feat: Implement DefaultCryptoHmac for compliance-aware HMAC operations

- Added DefaultCryptoHmac class implementing ICryptoHmac interface. - Introduced purpose-based HMAC computation methods. - Implemented verification methods for HMACs with constant-time comparison. - Created HmacAlgorithms and HmacPurpose classes for well-known identifiers. - Added compliance profile support for HMAC algorithms. - Included asynchronous methods for HMAC computation from streams.
2025-12-06 00:41:04 +02:00
parent 43c281a8b2
commit f0662dd45f
362 changed files with 8441 additions and 22338 deletions
--- a/src/__Libraries/StellaOps.Cryptography/ComplianceProfiles.cs
+++ b/src/__Libraries/StellaOps.Cryptography/ComplianceProfiles.cs
@@ -34,6 +34,12 @@ public static class ComplianceProfiles
            [HashPurpose.Interop] = "sha256:",
            [HashPurpose.Secret] = "argon2id:",
        },
+        HmacPurposeAlgorithms = new Dictionary<string, string>
+        {
+            [HmacPurpose.Signing] = HmacAlgorithms.HmacSha256,
+            [HmacPurpose.Authentication] = HmacAlgorithms.HmacSha256,
+            [HmacPurpose.WebhookInterop] = HmacAlgorithms.HmacSha256,
+        },
        AllowInteropOverride = true,
    };

@@ -67,6 +73,12 @@ public static class ComplianceProfiles
            [HashPurpose.Interop] = "sha256:",
            [HashPurpose.Secret] = "pbkdf2:",
        },
+        HmacPurposeAlgorithms = new Dictionary<string, string>
+        {
+            [HmacPurpose.Signing] = HmacAlgorithms.HmacSha256,
+            [HmacPurpose.Authentication] = HmacAlgorithms.HmacSha256,
+            [HmacPurpose.WebhookInterop] = HmacAlgorithms.HmacSha256,
+        },
        AllowInteropOverride = true,
    };

@@ -99,6 +111,12 @@ public static class ComplianceProfiles
            [HashPurpose.Interop] = "sha256:",
            [HashPurpose.Secret] = "argon2id:",
        },
+        HmacPurposeAlgorithms = new Dictionary<string, string>
+        {
+            [HmacPurpose.Signing] = HmacAlgorithms.HmacGost3411,
+            [HmacPurpose.Authentication] = HmacAlgorithms.HmacGost3411,
+            [HmacPurpose.WebhookInterop] = HmacAlgorithms.HmacSha256, // External compatibility
+        },
        AllowInteropOverride = true,
    };

@@ -131,6 +149,12 @@ public static class ComplianceProfiles
            [HashPurpose.Interop] = "sha256:",
            [HashPurpose.Secret] = "argon2id:",
        },
+        HmacPurposeAlgorithms = new Dictionary<string, string>
+        {
+            [HmacPurpose.Signing] = HmacAlgorithms.HmacSm3,
+            [HmacPurpose.Authentication] = HmacAlgorithms.HmacSm3,
+            [HmacPurpose.WebhookInterop] = HmacAlgorithms.HmacSha256, // External compatibility
+        },
        AllowInteropOverride = true,
    };

@@ -163,6 +187,12 @@ public static class ComplianceProfiles
            [HashPurpose.Interop] = "sha256:",
            [HashPurpose.Secret] = "argon2id:",
        },
+        HmacPurposeAlgorithms = new Dictionary<string, string>
+        {
+            [HmacPurpose.Signing] = HmacAlgorithms.HmacSha256,
+            [HmacPurpose.Authentication] = HmacAlgorithms.HmacSha256,
+            [HmacPurpose.WebhookInterop] = HmacAlgorithms.HmacSha256,
+        },
        AllowInteropOverride = true,
    };

@@ -195,6 +225,12 @@ public static class ComplianceProfiles
            [HashPurpose.Interop] = "sha256:",
            [HashPurpose.Secret] = "argon2id:",
        },
+        HmacPurposeAlgorithms = new Dictionary<string, string>
+        {
+            [HmacPurpose.Signing] = HmacAlgorithms.HmacSha256,
+            [HmacPurpose.Authentication] = HmacAlgorithms.HmacSha256,
+            [HmacPurpose.WebhookInterop] = HmacAlgorithms.HmacSha256,
+        },
        AllowInteropOverride = true,
    };