Add post-quantum cryptography support with PqSoftCryptoProvider
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
wine-csp-build / Build Wine CSP Image (push) Has been cancelled
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
wine-csp-build / Build Wine CSP Image (push) Has been cancelled
- Implemented PqSoftCryptoProvider for software-only post-quantum algorithms (Dilithium3, Falcon512) using BouncyCastle. - Added PqSoftProviderOptions and PqSoftKeyOptions for configuration. - Created unit tests for Dilithium3 and Falcon512 signing and verification. - Introduced EcdsaPolicyCryptoProvider for compliance profiles (FIPS/eIDAS) with explicit allow-lists. - Added KcmvpHashOnlyProvider for KCMVP baseline compliance. - Updated project files and dependencies for new libraries and testing frameworks.
This commit is contained in:
StellaOps Bot
@@ -14,6 +14,7 @@
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\StellaOps.Concelier.Normalization\StellaOps.Concelier.Normalization.csproj" />
|
||||
<ProjectReference Include="..\StellaOps.Concelier.Models\StellaOps.Concelier.Models.csproj" />
|
||||
<ProjectReference Include="../../../__Libraries/StellaOps.Plugin/StellaOps.Plugin.csproj" />
|
||||
<ProjectReference Include="../../../__Libraries/StellaOps.Cryptography/StellaOps.Cryptography.csproj" />
|
||||
<ProjectReference Include="..\StellaOps.Concelier.Core\StellaOps.Concelier.Core.csproj" />
|
||||
|
||||
@@ -1,43 +0,0 @@
|
||||
#nullable enable
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using StellaOps.Policy.AuthSignals;
|
||||
|
||||
namespace StellaOps.Concelier.Core.Linksets;
|
||||
|
||||
/// <summary>
|
||||
/// Maps advisory linksets into the shared Policy/Auth/Signals contract so policy enrichment tasks can start.
|
||||
/// This is a minimal, fact-only projection (no weighting or merge logic).
|
||||
/// </summary>
|
||||
public static class PolicyAuthSignalFactory
|
||||
{
|
||||
public static PolicyAuthSignal ToPolicyAuthSignal(AdvisoryLinkset linkset)
|
||||
{
|
||||
ArgumentNullException.ThrowIfNull(linkset);
|
||||
|
||||
var firstPurl = linkset.Normalized?.Purls?.FirstOrDefault();
|
||||
|
||||
var evidence = new List<EvidenceRef>
|
||||
{
|
||||
new()
|
||||
{
|
||||
Kind = "linkset",
|
||||
Uri = $"cas://linksets/{linkset.AdvisoryId}",
|
||||
Digest = "sha256:pending" // real digest filled when CAS manifests are available
|
||||
}
|
||||
};
|
||||
|
||||
return new PolicyAuthSignal
|
||||
{
|
||||
Id = linkset.AdvisoryId,
|
||||
Tenant = linkset.TenantId,
|
||||
Subject = firstPurl ?? $"advisory:{linkset.Source}:{linkset.AdvisoryId}",
|
||||
SignalType = "reachability",
|
||||
Source = linkset.Source,
|
||||
Confidence = linkset.Confidence,
|
||||
Evidence = evidence,
|
||||
Created = linkset.CreatedAt.UtcDateTime
|
||||
};
|
||||
}
|
||||
}
|
||||
@@ -1,31 +0,0 @@
|
||||
#nullable enable
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using StellaOps.Policy.AuthSignals;
|
||||
|
||||
namespace StellaOps.Concelier.Core.Policy;
|
||||
|
||||
/// <summary>
|
||||
/// Temporary bridge to consume the shared Policy/Auth/Signals contract package so downstream POLICY tasks can start.
|
||||
/// </summary>
|
||||
public static class AuthSignalsPackage
|
||||
{
|
||||
public static PolicyAuthSignal CreateSample() => new()
|
||||
{
|
||||
Id = "sample",
|
||||
Tenant = "urn:tenant:sample",
|
||||
Subject = "purl:pkg:maven/org.example/app@1.0.0",
|
||||
SignalType = "reachability",
|
||||
Source = "concelier",
|
||||
Evidence = new List<EvidenceRef>
|
||||
{
|
||||
new()
|
||||
{
|
||||
Kind = "linkset",
|
||||
Uri = "cas://linksets/sample",
|
||||
Digest = "sha256:stub"
|
||||
}
|
||||
},
|
||||
Created = DateTime.UtcNow
|
||||
};
|
||||
}
|
||||
@@ -12,7 +12,6 @@
|
||||
<PackageReference Include="Microsoft.Extensions.Options" Version="10.0.0" />
|
||||
<PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="10.0.0" />
|
||||
<PackageReference Include="Cronos" Version="0.10.0" />
|
||||
<PackageReference Include="StellaOps.Policy.AuthSignals" Version="0.1.0-alpha" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\StellaOps.Concelier.Models\StellaOps.Concelier.Models.csproj" />
|
||||
|
||||
Reference in New Issue
Block a user