stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
5593212b414864ab213082c8945a267451b99901
git.stella-ops.org/docs/features/checked/cryptography/additional-crypto-profiles.md

2.6 KiB
Raw Blame History

Additional Crypto Profiles (GOST, SM2, eIDAS, PQC)

Status

VERIFIED (PQC unimplemented)

Description

The advisory explicitly deferred GOST R 34.10-2012, SM2, eIDAS, and post-quantum crypto profiles to future work. Note: the broader repo does have crypto modules under src/Cryptography and src/SmRemote, but those are part of separate efforts.

Why Marked as Dropped (Correction)

FINDING: These crypto profiles ARE implemented as plugins. The following plugin projects exist under src/Cryptography/:

  • StellaOps.Cryptography.Plugin.Gost -- GOST R 34.10-2012 support via GostPlugin.cs
  • StellaOps.Cryptography.Plugin.Eidas -- eIDAS support via EidasPlugin.cs, includes ETSI conformance test vectors
  • StellaOps.Cryptography.Plugin.Sm -- SM2/SM3 support
  • StellaOps.Cryptography.Plugin.Fips -- FIPS 140 compliance plugin
  • StellaOps.Cryptography.Plugin.Hsm -- HSM integration plugin

Additional infrastructure: StellaOps.Cryptography.Plugin base class (CryptoPluginBase.cs), MultiProfileSigner.cs, SignatureProfile.cs, ECDSA and EdDSA profile libraries. PQC (post-quantum) is the only profile that does not appear to have a dedicated plugin yet.

Implementation Details

  • Plugin architecture: src/Cryptography/StellaOps.Cryptography.Plugin/CryptoPluginBase.cs
  • GOST: src/Cryptography/StellaOps.Cryptography.Plugin.Gost/GostPlugin.cs
  • eIDAS: src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/EidasPlugin.cs
  • SM2: src/Cryptography/StellaOps.Cryptography.Plugin.Sm/
  • FIPS: src/Cryptography/StellaOps.Cryptography.Plugin.Fips/
  • HSM: src/Cryptography/StellaOps.Cryptography.Plugin.Hsm/
  • Tests: src/Cryptography/__Tests/, plus tests in src/__Libraries/__Tests/StellaOps.Cryptography.Tests/

E2E Test Plan

  • Verify each crypto plugin can sign and verify payloads
  • Validate ETSI conformance test vectors pass for eIDAS plugin
  • Test multi-profile signing via MultiProfileSigner
  • Confirm plugin discovery and loading via CryptoPluginBase

Source

  • Feature matrix scan

Notes

  • Module: Cryptography
  • Modules referenced: src/Cryptography/, src/SmRemote/
  • Status should be reclassified from NOT_FOUND to IMPLEMENTED (PARTIALLY) -- only PQC remains unimplemented

Verification

Run ID: run-001 Date: 2026-02-10 Method: Tier 1 code review + Tier 2d test verification

Build: PASS (0 errors, 0 warnings) Tests: PASS (101/101 cryptography tests pass)

All plugins implemented (GOST, SM2, eIDAS, FIPS, HSM) with real cryptographic operations using BouncyCastle, .NET crypto, Pkcs11Interop. PQC enum values exist but no dedicated plugin. Status note: "PARTIALLY" remains accurate since PQC is not implemented.

Verdict: PASS