stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

feat: Implement DefaultCryptoHmac for compliance-aware HMAC operations

Browse Source 
- Added DefaultCryptoHmac class implementing ICryptoHmac interface.
- Introduced purpose-based HMAC computation methods.
- Implemented verification methods for HMACs with constant-time comparison.
- Created HmacAlgorithms and HmacPurpose classes for well-known identifiers.
- Added compliance profile support for HMAC algorithms.
- Included asynchronous methods for HMAC computation from streams.
This commit is contained in:
StellaOps Bot
2025-12-06 00:41:04 +02:00
parent 43c281a8b2
commit f0662dd45f
362 changed files with 8441 additions and 22338 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/Provenance/__Tests/StellaOps.Provenance.Attestation.Tests/SampleStatementDigestTests.cs
View File

@@ -4,6 +4,7 @@ using System.IO;
using System.Linq;
using System.Text.Json;
using FluentAssertions;
using StellaOps.Cryptography;
using StellaOps.Provenance.Attestation;
using Xunit;
@@ -11,6 +12,8 @@ namespace StellaOps.Provenance.Attestation.Tests;
public class SampleStatementDigestTests
{
private readonly ICryptoHash _cryptoHash = DefaultCryptoHash.CreateForTests();
private static readonly JsonSerializerOptions SerializerOptions = new()
{
PropertyNamingPolicy = null,
@@ -55,8 +58,9 @@ public class SampleStatementDigestTests
}
[Fact]
public void Sha256_hashes_match_expected_samples()
public void Hashes_match_expected_samples()
{
// Expected hashes using FIPS profile (SHA-256 for attestation purpose)
var expectations = new Dictionary<string, string>(StringComparer.Ordinal)
{
["build-statement-sample.json"] = "3d9f673803f711940f47c85b33ad9776dc90bdfaf58922903cc9bd401b9f56b0",
@@ -67,7 +71,7 @@ public class SampleStatementDigestTests
foreach (var (name, statement) in LoadSamples())
{
BuildStatementDigest.ComputeSha256Hex(statement)
BuildStatementDigest.ComputeHashHex(_cryptoHash, statement)
.Should()
.Be(expectations[name], because: $"{name} hash must be deterministic");
}
@@ -77,7 +81,7 @@ public class SampleStatementDigestTests
public void Merkle_root_is_stable_across_sample_set()
{
var statements = LoadSamples().Select(pair => pair.Statement).ToArray();
BuildStatementDigest.ComputeMerkleRootHex(statements)
BuildStatementDigest.ComputeMerkleRootHex(_cryptoHash, statements)
.Should()
.Be("958465d432c9c8497f9ea5c1476cc7f2bea2a87d3ca37d8293586bf73922dd73");
}