New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 631087 link

Starred by 3 users
Status: Fixed
Owner:
robpercival@chromium.org
Last visit > 30 days ago
Closed: Jan 2017
Cc:
eranm@chromium.org
asymmetric@chromium.org
rsleevi@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Feature

Blocked on:
issue 598406
Blocking:
issue 506227



Sign in to add a comment

Certificate Transparency: Verify audit proofs

Project Member Reported by robpercival@chromium.org, Jul 25 2016 
Chrome will soon request audit proofs for any SCTs it receives. It must be able to verify these audit proofs in order to determine their authenticity. A VerifyAuditProof method should be added to net::CTLogVerifier to do this. The algorithm described in https://tools.ietf.org/html/draft-ietf-trans-rfc6962-bis-16#section-10.4.1 should be used.

Tests can be adapted from those found in https://github.com/google/certificate-transparency/blob/master/cpp/merkletree/merkle_tree_test.cc, as was done for consistency proof tests.
Project Member

Comment 1 by bugdroid1@chromium.org, Aug 25 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/540ba6cbe242920544a1f43019e4f4a3c6f81bf8

commit 540ba6cbe242920544a1f43019e4f4a3c6f81bf8
Author: robpercival <robpercival@chromium.org>
Date: Thu Aug 25 22:08:05 2016

Removes TestVector from ct_log_verifier_unittest

Its only purpose was to bundle together a hex string and the number of
bytes it represents. The number of bytes (length_bytes) is redundant
though, as it is easily calculated by strlen(str) / 2, and is not used
anyway. The one thing that appeared to use it was HexToBytes, but this
contained a bug that meant it both misinterpreted and ignored it.

This also optimizes GetEmptyTreeHash by only calculating it once, which
reduces total test duration by ~1 second.

BUG= 631087 

Review-Url: https://codereview.chromium.org/2275353002
Cr-Commit-Position: refs/heads/master@{#414552}

[modify] https://crrev.com/540ba6cbe242920544a1f43019e4f4a3c6f81bf8/net/cert/ct_log_verifier_unittest.cc
Project Member

Comment 2 by bugdroid1@chromium.org, Aug 26 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/716ab65db70d4786e04cdf8cf343567b91c49bc7

commit 716ab65db70d4786e04cdf8cf343567b91c49bc7
Author: robpercival <robpercival@chromium.org>
Date: Fri Aug 26 17:32:58 2016

Improve documentation and readability of CTLogVerifier tests

BUG= 631087 

Review-Url: https://codereview.chromium.org/2183073002
Cr-Commit-Position: refs/heads/master@{#414741}

[modify] https://crrev.com/716ab65db70d4786e04cdf8cf343567b91c49bc7/net/cert/ct_log_verifier_unittest.cc

Comment 4 by eranm@chromium.org, Jan 24 2017

Status: Fixed (was: Started)

Comment 5 by robpercival@chromium.org, Jan 24 2017 

http://crrev.com/2017563002 enables verification.

Sign in to add a comment