemote/SimRemoteProvider.cs Normal file
View File

@@ -0,0 +1,69 @@
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.Cryptography;
namespace StellaOps.Cryptography.Plugin.SimRemote;
public sealed class SimRemoteProvider : ICryptoProvider, ICryptoProviderDiagnostics
{
private readonly SimRemoteHttpClient client;
private readonly SimRemoteProviderOptions options;
private readonly ILogger<SimRemoteProvider>? logger;
public SimRemoteProvider(
SimRemoteHttpClient client,
IOptions<SimRemoteProviderOptions>? optionsAccessor = null,
ILogger<SimRemoteProvider>? logger = null)
{
this.client = client ?? throw new ArgumentNullException(nameof(client));
this.logger = logger;
this.options = optionsAccessor?.Value ?? new SimRemoteProviderOptions();
}
public string Name => "sim.crypto.remote";
public bool Supports(CryptoCapability capability, string algorithmId)
{
if (capability is not (CryptoCapability.Signing or CryptoCapability.Verification))
{
return false;
}
return options.Algorithms.Contains(algorithmId, StringComparer.OrdinalIgnoreCase);
}
public ICryptoSigner GetSigner(string algorithmId, CryptoKeyReference keyReference)
{
ArgumentNullException.ThrowIfNull(keyReference);
if (!Supports(CryptoCapability.Signing, algorithmId))
{
throw new InvalidOperationException($"Algorithm '{algorithmId}' is not enabled for simulation.");
}
var keyId = string.IsNullOrWhiteSpace(keyReference.KeyId) ? options.RemoteKeyId : keyReference.KeyId;
logger?.LogDebug("Using simulation signer for {Algorithm} with key {KeyId}", algorithmId, keyId);
return new SimRemoteSigner(client, algorithmId, keyId);
}
public void UpsertSigningKey(CryptoSigningKey signingKey) => throw new NotSupportedException("Simulation provider uses remote keys.");
public bool RemoveSigningKey(string keyId) => false;
public IReadOnlyCollection<CryptoSigningKey> GetSigningKeys() => Array.Empty<CryptoSigningKey>();
public IPasswordHasher GetPasswordHasher(string algorithmId)
=> throw new NotSupportedException("Simulation provider does not handle password hashing.");
public ICryptoHasher GetHasher(string algorithmId)
=> throw new NotSupportedException("Simulation provider does not handle hashing.");
public IEnumerable<CryptoProviderKeyDescriptor> DescribeKeys()
{
foreach (var alg in options.Algorithms)
{
yield return new CryptoProviderKeyDescriptor(Name, options.RemoteKeyId, alg, new Dictionary<string, string?>
{
["simulation"] = "true",
["endpoint"] = options.BaseAddress
});
}
}
}

36
src/__Libraries/StellaOps.Cryptography.Plugin.SimRemote/SimRemoteProviderOptions.cs Normal file
View File

@@ -0,0 +1,36 @@
using System.Collections.Generic;
using StellaOps.Cryptography;
namespace StellaOps.Cryptography.Plugin.SimRemote;
public sealed class SimRemoteProviderOptions
{
public string BaseAddress { get; set; } = "http://localhost:8080";
/// <summary>
/// Provider/algorithm IDs this simulation should serve.
/// Examples: pq.sim, ru.magma.sim, ru.kuznyechik.sim, sm.sim, fips.sim, eidas.sim, kcmvp.sim.
/// </summary>
public IList<string> Algorithms { get; set; } = new List<string>
{
SignatureAlgorithms.Dilithium3,
SignatureAlgorithms.Falcon512,
"pq.sim",
SignatureAlgorithms.GostR3410_2012_256,
SignatureAlgorithms.GostR3410_2012_512,
"ru.magma.sim",
"ru.kuznyechik.sim",
SignatureAlgorithms.Sm2,
"sm.sim",
"sm2.sim",
SignatureAlgorithms.Es256,
SignatureAlgorithms.Es384,
SignatureAlgorithms.Es512,
"fips.sim",
"eidas.sim",
"kcmvp.sim",
"world.sim"
};
public string RemoteKeyId { get; set; } = "sim-key";
}

33
src/__Libraries/StellaOps.Cryptography.Plugin.SimRemote/SimRemoteSigner.cs Normal file
View File

@@ -0,0 +1,33 @@
using StellaOps.Cryptography;
namespace StellaOps.Cryptography.Plugin.SimRemote;
internal sealed class SimRemoteSigner : ICryptoSigner
{
private readonly SimRemoteHttpClient client;
public SimRemoteSigner(SimRemoteHttpClient client, string algorithmId, string keyId)
{
this.client = client ?? throw new ArgumentNullException(nameof(client));
AlgorithmId = algorithmId ?? throw new ArgumentNullException(nameof(algorithmId));
KeyId = keyId ?? throw new ArgumentNullException(nameof(keyId));
}
public string KeyId { get; }
public string AlgorithmId { get; }
public async ValueTask<byte[]> SignAsync(ReadOnlyMemory<byte> data, CancellationToken cancellationToken = default)
{
var sig = await client.SignAsync(AlgorithmId, data.ToArray(), cancellationToken).ConfigureAwait(false);
return Convert.FromBase64String(sig);
}
public async ValueTask<bool> VerifyAsync(ReadOnlyMemory<byte> data, ReadOnlyMemory<byte> signature, CancellationToken cancellationToken = default)
{
var sigBase64 = Convert.ToBase64String(signature.ToArray());
return await client.VerifyAsync(AlgorithmId, data.ToArray(), sigBase64, cancellationToken).ConfigureAwait(false);
}
public Microsoft.IdentityModel.Tokens.JsonWebKey ExportPublicJsonWebKey()
=> new() { Kid = KeyId, Alg = AlgorithmId, Kty = "oct" };
}

10
src/__Libraries/StellaOps.Cryptography.Plugin.SimRemote/StellaOps.Cryptography.Plugin.SimRemote.csproj Normal file
View File

@@ -0,0 +1,10 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net10.0</TargetFramework>
<Nullable>enable</Nullable>
<ImplicitUsings>enable</ImplicitUsings>
</PropertyGroup>
<ItemGroup>
<ProjectReference Include="..\\StellaOps.Cryptography\\StellaOps.Cryptography.csproj" />
</ItemGroup>
</Project>