stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add post-quantum cryptography support with PqSoftCryptoProvider
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details
wine-csp-build / Build Wine CSP Image (push) Has been cancelled
Details

Browse Source 
- Implemented PqSoftCryptoProvider for software-only post-quantum algorithms (Dilithium3, Falcon512) using BouncyCastle.
- Added PqSoftProviderOptions and PqSoftKeyOptions for configuration.
- Created unit tests for Dilithium3 and Falcon512 signing and verification.
- Introduced EcdsaPolicyCryptoProvider for compliance profiles (FIPS/eIDAS) with explicit allow-lists.
- Added KcmvpHashOnlyProvider for KCMVP baseline compliance.
- Updated project files and dependencies for new libraries and testing frameworks.
This commit is contained in:
StellaOps Bot
2025-12-07 15:04:19 +02:00
parent 862bb6ed80
commit 98e6b76584
119 changed files with 11436 additions and 1732 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
ops/devops/findings-ledger/compose/env/ledger.dev.env vendored Normal file
View File

@@ -0,0 +1,24 @@
# Findings Ledger - Development Environment
# Copy to ledger.local.env and customize for local dev
# Database connection
LEDGER__DB__CONNECTIONSTRING=Host=postgres;Port=5432;Database=findings_ledger_dev;Username=ledger;Password=change_me_dev;
# Attachment encryption key (AES-256, base64 encoded)
# Generate with: openssl rand -base64 32
LEDGER__ATTACHMENTS__ENCRYPTIONKEY=
# Merkle anchor signing (optional in dev)
LEDGER__MERKLE__SIGNINGKEY=
# Authority service endpoint (for JWT validation)
LEDGER__AUTHORITY__BASEURL=http://authority:8080
# Logging level
Logging__LogLevel__Default=Debug
Logging__LogLevel__Microsoft=Information
Logging__LogLevel__StellaOps=Debug
# Feature flags
LEDGER__FEATURES__ENABLEATTACHMENTS=true
LEDGER__FEATURES__ENABLEAUDITLOG=true

40
ops/devops/findings-ledger/compose/env/ledger.prod.env vendored Normal file
View File

@@ -0,0 +1,40 @@
# Findings Ledger - Production Environment
# Secrets should be injected from secrets manager, not committed
# Database connection (inject from secrets manager)
# LEDGER__DB__CONNECTIONSTRING=
# Attachment encryption key (inject from secrets manager)
# LEDGER__ATTACHMENTS__ENCRYPTIONKEY=
# Merkle anchor signing (inject from secrets manager)
# LEDGER__MERKLE__SIGNINGKEY=
# Authority service endpoint
LEDGER__AUTHORITY__BASEURL=http://authority:8080
# Logging level
Logging__LogLevel__Default=Warning
Logging__LogLevel__Microsoft=Warning
Logging__LogLevel__StellaOps=Information
# Feature flags
LEDGER__FEATURES__ENABLEATTACHMENTS=true
LEDGER__FEATURES__ENABLEAUDITLOG=true
# Observability
LEDGER__OBSERVABILITY__ENABLED=true
LEDGER__OBSERVABILITY__METRICSPORT=9090
# Merkle anchoring
LEDGER__MERKLE__ANCHORINTERVAL=00:05:00
LEDGER__MERKLE__EXTERNALIZE=false
# Attachments
LEDGER__ATTACHMENTS__MAXSIZEBYTES=104857600
LEDGER__ATTACHMENTS__ALLOWEGRESS=false
# Air-gap staleness thresholds (seconds)
LEDGER__AIRGAP__ADVISORYSTALETHRESHOLD=604800
LEDGER__AIRGAP__VEXSTALETHRESHOLD=604800
LEDGER__AIRGAP__POLICYSTALETHRESHOLD=86400