Closed Bug 1503348 Opened 2 years ago Closed 2 years ago

add signed tree head decoding to certificate transparency implementation

Categories

(Core :: Security: PSM, enhancement, P1)

enhancement

Tracking

()

RESOLVED FIXED
mozilla65
Tracking Status
firefox65 --- fixed

People

(Reporter: keeler, Assigned: keeler)

References

(Blocks 1 open bug)

Details

(Whiteboard: [psm-assigned])

Attachments

(3 files)

When implementing certificate transparency initially, we never implemented signed tree head decoding (probably because we didn't implement decoding/verifying inclusion proofs at the time either). In any case we need it now for binary transparency.
The original implementation of Certificate Transparency included a definition
for the first version of the Signed Tree Head data structure but it was never
actually used. Now that we're implementing Binary Transparency, we need to
implement support for Signed Tree Head V2. Because the focus and approach are
different, the first step is to remove the original implementation.
DecodeInclusionProof as originally implemented used the wrong convention - its
input argument should have always been an Input rather than a Reader.

Depends on D11810
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9ef08b4eeea6
(1/3) remove obsolete SignedTreeHead definitions and tests r=jcj
https://hg.mozilla.org/integration/autoland/rev/129e0faf8813
(2/3) - fix up DecodeInclusionProof to take an Input rather than a Reader r=jcj
https://hg.mozilla.org/integration/autoland/rev/aa19f5470ee0
(3/3) - add support for decoding and verifying Signed Tree Head Data V2 r=jcj
You need to log in before you can comment on or make changes to this bug.