stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/checked/cryptography/regional-crypto-profiles.md
master cf5b72974f save checkpoint
2026-02-11 01:32:14 +02:00

7.9 KiB
Raw Blame History

Regional Crypto Profiles (FIPS, GOST, eIDAS, SM)

Module

Cryptography

Status

VERIFIED

Description

Full crypto profile system with plugins for FIPS, GOST, eIDAS (with qualified timestamping), SM (Chinese standards), and HSM (PKCS#11). Supports multi-profile signing and EdDSA/ECDSA-P256 profiles.

Implementation Details

  • FipsPlugin: src/Cryptography/StellaOps.Cryptography.Plugin.Fips/FipsPlugin.cs -- FIPS 140-2/3 compliant crypto provider restricting to approved algorithms (RSA, ECDSA, AES-GCM, SHA-2)
  • GostPlugin: src/Cryptography/StellaOps.Cryptography.Plugin.Gost/GostPlugin.cs -- Russian Federation GOST R 34.10-2012 (digital signatures) and GOST R 34.11-2012 Streebog (hashing) provider
  • EidasPlugin: src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/EidasPlugin.cs -- EU eIDAS provider with qualified timestamping (QualifiedTimestampVerifier, EuTrustListService, TimestampModeSelector) and CAdES signature building (CadesSignatureBuilder)
  • SmPlugin: src/Cryptography/StellaOps.Cryptography.Plugin.Sm/SmPlugin.cs -- Chinese national standards: SM2 (elliptic curve), SM3 (hash), SM4 (block cipher) provider
  • HsmPlugin: src/Cryptography/StellaOps.Cryptography.Plugin.Hsm/HsmPlugin.cs -- PKCS#11 HSM integration with RSA/ECDSA/AES-GCM support
  • CryptoPluginBase: src/Cryptography/StellaOps.Cryptography.Plugin/CryptoPluginBase.cs -- abstract base for all crypto plugins; lifecycle management + ICryptoCapability interface
  • MultiProfileSigner: src/Cryptography/StellaOps.Cryptography/MultiProfileSigner.cs -- concurrent multi-profile signing via Task.WhenAll across IContentSigner profiles; returns MultiSignatureResult with all signatures
  • Ed25519Signer/Verifier: src/Cryptography/StellaOps.Cryptography.Profiles.EdDsa/Ed25519Signer.cs, Ed25519Verifier.cs -- EdDSA Ed25519 profile implementation
  • EcdsaP256Signer: src/Cryptography/StellaOps.Cryptography.Profiles.Ecdsa/EcdsaP256Signer.cs -- ECDSA P-256 profile implementation
  • IContentSigner/IContentVerifier: src/Cryptography/StellaOps.Cryptography/IContentSigner.cs, IContentVerifier.cs -- signer/verifier abstractions with Profile, Algorithm, KeyId
  • SignatureProfile: src/Cryptography/StellaOps.Cryptography/SignatureProfile.cs -- profile model
  • Source: Feature matrix scan

E2E Test Plan

  • Verify each regional plugin (FIPS, GOST, eIDAS, SM, HSM) loads and passes health check
  • Verify FIPS plugin rejects non-FIPS algorithms and accepts approved ones
  • Verify GOST plugin supports GOST R 34.10-2012 signing and GOST R 34.11-2012 hashing
  • Verify eIDAS plugin integrates qualified timestamping with EU Trust List validation
  • Verify SM plugin supports SM2 signing, SM3 hashing, SM4 encryption
  • Test multi-profile signing with EdDSA + GOST dual-stack produces two independent signatures
  • Verify Ed25519 signer/verifier round-trip (sign then verify)
  • Verify ECDSA P-256 signer round-trip
  • Test profile selection routes to correct plugin based on algorithm

Verification

Run ID: run-001 Date: 2026-02-10 Method: Tier 1 code review + Tier 2d test verification

Build: PASS (0 errors, 0 warnings) Tests: PASS (101/101 cryptography tests pass)

All 5 regional crypto profiles (FIPS, GOST, eIDAS, SM, HSM) fully implemented as plugins extending CryptoPluginBase. Each uses real cryptographic libraries. Ed25519Signer uses libsodium. EcdsaP256Signer uses .NET ECDsa. MultiProfileSigner enables dual-stack signing. Tests cover model validation, eIDAS timestamping, HSM integration.

Verdict: PASS

Recheck (Run-002)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (src/Cryptography/__Tests/StellaOps.Cryptography.Tests: 101/101).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/cryptography/regional-crypto-profiles/run-002/tier2-integration-check.json
  • Outcome: Regional profile matrix remains stable with no checked-status gaps detected.

Recheck (Run-003)

  • Verified: 2026-02-10
  • Method: Tier 2 follow-up deterministic integration replay.
  • Tests: PASS (src/Cryptography/__Tests/StellaOps.Cryptography.Tests: 101/101).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/cryptography/regional-crypto-profiles/run-003/tier2-integration-check.json
  • Outcome: Regional crypto profile matrix behavior remains stable in follow-up replay.

Recheck (Run-004)

  • Verified: 2026-02-10
  • Method: Tier 2 deterministic integration replay + full cryptography suite replay.
  • Tests: PASS (src/Cryptography/__Tests/StellaOps.Cryptography.Tests: 101/101).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/cryptography/regional-crypto-profiles/run-004/tier2-integration-check.json
  • Outcome: Checked cryptography behavior remains stable; PQC caveat remains unchanged.

Recheck (Run-005)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (src/Cryptography/__Tests/StellaOps.Cryptography.Tests: 101/101).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/cryptography/regional-crypto-profiles/run-005/tier2-integration-check.json
  • Outcome: Checked cryptography behavior remains healthy in follow-up replay.

Recheck (Run-006)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (src/Cryptography/__Tests/StellaOps.Cryptography.Tests: 101/101).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/cryptography/regional-crypto-profiles/run-006/tier2-integration-check.json
  • Outcome: Checked cryptography behavior remains healthy in continued replay.

Recheck (Run-007)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (src/Cryptography/__Tests/StellaOps.Cryptography.Tests: 101/101).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/cryptography/regional-crypto-profiles/run-007/tier2-integration-check.json
  • Outcome: Checked cryptography behavior remains healthy in continued replay.

Recheck (Run-008)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (src/Cryptography/__Tests/StellaOps.Cryptography.Tests: 101/101).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/cryptography/regional-crypto-profiles/run-008/tier2-integration-check.json
  • Outcome: Checked cryptography behavior remains healthy in continued replay.

Recheck (Run-009)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (src/Cryptography/__Tests/StellaOps.Cryptography.Tests: 101/101).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/cryptography/regional-crypto-profiles/run-009/tier2-integration-check.json
  • Outcome: Checked cryptography behavior remains healthy in continued replay.

Recheck (Run-010)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (src/Cryptography/__Tests/StellaOps.Cryptography.Tests: 101/101).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/cryptography/regional-crypto-profiles/run-010/tier2-integration-check.json
  • Outcome: Checked cryptography behavior remains healthy in continued replay.

Recheck (Run-011)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (src/Cryptography/__Tests/StellaOps.Cryptography.Tests: 101/101).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/cryptography/regional-crypto-profiles/run-011/tier2-integration-check.json
  • Outcome: Checked cryptography behavior remains healthy in continued replay.

Recheck (Run-012)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic cryptography suite replay.
  • Tests: PASS (src/Cryptography/__Tests/StellaOps.Cryptography.Tests: 101/101).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/cryptography/regional-crypto-profiles/run-012/tier2-integration-check.json
  • Outcome: Checked cryptography behavior remains healthy in continued replay.