stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

feat: Implement DefaultCryptoHmac for compliance-aware HMAC operations

Browse Source 
- Added DefaultCryptoHmac class implementing ICryptoHmac interface.
- Introduced purpose-based HMAC computation methods.
- Implemented verification methods for HMACs with constant-time comparison.
- Created HmacAlgorithms and HmacPurpose classes for well-known identifiers.
- Added compliance profile support for HMAC algorithms.
- Included asynchronous methods for HMAC computation from streams.
This commit is contained in:
StellaOps Bot
2025-12-06 00:41:04 +02:00
parent 43c281a8b2
commit f0662dd45f
362 changed files with 8441 additions and 22338 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
src/__Libraries/StellaOps.Cryptography/HmacPurpose.cs Normal file
View File

@@ -0,0 +1,46 @@
namespace StellaOps.Cryptography;
/// <summary>
/// Well-known HMAC purpose identifiers for compliance-aware cryptographic operations.
/// Components should request HMAC by PURPOSE, not by algorithm.
/// The platform resolves the correct algorithm based on the active compliance profile.
/// </summary>
public static class HmacPurpose
{
/// <summary>
/// DSSE envelope signing and message authentication codes.
/// Default: HMAC-SHA256 (world/fips/kcmvp/eidas), HMAC-GOST3411 (gost), HMAC-SM3 (sm).
/// </summary>
public const string Signing = "signing";
/// <summary>
/// Token and URL authentication (e.g., signed URLs, ack tokens).
/// Default: HMAC-SHA256 (world/fips/kcmvp/eidas), HMAC-GOST3411 (gost), HMAC-SM3 (sm).
/// </summary>
public const string Authentication = "auth";
/// <summary>
/// External webhook interoperability (third-party webhook receivers).
/// Always HMAC-SHA256, regardless of compliance profile.
/// Every use of this purpose MUST be documented with justification.
/// </summary>
public const string WebhookInterop = "webhook";
/// <summary>
/// All known HMAC purposes for validation.
/// </summary>
public static readonly IReadOnlyList<string> All = new[]
{
Signing,
Authentication,
WebhookInterop
};
/// <summary>
/// Validates whether the given purpose is known.
/// </summary>
/// <param name="purpose">The purpose to validate.</param>
/// <returns>True if the purpose is known; otherwise, false.</returns>
public static bool IsKnown(string? purpose)
=> !string.IsNullOrWhiteSpace(purpose) && All.Contains(purpose);
}