stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
ef6ce108aae80d53f72009e1a326642e75d23be1
git.stella-ops.org/src/__Libraries/StellaOps.Cryptography/HmacPurpose.cs
StellaOps Bot f0662dd45f feat: Implement DefaultCryptoHmac for compliance-aware HMAC operations 
- Added DefaultCryptoHmac class implementing ICryptoHmac interface.
- Introduced purpose-based HMAC computation methods.
- Implemented verification methods for HMACs with constant-time comparison.
- Created HmacAlgorithms and HmacPurpose classes for well-known identifiers.
- Added compliance profile support for HMAC algorithms.
- Included asynchronous methods for HMAC computation from streams.
2025-12-06 00:41:04 +02:00

47 lines
1.7 KiB
C#
Raw Blame History

namespace StellaOps.Cryptography;
/// <summary>
/// Well-known HMAC purpose identifiers for compliance-aware cryptographic operations.
/// Components should request HMAC by PURPOSE, not by algorithm.
/// The platform resolves the correct algorithm based on the active compliance profile.
/// </summary>
public static class HmacPurpose
{
/// <summary>
/// DSSE envelope signing and message authentication codes.
/// Default: HMAC-SHA256 (world/fips/kcmvp/eidas), HMAC-GOST3411 (gost), HMAC-SM3 (sm).
/// </summary>
public const string Signing = "signing";
/// <summary>
/// Token and URL authentication (e.g., signed URLs, ack tokens).
/// Default: HMAC-SHA256 (world/fips/kcmvp/eidas), HMAC-GOST3411 (gost), HMAC-SM3 (sm).
/// </summary>
public const string Authentication = "auth";
/// <summary>
/// External webhook interoperability (third-party webhook receivers).
/// Always HMAC-SHA256, regardless of compliance profile.
/// Every use of this purpose MUST be documented with justification.
/// </summary>
public const string WebhookInterop = "webhook";
/// <summary>
/// All known HMAC purposes for validation.
/// </summary>
public static readonly IReadOnlyList<string> All = new[]
{
Signing,
Authentication,
WebhookInterop
};
/// <summary>
/// Validates whether the given purpose is known.
/// </summary>
/// <param name="purpose">The purpose to validate.</param>
/// <returns>True if the purpose is known; otherwise, false.</returns>
public static bool IsKnown(string? purpose)
=> !string.IsNullOrWhiteSpace(purpose) && All.Contains(purpose);
}
Reference in New Issue View Git Blame Copy Permalink