New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 612439 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Last visit > 30 days ago
Closed: Jul 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Feature

Blocking:
issue 506227
issue 624894



Sign in to add a comment

Certificate Transparency: Implement DNS log client

Project Member Reported by robpercival@chromium.org, May 17 2016

Issue description

In order to audit CT logs, we must request audit proofs for SCTs that Chrome receives. This can be done over DNS, as defined in https://github.com/google/certificate-transparency-rfcs/blob/master/dns/draft-ct-over-dns.md.

The net::DnsClient class, found in net/dns/dns_client.h, could be used to send the requests. A new class, certificate_transparency::LogDnsClient, should be created in components/certificate_transparency/log_dns_client.h. It should use a net::DnsClient to provide methods for asynchronously querying a CT log for the following information:
1) The index of a tree leaf, given its hash.
2) An audit proof, given a leaf index and tree size.

For testing purposes, mock net::DnsClient, net::DnsTransaction and net::DnsTransactionFactory classes should be created.
 
Project Member

Comment 2 by bugdroid1@chromium.org, Jun 8 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/633e8bc192437bdad37c49aa3d4024fe2d641c94

commit 633e8bc192437bdad37c49aa3d4024fe2d641c94
Author: robpercival <robpercival@chromium.org>
Date: Wed Jun 08 13:45:11 2016

Modelled on base/base64url.h.
Modifies chrome/installer/util/shell_util to use this component.
It will soon be used by components/certificate_transparency as well.

Discussion:
https://groups.google.com/a/chromium.org/forum/?pli=1#!topic/chromium-dev/pieHLJZZE7k

BUG= 612439 

Review-Url: https://codereview.chromium.org/2017123002
Cr-Commit-Position: refs/heads/master@{#398539}

[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/chrome/chrome_installer.gypi
[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/chrome/chrome_installer_util.gypi
[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/chrome/installer/setup/BUILD.gn
[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/chrome/installer/setup/DEPS
[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/chrome/installer/setup/user_hive_visitor.cc
[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/chrome/installer/util/BUILD.gn
[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/chrome/installer/util/DEPS
[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/chrome/installer/util/shell_util.cc
[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/chrome/installer/util/shell_util.h
[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/chrome/installer/util/shell_util_unittest.cc
[add] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/components/base32.gypi
[add] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/components/base32/BUILD.gn
[add] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/components/base32/OWNERS
[add] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/components/base32/base32.cc
[add] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/components/base32/base32.h
[add] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/components/base32/base32_unittest.cc
[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/components/components.gyp
[modify] https://crrev.com/633e8bc192437bdad37c49aa3d4024fe2d641c94/components/components_tests.gyp

Comment 3 by eranm@chromium.org, Jun 30 2016

Blocking: 624894
Project Member

Comment 4 by bugdroid1@chromium.org, Jul 5 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/fc4297bd21581ad0af3980ea79c9ff4f0fdfb064

commit fc4297bd21581ad0af3980ea79c9ff4f0fdfb064
Author: jbroman <jbroman@chromium.org>
Date: Tue Jul 05 17:40:56 2016

Revert of Certificate Transparency DNS log client (patchset #28 id:570001 of https://codereview.chromium.org/2066553002/ )

Reason for revert:
Causing Win build failure:

https://build.chromium.org/p/chromium/builders/Win%20x64/builds/2184

Original issue's description:
> Certificate Transparency DNS log client
>
> This can query CT logs over DNS, as defined by:
> https://github.com/google/certificate-transparency-rfcs/blob/master/dns/draft-ct-over-dns.md
>
> This is required for obtaining audit proofs, which will allow Chrome to verify
> that SCTs it receives are trustworthy and that logs are behaving correctly.
>
> BUG= 612439 
>
> Committed: https://crrev.com/59b6ea2217dbc10400b6a9d433ad13c91bb6b7c2
> Cr-Commit-Position: refs/heads/master@{#403798}

TBR=eranm@chromium.org,mmenke@chromium.org,jam@chromium.org,robpercival@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= 612439 

Review-Url: https://codereview.chromium.org/2124873002
Cr-Commit-Position: refs/heads/master@{#403800}

[modify] https://crrev.com/fc4297bd21581ad0af3980ea79c9ff4f0fdfb064/components/certificate_transparency.gypi
[modify] https://crrev.com/fc4297bd21581ad0af3980ea79c9ff4f0fdfb064/components/certificate_transparency/BUILD.gn
[modify] https://crrev.com/fc4297bd21581ad0af3980ea79c9ff4f0fdfb064/components/certificate_transparency/DEPS
[delete] https://crrev.com/3a011ab449665cc77c09c4032b75fce618bfa6d9/components/certificate_transparency/log_dns_client.cc
[delete] https://crrev.com/3a011ab449665cc77c09c4032b75fce618bfa6d9/components/certificate_transparency/log_dns_client.h
[delete] https://crrev.com/3a011ab449665cc77c09c4032b75fce618bfa6d9/components/certificate_transparency/log_dns_client_unittest.cc
[modify] https://crrev.com/fc4297bd21581ad0af3980ea79c9ff4f0fdfb064/components/components_tests.gyp
[modify] https://crrev.com/fc4297bd21581ad0af3980ea79c9ff4f0fdfb064/net/BUILD.gn
[modify] https://crrev.com/fc4297bd21581ad0af3980ea79c9ff4f0fdfb064/net/net.gyp
[modify] https://crrev.com/fc4297bd21581ad0af3980ea79c9ff4f0fdfb064/net/net_common.gypi

Project Member

Comment 5 by bugdroid1@chromium.org, Jul 7 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8c82b175a6fa0cc4edd1c6647fd77a7f44525a65

commit 8c82b175a6fa0cc4edd1c6647fd77a7f44525a65
Author: robpercival <robpercival@chromium.org>
Date: Thu Jul 07 13:30:56 2016

Fix "conversion of size_t to unsigned int" warning

On Windows 64-bit builds, sizeof(size_t) != sizeof(unsigned):
net\dns\record_rdata.h(201): warning C4267: 'return': conversion from 'size_t' to 'unsigned int', possible loss of data

BUG= 612439 

Review-Url: https://codereview.chromium.org/2118383006
Cr-Commit-Position: refs/heads/master@{#404146}

[modify] https://crrev.com/8c82b175a6fa0cc4edd1c6647fd77a7f44525a65/net/dns/record_rdata.h
[modify] https://crrev.com/8c82b175a6fa0cc4edd1c6647fd77a7f44525a65/net/dns/record_rdata_unittest.cc

Project Member

Comment 6 by bugdroid1@chromium.org, Jul 7 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2c7cd56d182ae1a14191170c47154641a24633fa

commit 2c7cd56d182ae1a14191170c47154641a24633fa
Author: robpercival <robpercival@chromium.org>
Date: Thu Jul 07 19:04:48 2016

Certificate Transparency DNS log client

This can query CT logs over DNS, as defined by:
https://github.com/google/certificate-transparency-rfcs/blob/master/dns/draft-ct-over-dns.md

This is required for obtaining audit proofs, which will allow Chrome to verify
that SCTs it receives are trustworthy and that logs are behaving correctly.

BUG= 612439 

Committed: https://crrev.com/59b6ea2217dbc10400b6a9d433ad13c91bb6b7c2
Review-Url: https://codereview.chromium.org/2066553002
Cr-Original-Commit-Position: refs/heads/master@{#403798}
Cr-Commit-Position: refs/heads/master@{#404199}

[modify] https://crrev.com/2c7cd56d182ae1a14191170c47154641a24633fa/components/certificate_transparency.gypi
[modify] https://crrev.com/2c7cd56d182ae1a14191170c47154641a24633fa/components/certificate_transparency/BUILD.gn
[modify] https://crrev.com/2c7cd56d182ae1a14191170c47154641a24633fa/components/certificate_transparency/DEPS
[add] https://crrev.com/2c7cd56d182ae1a14191170c47154641a24633fa/components/certificate_transparency/log_dns_client.cc
[add] https://crrev.com/2c7cd56d182ae1a14191170c47154641a24633fa/components/certificate_transparency/log_dns_client.h
[add] https://crrev.com/2c7cd56d182ae1a14191170c47154641a24633fa/components/certificate_transparency/log_dns_client_unittest.cc
[modify] https://crrev.com/2c7cd56d182ae1a14191170c47154641a24633fa/components/components_tests.gyp
[modify] https://crrev.com/2c7cd56d182ae1a14191170c47154641a24633fa/net/BUILD.gn
[modify] https://crrev.com/2c7cd56d182ae1a14191170c47154641a24633fa/net/net.gyp
[modify] https://crrev.com/2c7cd56d182ae1a14191170c47154641a24633fa/net/net_common.gypi

Project Member

Comment 7 by bugdroid1@chromium.org, Jul 22 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3f5a7569fd1192ec9fe0df96c5a2eebbb2c273c1

commit 3f5a7569fd1192ec9fe0df96c5a2eebbb2c273c1
Author: robpercival <robpercival@chromium.org>
Date: Fri Jul 22 16:22:32 2016

Automatically update LogDnsClient's DNS config

No need to pre-configure the net::DnsClient and it will pick up changes to the
system DNS config automatically via net::NetworkChangeNotifier.

BUG= 612439 

Review-Url: https://codereview.chromium.org/2152143003
Cr-Commit-Position: refs/heads/master@{#407170}

[modify] https://crrev.com/3f5a7569fd1192ec9fe0df96c5a2eebbb2c273c1/components/certificate_transparency/log_dns_client.cc
[modify] https://crrev.com/3f5a7569fd1192ec9fe0df96c5a2eebbb2c273c1/components/certificate_transparency/log_dns_client.h
[modify] https://crrev.com/3f5a7569fd1192ec9fe0df96c5a2eebbb2c273c1/components/certificate_transparency/log_dns_client_unittest.cc

Status: Fixed (was: Started)
Project Member

Comment 10 by bugdroid1@chromium.org, Jul 25 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd

commit b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd
Author: robpercival <robpercival@chromium.org>
Date: Mon Jul 25 18:18:23 2016

Adds domain names for all qualified CT logs

This is required for querying those logs over DNS (more specifically, Google
mirrors of those logs).

BUG= 612439 

Review-Url: https://codereview.chromium.org/2108833005
Cr-Commit-Position: refs/heads/master@{#407519}

[modify] https://crrev.com/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd/chrome/browser/io_thread.cc
[modify] https://crrev.com/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd/chrome/common/chrome_switches.cc
[modify] https://crrev.com/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd/components/certificate_transparency/single_tree_tracker_unittest.cc
[modify] https://crrev.com/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd/net/cert/ct_known_logs.cc
[modify] https://crrev.com/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd/net/cert/ct_known_logs_static-inc.h
[modify] https://crrev.com/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd/net/cert/ct_log_verifier.cc
[modify] https://crrev.com/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd/net/cert/ct_log_verifier.h
[modify] https://crrev.com/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd/net/cert/ct_log_verifier_unittest.cc
[modify] https://crrev.com/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd/net/cert/ct_objects_extractor_unittest.cc
[modify] https://crrev.com/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd/net/cert/multi_log_ct_verifier_unittest.cc
[modify] https://crrev.com/b6f0fc49ec0e4c360d1212bc7832c89a7556c1bd/net/quic/crypto/proof_verifier_chromium_test.cc

Sign in to add a comment