feat: Implement Wine CSP HTTP provider for GOST cryptographic operations

- Added WineCspHttpProvider class to interface with Wine-hosted CryptoPro CSP.
- Implemented ICryptoProvider, ICryptoProviderDiagnostics, and IDisposable interfaces.
- Introduced WineCspHttpSigner and WineCspHttpHasher for signing and hashing operations.
- Created WineCspProviderOptions for configuration settings including service URL and key options.
- Developed CryptoProGostSigningService to handle GOST signing operations and key management.
- Implemented HTTP service for the Wine CSP with endpoints for signing, verification, and hashing.
- Added Swagger documentation for API endpoints.
- Included health checks and error handling for service availability.
- Established DTOs for request and response models in the service.

docs/security/wine-csp-loader-design.md

@@ -1,10 +1,51 @@
 # Wine CSP Loader Design · CryptoPro GOST Validation
 
-**Status:** EXPERIMENTAL / DESIGN
+**Status:** IMPLEMENTED (HTTP-based approach)
 **Date:** 2025-12-07
 **Owners:** Security Guild, DevOps
 **Related:** RU-CRYPTO-VAL-04, RU-CRYPTO-VAL-05
 
+## Implementation Status
+
+The HTTP-based Wine RPC Server approach (Approach C variant) has been implemented:
+
+| Component | Path | Status |
+|-----------|------|--------|
+| Wine CSP HTTP Service | `src/__Tools/WineCspService/` | DONE |
+| Setup Script | `scripts/crypto/setup-wine-csp-service.sh` | DONE |
+| Crypto Registry Provider | `src/__Libraries/StellaOps.Cryptography.Plugin.WineCsp/` | DONE |
+
+### Implementation Files
+
+- **`src/__Tools/WineCspService/Program.cs`** - ASP.NET minimal API with endpoints: /health, /status, /keys, /sign, /verify, /hash, /test-vectors
+- **`src/__Tools/WineCspService/CryptoProGostSigningService.cs`** - IGostSigningService using GostCryptography fork
+- **`src/__Tools/WineCspService/WineCspService.csproj`** - .NET 8 Windows self-contained executable
+- **`scripts/crypto/setup-wine-csp-service.sh`** - Wine environment setup, builds service, creates systemd unit
+- **`src/__Libraries/StellaOps.Cryptography.Plugin.WineCsp/WineCspHttpProvider.cs`** - ICryptoProvider implementation
+- **`src/__Libraries/StellaOps.Cryptography.Plugin.WineCsp/WineCspHttpSigner.cs`** - ICryptoSigner via HTTP
+- **`src/__Libraries/StellaOps.Cryptography.Plugin.WineCsp/WineCspHttpClient.cs`** - HTTP client with retry policies
+
+### Usage
+
+```bash
+# Setup Wine environment and build service
+./scripts/crypto/setup-wine-csp-service.sh [--csp-installer /path/to/csp_setup.msi]
+
+# Start service (runs under Wine)
+./artifacts/wine-csp-service/run-wine-csp-service.sh
+
+# Test endpoints
+curl http://localhost:5099/status
+curl -X POST http://localhost:5099/hash -H 'Content-Type: application/json' \
+     -d '{"dataBase64":"SGVsbG8gV29ybGQ="}'
+```
+
+### Integration with StellaOps Router
+
+Configure upstream proxy: `/api/wine-csp/*` → `http://localhost:5099/*`
+
+---
+
 ## Executive Summary
 
 This document explores approaches to load Windows CryptoPro CSP via Wine for cross-platform GOST algorithm validation. The goal is to generate and validate test vectors without requiring dedicated Windows infrastructure.
@@ -817,5 +858,6 @@ Before implementing Wine CSP loader:
 
 ---
 
-*Document Version: 1.0.0*
+*Document Version: 1.1.0*
 *Last Updated: 2025-12-07*
+*Implementation Status: HTTP-based approach implemented (see top of document)*