1503348 - add signed tree head decoding to certificate transparency implementation

Status: RESOLVED FIXED

(Core :: Security: PSM, enhancement, P1)

Description

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

When implementing certificate transparency initially, we never implemented signed tree head decoding (probably because we didn't implement decoding/verifying inclusion proofs at the time either). In any case we need it now for binary transparency.

Comment 1

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

Attachment: Bug 1503348 - (1/3) remove obsolete SignedTreeHead definitions and tests r?jcj

The original implementation of Certificate Transparency included a definition
for the first version of the Signed Tree Head data structure but it was never
actually used. Now that we're implementing Binary Transparency, we need to
implement support for Signed Tree Head V2. Because the focus and approach are
different, the first step is to remove the original implementation.

Comment 2

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

Attachment: Bug 1503348 - (2/3) - fix up DecodeInclusionProof to take an Input rather than a Reader r?jcj

DecodeInclusionProof as originally implemented used the wrong convention - its
input argument should have always been an Input rather than a Reader.

Depends on D11810

Comment 3

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

Attachment: Bug 1503348 - (3/3) - add support for decoding and verifying Signed Tree Head Data V2 r?jcj

Depends on D11811

Comment 4

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

https://treeherder.mozilla.org/#/jobs?repo=try&revision=48f091660d146897088a163814ae69a25fbddca0

Comment 5

[Pulsebot]

Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9ef08b4eeea6
(1/3) remove obsolete SignedTreeHead definitions and tests r=jcj
https://hg.mozilla.org/integration/autoland/rev/129e0faf8813
(2/3) - fix up DecodeInclusionProof to take an Input rather than a Reader r=jcj
https://hg.mozilla.org/integration/autoland/rev/aa19f5470ee0
(3/3) - add support for decoding and verifying Signed Tree Head Data V2 r=jcj

Comment 6

[Cosmin Sabou [:CosminS]]

https://hg.mozilla.org/mozilla-central/rev/9ef08b4eeea6
https://hg.mozilla.org/mozilla-central/rev/129e0faf8813
https://hg.mozilla.org/mozilla-central/rev/aa19f5470ee0