stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/checked/cryptography/additional-crypto-profiles.md
master cf5b72974f save checkpoint
2026-02-11 01:32:14 +02:00

129 lines
7.0 KiB
Markdown
Raw Blame History

# Additional Crypto Profiles (GOST, SM2, eIDAS, PQC)
## Status
VERIFIED (PQC unimplemented)
## Description
The advisory explicitly deferred GOST R 34.10-2012, SM2, eIDAS, and post-quantum crypto profiles to future work. Note: the broader repo does have crypto modules under src/Cryptography and src/SmRemote, but those are part of separate efforts.
## Why Marked as Dropped (Correction)
**FINDING: These crypto profiles ARE implemented as plugins.** The following plugin projects exist under `src/Cryptography/`:
- `StellaOps.Cryptography.Plugin.Gost` -- GOST R 34.10-2012 support via `GostPlugin.cs`
- `StellaOps.Cryptography.Plugin.Eidas` -- eIDAS support via `EidasPlugin.cs`, includes ETSI conformance test vectors
- `StellaOps.Cryptography.Plugin.Sm` -- SM2/SM3 support
- `StellaOps.Cryptography.Plugin.Fips` -- FIPS 140 compliance plugin
- `StellaOps.Cryptography.Plugin.Hsm` -- HSM integration plugin
Additional infrastructure: `StellaOps.Cryptography.Plugin` base class (`CryptoPluginBase.cs`), `MultiProfileSigner.cs`, `SignatureProfile.cs`, ECDSA and EdDSA profile libraries. PQC (post-quantum) is the only profile that does not appear to have a dedicated plugin yet.
## Implementation Details
- Plugin architecture: `src/Cryptography/StellaOps.Cryptography.Plugin/CryptoPluginBase.cs`
- GOST: `src/Cryptography/StellaOps.Cryptography.Plugin.Gost/GostPlugin.cs`
- eIDAS: `src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/EidasPlugin.cs`
- SM2: `src/Cryptography/StellaOps.Cryptography.Plugin.Sm/`
- FIPS: `src/Cryptography/StellaOps.Cryptography.Plugin.Fips/`
- HSM: `src/Cryptography/StellaOps.Cryptography.Plugin.Hsm/`
- Tests: `src/Cryptography/__Tests/`, plus tests in `src/__Libraries/__Tests/StellaOps.Cryptography.Tests/`
## E2E Test Plan
- [x] Verify each crypto plugin can sign and verify payloads
- [x] Validate ETSI conformance test vectors pass for eIDAS plugin
- [x] Test multi-profile signing via MultiProfileSigner
- [x] Confirm plugin discovery and loading via CryptoPluginBase
## Source
- Feature matrix scan
## Notes
- Module: Cryptography
- Modules referenced: `src/Cryptography/`, `src/SmRemote/`
- **Status should be reclassified from NOT_FOUND to IMPLEMENTED (PARTIALLY) -- only PQC remains unimplemented**
## Verification
Run ID: run-001
Date: 2026-02-10
Method: Tier 1 code review + Tier 2d test verification
Build: PASS (0 errors, 0 warnings)
Tests: PASS (101/101 cryptography tests pass)
All plugins implemented (GOST, SM2, eIDAS, FIPS, HSM) with real cryptographic operations using BouncyCastle, .NET crypto, Pkcs11Interop. PQC enum values exist but no dedicated plugin. Status note: "PARTIALLY" remains accurate since PQC is not implemented.
Verdict: PASS
## Recheck (Run-002)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay.
- **Tests**: PASS (`src/Cryptography/__Tests/StellaOps.Cryptography.Tests`: 101/101).
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/cryptography/additional-crypto-profiles/run-002/tier2-integration-check.json`
- **Outcome**: Additional profile plugin coverage remains stable; PQC plugin caveat unchanged.
## Recheck (Run-003)
- **Verified**: 2026-02-10
- **Method**: Tier 2 follow-up deterministic integration replay.
- **Tests**: PASS (`src/Cryptography/__Tests/StellaOps.Cryptography.Tests`: 101/101).
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/cryptography/additional-crypto-profiles/run-003/tier2-integration-check.json`
- **Outcome**: Profile coverage remains stable; PQC caveat remains unchanged.
## Recheck (Run-004)
- **Verified**: 2026-02-10
- **Method**: Tier 2 deterministic integration replay + full cryptography suite replay.
- **Tests**: PASS (`src/Cryptography/__Tests/StellaOps.Cryptography.Tests`: 101/101).
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/cryptography/additional-crypto-profiles/run-004/tier2-integration-check.json`
- **Outcome**: Checked cryptography behavior remains stable; PQC caveat remains unchanged.
## Recheck (Run-005)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay.
- **Tests**: PASS (src/Cryptography/__Tests/StellaOps.Cryptography.Tests: 101/101).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/cryptography/additional-crypto-profiles/run-005/tier2-integration-check.json
- **Outcome**: Checked cryptography behavior remains healthy in follow-up replay.
## Recheck (Run-006)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay.
- **Tests**: PASS (src/Cryptography/__Tests/StellaOps.Cryptography.Tests: 101/101).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/cryptography/additional-crypto-profiles/run-006/tier2-integration-check.json
- **Outcome**: Checked cryptography behavior remains healthy in continued replay.
## Recheck (Run-007)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay.
- **Tests**: PASS (src/Cryptography/__Tests/StellaOps.Cryptography.Tests: 101/101).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/cryptography/additional-crypto-profiles/run-007/tier2-integration-check.json
- **Outcome**: Checked cryptography behavior remains healthy in continued replay.
## Recheck (Run-008)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay.
- **Tests**: PASS (src/Cryptography/__Tests/StellaOps.Cryptography.Tests: 101/101).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/cryptography/additional-crypto-profiles/run-008/tier2-integration-check.json
- **Outcome**: Checked cryptography behavior remains healthy in continued replay.
## Recheck (Run-009)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay.
- **Tests**: PASS (src/Cryptography/__Tests/StellaOps.Cryptography.Tests: 101/101).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/cryptography/additional-crypto-profiles/run-009/tier2-integration-check.json
- **Outcome**: Checked cryptography behavior remains healthy in continued replay.
## Recheck (Run-010)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay.
- **Tests**: PASS (src/Cryptography/__Tests/StellaOps.Cryptography.Tests: 101/101).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/cryptography/additional-crypto-profiles/run-010/tier2-integration-check.json
- **Outcome**: Checked cryptography behavior remains healthy in continued replay.
## Recheck (Run-011)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay.
- **Tests**: PASS (src/Cryptography/__Tests/StellaOps.Cryptography.Tests: 101/101).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/cryptography/additional-crypto-profiles/run-011/tier2-integration-check.json
- **Outcome**: Checked cryptography behavior remains healthy in continued replay.
## Recheck (Run-012)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic cryptography suite replay.
- **Tests**: PASS (src/Cryptography/__Tests/StellaOps.Cryptography.Tests: 101/101).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/cryptography/additional-crypto-profiles/run-012/tier2-integration-check.json
- **Outcome**: Checked cryptography behavior remains healthy in continued replay.
Reference in New Issue View Git Blame Copy Permalink