Issue 608868 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	█ robpercival@chromium.org Last visit > 30 days ago
Closed:	May 2016
Cc:	certific...@googlegroups.com eranm@chromium.org asymmetric@chromium.org rsleevi@chromium.org
Components:	Internals>Network>CertTrans
EstimatedDays:	----
NextAction:	----
OS:	All
Pri:	2
Type:	Feature

Blocking:
issue 506227

Certificate Transparency: Implement serialization and hashing of MerkleTreeLeaf

Project Member Reported by robpercival@chromium.org, May 3 2016

Issue description

In order to audit CT logs, we must request audit proofs for SCTs that Chrome receives. To do this, we need the leaf hash corresponding to each SCT (see https://tools.ietf.org/html/rfc6962#section-4.5). This could be generated by building a net::ct::MerkleTreeLeaf from a certificate and its SCT, serializing it to TLS wire format and then hashing it.

Serialization functions should be added to net/cert/ct_serialization.{h,cc}.

A hash function could be added to net/cert/merkle_tree_leaf.{h,cc}. It should use `crypto::SecureHash::Create(crypto::SecureHash::SHA256)` to hash the serialized MerkleTreeLeaf.

Comment 1 by robpercival@chromium.org, May 4 2016

Following further research, `crypto::SHA256HashString()` seems more appropriate than `crypto::SecureHash`.

Project Member

Comment 2 by bugdroid1@chromium.org, May 7 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f520475a947e34407e89844d5889967e66928165

commit f520475a947e34407e89844d5889967e66928165
Author: robpercival <robpercival@chromium.org>
Date: Sat May 07 14:19:33 2016

Forward declare CT structs in ct_serialization.h

Also include what you use in ct_serialization.h.

BUG= 608868 

Review-Url: https://codereview.chromium.org/1953773002
Cr-Commit-Position: refs/heads/master@{#392260}

[modify] https://crrev.com/f520475a947e34407e89844d5889967e66928165/net/cert/ct_serialization.cc
[modify] https://crrev.com/f520475a947e34407e89844d5889967e66928165/net/cert/ct_serialization.h
[modify] https://crrev.com/f520475a947e34407e89844d5889967e66928165/net/cert/ct_serialization_unittest.cc

Project Member

Comment 3 by bugdroid1@chromium.org, May 9 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4dccdbbb4deb5e110df1bb0bf2dc736b3d944448

commit 4dccdbbb4deb5e110df1bb0bf2dc736b3d944448
Author: robpercival <robpercival@chromium.org>
Date: Mon May 09 13:48:50 2016

Consistent SignedCertificateTimestamp::Version and SignedTreeHead::Version

BUG= 608868 

Review-Url: https://codereview.chromium.org/1951233003
Cr-Commit-Position: refs/heads/master@{#392302}

[modify] https://crrev.com/4dccdbbb4deb5e110df1bb0bf2dc736b3d944448/chrome/browser/ssl/chrome_expect_ct_reporter_unittest.cc
[modify] https://crrev.com/4dccdbbb4deb5e110df1bb0bf2dc736b3d944448/net/cert/ct_objects_extractor_unittest.cc
[modify] https://crrev.com/4dccdbbb4deb5e110df1bb0bf2dc736b3d944448/net/cert/ct_serialization.cc
[modify] https://crrev.com/4dccdbbb4deb5e110df1bb0bf2dc736b3d944448/net/cert/signed_certificate_timestamp.h
[modify] https://crrev.com/4dccdbbb4deb5e110df1bb0bf2dc736b3d944448/net/test/ct_test_util.cc

Project Member

Comment 4 by bugdroid1@chromium.org, May 10 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1b1732191f54e031e740a6907dc5608c8d32ecfd

commit 1b1732191f54e031e740a6907dc5608c8d32ecfd
Author: robpercival <robpercival@chromium.org>
Date: Tue May 10 17:24:38 2016

Adds a function for encoding a Merkle tree leaf in TLS wire format.

This will be useful for producing a leaf hash, as required for requesting audit
proofs from Certificate Transparency logs. A leaf hash is a SHA-256 hash of a
Merkle tree leaf encoded in TLS wire format.

BUG= 608868 

Review-Url: https://codereview.chromium.org/1943313003
Cr-Commit-Position: refs/heads/master@{#392636}

[modify] https://crrev.com/1b1732191f54e031e740a6907dc5608c8d32ecfd/net/cert/ct_serialization.cc
[modify] https://crrev.com/1b1732191f54e031e740a6907dc5608c8d32ecfd/net/cert/ct_serialization.h
[modify] https://crrev.com/1b1732191f54e031e740a6907dc5608c8d32ecfd/net/cert/ct_serialization_unittest.cc
[modify] https://crrev.com/1b1732191f54e031e740a6907dc5608c8d32ecfd/net/test/ct_test_util.cc
[modify] https://crrev.com/1b1732191f54e031e740a6907dc5608c8d32ecfd/net/test/ct_test_util.h

Project Member

Comment 5 by bugdroid1@chromium.org, May 10 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/34ef59d7bcd81a747334eadb0aac0dbac54ef1a5

commit 34ef59d7bcd81a747334eadb0aac0dbac54ef1a5
Author: robpercival <robpercival@chromium.org>
Date: Tue May 10 20:41:52 2016

Adds function for generating MerkleTreeLeaf hash.

This will be used when requesting audit proofs from Certificate Transparency
logs.

BUG= 608868 

Review-Url: https://codereview.chromium.org/1945183005
Cr-Commit-Position: refs/heads/master@{#392703}

[modify] https://crrev.com/34ef59d7bcd81a747334eadb0aac0dbac54ef1a5/net/cert/merkle_tree_leaf.cc
[modify] https://crrev.com/34ef59d7bcd81a747334eadb0aac0dbac54ef1a5/net/cert/merkle_tree_leaf.h
[modify] https://crrev.com/34ef59d7bcd81a747334eadb0aac0dbac54ef1a5/net/cert/merkle_tree_leaf_unittest.cc

Comment 6 by robpercival@chromium.org, May 10 2016

Status: Fixed (was: Started)

►

Issue 608868 link

Issue metadata

Certificate Transparency: Implement serialization and hashing of MerkleTreeLeaf

Issue description

Comment 1 by robpercival@chromium.org, May 4 2016

Comment 1 Deleted

Comment 2 by bugdroid1@chromium.org, May 7 2016

Comment 2 Deleted

Comment 3 by bugdroid1@chromium.org, May 9 2016

Comment 3 Deleted

Comment 4 by bugdroid1@chromium.org, May 10 2016

Comment 4 Deleted

Comment 5 by bugdroid1@chromium.org, May 10 2016

Comment 5 Deleted

Comment 6 by robpercival@chromium.org, May 10 2016

Comment 6 Deleted

Sign in to add a comment