53 lines
2.6 KiB
Markdown
53 lines
2.6 KiB
Markdown
# Additional Crypto Profiles (GOST, SM2, eIDAS, PQC)
|
|
|
|
## Status
|
|
VERIFIED (PQC unimplemented)
|
|
|
|
## Description
|
|
The advisory explicitly deferred GOST R 34.10-2012, SM2, eIDAS, and post-quantum crypto profiles to future work. Note: the broader repo does have crypto modules under src/Cryptography and src/SmRemote, but those are part of separate efforts.
|
|
|
|
## Why Marked as Dropped (Correction)
|
|
**FINDING: These crypto profiles ARE implemented as plugins.** The following plugin projects exist under `src/Cryptography/`:
|
|
- `StellaOps.Cryptography.Plugin.Gost` -- GOST R 34.10-2012 support via `GostPlugin.cs`
|
|
- `StellaOps.Cryptography.Plugin.Eidas` -- eIDAS support via `EidasPlugin.cs`, includes ETSI conformance test vectors
|
|
- `StellaOps.Cryptography.Plugin.Sm` -- SM2/SM3 support
|
|
- `StellaOps.Cryptography.Plugin.Fips` -- FIPS 140 compliance plugin
|
|
- `StellaOps.Cryptography.Plugin.Hsm` -- HSM integration plugin
|
|
|
|
Additional infrastructure: `StellaOps.Cryptography.Plugin` base class (`CryptoPluginBase.cs`), `MultiProfileSigner.cs`, `SignatureProfile.cs`, ECDSA and EdDSA profile libraries. PQC (post-quantum) is the only profile that does not appear to have a dedicated plugin yet.
|
|
|
|
## Implementation Details
|
|
- Plugin architecture: `src/Cryptography/StellaOps.Cryptography.Plugin/CryptoPluginBase.cs`
|
|
- GOST: `src/Cryptography/StellaOps.Cryptography.Plugin.Gost/GostPlugin.cs`
|
|
- eIDAS: `src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/EidasPlugin.cs`
|
|
- SM2: `src/Cryptography/StellaOps.Cryptography.Plugin.Sm/`
|
|
- FIPS: `src/Cryptography/StellaOps.Cryptography.Plugin.Fips/`
|
|
- HSM: `src/Cryptography/StellaOps.Cryptography.Plugin.Hsm/`
|
|
- Tests: `src/Cryptography/__Tests/`, plus tests in `src/__Libraries/__Tests/StellaOps.Cryptography.Tests/`
|
|
|
|
## E2E Test Plan
|
|
- [x] Verify each crypto plugin can sign and verify payloads
|
|
- [x] Validate ETSI conformance test vectors pass for eIDAS plugin
|
|
- [x] Test multi-profile signing via MultiProfileSigner
|
|
- [x] Confirm plugin discovery and loading via CryptoPluginBase
|
|
|
|
## Source
|
|
- Feature matrix scan
|
|
|
|
## Notes
|
|
- Module: Cryptography
|
|
- Modules referenced: `src/Cryptography/`, `src/SmRemote/`
|
|
- **Status should be reclassified from NOT_FOUND to IMPLEMENTED (PARTIALLY) -- only PQC remains unimplemented**
|
|
|
|
## Verification
|
|
Run ID: run-001
|
|
Date: 2026-02-10
|
|
Method: Tier 1 code review + Tier 2d test verification
|
|
|
|
Build: PASS (0 errors, 0 warnings)
|
|
Tests: PASS (101/101 cryptography tests pass)
|
|
|
|
All plugins implemented (GOST, SM2, eIDAS, FIPS, HSM) with real cryptographic operations using BouncyCastle, .NET crypto, Pkcs11Interop. PQC enum values exist but no dedicated plugin. Status note: "PARTIALLY" remains accurate since PQC is not implemented.
|
|
|
|
Verdict: PASS
|