Skip to content

Add S-57 exchange set integrity verification (CATALOG.031 CRC + S-63 seam)#7

Merged
philliphoff merged 2 commits into
mainfrom
philliphoff/s57-exchange-set-integrity
Jun 11, 2026
Merged

Add S-57 exchange set integrity verification (CATALOG.031 CRC + S-63 seam)#7
philliphoff merged 2 commits into
mainfrom
philliphoff/s57-exchange-set-integrity

Conversation

@philliphoff

@philliphoff philliphoff commented Jun 11, 2026

Copy link
Copy Markdown
Owner

Why

The S-57 exchange-set reader parsed each CATALOG.031 CATD record's CRC (the CRCS subfield) but never validated it, so corrupted or tampered cell files went undetected. This implements issue #6: opt-in integrity verification of the files an exchange set references.

What

Adds a non-throwing verifier under EncDotNet.S57/ExchangeSets/ whose API deliberately mirrors the sibling EncDotNet.S100 exchange-set verifier, so a future S-57 to S-101 bridge can treat both schemes uniformly.

  • S57ExchangeSet.VerifyAsync(rootPath, ...) reads CATALOG.031 and validates every entry's CRC against the file on disk, returning per-file results rather than throwing.
  • CRC-32 (IEEE/zlib, polynomial 0xEDB88320) is fully implemented via an internal S57Crc32 helper (no new package dependency).
  • Checksum and S-63 signature outcomes are tracked as independent dimensions on each S57FileVerificationResult.
  • S57VerificationOutcome reuses the S-100 member names byte-for-byte (Ok, NotSigned, SignatureInvalid, CertificateUntrusted, CertificateExpired, FileMissing, CertificateNotFound, Error) and appends checksum-specific NoChecksum / ChecksumMismatch.
  • S-63 signature verification is a seam only (IS63SignatureVerifier, S63TrustAnchorOptions), defaulting to NotSigned. The full RSA/SA scheme is intentionally deferred to land alongside future S-63 decryption support.

Notes for reviewers

  • CRC byte-order is empirically confirmed, not just assumed. Verified against a real NOAA exchange set (cell US5WA70M): both declared CRCS values (FD6C39B8, A8292AA7) matched the computed big-endian uppercase-hex IEEE CRC-32 exactly. A known-answer test also pins the algorithm.
  • AllValid treats NoChecksum as non-failing on purpose: CRCs are optional in S-57 and the CATALOG.031 self-reference legitimately carries none. This is a slight, deliberate divergence from S-100's AllValid (which requires Ok for all) and is recorded for any future bridge unification.
  • Real FILE subfields use backslash separators (US5WA70M\US5WA70M.000); path resolution normalizes these and falls back from the short name to the long name.
  • The verifier stays directory/rootPath-based to match the existing S57ExchangeSet design, rather than introducing the IAssetSource abstraction the S-100 verifier uses.

Tests

10 new xUnit tests using synthetic CATALOG.031 fixtures (no real ENC data committed), including a CRC-32 known-answer test and coverage of Ok / ChecksumMismatch / NoChecksum / FileMissing, the aggregate predicates, and the signature seam. Full suite: 437/437 passing; clean net8.0 + net10.0 build. README updated.

Closes #6

philliphoff and others added 2 commits June 11, 2026 14:05
@philliphoff
Add S-57 exchange set integrity verification (CATALOG.031 CRC + S-63 …
ed00f7f 
…seam)

Implements GitHub issue #6. Adds a non-throwing, opt-in exchange-set
verifier under EncDotNet.S57/ExchangeSets/ that mirrors the S-100
sibling's verification API:

- S57VerificationOutcome enum (S-100 member names + NoChecksum /
  ChecksumMismatch).
- S57FileVerificationResult tracking checksum and signature outcomes as
  independent dimensions; S57ExchangeSetVerificationResult aggregate.
- IS57ExchangeSetVerifier / S57ExchangeSetVerifier validating each CATD
  CRCS checksum against the on-disk file via an internal CRC-32 helper.
- S-63 signature SEAMS only: S63TrustAnchorOptions + IS63SignatureVerifier
  (SignatureOutcome defaults to NotSigned), gated on future S-63 support.
- S57ExchangeSet.VerifyAsync(rootPath, ...) entry point.
- xUnit tests with synthetic CATALOG.031 fixtures (no real ENC data) and
  a CRC-32 known-answer test; README updated.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@philliphoff
Treat NoChecksum as non-failing in AllValid; confirm CRC byte-order v…
3f062db 
…s real ENC

Validated the verifier against a real NOAA S-57 exchange set (US5WA70M):
both declared CRCS values (FD6C39B8, A8292AA7) matched the computed
big-endian uppercase-hex IEEE CRC-32 exactly, empirically confirming the
byte-order convention pinned by the known-answer test.

Refines S57ExchangeSetVerificationResult.AllValid so a missing CRC
(NoChecksum) is not counted as a failure -- CRCs are optional in S-57 and
the CATALOG.031 self-reference legitimately has none -- while
ChecksumMismatch/FileMissing/Error and invalid signatures still fail.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@philliphoff philliphoff merged commit 0de9f40 into main Jun 11, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add exchange set integrity verification (CATALOG.031 CRC and S-63 signature)

1 participant

@philliphoff