36 lines
3.0 KiB
Markdown
36 lines
3.0 KiB
Markdown
# Regional Crypto Profiles (FIPS, GOST, eIDAS, SM)
|
|
|
|
## Module
|
|
Cryptography
|
|
|
|
## Status
|
|
IMPLEMENTED
|
|
|
|
## Description
|
|
Full crypto profile system with plugins for FIPS, GOST, eIDAS (with qualified timestamping), SM (Chinese standards), and HSM (PKCS#11). Supports multi-profile signing and EdDSA/ECDSA-P256 profiles.
|
|
|
|
## Implementation Details
|
|
- **FipsPlugin**: `src/Cryptography/StellaOps.Cryptography.Plugin.Fips/FipsPlugin.cs` -- FIPS 140-2/3 compliant crypto provider restricting to approved algorithms (RSA, ECDSA, AES-GCM, SHA-2)
|
|
- **GostPlugin**: `src/Cryptography/StellaOps.Cryptography.Plugin.Gost/GostPlugin.cs` -- Russian Federation GOST R 34.10-2012 (digital signatures) and GOST R 34.11-2012 Streebog (hashing) provider
|
|
- **EidasPlugin**: `src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/EidasPlugin.cs` -- EU eIDAS provider with qualified timestamping (QualifiedTimestampVerifier, EuTrustListService, TimestampModeSelector) and CAdES signature building (CadesSignatureBuilder)
|
|
- **SmPlugin**: `src/Cryptography/StellaOps.Cryptography.Plugin.Sm/SmPlugin.cs` -- Chinese national standards: SM2 (elliptic curve), SM3 (hash), SM4 (block cipher) provider
|
|
- **HsmPlugin**: `src/Cryptography/StellaOps.Cryptography.Plugin.Hsm/HsmPlugin.cs` -- PKCS#11 HSM integration with RSA/ECDSA/AES-GCM support
|
|
- **CryptoPluginBase**: `src/Cryptography/StellaOps.Cryptography.Plugin/CryptoPluginBase.cs` -- abstract base for all crypto plugins; lifecycle management + ICryptoCapability interface
|
|
- **MultiProfileSigner**: `src/Cryptography/StellaOps.Cryptography/MultiProfileSigner.cs` -- concurrent multi-profile signing via Task.WhenAll across IContentSigner profiles; returns MultiSignatureResult with all signatures
|
|
- **Ed25519Signer/Verifier**: `src/Cryptography/StellaOps.Cryptography.Profiles.EdDsa/Ed25519Signer.cs`, `Ed25519Verifier.cs` -- EdDSA Ed25519 profile implementation
|
|
- **EcdsaP256Signer**: `src/Cryptography/StellaOps.Cryptography.Profiles.Ecdsa/EcdsaP256Signer.cs` -- ECDSA P-256 profile implementation
|
|
- **IContentSigner/IContentVerifier**: `src/Cryptography/StellaOps.Cryptography/IContentSigner.cs`, `IContentVerifier.cs` -- signer/verifier abstractions with Profile, Algorithm, KeyId
|
|
- **SignatureProfile**: `src/Cryptography/StellaOps.Cryptography/SignatureProfile.cs` -- profile model
|
|
- **Source**: Feature matrix scan
|
|
|
|
## E2E Test Plan
|
|
- [ ] Verify each regional plugin (FIPS, GOST, eIDAS, SM, HSM) loads and passes health check
|
|
- [ ] Verify FIPS plugin rejects non-FIPS algorithms and accepts approved ones
|
|
- [ ] Verify GOST plugin supports GOST R 34.10-2012 signing and GOST R 34.11-2012 hashing
|
|
- [ ] Verify eIDAS plugin integrates qualified timestamping with EU Trust List validation
|
|
- [ ] Verify SM plugin supports SM2 signing, SM3 hashing, SM4 encryption
|
|
- [ ] Test multi-profile signing with EdDSA + GOST dual-stack produces two independent signatures
|
|
- [ ] Verify Ed25519 signer/verifier round-trip (sign then verify)
|
|
- [ ] Verify ECDSA P-256 signer round-trip
|
|
- [ ] Test profile selection routes to correct plugin based on algorithm
|