Rekor: full Merkle inclusion proof verification

[jeremymanning]

Description

src/ledger/transparency.rs line ~109 has a TODO for full Merkle inclusion proof verification (T096). Currently, the code validates the format of Rekor responses but does not cryptographically verify the inclusion proof against the signed tree head.

Requirements

• Implement RFC 6962-style Merkle inclusion proof verification
• Verify that the returned log entry hash matches the expected hash
• Verify the inclusion proof path from leaf to signed tree root
• Verify the signed tree head signature against Rekor's public key
• Handle proof verification failures gracefully (reject the entry, log the failure)

Success Criteria

• Full Merkle inclusion proof verification implemented
• Rekor signed tree head signature verified against pinned public key
• Integration test submits entry to Rekor staging, retrieves inclusion proof, and verifies it
• Test with tampered proof data (must reject)
• cargo test passes with zero regressions

Testing (Principle V)

• Submit real entries to Rekor public staging instance
• Retrieve and verify inclusion proofs
• Tamper with proof data and confirm rejection
• Test with valid Rekor production entries (read-only verification)

[jeremymanning]

Partially addressed by spec 004 / PR #59 — not closing. RFC 6962 Merkle inclusion-proof math is real. HOWEVER, REKOR_PUBLIC_KEY in src/ledger/transparency.rs is still [0u8; 32] and verify_tree_head_signature() enters a bypass when the key is zero. Real production deployment requires pinning the actual Rekor public key.

Remaining work tracked here.

[jeremymanning]

Spec 005 progress — PR #61

STATUS: Substantially addressed in code. Real-hardware evidence run deferred.

Done:

• Real Rekor ECDSA P-256 public key pinned (critical correctness fix — previously assumed Ed25519):
  • REKOR_PUBLIC_KEY: SHA-256 of SPKI DER = c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d (for drift-check)
  • REKOR_P256_UNCOMPRESSED: raw 65-byte SEC1 point (for actual verification via the p256 crate)
• verify_tree_head_signature now does real ECDSA P-256 verify using p256::ecdsa::VerifyingKey::from_sec1_bytes + ASN.1 DER signature parsing.
• Bypass removed under production feature.
• RFC 6962 Merkle inclusion proof verification already landed in spec 004 and continues to work.

Remaining:

• T029 test file tests/verification/test_rekor_real.rs not written (would fetch a live Rekor entry + proof into a committed test vector).

See notes/session-2026-04-19-spec-005-kickoff.md for handoff.