Documentation
¶
Overview ¶
Package conformance defines the Provetrail conformance vector suite: a fixed set of artifacts a conforming verifier must accept, and malformed ones it must reject with a specific failure code. The vectors are the language-neutral canon other implementations test themselves against. They are built deterministically (no wall clock, no randomness), so the committed fixture files are reproducible byte for byte and a verifier in any language can be checked against the same evidence.
This file covers the L1 structural tier: well-formedness, canonical form, and ordering. The cryptographic tiers (signed checkpoints, single-event inclusion proofs, full signed run records) are defined alongside it in crypto.go as L2 and L3.
Index ¶
Constants ¶
const CryptoSuiteVersion = "0.1.0-draft"
CryptoSuiteVersion identifies the cryptographic vector set; bumped with the canon.
const SuiteVersion = "0.1.0-draft"
SuiteVersion identifies the vector set; it is bumped when the canon changes.
const Tier = "L1"
Tier is the conformance tier this suite exercises.
Variables ¶
This section is empty.
Functions ¶
func RootKeyID ¶
func RootKeyID() string
RootKeyID is the key id the suite's signed artifacts carry.
func RootPublicKey ¶
RootPublicKey is the public half of the suite's root signing key, the single key a verifier loads into its keyring to check every accept vector. RootKeyID names it.
Types ¶
type CryptoVector ¶
type CryptoVector struct {
ID string
Tier string
Kind Kind
Expect Verdict
FailureCode string
Description string
Artifact []byte
}
CryptoVector is one L2, L3, or L4 case: a single artifact and the verdict a conforming verifier must reach over it, checked against the suite keyring.
func GenerateCrypto ¶
func GenerateCrypto() []CryptoVector
GenerateCrypto returns the full L2, L3, and L4 vector set, deterministically. L2 covers every VerifyCheckpoint outcome; L3 covers every VerifyRun, VerifyEventProof, and VerifyConsistencyProof outcome; L4 covers the governance admission invariants (VerifyGovernance) and the ground-truth invariant (VerifyGroundTruth) over a cryptographically valid run, so each failure code has an exact vector.
type Kind ¶
type Kind string
Kind is the artifact a cryptographic vector carries, which selects the verifier a conforming implementation must apply.
const ( // KindCheckpoint is a COSE_Sign1 signed checkpoint, checked with VerifyCheckpoint. KindCheckpoint Kind = "checkpoint" // KindRun is a marshalled sealed run, checked with VerifyRun. KindRun Kind = "run" // KindEventProof is a marshalled single-event proof, checked with VerifyEventProof. KindEventProof Kind = "event_proof" // KindConsistency is a marshalled consistency proof between two signed checkpoints, // checked with VerifyConsistencyProof. KindConsistency Kind = "consistency" // KindGovernance is a marshalled sealed run whose events carry governance lifecycle // records, checked with VerifyRun (cryptographic) then VerifyGovernance (semantic). KindGovernance Kind = "governance" // KindGroundTruth is a marshalled sealed run whose events carry outcome and check // records, checked with VerifyRun then VerifyGroundTruth (is a success grounded?). KindGroundTruth Kind = "ground_truth" )
type Vector ¶
type Vector struct {
ID string
Expect Verdict
FailureCode string
Flags []string
Description string
Events [][]byte
}
Vector is one conformance case: a sequence of canonical event byte blobs forming a single stream, and the verdict a conforming verifier must reach over them.