Bug 1191414 - gather telemetry on usage of <keygen>. r=keeler,r=vladan

2024-09-13 09:24:08 -07:00 · 2015-09-22 09:52:58 -07:00 · 2015-09-22 09:52:58 -07:00 · 96c26e051f
commit 96c26e051f
parent 5a0d818a1d
2 changed files with 61 additions and 0 deletions
--- a/security/manager/ssl/nsKeygenHandler.cpp
+++ b/security/manager/ssl/nsKeygenHandler.cpp
@ -27,6 +27,8 @@
 #include "nsNSSShutDown.h"
 #include "nsXULAppAPI.h"

+#include "mozilla/Telemetry.h"
+
 //These defines are taken from the PKCS#11 spec
 #define CKM_RSA_PKCS_KEY_PAIR_GEN     0x00000000
 #define CKM_DH_PKCS_KEY_PAIR_GEN      0x00000020
@ -464,6 +466,55 @@ loser:
      return rv;
 }

+
+void
+GatherKeygenTelemetry(uint32_t keyGenMechanism, int keysize, char* curve)
+{
+  if (keyGenMechanism == CKM_RSA_PKCS_KEY_PAIR_GEN) {
+    if (keysize > 8196 || keysize < 0) {
+      return;
+    }
+
+    nsCString telemetryValue("rsa");
+    telemetryValue.AppendPrintf("%d", keysize);
+    mozilla::Telemetry::Accumulate(
+        mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, telemetryValue);
+  } else if (keyGenMechanism == CKM_EC_KEY_PAIR_GEN) {
+    nsCString secp384r1 = NS_LITERAL_CSTRING("secp384r1");
+    nsCString secp256r1 = NS_LITERAL_CSTRING("secp256r1");
+
+    SECKEYECParams* decoded = decode_ec_params(curve);
+    if (!decoded) {
+      switch (keysize) {
+        case 2048:
+          mozilla::Telemetry::Accumulate(
+              mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp384r1);
+          break;
+        case 1024:
+        case 512:
+          mozilla::Telemetry::Accumulate(
+              mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp256r1);
+          break;
+      }
+    } else {
+      SECITEM_FreeItem(decoded, true);
+      if (secp384r1.EqualsIgnoreCase(curve, secp384r1.Length())) {
+          mozilla::Telemetry::Accumulate(
+              mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp384r1);
+      } else if (secp256r1.EqualsIgnoreCase(curve, secp256r1.Length())) {
+          mozilla::Telemetry::Accumulate(
+              mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp256r1);
+      } else {
+        mozilla::Telemetry::Accumulate(
+            mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, NS_LITERAL_CSTRING("other_ec"));
+      }
+    }
+  } else if (keyGenMechanism == CKM_DSA_KEY_PAIR_GEN) {
+    MOZ_CRASH("DSA key generation is currently unimplemented");
+    return;
+  }
+}
+
 nsresult
 nsKeygenFormProcessor::GetPublicKey(const nsAString& aValue,
                                    const nsAString& aChallenge,
@ -733,6 +784,8 @@ nsKeygenFormProcessor::GetPublicKey(const nsAString& aValue,
    free(keystring);

    rv = NS_OK;
+
+    GatherKeygenTelemetry(keyGenMechanism, keysize, keyparamsString);
 loser:
    if ( sec_rv != SECSuccess ) {
        if ( privateKey ) {
--- a/toolkit/components/telemetry/Histograms.json
+++ b/toolkit/components/telemetry/Histograms.json
@ -1375,6 +1375,14 @@
    "releaseChannelCollection": "opt-out",
    "description": "The lifetime of accepted HTTPS server certificates, in weeks, up to 2 years. Bucket 105 is all end-entity HTTPS server certificates with a lifetime > 2 years."
  },
+  "KEYGEN_GENERATED_KEY_TYPE": {
+    "expires_in_version": "50",
+    "alert_emails": ["seceng-telemetry@mozilla.com"],
+    "kind": "count",
+    "keyed": "true",
+    "releaseChannelCollection": "opt-out",
+    "description": "The number of times we generate a key via keygen, keyed on algorithm and keysize. Keys include RSA with key size (512, 1024, 2048, possibly others), secp384r1, secp256r1, and 'other_ec'."
+  },
  "WEBSOCKETS_HANDSHAKE_TYPE": {
    "expires_in_version": "never",
    "kind": "enumerated",