stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

Add support for ГОСТ Р 34.10 digital signatures

Browse Source 
- Implemented the GostKeyValue class for handling public key parameters in ГОСТ Р 34.10 digital signatures.
- Created the GostSignedXml class to manage XML signatures using ГОСТ 34.10, including methods for computing and checking signatures.
- Developed the GostSignedXmlImpl class to encapsulate the signature computation logic and public key retrieval.
- Added specific key value classes for ГОСТ Р 34.10-2001, ГОСТ Р 34.10-2012/256, and ГОСТ Р 34.10-2012/512 to support different signature algorithms.
- Ensured compatibility with existing XML signature standards while integrating ГОСТ cryptography.
This commit is contained in:
master
2025-11-09 21:59:57 +02:00
parent 75c2bcafce
commit cef4cb2c5a
486 changed files with 32952 additions and 801 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
src/__Libraries/__Tests/StellaOps.Cryptography.Tests/CryptoProGostSignerTests.cs Normal file
View File

@@ -0,0 +1,41 @@
#if STELLAOPS_CRYPTO_PRO
using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using Microsoft.IdentityModel.Tokens;
using StellaOps.Cryptography;
using StellaOps.Cryptography.Plugin.CryptoPro;
using Xunit;
namespace StellaOps.Cryptography.Tests;
public class CryptoProGostSignerTests
{
[Fact]
public void ExportPublicJsonWebKey_ContainsCertificateChain()
{
using var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP256);
var request = new CertificateRequest("CN=stellaops.test", ecdsa, HashAlgorithmName.SHA256);
using var cert = request.CreateSelfSigned(DateTimeOffset.UtcNow.AddDays(-1), DateTimeOffset.UtcNow.AddDays(1));
var entry = new CryptoProGostKeyEntry(
"test-key",
SignatureAlgorithms.GostR3410_2012_256,
cert,
"provider",
containerName: null,
useMachineKeyStore: false,
signatureFormat: GostSignatureFormat.Der);
var signer = new CryptoProGostSigner(entry);
var jwk = signer.ExportPublicJsonWebKey();
Assert.Equal("test-key", jwk.Kid);
Assert.Equal(SignatureAlgorithms.GostR3410_2012_256, jwk.Alg);
Assert.Equal(JsonWebKeyUseNames.Sig, jwk.Use);
Assert.Single(jwk.X5c);
Assert.Equal("EC", jwk.Kty);
}
}
#endif

42
src/__Libraries/__Tests/StellaOps.Cryptography.Tests/GostSignatureEncodingTests.cs Normal file
View File

@@ -0,0 +1,42 @@
#if STELLAOPS_CRYPTO_PRO
using System;
using System.Linq;
using System.Security.Cryptography;
using StellaOps.Cryptography.Plugin.CryptoPro;
using Xunit;
namespace StellaOps.Cryptography.Tests;
public class GostSignatureEncodingTests
{
[Theory]
[InlineData(32)]
[InlineData(64)]
public void RawAndDer_RoundTrip(int coordinateLength)
{
var raw = Enumerable.Range(1, coordinateLength * 2)
.Select(i => (byte)(i & 0xFF))
.ToArray();
var der = GostSignatureEncoding.ToDer(raw, coordinateLength);
Assert.True(GostSignatureEncoding.IsDer(der));
var roundTrip = GostSignatureEncoding.ToRaw(der, coordinateLength);
Assert.Equal(raw, roundTrip);
}
[Fact]
public void ToDer_Throws_When_Length_Invalid()
{
var raw = new byte[10];
Assert.Throws<CryptographicException>(() => GostSignatureEncoding.ToDer(raw, coordinateLength: 32));
}
[Fact]
public void ToRaw_Throws_When_Not_Der()
{
var raw = new byte[64];
Assert.Throws<CryptographicException>(() => GostSignatureEncoding.ToRaw(raw, coordinateLength: 32));
}
}
#endif

50
src/__Libraries/__Tests/StellaOps.Cryptography.Tests/OpenSslGostSignerTests.cs Normal file
View File

@@ -0,0 +1,50 @@
using System.Text;
using System.Threading.Tasks;
using Org.BouncyCastle.Asn1.CryptoPro;
using Org.BouncyCastle.Asn1.Rosstandart;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Crypto.Prng;
using Org.BouncyCastle.Security;
using StellaOps.Cryptography;
using StellaOps.Cryptography.Plugin.OpenSslGost;
using Xunit;
namespace StellaOps.Cryptography.Tests;
public class OpenSslGostSignerTests
{
[Fact]
public async Task SignAndVerify_WithManagedProvider_Succeeds()
{
var keyPair = GenerateKeyPair();
var entry = new OpenSslGostKeyEntry(
"ru-openssl-test",
SignatureAlgorithms.GostR3410_2012_256,
(ECPrivateKeyParameters)keyPair.Private,
(ECPublicKeyParameters)keyPair.Public,
certificate: null,
signatureFormat: GostSignatureFormat.Raw);
var signer = new OpenSslGostSigner(entry);
var payload = Encoding.UTF8.GetBytes("open-ssl-gost");
var signature = await signer.SignAsync(payload);
Assert.True(await signer.VerifyAsync(payload, signature));
var jwk = signer.ExportPublicJsonWebKey();
Assert.Equal("ru-openssl-test", jwk.Kid);
Assert.Equal(SignatureAlgorithms.GostR3410_2012_256, jwk.Alg);
Assert.Empty(jwk.X5c);
}
private static AsymmetricCipherKeyPair GenerateKeyPair()
{
var generator = new ECKeyPairGenerator("ECGOST3410");
var parameters = ECGost3410NamedCurves.GetByOid(RosstandartObjectIdentifiers.id_tc26_gost_3410_12_256_paramSetA);
var domain = new ECDomainParameters(parameters.Curve, parameters.G, parameters.N, parameters.H);
generator.Init(new ECKeyGenerationParameters(domain, new SecureRandom(new CryptoApiRandomGenerator())));
return generator.GenerateKeyPair();
}
}

6
src/__Libraries/__Tests/StellaOps.Cryptography.Tests/StellaOps.Cryptography.Tests.csproj
View File

@@ -13,5 +13,9 @@
<ProjectReference Include="../../StellaOps.Cryptography/StellaOps.Cryptography.csproj" />
<ProjectReference Include="../../StellaOps.Cryptography.DependencyInjection/StellaOps.Cryptography.DependencyInjection.csproj" />
<ProjectReference Include="../../StellaOps.Cryptography.Plugin.BouncyCastle/StellaOps.Cryptography.Plugin.BouncyCastle.csproj" />
<ProjectReference Include="../../StellaOps.Cryptography.Plugin.OpenSslGost/StellaOps.Cryptography.Plugin.OpenSslGost.csproj" />
</ItemGroup>
</Project>
<ItemGroup Condition="'$(StellaOpsEnableCryptoPro)' == 'true'">
<ProjectReference Include="../../StellaOps.Cryptography.Plugin.CryptoPro/StellaOps.Cryptography.Plugin.CryptoPro.csproj" />
</ItemGroup>
</Project>