feat: Implement DefaultCryptoHmac for compliance-aware HMAC operations

- Added DefaultCryptoHmac class implementing ICryptoHmac interface. - Introduced purpose-based HMAC computation methods. - Implemented verification methods for HMACs with constant-time comparison. - Created HmacAlgorithms and HmacPurpose classes for well-known identifiers. - Added compliance profile support for HMAC algorithms. - Included asynchronous methods for HMAC computation from streams.
2025-12-06 00:41:04 +02:00
parent 43c281a8b2
commit f0662dd45f
362 changed files with 8441 additions and 22338 deletions
--- a/src/Attestor/StellaOps.Attestor.Verify/AttestorVerificationEngine.cs
+++ b/src/Attestor/StellaOps.Attestor.Verify/AttestorVerificationEngine.cs
@@ -11,21 +11,25 @@ using StellaOps.Attestor.Core.Options;
 using StellaOps.Attestor.Core.Storage;
 using StellaOps.Attestor.Core.Submission;
 using StellaOps.Attestor.Core.Verification;
+using StellaOps.Cryptography;

 namespace StellaOps.Attestor.Verify;

 public sealed class AttestorVerificationEngine : IAttestorVerificationEngine
 {
    private readonly IDsseCanonicalizer _canonicalizer;
+    private readonly ICryptoHash _cryptoHash;
    private readonly AttestorOptions _options;
    private readonly ILogger<AttestorVerificationEngine> _logger;

    public AttestorVerificationEngine(
        IDsseCanonicalizer canonicalizer,
+        ICryptoHash cryptoHash,
        IOptions<AttestorOptions> options,
        ILogger<AttestorVerificationEngine> logger)
    {
        _canonicalizer = canonicalizer ?? throw new ArgumentNullException(nameof(canonicalizer));
+        _cryptoHash = cryptoHash ?? throw new ArgumentNullException(nameof(cryptoHash));
        _options = options?.Value ?? throw new ArgumentNullException(nameof(options));
        _logger = logger ?? throw new ArgumentNullException(nameof(logger));
    }
@@ -126,7 +130,7 @@ public sealed class AttestorVerificationEngine : IAttestorVerificationEngine
                });
        }

-        var computedHash = Convert.ToHexString(SHA256.HashData(canonicalBundle)).ToLowerInvariant();
+        var computedHash = _cryptoHash.ComputeHashHexForPurpose(canonicalBundle, HashPurpose.Attestation);
        if (!string.Equals(computedHash, entry.BundleSha256, StringComparison.OrdinalIgnoreCase))
        {
            signatureIssues.Add("bundle_hash_mismatch");
@@ -806,14 +810,13 @@ public sealed class AttestorVerificationEngine : IAttestorVerificationEngine
        return buffer;
    }

-    private static byte[] HashInternal(byte[] left, byte[] right)
+    private byte[] HashInternal(byte[] left, byte[] right)
    {
-        using var sha = SHA256.Create();
        var buffer = new byte[1 + left.Length + right.Length];
        buffer[0] = 0x01;
        Buffer.BlockCopy(left, 0, buffer, 1, left.Length);
        Buffer.BlockCopy(right, 0, buffer, 1 + left.Length, right.Length);
-        return sha.ComputeHash(buffer);
+        return _cryptoHash.ComputeHashForPurpose(buffer, HashPurpose.Merkle);
    }

    private static bool TryDecodeSecret(string value, out byte[] bytes)
--- a/src/Attestor/StellaOps.Attestor.Verify/StellaOps.Attestor.Verify.csproj
+++ b/src/Attestor/StellaOps.Attestor.Verify/StellaOps.Attestor.Verify.csproj
@@ -8,5 +8,6 @@
  </PropertyGroup>
  <ItemGroup>
    <ProjectReference Include="..\\StellaOps.Attestor\\StellaOps.Attestor.Core\\StellaOps.Attestor.Core.csproj" />
+    <ProjectReference Include="..\\..\\__Libraries\\StellaOps.Cryptography\\StellaOps.Cryptography.csproj" />
  </ItemGroup>
 </Project>
--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/StellaOps.Attestor.Infrastructure.csproj
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Infrastructure/StellaOps.Attestor.Infrastructure.csproj
@@ -14,13 +14,13 @@
    <ProjectReference Include="..\..\..\__Libraries\StellaOps.Cryptography.Kms\StellaOps.Cryptography.Kms.csproj" />
  </ItemGroup>
  <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="10.0.0-rc.2.25502.107" />
-    <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="10.0.0-rc.2.25502.107" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.0-rc.2.25502.107" />
-    <PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="10.0.0-rc.2.25502.107" />
-    <PackageReference Include="Microsoft.Extensions.Hosting" Version="10.0.0-rc.2.25502.107" />
-    <PackageReference Include="Microsoft.Extensions.Options" Version="10.0.0-rc.2.25502.107" />
-    <PackageReference Include="Microsoft.Extensions.Http" Version="10.0.0-rc.2.25502.107" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="10.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="10.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="10.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Hosting" Version="10.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Options" Version="10.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Http" Version="10.0.0" />
    <PackageReference Include="MongoDB.Driver" Version="3.5.0" />
    <PackageReference Include="StackExchange.Redis" Version="2.8.24" />
    <PackageReference Include="AWSSDK.S3" Version="3.7.307.6" />
--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Tests/StellaOps.Attestor.Tests.csproj
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Tests/StellaOps.Attestor.Tests.csproj
@@ -8,7 +8,7 @@
    <UseConcelierTestInfra>false</UseConcelierTestInfra>
  </PropertyGroup>
  <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="10.0.0-rc.2.25502.107" />
+    <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="10.0.0" />
    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.14.0" />
    <PackageReference Include="xunit" Version="2.9.2" />
    <PackageReference Include="xunit.runner.visualstudio" Version="2.8.2" />
--- a/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/StellaOps.Attestor.WebService.csproj
+++ b/src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/StellaOps.Attestor.WebService.csproj
@@ -8,7 +8,7 @@
    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
  </PropertyGroup>
  <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.0-rc.2.25502.107" />
+    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.0" />
    <PackageReference Include="MongoDB.Driver" Version="3.5.0" />
    <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.12.0" />
    <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.12.0" />