1.8 KiB
1.8 KiB
DSSE-Signed Path Witnesses
Module
Attestor
Status
IMPLEMENTED
Description
Reachability witness payloads with path information and witness statements, plus path witness predicate type definitions.
Implementation Details
- Reachability Witness Payload:
src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Statements/ReachabilityWitnessPayload.cs(with.Pathpartial) -- witness payload with call-stack path information. - Witness Statement:
Statements/ReachabilityWitnessStatement.cs-- in-toto statement wrapping the witness payload. - Path Nodes:
Statements/WitnessPathNode.cs-- path node model.WitnessCallPathNode.cs-- call-stack path node with function/method details. - Witness Metadata:
Statements/WitnessEvidenceMetadata.cs-- metadata about evidence source.WitnessGateInfo.cs-- gate info for policy. - Predicate Types:
src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/PathWitnessPredicateTypes.cs-- predicate type URI constants. - DSSE Signing:
__Libraries/StellaOps.Attestor.ProofChain/Signing/ProofChainSigner.cs-- signs witness statements as DSSE envelopes. - Proof Emitter:
StellaOps.Attestor.Core/IProofEmitter.cs-- emits signed path witness proofs.
E2E Test Plan
- Create a
ReachabilityWitnessPayloadwith a 4-node call path, wrap inReachabilityWitnessStatement, sign viaProofChainSigner, and verify DSSE envelope - Verify the signed path witness via signature verification
- Tamper with a path node in the signed witness and verify verification fails
- Create path witnesses with different
PathWitnessPredicateTypesand verify correct predicate type URIs - Verify
WitnessEvidenceMetadatacaptures the analysis tool that generated the path - Create a path witness with
WitnessGateInfospecifying policy thresholds and verify it serializes correctly