stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
1bf6bbf3955ecbd8d20f5eeb767da5c7f8324b57
git.stella-ops.org/docs/features/unchecked/cryptography/crypto-provider-plugin-architecture.md

3.0 KiB
Raw Blame History

Crypto Provider Plugin Architecture (GOST, SM, FIPS, eIDAS)

Module

Cryptography

Status

IMPLEMENTED

Description

Full plugin-based crypto architecture with dedicated plugins for GOST, SM (Chinese), FIPS, and eIDAS regional crypto profiles. MultiProfileSigner supports runtime profile selection.

Implementation Details

  • CryptoPluginBase: src/Cryptography/StellaOps.Cryptography.Plugin/CryptoPluginBase.cs -- abstract base class for all crypto plugins implementing IPlugin + ICryptoCapability; provides lifecycle management, SignAsync/VerifyAsync/EncryptAsync/DecryptAsync/HashAsync abstract methods, CanHandle for algorithm routing
  • GostPlugin: src/Cryptography/StellaOps.Cryptography.Plugin.Gost/GostPlugin.cs -- GOST R 34.10-2012 / GOST R 34.11-2012 (Streebog) crypto provider for Russian Federation compliance
  • SmPlugin: src/Cryptography/StellaOps.Cryptography.Plugin.Sm/SmPlugin.cs -- SM2/SM3/SM4 crypto provider for Chinese national standards compliance
  • FipsPlugin: src/Cryptography/StellaOps.Cryptography.Plugin.Fips/FipsPlugin.cs -- FIPS 140-2/3 compliant crypto provider restricting operations to FIPS-approved algorithms
  • EidasPlugin: src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/EidasPlugin.cs -- EU eIDAS regulation crypto provider with qualified timestamping and CAdES signature support
  • HsmPlugin: src/Cryptography/StellaOps.Cryptography.Plugin.Hsm/HsmPlugin.cs -- Hardware Security Module plugin with PKCS#11 integration
  • MultiProfileSigner: src/Cryptography/StellaOps.Cryptography/MultiProfileSigner.cs -- orchestrates concurrent signing with multiple IContentSigner profiles (e.g., EdDSA + GOST dual-stack); SignAllAsync runs all profiles via Task.WhenAll; returns MultiSignatureResult with all signatures + timestamp
  • IContentSigner: src/Cryptography/StellaOps.Cryptography/IContentSigner.cs -- signer interface: SignAsync, Profile, Algorithm, KeyId; extends IDisposable
  • IContentVerifier: src/Cryptography/StellaOps.Cryptography/IContentVerifier.cs -- verifier interface
  • SignatureProfile: src/Cryptography/StellaOps.Cryptography/SignatureProfile.cs -- enum/model for crypto profiles
  • Models: src/Cryptography/StellaOps.Cryptography/Models/ -- MultiSignatureResult, SignatureResult, Signature, VerificationResult
  • Tests: src/Cryptography/__Tests/StellaOps.Cryptography.Tests/CryptographyModelTests.cs
  • Source: Feature matrix scan

E2E Test Plan

  • Verify each crypto plugin (GOST, SM, FIPS, eIDAS, HSM) can be loaded and initialized through the plugin system
  • Verify CryptoPluginBase lifecycle: initialization, health check, and disposal
  • Test CanHandle routes signing requests to the correct plugin based on algorithm prefix
  • Verify MultiProfileSigner signs with all configured profiles concurrently and returns combined result
  • Test dual-stack signing (e.g., EdDSA + GOST) produces two independent signatures
  • Verify plugin health checks report connected/disconnected status
  • Verify FIPS plugin rejects non-FIPS-approved algorithms