stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

stabilize tests

Browse Source
This commit is contained in:
master
2026-02-01 21:37:40 +02:00
parent 55744f6a39
commit 5d5e80b2e4
6435 changed files with 33984 additions and 13802 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/Cryptography/AGENTS.md Normal file
View File

@@ -0,0 +1,24 @@
# AGENTS - Cryptography Module
## Working Directory
- `src/Cryptography/**` (crypto core, plugins, profiles, tests).
## Required Reading
- `docs/README.md`
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/cryptography/architecture.md`
- `docs/modules/cryptography/README.md`
- `docs/modules/cryptography/multi-profile-signing-specification.md`
## Engineering Rules
- Deterministic serialization and signing; no nondeterministic inputs.
- Respect offline posture; no network calls in crypto paths.
- Validate inputs and fail closed on verification errors.
## Testing & Verification
- Tests live in `src/Cryptography/__Tests/**`.
- Add vectors for signing/verification, negative cases, and determinism.
## Sprint Discipline
- Log cryptography decisions in sprint Decisions & Risks with doc links.

9
src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/EidasPlugin.cs
View File

@@ -1,7 +1,3 @@
namespace StellaOps.Cryptography.Plugin.Eidas;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.X509;
using StellaOps.Cryptography.Plugin.Eidas.Timestamping;
@@ -10,8 +6,13 @@ using StellaOps.Plugin.Abstractions.Capabilities;
using StellaOps.Plugin.Abstractions.Context;
using StellaOps.Plugin.Abstractions.Health;
using StellaOps.Plugin.Abstractions.Lifecycle;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using X509Certificate = Org.BouncyCastle.X509.X509Certificate;
namespace StellaOps.Cryptography.Plugin.Eidas;
/// <summary>
/// eIDAS cryptography plugin for EU qualified electronic signatures.
/// Implements ETSI TS 119 312 compliant signature operations.

8
src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/TASKS.md Normal file
View File

@@ -0,0 +1,8 @@
# StellaOps.Cryptography.Plugin.Eidas Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/StellaOps.Cryptography.Plugin.Eidas.md. |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

5
src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/CadesSignatureBuilder.cs
View File

@@ -5,11 +5,12 @@
// Description: Implementation of CAdES signature builder.
// -----------------------------------------------------------------------------
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using System.Security.Cryptography;
using System.Security.Cryptography.Pkcs;
using System.Security.Cryptography.X509Certificates;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
namespace StellaOps.Cryptography.Plugin.Eidas.Timestamping;

5
src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/EuTrustListService.cs
View File

@@ -5,13 +5,14 @@
// Description: Implementation of EU Trusted List service.
// -----------------------------------------------------------------------------
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography.Xml;
using System.Xml;
using System.Xml.Linq;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
namespace StellaOps.Cryptography.Plugin.Eidas.Timestamping;

3
src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/QualifiedTimestampVerifier.cs
View File

@@ -5,11 +5,12 @@
// Description: Implementation of qualified timestamp verification.
// -----------------------------------------------------------------------------
using Microsoft.Extensions.Logging;
using System.Formats.Asn1;
using System.Security.Cryptography;
using System.Security.Cryptography.Pkcs;
using System.Security.Cryptography.X509Certificates;
using Microsoft.Extensions.Logging;
namespace StellaOps.Cryptography.Plugin.Eidas.Timestamping;

3
src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/TimestampModeSelector.cs
View File

@@ -5,9 +5,10 @@
// Description: Implementation of timestamp mode selection.
// -----------------------------------------------------------------------------
using System.Text.RegularExpressions;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using System.Text.RegularExpressions;
namespace StellaOps.Cryptography.Plugin.Eidas.Timestamping;

7
src/Cryptography/StellaOps.Cryptography.Plugin.Fips/FipsPlugin.cs
View File

@@ -1,11 +1,12 @@
namespace StellaOps.Cryptography.Plugin.Fips;
using System.Security.Cryptography;
using StellaOps.Plugin.Abstractions;
using StellaOps.Plugin.Abstractions.Capabilities;
using StellaOps.Plugin.Abstractions.Context;
using StellaOps.Plugin.Abstractions.Health;
using StellaOps.Plugin.Abstractions.Lifecycle;
using System.Security.Cryptography;
namespace StellaOps.Cryptography.Plugin.Fips;
/// <summary>
/// FIPS 140-2 compliant cryptography plugin.

8
src/Cryptography/StellaOps.Cryptography.Plugin.Fips/TASKS.md Normal file
View File

@@ -0,0 +1,8 @@
# StellaOps.Cryptography.Plugin.Fips Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/Cryptography/StellaOps.Cryptography.Plugin.Fips/StellaOps.Cryptography.Plugin.Fips.md. |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

5
src/Cryptography/StellaOps.Cryptography.Plugin.Gost/GostPlugin.cs
View File

@@ -1,5 +1,3 @@
namespace StellaOps.Cryptography.Plugin.Gost;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Digests;
using Org.BouncyCastle.Crypto.Engines;
@@ -15,6 +13,9 @@ using StellaOps.Plugin.Abstractions.Context;
using StellaOps.Plugin.Abstractions.Health;
using StellaOps.Plugin.Abstractions.Lifecycle;
namespace StellaOps.Cryptography.Plugin.Gost;
/// <summary>
/// GOST cryptography plugin providing Russian Federal cryptographic standards.
/// Implements GOST R 34.10-2012 (signatures) and GOST R 34.11-2012 (hashes).

8
src/Cryptography/StellaOps.Cryptography.Plugin.Gost/TASKS.md Normal file
View File

@@ -0,0 +1,8 @@
# StellaOps.Cryptography.Plugin.Gost Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/Cryptography/StellaOps.Cryptography.Plugin.Gost/StellaOps.Cryptography.Plugin.Gost.md. |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

9
src/Cryptography/StellaOps.Cryptography.Plugin.Hsm/HsmPlugin.cs
View File

@@ -1,11 +1,12 @@
namespace StellaOps.Cryptography.Plugin.Hsm;
using System.Security.Cryptography;
using StellaOps.Plugin.Abstractions;
using StellaOps.Plugin.Abstractions.Context;
using StellaOps.Plugin.Abstractions.Capabilities;
using StellaOps.Plugin.Abstractions.Context;
using StellaOps.Plugin.Abstractions.Health;
using StellaOps.Plugin.Abstractions.Lifecycle;
using System.Security.Cryptography;
namespace StellaOps.Cryptography.Plugin.Hsm;
/// <summary>
/// Hardware Security Module (HSM) cryptography plugin.

13
src/Cryptography/StellaOps.Cryptography.Plugin.Hsm/Pkcs11HsmClientImpl.cs
View File

@@ -3,10 +3,11 @@
// Sprint: SPRINT_20260112_017_CRYPTO_pkcs11_hsm_implementation
// Tasks: HSM-002, HSM-003, HSM-004, HSM-005, HSM-006, HSM-007
using System.Collections.Concurrent;
using Net.Pkcs11Interop.Common;
using Net.Pkcs11Interop.HighLevelAPI;
using StellaOps.Plugin.Abstractions.Context;
using System.Collections.Concurrent;
namespace StellaOps.Cryptography.Plugin.Hsm;
@@ -555,19 +556,23 @@ public sealed class Pkcs11HsmClientImpl : IHsmClient, IDisposable
/// <summary>
/// Helper factory for creating mechanisms.
/// Uses Lazy&lt;T&gt; to defer native PKCS#11 library probing until first use,
/// preventing test runner hangs when SoftHSM2 is not installed (Q4 quirk).
/// </summary>
private static class MechanismFactory
{
private static readonly Pkcs11InteropFactories Factories = new();
private static readonly Lazy<Pkcs11InteropFactories> LazyFactories = new(
() => new Pkcs11InteropFactories(),
LazyThreadSafetyMode.ExecutionAndPublication);
public static IMechanism Create(CKM mechanism)
{
return Factories.MechanismFactory.Create(mechanism);
return LazyFactories.Value.MechanismFactory.Create(mechanism);
}
public static IMechanism Create(CKM mechanism, byte[] parameter)
{
return Factories.MechanismFactory.Create(mechanism, parameter);
return LazyFactories.Value.MechanismFactory.Create(mechanism, parameter);
}
}
}

8
src/Cryptography/StellaOps.Cryptography.Plugin.Hsm/TASKS.md Normal file
View File

@@ -0,0 +1,8 @@
# StellaOps.Cryptography.Plugin.Hsm Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/Cryptography/StellaOps.Cryptography.Plugin.Hsm/StellaOps.Cryptography.Plugin.Hsm.md. |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

5
src/Cryptography/StellaOps.Cryptography.Plugin.Sm/SmPlugin.cs
View File

@@ -1,5 +1,3 @@
namespace StellaOps.Cryptography.Plugin.Sm;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Digests;
using Org.BouncyCastle.Crypto.Engines;
@@ -16,6 +14,9 @@ using StellaOps.Plugin.Abstractions.Context;
using StellaOps.Plugin.Abstractions.Health;
using StellaOps.Plugin.Abstractions.Lifecycle;
namespace StellaOps.Cryptography.Plugin.Sm;
/// <summary>
/// Chinese national cryptographic standards plugin.
/// Implements SM2 (signatures), SM3 (hash), and SM4 (symmetric encryption).

8
src/Cryptography/StellaOps.Cryptography.Plugin.Sm/TASKS.md Normal file
View File

@@ -0,0 +1,8 @@
# StellaOps.Cryptography.Plugin.Sm Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/Cryptography/StellaOps.Cryptography.Plugin.Sm/StellaOps.Cryptography.Plugin.Sm.md. |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

5
src/Cryptography/StellaOps.Cryptography.Plugin/CryptoPluginBase.cs
View File

@@ -1,11 +1,12 @@
namespace StellaOps.Cryptography.Plugin;
using StellaOps.Plugin.Abstractions;
using StellaOps.Plugin.Abstractions.Capabilities;
using StellaOps.Plugin.Abstractions.Context;
using StellaOps.Plugin.Abstractions.Health;
using StellaOps.Plugin.Abstractions.Lifecycle;
namespace StellaOps.Cryptography.Plugin;
/// <summary>
/// Base class for cryptographic plugins providing common functionality.
/// Implements IPlugin and ICryptoCapability interfaces.

8
src/Cryptography/StellaOps.Cryptography.Plugin/TASKS.md Normal file
View File

@@ -0,0 +1,8 @@
# StellaOps.Cryptography.Plugin Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/Cryptography/StellaOps.Cryptography.Plugin/StellaOps.Cryptography.Plugin.md. |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

7
src/Cryptography/StellaOps.Cryptography.Profiles.Ecdsa/EcdsaP256Signer.cs
View File

@@ -1,8 +1,9 @@
namespace StellaOps.Cryptography.Profiles.Ecdsa;
using System.Security.Cryptography;
using StellaOps.Cryptography;
using StellaOps.Cryptography.Models;
using System.Security.Cryptography;
namespace StellaOps.Cryptography.Profiles.Ecdsa;
/// <summary>
/// ECDSA P-256 signer using .NET cryptography (FIPS 186-4 compliant).

1
src/Cryptography/StellaOps.Cryptography.Profiles.Ecdsa/TASKS.md
View File

@@ -8,3 +8,4 @@ Source of truth: `docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229
| AUDIT-0268-M | DONE | Revalidated 2026-01-07; open findings tracked in audit report. |
| AUDIT-0268-T | DONE | Revalidated 2026-01-07; open findings tracked in audit report. |
| AUDIT-0268-A | TODO | Revalidated 2026-01-07 (open findings). |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

7
src/Cryptography/StellaOps.Cryptography.Profiles.EdDsa/Ed25519Signer.cs
View File

@@ -1,9 +1,10 @@
namespace StellaOps.Cryptography.Profiles.EdDsa;
using System.Security.Cryptography;
using Sodium;
using StellaOps.Cryptography;
using StellaOps.Cryptography.Models;
using System.Security.Cryptography;
namespace StellaOps.Cryptography.Profiles.EdDsa;
/// <summary>
/// EdDSA (Ed25519) signer using libsodium.

5
src/Cryptography/StellaOps.Cryptography.Profiles.EdDsa/Ed25519Verifier.cs
View File

@@ -1,9 +1,10 @@
namespace StellaOps.Cryptography.Profiles.EdDsa;
using Sodium;
using StellaOps.Cryptography;
using StellaOps.Cryptography.Models;
namespace StellaOps.Cryptography.Profiles.EdDsa;
/// <summary>
/// EdDSA (Ed25519) signature verifier using libsodium.
/// </summary>

1
src/Cryptography/StellaOps.Cryptography.Profiles.EdDsa/TASKS.md
View File

@@ -8,3 +8,4 @@ Source of truth: `docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229
| AUDIT-0269-M | DONE | Revalidated 2026-01-07; open findings tracked in audit report. |
| AUDIT-0269-T | DONE | Revalidated 2026-01-07; open findings tracked in audit report. |
| AUDIT-0269-A | TODO | Revalidated 2026-01-07 (open findings). |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

3
src/Cryptography/StellaOps.Cryptography/IContentSigner.cs
View File

@@ -1,6 +1,7 @@
using StellaOps.Cryptography.Models;
namespace StellaOps.Cryptography;
using StellaOps.Cryptography.Models;
/// <summary>
/// Core abstraction for cryptographic signing operations.

3
src/Cryptography/StellaOps.Cryptography/IContentVerifier.cs
View File

@@ -1,6 +1,7 @@
using StellaOps.Cryptography.Models;
namespace StellaOps.Cryptography;
using StellaOps.Cryptography.Models;
/// <summary>
/// Core abstraction for signature verification.

1
src/Cryptography/StellaOps.Cryptography/KeyEscrow/KeyEscrowService.cs
View File

@@ -3,6 +3,7 @@
// Sprint: SPRINT_20260112_018_CRYPTO_key_escrow_shamir
// Tasks: ESCROW-004, ESCROW-006, ESCROW-008, ESCROW-009
using System.Security.Cryptography;
namespace StellaOps.Cryptography.KeyEscrow;

7
src/Cryptography/StellaOps.Cryptography/MultiProfileSigner.cs
View File

@@ -1,8 +1,9 @@
namespace StellaOps.Cryptography;
using System.Diagnostics;
using Microsoft.Extensions.Logging;
using StellaOps.Cryptography.Models;
using System.Diagnostics;
namespace StellaOps.Cryptography;
/// <summary>
/// Orchestrates signing with multiple cryptographic profiles simultaneously.

1
src/Cryptography/StellaOps.Cryptography/TASKS.md
View File

@@ -13,3 +13,4 @@ Source of truth: `docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229
| HSM-010 | DONE | Doctor HSM connectivity check updated (2026-01-16). |
| HSM-011 | DONE | HSM setup runbook updated (2026-01-16). |
| HSM-012 | DONE | SoftHSM2 test environment doc added (2026-01-16). |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

19
src/Cryptography/__Tests/StellaOps.Cryptography.Tests/AGENTS.md Normal file
View File

@@ -0,0 +1,19 @@
# StellaOps.Cryptography.Tests Agent Charter
## Mission
Provide deterministic unit and integration tests for cryptographic operations, signing, verification, and HSM integration.
## Required Reading
- `docs/modules/cryptography/architecture.md`
- `docs/modules/cryptography/multi-profile-signing-specification.md`
- `docs/modules/platform/architecture-overview.md`
## Working Agreement
- Update sprint status in `docs/implplan/SPRINT_*.md` and local TASKS.md.
- Keep tests deterministic (fixed keys/vectors, stable ordering).
- Add vectors for signing/verification, negative cases, and determinism.
## Known Quirks
- **Q4 — PKCS#11 HSM test hang**: `Pkcs11HsmClientIntegrationTests` requires SoftHSM2 installed and the `STELLAOPS_SOFTHSM_LIB` environment variable set. Without SoftHSM2, the PKCS#11 native library probing can hang the test runner during static initialization. The `MechanismFactory` in `Pkcs11HsmClientImpl.cs` uses `Lazy<Pkcs11InteropFactories>` to defer native probing until first use. HSM tests are tagged `[Trait("Category", "HsmIntegration")]` and excluded from default CI runs.
- **CI filter**: Default test commands exclude HSM tests: `dotnet test --filter "Category!=HsmIntegration"`.
- **To run HSM tests**: Install SoftHSM2, set `STELLAOPS_SOFTHSM_LIB` to the library path, then run without the filter.

1
src/Cryptography/__Tests/StellaOps.Cryptography.Tests/Hsm/Pkcs11HsmClientIntegrationTests.cs
View File

@@ -11,6 +11,7 @@ using Xunit;
namespace StellaOps.Cryptography.Tests.Hsm;
[Trait("Category", "Integration")]
[Trait("Category", "HsmIntegration")]
public sealed class Pkcs11HsmClientIntegrationTests
{
[Fact]

8
src/Cryptography/__Tests/StellaOps.Cryptography.Tests/TASKS.md Normal file
View File

@@ -0,0 +1,8 @@
# StellaOps.Cryptography.Tests Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/Cryptography/__Tests/StellaOps.Cryptography.Tests/StellaOps.Cryptography.Tests.md. |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |