stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
1bf6bbf3955ecbd8d20f5eeb767da5c7f8324b57
git.stella-ops.org/docs/features/unchecked/attestor/attestation-determinism-testing.md

2.9 KiB
Raw Blame History

Attestation Determinism Testing

Module

Attestor

Status

IMPLEMENTED

Description

Golden test vectors and determinism verification tests ensuring byte-for-byte reproducibility of attestations, DSSE envelopes, and policy engine evaluations.

Implementation Details

  • Golden Samples Tests: src/Attestor/__Tests/StellaOps.Attestor.Types.Tests/AttestationGoldenSamplesTests.cs -- verifies attestations match golden test vectors byte-for-byte.
  • Attestation Determinism Tests: __Tests/StellaOps.Attestor.Types.Tests/Determinism/AttestationDeterminismTests.cs -- ensures repeated attestation generation produces identical output.
  • DSSE Envelope Determinism: __Tests/StellaOps.Attestor.ProofChain.Tests/Envelope/DsseEnvelopeDeterminismTests.cs -- verifies DSSE envelope serialization is deterministic.
  • In-Toto Statement Snapshots: __Tests/StellaOps.Attestor.ProofChain.Tests/Statements/InTotoStatementSnapshotTests.cs -- snapshot tests for in-toto statement serialization stability.
  • Canonical JSON: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Json/Rfc8785JsonCanonicalizer.cs (with .DecimalPoint, .NumberSerialization, .StringNormalization, .WriteMethods partials) -- RFC 8785 canonical JSON serialization ensuring deterministic output.
  • CycloneDX Determinism: __Tests/StellaOps.Attestor.StandardPredicates.Tests/CycloneDxDeterminismTests.cs -- verifies CycloneDX SBOM output is deterministic.
  • SPDX Determinism: __Tests/StellaOps.Attestor.StandardPredicates.Tests/SpdxDeterminismTests.cs -- verifies SPDX SBOM output is deterministic.
  • Canonical JSON Tests: __Tests/StellaOps.Attestor.ProofChain.Tests/JsonCanonicalizerTests.cs, __Tests/StellaOps.Attestor.StandardPredicates.Tests/JsonCanonicalizerTests.cs
  • Conformance Tests: __Tests/StellaOps.Attestor.Conformance.Tests/ -- VerificationParityTests.cs, InclusionProofParityTests.cs, CheckpointParityTests.cs verify cross-implementation consistency.

E2E Test Plan

  • Generate an attestation from identical inputs twice and compare SHA-256 hashes of the serialized output to verify byte-for-byte equality
  • Serialize a DSSE envelope, deserialize it, re-serialize, and verify the output bytes are identical (idempotent serialization)
  • Run the RFC 8785 canonicalizer on JSON with out-of-order keys, varied whitespace, and Unicode escapes, then verify the output matches the canonical form
  • Generate CycloneDX SBOM output from identical inputs on two separate runs and verify SHA-256 hash match
  • Generate SPDX SBOM output from identical inputs on two separate runs and verify SHA-256 hash match
  • Verify golden sample test vectors by comparing generated attestation against known-good fixtures stored in the test project
  • Run conformance parity tests to verify Attestor output matches reference implementations for checkpoint parsing, inclusion proofs, and verification