|
| 1 | +# KDuma.Pcf.Sig |
| 2 | + |
| 3 | +.NET implementation of **PCF-SIG v1.0**, the PCF Cryptographic Signatures |
| 4 | +profile. Mirrors the [normative specification][spec] and the [Rust reference |
| 5 | +implementation][rust] field-for-field. |
| 6 | + |
| 7 | +[spec]: ../../../specs/PCF-SIG-spec-v1.0.txt |
| 8 | +[rust]: ../../../reference/PCF-SIG-v1.0/ |
| 9 | + |
| 10 | +## Install |
| 11 | + |
| 12 | +```sh |
| 13 | +dotnet add package KDuma.Pcf |
| 14 | +dotnet add package KDuma.Pcf.Sig |
| 15 | +``` |
| 16 | + |
| 17 | +## What it adds |
| 18 | + |
| 19 | +Two new PCF partition types layered on top of the [`KDuma.Pcf`](../pcf/) |
| 20 | +container, without changing the PCF byte format: |
| 21 | + |
| 22 | +| Type | Name | Holds | |
| 23 | +|--------------|--------------|------------------------------------------------------| |
| 24 | +| `0xAAAB0001` | `PCFSIG_KEY` | One signer's public key, identified by SHA-256 fingerprint of the key bytes | |
| 25 | +| `0xAAAB0002` | `PCFSIG_SIG` | One Manifest enumerating signed partitions + the signature over the Manifest | |
| 26 | + |
| 27 | +A **Manifest** binds the *protected fields* of each covered partition: |
| 28 | +`Uid`, `PartitionType`, `Label`, `UsedBytes`, `DataHashAlgo`, `DataHash`. It |
| 29 | +does NOT bind `StartOffset` or `MaxLength`, so PCF compaction and other |
| 30 | +relocations preserve signature validity as long as partition bytes do not |
| 31 | +change. |
| 32 | + |
| 33 | +## Algorithm support |
| 34 | + |
| 35 | +| `sig_algo_id` | Algorithm | This release | |
| 36 | +|---------------|---------------------|--------------| |
| 37 | +| 1 | Ed25519 (RFC 8032) | implemented (MUST) | |
| 38 | +| 2, 4, 5, 7 | RSA-PSS / PKCS1v15 | registry only | |
| 39 | +| 16, 18 | ECDSA P-256 / P-521 | registry only | |
| 40 | +| 32 | X.509 chain | registry only | |
| 41 | + |
| 42 | +Algorithms marked *registry only* are recognised at parse time and reported as |
| 43 | +`ManifestVerdict.Unverifiable` (with `UnverifiableReason.UnsupportedSigAlgo`) |
| 44 | +rather than `Malformed`. Adding a full implementation for any of them is a |
| 45 | +pure addition that does not touch the on-disk format. |
| 46 | + |
| 47 | +Hash algorithm constraint: signed partitions MUST use a cryptographic |
| 48 | +`DataHashAlgo` (SHA-256, SHA-512, BLAKE3). The Writer refuses to sign |
| 49 | +weakly-hashed partitions; the Verifier rejects them per entry. |
| 50 | + |
| 51 | +## Usage |
| 52 | + |
| 53 | +```csharp |
| 54 | +using Pcf; |
| 55 | +using Pcf.Sig; |
| 56 | +using System.IO; |
| 57 | + |
| 58 | +var c = Container.Create(new MemoryStream()); |
| 59 | +var alpha = new byte[16] { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, |
| 60 | + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 }; |
| 61 | +c.AddPartition(0x10, alpha, "alpha", |
| 62 | + System.Text.Encoding.UTF8.GetBytes("Hello, PCF-SIG!"), 0, HashAlgo.Sha256); |
| 63 | + |
| 64 | +var seed = new byte[32]; for (int i = 0; i < 32; i++) seed[i] = 0x42; |
| 65 | +var signer = SigningMaterial.Ed25519FromSeed(seed); |
| 66 | +SignPartitions.Run( |
| 67 | + c, signer, new[] { alpha }, |
| 68 | + /* sigPartitionUid: */ new byte[16] { 0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33, 0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33 }, |
| 69 | + /* keyPartitionUid: */ new byte[16] { 0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22, 0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22 }, |
| 70 | + signedAtUnixSeconds: 0, |
| 71 | + sigLabel: "pcfsig", |
| 72 | + keyLabel: "pcfkey"); |
| 73 | + |
| 74 | +foreach (var report in Verify.AllWithRecheck(c)) |
| 75 | +{ |
| 76 | + if (report.Verdict == ManifestVerdict.Valid) |
| 77 | + { |
| 78 | + System.Console.WriteLine( |
| 79 | + $"signature valid; {report.Entries.Count} entries covered"); |
| 80 | + } |
| 81 | +} |
| 82 | +``` |
| 83 | + |
| 84 | +## Cross-port test vector parity |
| 85 | + |
| 86 | +The shipped `testdata/canonical.bin` is byte-identical to the canonical vector |
| 87 | +produced by the Rust reference, the TypeScript port and the PHP port. SHA-256: |
| 88 | +`b158e2f5b160d72cea3226af2041f8d18aa75b3db6cb85faeca5df7879871307`. |
| 89 | + |
| 90 | +## Dependencies |
| 91 | + |
| 92 | +- `KDuma.Pcf` — the PCF base container library (same version as pcf-sig). |
| 93 | +- `BouncyCastle.Cryptography` v2.4+ — actively maintained main BouncyCastle |
| 94 | + fork; ships RFC 8032 Ed25519 (`Org.BouncyCastle.Math.EC.Rfc8032.Ed25519`) |
| 95 | + and targets `netstandard2.0`. |
| 96 | +- `System.Security.Cryptography` (BCL) — SHA-256 for fingerprints. |
| 97 | + |
| 98 | +The library targets `netstandard2.0` to match the PCF base; tests target |
| 99 | +`net8.0`. |
0 commit comments