add signed tree head decoding to certificate transparency implementation

RESOLVED FIXED in Firefox 65

Status

()

enhancement
P1
normal
RESOLVED FIXED
7 months ago
6 months ago

People

(Reporter: keeler, Assigned: keeler)

Tracking

(Blocks 1 bug)

unspecified
mozilla65
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox65 fixed)

Details

(Whiteboard: [psm-assigned])

Attachments

(3 attachments)

When implementing certificate transparency initially, we never implemented signed tree head decoding (probably because we didn't implement decoding/verifying inclusion proofs at the time either). In any case we need it now for binary transparency.
The original implementation of Certificate Transparency included a definition
for the first version of the Signed Tree Head data structure but it was never
actually used. Now that we're implementing Binary Transparency, we need to
implement support for Signed Tree Head V2. Because the focus and approach are
different, the first step is to remove the original implementation.
DecodeInclusionProof as originally implemented used the wrong convention - its
input argument should have always been an Input rather than a Reader.

Depends on D11810

Comment 5

6 months ago
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9ef08b4eeea6
(1/3) remove obsolete SignedTreeHead definitions and tests r=jcj
https://hg.mozilla.org/integration/autoland/rev/129e0faf8813
(2/3) - fix up DecodeInclusionProof to take an Input rather than a Reader r=jcj
https://hg.mozilla.org/integration/autoland/rev/aa19f5470ee0
(3/3) - add support for decoding and verifying Signed Tree Head Data V2 r=jcj

Comment 6

6 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/9ef08b4eeea6
https://hg.mozilla.org/mozilla-central/rev/129e0faf8813
https://hg.mozilla.org/mozilla-central/rev/aa19f5470ee0
Status: NEW → RESOLVED
Last Resolved: 6 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
You need to log in before you can comment on or make changes to this bug.