stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add support for ГОСТ Р 34.10 digital signatures

Browse Source 
- Implemented the GostKeyValue class for handling public key parameters in ГОСТ Р 34.10 digital signatures.
- Created the GostSignedXml class to manage XML signatures using ГОСТ 34.10, including methods for computing and checking signatures.
- Developed the GostSignedXmlImpl class to encapsulate the signature computation logic and public key retrieval.
- Added specific key value classes for ГОСТ Р 34.10-2001, ГОСТ Р 34.10-2012/256, and ГОСТ Р 34.10-2012/512 to support different signature algorithms.
- Ensured compatibility with existing XML signature standards while integrating ГОСТ cryptography.
This commit is contained in:
master
2025-11-09 21:59:57 +02:00
parent 75c2bcafce
commit cef4cb2c5a
486 changed files with 32952 additions and 801 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/__Libraries/StellaOps.Cryptography/TASKS.md
View File

@@ -1,11 +0,0 @@
# Active Tasks
| ID | Status | Owner | Description | Dependencies | Exit Criteria |
|----|--------|-------|-------------|--------------|---------------|
| SEC-CRYPTO-90-009 | TODO | Security Guild | Replace the placeholder CryptoPro plug-in with a true CryptoPro CSP implementation (GostCryptography driver, X509 store lookups, DER/raw normalization, deterministic logging). | SPRINT_514 | ✅ CryptoPro provider no longer depends on PKCS#11 core; ✅ Certificates resolved via thumbprint/container; ✅ Sign/verify + JWK export exercised in tests/harness. |
| SEC-CRYPTO-90-010 | TODO | Security Guild | Introduce `StellaOpsCryptoOptions` + configuration binding for registry profiles/keys and expose `AddStellaOpsCryptoRu(IConfiguration, …)` so hosts can enable `ru-offline` without handwritten wiring. | SPRINT_514 | ✅ Options bind from `StellaOps:Crypto` (registry, CryptoPro, PKCS#11); ✅ New DI helper registers providers + preferred order; ✅ Sample config (`etc/rootpack/ru/crypto.profile.yaml`) loads without custom code. |
| SEC-CRYPTO-90-011 | TODO | Security & Ops Guilds | Build the sovereign crypto CLI (`StellaOps.CryptoRu.Cli`) to list keys, perform test-sign operations, and emit determinism/audit payloads referenced by RootPack docs. | SPRINT_514 | ✅ CLI project under `src/Tools/`; ✅ `list` & `sign` commands hit provider registry; ✅ README/runbooks updated with usage examples. |
| SEC-CRYPTO-90-012 | TODO | Security Guild | Add CryptoPro + PKCS#11 integration tests (env/pin gated) and wire them into `scripts/crypto/run-rootpack-ru-tests.sh`, covering Streebog vectors and DER/raw signatures. | SPRINT_514 | ✅ New tests skip gracefully when env vars absent; ✅ Test harness logs include RU cases; ✅ CI instructions documented. |
| SEC-CRYPTO-90-013 | TODO | Security Guild | Extend the shared crypto stack with sovereign symmetric algorithms (Magma/Kuznyechik) so exports/data-at-rest can request Russian ciphers via the provider registry. | SPRINT_514 | ✅ Hash/service interfaces support symmetric operations; ✅ CryptoPro/PKCS#11 providers implement Magma/Kuznyechik; ✅ Sample usage documented/tests added. |
| SEC-CRYPTO-90-014 | TODO | Security Guild + Service Guilds | Update runtime hosts (Authority, Scanner WebService/Worker, Concelier, etc.) to register RU providers, bind `StellaOps:Crypto` profiles, and expose operator-facing configuration toggles. | SPRINT_514 | ✅ Each host calls the new DI helper/config binding; ✅ Default configs document `ru-offline`; ✅ Sovereign bundles verified end-to-end. |
| SEC-CRYPTO-90-015 | TODO | Security & Docs Guilds | Refresh RootPack/validation documentation once CLI/config/tests exist (remove TODO callouts, document final workflows). | SPRINT_514 | ✅ TODO sections removed from `rootpack_ru_*` docs; ✅ Final CLI/test steps published; ✅ Release checklist updated. |