sunlight icon indicating copy to clipboard operation
sunlight copied to clipboard
verified publisher icon FiloSottile

Empty logs sign wrong root hash

Open mcpherrinm opened this issue 1 year ago • 2 comments

Per @AGWA on https://groups.google.com/a/chromium.org/g/ct-policy/c/v9JzlbphYBs/m/-blS5vMtAgAJ

Note that all cryptographic operations (such as hashes and signatures) are as specified by RFC 6962, so these APIs can be thought of as an alternative encoding format for the same data

at least 10 Sunlight logs have produced STHs with a tree size of 0 and an all-zero root hash, while RFC 6962 specifies that the root hash of an empty tree is the SHA-256 hash of an empty string.

mcpherrinm avatar Mar 18 '24 22:03 mcpherrinm

@mcpherrinm, are you looking for help with this? If so, I see two approaches:

  1. fixup the hash of an empty tree prior to calling signTreeHead
  2. copy and patch the logic of tlog.TreeHash to handle empty trees

The second approach would also need to handle construction of a new log within ctlog.CreateLog, so it seems like the first approach is simpler.

Would a PR be helpful?

nholstein avatar Mar 25 '24 16:03 nholstein

I had a chat with Russ, and we're going to change golang.org/x/mod/sumdb/tlog upstream, to avoid ecosystem fragmentation on this.

FiloSottile avatar Apr 04 '24 19:04 FiloSottile