save checkpoint

2026-02-11 01:32:14 +02:00
parent 5593212b41
commit cf5b72974f
2316 changed files with 68799 additions and 3808 deletions
--- a/docs/modules/evidence-locker/portable-audit-pack-rekor-offline.md
+++ b/docs/modules/evidence-locker/portable-audit-pack-rekor-offline.md
@@ -0,0 +1,40 @@
+# Portable Audit Pack Rekor Offline Verification Profile
+
+Status: Draft frozen for implementation handoff (2026-02-10).
+
+## Required Rekor material in pack
+At least one of:
+- `rekor/tile.tar`
+- `rekor/tiles.bundle`
+
+And manifest references:
+- `rekor.log_id`
+- `rekor.api_version` (`2`)
+- `rekor.tile_refs[]`
+- `rekor.root_hash`
+
+## Offline verification flow
+1. Validate manifest signature and manifest file inventory/digests.
+2. Load bundled tile material referenced by `rekor.tile_refs[]`.
+3. Reconstruct inclusion proof path for covered digests.
+4. Validate Merkle root equals `rekor.root_hash`.
+5. Validate checkpoint key material from `verifiers.rekor_pub` when present.
+6. Fail closed on any missing tile/proof/checkpoint dependency.
+
+## Stable failure codes
+- `ERR_REKOR_TILE_MISSING`
+- `ERR_REKOR_TILE_DIGEST_MISMATCH`
+- `ERR_REKOR_PROOF_INVALID`
+- `ERR_REKOR_CHECKPOINT_INVALID`
+- `ERR_REKOR_ROOT_MISMATCH`
+- `ERR_REKOR_REFERENCE_UNCOVERED`
+
+## Tamper test requirements
+- Corrupt one tile byte -> `ERR_REKOR_TILE_DIGEST_MISMATCH`.
+- Modify inclusion path node -> `ERR_REKOR_PROOF_INVALID`.
+- Alter checkpoint signature -> `ERR_REKOR_CHECKPOINT_INVALID`.
+- Alter `rekor.root_hash` in manifest -> `ERR_REKOR_ROOT_MISMATCH`.
+
+## Compatibility notes
+- Existing Rekor receipt contracts remain valid for legacy bundle profiles.
+- Portable profile requires deterministic file references under `rekor/` in the manifest.