New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 612439 link

Starred by 1 user
Status: Fixed
Owner:
robpercival@chromium.org
Last visit > 30 days ago
Closed: Jul 2016
Cc:
eranm@chromium.org
asymmetric@chromium.org
rsleevi@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Feature

Blocking:
issue 506227
issue 624894



Sign in to add a comment

Certificate Transparency: Implement DNS log client

Project Member Reported by robpercival@chromium.org, May 17 2016 
In order to audit CT logs, we must request audit proofs for SCTs that Chrome receives. This can be done over DNS, as defined in https://github.com/google/certificate-transparency-rfcs/blob/master/dns/draft-ct-over-dns.md.

The net::DnsClient class, found in net/dns/dns_client.h, could be used to send the requests. A new class, certificate_transparency::LogDnsClient, should be created in components/certificate_transparency/log_dns_client.h. It should use a net::DnsClient to provide methods for asynchronously querying a CT log for the following information:
1) The index of a tree leaf, given its hash.
2) An audit proof, given a leaf index and tree size.

For testing purposes, mock net::DnsClient, net::DnsTransaction and net::DnsTransactionFactory classes should be created.
Project Member

Comment 2 by bugdroid1@chromium.org, Jun 8 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/633e8bc192437bdad37c49aa3d4024fe2d641c94

commit 633e8bc192437bdad37c49aa3d4024fe2d641c94
Author: robpercival <robpercival@chromium.org>
Date: Wed Jun 08 13:45:11 2016

Modelled on base/base64url.h.
Modifies chrome/installer/util/shell_util to use this component.
It will soon be used by components/certificate_transparency as well.

Discussion:
https://groups.google.com/a/chromium.org/forum/?pli=1#!topic/chromium-dev/pieHLJZZE7k

BUG= 612439 

Review-Url: https://codereview.chromium.org/2017123002
Cr-Commit-Position: refs/heads/master@{#398539}

[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/chrome/chrome_installer.gypi
[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/chrome/chrome_installer_util.gypi
[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/chrome/installer/setup/BUILD.gn
[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/chrome/installer/setup/DEPS
[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/chrome/installer/setup/user_hive_visitor.cc
[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/chrome/installer/util/BUILD.gn
[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/chrome/installer/util/DEPS
[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/chrome/installer/util/shell_util.cc
[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/chrome/installer/util/shell_util.h
[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/chrome/installer/util/shell_util_unittest.cc
[add] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/components/base32.gypi
[add] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/components/base32/BUILD.gn
[add] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/components/base32/OWNERS
[add] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/components/base32/base32.cc
[add] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/components/base32/base32.h
[add] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/components/base32/base32_unittest.cc
[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/components/components.gyp
[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/components/components_tests.gyp

Comment 3 by eranm@chromium.org, Jun 30 2016

Blocking: 624894
Project Member

Comment 4 by bugdroid1@chromium.org, Jul 5 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/fc4297bd21581ad0af3980ea79c9ff4f0fdfb064

commit fc4297bd21581ad0af3980ea79c9ff4f0fdfb064
Author: jbroman <jbroman@chromium.org>
Date: Tue Jul 05 17:40:56 2016

Revert of Certificate Transparency DNS log client (patchset #28 id:570001 of https://codereview.chromium.org/2066553002/ )

Reason for revert:
Causing Win build failure:

https://build.chromium.org/p/chromium/builders/Win%20x64/builds/2184

Original issue's description:
> Certificate Transparency DNS log client
>
> This can query CT logs over DNS, as defined by:
> https://github.com/google/certificate-transparency-rfcs/blob/master/dns/draft-ct-over-dns.md
>
> This is required for obtaining audit proofs, which will allow Chrome to verify
> that SCTs it receives are trustworthy and that logs are behaving correctly.
>
> BUG= 612439 
>
> Committed: https://crrev.com/59b6ea2217dbc10400b6a9d433ad13c91bb6b7c2
> Cr-Commit-Position: refs/heads/master@{#403798}

TBR=eranm@chromium.org,mmenke@chromium.org,jam@chromium.org,robpercival@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= 612439 

Review-Url: https://codereview.chromium.org/2124873002
Cr-Commit-Position: refs/heads/master@{#403800}

[modify] https://crrev.com/fc4297bd21581ad0af3980ea79c9ff4f0fdfb064/components/certificate_transparency.gypi
[modify] https://crrev.com/fc4297bd21581ad0af3980ea79c9ff4f0fdfb064/components/certificate_transparency/BUILD.gn
[modify] https://crrev.com/fc4297bd21581ad0af3980ea79c9ff4f0fdfb064/components/certificate_transparency/DEPS
[delete] https://crrev.com/3a011ab449665cc77c09c4032b75fce618bfa6d9/components/certificate_transparency/log_dns_client.cc
[delete] https://crrev.com/3a011ab449665cc77c09c4032b75fce618bfa6d9/components/certificate_transparency/log_dns_client.h
[delete] https://crrev.com/3a011ab449665cc77c09c4032b75fce618bfa6d9/components/certificate_transparency/log_dns_client_unittest.cc
[modify] https://crrev.com/fc4297bd21581ad0af3980ea79c9ff4f0fdfb064/components/components_tests.gyp
[modify] https://crrev.com/fc4297bd21581ad0af3980ea79c9ff4f0fdfb064/net/BUILD.gn
[modify] https://crrev.com/fc4297bd21581ad0af3980ea79c9ff4f0fdfb064/net/net.gyp
[modify] https://crrev.com/fc4297bd21581ad0af3980ea79c9ff4f0fdfb064/net/net_common.gypi
Project Member

Comment 5 by bugdroid1@chromium.org, Jul 7 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8c82b175a6fa0cc4edd1c6647fd77a7f44525a65

commit 8c82b175a6fa0cc4edd1c6647fd77a7f44525a65
Author: robpercival <robpercival@chromium.org>
Date: Thu Jul 07 13:30:56 2016

Fix "conversion of size_t to unsigned int" warning

On Windows 64-bit builds, sizeof(size_t) != sizeof(unsigned):
net\dns\record_rdata.h(201): warning C4267: 'return': conversion from 'size_t' to 'unsigned int', possible loss of data

BUG= 612439 

Review-Url: https://codereview.chromium.org/2118383006
Cr-Commit-Position: refs/heads/master@{#404146}

[modify] https://crrev.com/8c82b175a6fa0cc4edd1c6647fd77a7f44525a65/net/dns/record_rdata.h
[modify] https://crrev.com/8c82b175a6fa0cc4edd1c6647fd77a7f44525a65/net/dns/record_rdata_unittest.cc
Project Member

Comment 6 by bugdroid1@chromium.org, Jul 7 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2c7cd56d182ae1a14191170c47154641a24633fa

commit 2c7cd56d182ae1a14191170c47154641a24633fa
Author: robpercival <robpercival@chromium.org>
Date: Thu Jul 07 19:04:48 2016

Certificate Transparency DNS log client

This can query CT logs over DNS, as defined by:
https://github.com/google/certificate-transparency-rfcs/blob/master/dns/draft-ct-over-dns.md

This is required for obtaining audit proofs, which will allow Chrome to verify
that SCTs it receives are trustworthy and that logs are behaving correctly.

BUG= 612439 

Committed: https://crrev.com/59b6ea2217dbc10400b6a9d433ad13c91bb6b7c2
Review-Url: https://codereview.chromium.org/2066553002
Cr-Original-Commit-Position: refs/heads/master@{#403798}
Cr-Commit-Position: refs/heads/master@{#404199}

[modify] https://crrev.com/2c7cd56d182ae1a14191170c47154641a24633fa/components/certificate_transparency.gypi
[modify] https://crrev.com/2c7cd56d182ae1a14191170c47154641a24633fa/components/certificate_transparency/BUILD.gn
[modify] https://crrev.com/2c7cd56d182ae1a14191170c47154641a24633fa/components/certificate_transparency/DEPS
[add] https://crrev.com/2c7cd56d182ae1a14191170c47154641a24633fa/components/certificate_transparency/log_dns_client.cc
[add] https://crrev.com/2c7cd56d182ae1a14191170c47154641a24633fa/components/certificate_transparency/log_dns_client.h
[add] https://crrev.com/2c7cd56d182ae1a14191170c47154641a24633fa/components/certificate_transparency/log_dns_client_unittest.cc
[modify] https://crrev.com/2c7cd56d182ae1a14191170c47154641a24633fa/components/components_tests.gyp
[modify] https://crrev.com/2c7cd56d182ae1a14191170c47154641a24633fa/net/BUILD.gn
[modify] https://crrev.com/2c7cd56d182ae1a14191170c47154641a24633fa/net/net.gyp
[modify] https://crrev.com/2c7cd56d182ae1a14191170c47154641a24633fa/net/net_common.gypi
Project Member

Comment 7 by bugdroid1@chromium.org, Jul 22 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3f5a7569fd1192ec9fe0df96c5a2eebbb2c273c1

commit 3f5a7569fd1192ec9fe0df96c5a2eebbb2c273c1
Author: robpercival <robpercival@chromium.org>
Date: Fri Jul 22 16:22:32 2016

Automatically update LogDnsClient's DNS config

No need to pre-configure the net::DnsClient and it will pick up changes to the
system DNS config automatically via net::NetworkChangeNotifier.

BUG= 612439 

Review-Url: https://codereview.chromium.org/2152143003
Cr-Commit-Position: refs/heads/master@{#407170}

[modify] https://crrev.com/3f5a7569fd1192ec9fe0df96c5a2eebbb2c273c1/components/certificate_transparency/log_dns_client.cc
[modify] https://crrev.com/3f5a7569fd1192ec9fe0df96c5a2eebbb2c273c1/components/certificate_transparency/log_dns_client.h
[modify] https://crrev.com/3f5a7569fd1192ec9fe0df96c5a2eebbb2c273c1/components/certificate_transparency/log_dns_client_unittest.cc

Comment 9 by robpercival@chromium.org, Jul 25 2016

Status: Fixed (was: Started)
Project Member

Comment 10 by bugdroid1@chromium.org, Jul 25 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd

commit b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd
Author: robpercival <robpercival@chromium.org>
Date: Mon Jul 25 18:18:23 2016

Adds domain names for all qualified CT logs

This is required for querying those logs over DNS (more specifically, Google
mirrors of those logs).

BUG= 612439 

Review-Url: https://codereview.chromium.org/2108833005
Cr-Commit-Position: refs/heads/master@{#407519}

[modify] https://crrev.com/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd/chrome/browser/io_thread.cc
[modify] https://crrev.com/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd/chrome/common/chrome_switches.cc
[modify] https://crrev.com/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd/components/certificate_transparency/single_tree_tracker_unittest.cc
[modify] https://crrev.com/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd/net/cert/ct_known_logs.cc
[modify] https://crrev.com/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd/net/cert/ct_known_logs_static-inc.h
[modify] https://crrev.com/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd/net/cert/ct_log_verifier.cc
[modify] https://crrev.com/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd/net/cert/ct_log_verifier.h
[modify] https://crrev.com/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd/net/cert/ct_log_verifier_unittest.cc
[modify] https://crrev.com/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd/net/cert/ct_objects_extractor_unittest.cc
[modify] https://crrev.com/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd/net/cert/multi_log_ct_verifier_unittest.cc
[modify] https://crrev.com/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd/net/quic/crypto/proof_verifier_chromium_test.cc

Sign in to add a comment