Fix build and code structure improvements. New but essential UI functionality. CI improvements. Documentation improvements. AI module improvements.

2025-12-26 21:54:17 +02:00
parent 335ff7da16
commit c2b9cd8d1f
3717 changed files with 264714 additions and 48202 deletions
--- a/src/__Libraries/StellaOps.Cryptography.Plugin.PqSoft/PqSoftCryptoProvider.cs
+++ b/src/__Libraries/StellaOps.Cryptography.Plugin.PqSoft/PqSoftCryptoProvider.cs
@@ -10,8 +10,10 @@ using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Tokens;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Generators;
+using Org.BouncyCastle.Crypto.Parameters;
+using Org.BouncyCastle.Crypto.Signers;
 using Org.BouncyCastle.Security;
-using Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium;
 using Org.BouncyCastle.Pqc.Crypto.Falcon;
 using Org.BouncyCastle.Crypto.Prng;
 using Org.BouncyCastle.Crypto.Digests;
@@ -209,31 +211,18 @@ public sealed class PqSoftCryptoProvider : ICryptoProvider, ICryptoProviderDiagn

    private static PqKeyEntry CreateDilithiumEntry(CryptoSigningKey signingKey)
    {
-        var parameters = DilithiumParameters.Dilithium3;
-        if (!signingKey.PublicKey.IsEmpty)
-        {
-            var pubFromBytes = new DilithiumPublicKeyParameters(parameters, signingKey.PublicKey.ToArray());
-            var privFromBytes = new DilithiumPrivateKeyParameters(parameters, signingKey.PrivateKey.ToArray(), pubFromBytes);
-
-            var descriptorFromBytes = new CryptoSigningKey(
-                signingKey.Reference,
-                SignatureAlgorithms.Dilithium3,
-                privFromBytes.GetEncoded(),
-                signingKey.CreatedAt,
-                signingKey.ExpiresAt,
-                pubFromBytes.GetEncoded(),
-                signingKey.Metadata);
-
-            return new DilithiumKeyEntry(descriptorFromBytes, privFromBytes, pubFromBytes);
-        }
+        var parameters = MLDsaParameters.ml_dsa_65;

+        // Always regenerate keys from deterministic seed - BC 2.5+ API changes
+        // make direct byte reconstruction complex. Seeded generation is deterministic
+        // and will produce the same keys from the same private key seed.
        var random = CreateSeededRandom(signingKey.PrivateKey);
-        var generator = new DilithiumKeyPairGenerator();
-        generator.Init(new DilithiumKeyGenerationParameters(random, parameters));
+        var generator = new MLDsaKeyPairGenerator();
+        generator.Init(new MLDsaKeyGenerationParameters(random, parameters));
        var pair = generator.GenerateKeyPair();

-        var priv = (DilithiumPrivateKeyParameters)pair.Private;
-        var pub = (DilithiumPublicKeyParameters)pair.Public;
+        var priv = (MLDsaPrivateKeyParameters)pair.Private;
+        var pub = (MLDsaPublicKeyParameters)pair.Public;

        var descriptor = new CryptoSigningKey(
            signingKey.Reference,
@@ -244,7 +233,7 @@ public sealed class PqSoftCryptoProvider : ICryptoProvider, ICryptoProviderDiagn
            pub.GetEncoded(),
            signingKey.Metadata);

-        return new DilithiumKeyEntry(descriptor, priv, pub);
+        return new MLDsaKeyEntry(descriptor, priv, pub);
    }

    private static PqKeyEntry CreateFalconEntry(CryptoSigningKey signingKey)
@@ -311,13 +300,13 @@ internal abstract record PqKeyEntry(CryptoSigningKey Descriptor, string Algorith
    public abstract ICryptoSigner CreateSigner();
 }

-internal sealed record DilithiumKeyEntry(
+internal sealed record MLDsaKeyEntry(
    CryptoSigningKey Descriptor,
-    DilithiumPrivateKeyParameters PrivateKey,
-    DilithiumPublicKeyParameters PublicKey)
+    MLDsaPrivateKeyParameters PrivateKey,
+    MLDsaPublicKeyParameters PublicKey)
    : PqKeyEntry(Descriptor, SignatureAlgorithms.Dilithium3)
 {
-    public override ICryptoSigner CreateSigner() => new DilithiumSignerWrapper(Descriptor.Reference.KeyId, PrivateKey, PublicKey);
+    public override ICryptoSigner CreateSigner() => new MLDsaSignerWrapper(Descriptor.Reference.KeyId, PrivateKey, PublicKey);
 }

 internal sealed record FalconKeyEntry(
@@ -329,13 +318,13 @@ internal sealed record FalconKeyEntry(
    public override ICryptoSigner CreateSigner() => new FalconSignerWrapper(Descriptor.Reference.KeyId, PrivateKey, PublicKey);
 }

-internal sealed class DilithiumSignerWrapper : ICryptoSigner
+internal sealed class MLDsaSignerWrapper : ICryptoSigner
 {
    private readonly string keyId;
-    private readonly DilithiumPrivateKeyParameters privateKey;
-    private readonly DilithiumPublicKeyParameters publicKey;
+    private readonly MLDsaPrivateKeyParameters privateKey;
+    private readonly MLDsaPublicKeyParameters publicKey;

-    public DilithiumSignerWrapper(string keyId, DilithiumPrivateKeyParameters privateKey, DilithiumPublicKeyParameters publicKey)
+    public MLDsaSignerWrapper(string keyId, MLDsaPrivateKeyParameters privateKey, MLDsaPublicKeyParameters publicKey)
    {
        this.keyId = keyId;
        this.privateKey = privateKey;
@@ -349,17 +338,21 @@ internal sealed class DilithiumSignerWrapper : ICryptoSigner
    public ValueTask<byte[]> SignAsync(ReadOnlyMemory<byte> data, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();
-        var signer = new DilithiumSigner();
+        var signer = new MLDsaSigner(MLDsaParameters.ml_dsa_65, deterministic: true);
        signer.Init(true, privateKey);
-        return ValueTask.FromResult(signer.GenerateSignature(data.ToArray()));
+        var dataArray = data.ToArray();
+        signer.BlockUpdate(dataArray, 0, dataArray.Length);
+        return ValueTask.FromResult(signer.GenerateSignature());
    }

    public ValueTask<bool> VerifyAsync(ReadOnlyMemory<byte> data, ReadOnlyMemory<byte> signature, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();
-        var verifier = new DilithiumSigner();
+        var verifier = new MLDsaSigner(MLDsaParameters.ml_dsa_65, deterministic: true);
        verifier.Init(false, publicKey);
-        var ok = verifier.VerifySignature(data.ToArray(), signature.ToArray());
+        var dataArray = data.ToArray();
+        verifier.BlockUpdate(dataArray, 0, dataArray.Length);
+        var ok = verifier.VerifySignature(signature.ToArray());
        return ValueTask.FromResult(ok);
    }

--- a/src/__Libraries/StellaOps.Cryptography.Plugin.PqSoft/StellaOps.Cryptography.Plugin.PqSoft.csproj
+++ b/src/__Libraries/StellaOps.Cryptography.Plugin.PqSoft/StellaOps.Cryptography.Plugin.PqSoft.csproj
@@ -7,9 +7,9 @@
    <TreatWarningsAsErrors>false</TreatWarningsAsErrors>
  </PropertyGroup>
  <ItemGroup>
-    <PackageReference Include="BouncyCastle.Cryptography" Version="2.6.2" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Options" Version="10.0.0" />
+    <PackageReference Include="BouncyCastle.Cryptography" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" />
+    <PackageReference Include="Microsoft.Extensions.Options" />
  </ItemGroup>
  <ItemGroup>
    <ProjectReference Include="..\StellaOps.Cryptography\StellaOps.Cryptography.csproj" />