# ============================================================================= # STELLA OPS - CRYPTO SIMULATION OVERLAY # ============================================================================= # Universal crypto simulation service for testing sovereign crypto without # licensed hardware or certified modules. # # This overlay provides the sim-crypto-service which simulates: # - GOST R 34.10-2012 (Russia): GOST12-256, GOST12-512, ru.magma.sim, ru.kuznyechik.sim # - SM2/SM3/SM4 (China): SM2, sm.sim, sm2.sim # - Post-Quantum: DILITHIUM3, FALCON512, pq.sim # - FIPS/eIDAS/KCMVP: fips.sim, eidas.sim, kcmvp.sim, world.sim # # Usage with China compliance: # docker compose -f docker-compose.stella-ops.yml \ # -f docker-compose.compliance-china.yml \ # -f docker-compose.crypto-sim.yml up -d # # Usage with Russia compliance: # docker compose -f docker-compose.stella-ops.yml \ # -f docker-compose.compliance-russia.yml \ # -f docker-compose.crypto-sim.yml up -d # # Usage with EU compliance: # docker compose -f docker-compose.stella-ops.yml \ # -f docker-compose.compliance-eu.yml \ # -f docker-compose.crypto-sim.yml up -d # # IMPORTANT: This is for TESTING/DEVELOPMENT ONLY. # - Uses deterministic HMAC-SHA256 for SM/GOST/PQ (not real algorithms) # - Uses static ECDSA P-256 key for FIPS/eIDAS/KCMVP # - NOT suitable for production or compliance certification # # ============================================================================= x-crypto-sim-labels: &crypto-sim-labels com.stellaops.component: "crypto-sim" com.stellaops.profile: "simulation" com.stellaops.production: "false" x-sim-crypto-env: &sim-crypto-env STELLAOPS_CRYPTO_ENABLE_SIM: "1" STELLAOPS_CRYPTO_SIM_URL: "http://sim-crypto:8080" networks: stellaops: external: true name: stellaops services: # --------------------------------------------------------------------------- # Sim Crypto Service - Universal sovereign crypto simulator # --------------------------------------------------------------------------- sim-crypto: build: context: ../services/crypto/sim-crypto-service dockerfile: Dockerfile image: registry.stella-ops.org/stellaops/sim-crypto:dev container_name: stellaops-sim-crypto restart: unless-stopped environment: ASPNETCORE_URLS: "http://0.0.0.0:8080" ASPNETCORE_ENVIRONMENT: "Development" ports: - "${SIM_CRYPTO_PORT:-18090}:8080" networks: - stellaops healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8080/keys"] interval: 30s timeout: 10s retries: 3 start_period: 10s labels: *crypto-sim-labels # --------------------------------------------------------------------------- # Override services to use sim-crypto # --------------------------------------------------------------------------- # Authority - Enable sim crypto authority: environment: <<: *sim-crypto-env labels: com.stellaops.crypto.simulator: "enabled" # Signer - Enable sim crypto signer: environment: <<: *sim-crypto-env labels: com.stellaops.crypto.simulator: "enabled" # Attestor - Enable sim crypto attestor: environment: <<: *sim-crypto-env labels: com.stellaops.crypto.simulator: "enabled" # Scanner Web - Enable sim crypto scanner-web: environment: <<: *sim-crypto-env labels: com.stellaops.crypto.simulator: "enabled" # Scanner Worker - Enable sim crypto scanner-worker: environment: <<: *sim-crypto-env labels: com.stellaops.crypto.simulator: "enabled" # Excititor - Enable sim crypto excititor: environment: <<: *sim-crypto-env labels: com.stellaops.crypto.simulator: "enabled"