Bug 1346299 - Remove Telemetry Probe: KEYGEN_GENERATED_KEY_TYPE r=jcj,keeler
authorflyingrub <flyinggrub@gmail.com>
Tue, 14 Mar 2017 11:54:57 +0100
changeset 383206 fbc855e10da9081c3e79b5471a782827a2149ec3
parent 383205 9ba79bf5e771b08b5b7e93f424f9c88083679eee
child 383207 45d7dc648ed129a1d374dd851ce2e32fa69f63dc
push idunknown
push userunknown
push dateunknown
reviewersjcj, keeler
bugs1346299
milestone55.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1346299 - Remove Telemetry Probe: KEYGEN_GENERATED_KEY_TYPE r=jcj,keeler Removed the probe in Histogram.json and the code related to it in nsKeygenHandler.cpp MozReview-Commit-ID: E8lGbx19e2C
security/manager/ssl/nsKeygenHandler.cpp
toolkit/components/telemetry/Histograms.json
--- a/security/manager/ssl/nsKeygenHandler.cpp
+++ b/security/manager/ssl/nsKeygenHandler.cpp
@@ -3,17 +3,16 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "base64.h"
 #include "cryptohi.h"
 #include "keyhi.h"
 #include "mozilla/Assertions.h"
-#include "mozilla/Telemetry.h"
 #include "nsIContent.h"
 #include "nsIDOMHTMLSelectElement.h"
 #include "nsIGenKeypairInfoDlg.h"
 #include "nsIServiceManager.h"
 #include "nsITokenDialogs.h"
 #include "nsKeygenHandler.h"
 #include "nsKeygenHandlerContent.h"
 #include "nsKeygenThread.h"
@@ -61,17 +60,17 @@ DERTemplate CERTPublicKeyAndChallengeTem
 };
 
 typedef struct curveNameTagPairStr {
     const char *curveName;
     SECOidTag curveOidTag;
 } CurveNameTagPair;
 
 static CurveNameTagPair nameTagPair[] =
-{ 
+{
   { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 },
   { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 },
   { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 },
   { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 },
   { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 },
   { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 },
   { "prime256v1", SEC_OID_ANSIX962_EC_PRIME256V1 },
 
@@ -152,53 +151,53 @@ mozilla::UniqueSECItem
 DecodeECParams(const char* curve)
 {
     SECOidData *oidData = nullptr;
     SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */
     int i, numCurves;
 
     if (curve && *curve) {
         numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair);
-        for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN)); 
+        for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN));
              i++) {
             if (PL_strcmp(curve, nameTagPair[i].curveName) == 0)
                 curveOidTag = nameTagPair[i].curveOidTag;
         }
     }
 
     /* Return nullptr if curve name is not recognized */
-    if ((curveOidTag == SEC_OID_UNKNOWN) || 
+    if ((curveOidTag == SEC_OID_UNKNOWN) ||
         (oidData = SECOID_FindOIDByTag(curveOidTag)) == nullptr) {
         return nullptr;
     }
 
     mozilla::UniqueSECItem ecparams(SECITEM_AllocItem(nullptr, nullptr,
                                                       2 + oidData->oid.len));
     if (!ecparams) {
         return nullptr;
     }
 
-    /* 
+    /*
      * ecparams->data needs to contain the ASN encoding of an object ID (OID)
-     * representing the named curve. The actual OID is in 
+     * representing the named curve. The actual OID is in
      * oidData->oid.data so we simply prepend 0x06 and OID length
      */
     ecparams->data[0] = SEC_ASN1_OBJECT_ID;
     ecparams->data[1] = oidData->oid.len;
     memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len);
 
     return ecparams;
 }
 
 NS_IMPL_ISUPPORTS(nsKeygenFormProcessor, nsIFormProcessor)
 
 nsKeygenFormProcessor::nsKeygenFormProcessor()
-{ 
+{
    m_ctx = new PipUIContext();
-} 
+}
 
 nsKeygenFormProcessor::~nsKeygenFormProcessor()
 {
   nsNSSShutDownPreventionLock locker;
   if (isAlreadyShutDown()) {
     return;
   }
 
@@ -302,17 +301,17 @@ GetSlotWithMechanism(uint32_t aMechanism
     PK11SlotListElement *slotElement, *tmpSlot;
     uint32_t numSlots = 0, i = 0;
     bool canceled;
     nsresult rv = NS_OK;
 
     *aSlot = nullptr;
 
     // Get the slot
-    slotList = PK11_GetAllTokens(MapGenMechToAlgoMech(aMechanism), 
+    slotList = PK11_GetAllTokens(MapGenMechToAlgoMech(aMechanism),
                                 true, true, m_ctx);
     if (!slotList || !slotList->head) {
         rv = NS_ERROR_FAILURE;
         goto loser;
     }
 
     if (!slotList->head->next) {
         /* only one slot available, just return it */
@@ -335,17 +334,17 @@ GetSlotWithMechanism(uint32_t aMechanism
         i = 0;
         slotElement = PK11_GetFirstSafe(slotList);
         while (slotElement) {
             tokenNameList[i] = UTF8ToNewUnicode(nsDependentCString(PK11_GetTokenName(slotElement->slot)));
             slotElement = PK11_GetNextSafe(slotList, slotElement, false);
             if (tokenNameList[i])
                 i++;
             else {
-                // OOM. adjust numSlots so we don't free unallocated memory. 
+                // OOM. adjust numSlots so we don't free unallocated memory.
                 numSlots = i;
                 PK11_FreeSlotListElement(slotList, slotElement);
                 rv = NS_ERROR_OUT_OF_MEMORY;
                 goto loser;
             }
         }
 
         // Throw up the token list dialog and get back the token.
@@ -389,64 +388,16 @@ loser:
           PK11_FreeSlotList(slotList);
       }
       if (tokenNameList) {
           NS_FREE_XPCOM_ALLOCATED_POINTER_ARRAY(numSlots, tokenNameList);
       }
       return rv;
 }
 
-
-void
-GatherKeygenTelemetry(uint32_t keyGenMechanism, int keysize, char* curve)
-{
-  if (keyGenMechanism == CKM_RSA_PKCS_KEY_PAIR_GEN) {
-    if (keysize > 8196 || keysize < 0) {
-      return;
-    }
-
-    nsCString telemetryValue("rsa");
-    telemetryValue.AppendPrintf("%d", keysize);
-    mozilla::Telemetry::Accumulate(
-        mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, telemetryValue);
-  } else if (keyGenMechanism == CKM_EC_KEY_PAIR_GEN) {
-    nsCString secp384r1 = NS_LITERAL_CSTRING("secp384r1");
-    nsCString secp256r1 = NS_LITERAL_CSTRING("secp256r1");
-
-    mozilla::UniqueSECItem decoded = DecodeECParams(curve);
-    if (!decoded) {
-      switch (keysize) {
-        case 2048:
-          mozilla::Telemetry::Accumulate(
-              mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp384r1);
-          break;
-        case 1024:
-        case 512:
-          mozilla::Telemetry::Accumulate(
-              mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp256r1);
-          break;
-      }
-    } else {
-      if (secp384r1.EqualsIgnoreCase(curve, secp384r1.Length())) {
-          mozilla::Telemetry::Accumulate(
-              mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp384r1);
-      } else if (secp256r1.EqualsIgnoreCase(curve, secp256r1.Length())) {
-          mozilla::Telemetry::Accumulate(
-              mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp256r1);
-      } else {
-        mozilla::Telemetry::Accumulate(
-            mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, NS_LITERAL_CSTRING("other_ec"));
-      }
-    }
-  } else {
-    MOZ_CRASH("Unknown keygen algorithm");
-    return;
-  }
-}
-
 nsresult
 nsKeygenFormProcessor::GetPublicKey(const nsAString& aValue,
                                     const nsAString& aChallenge,
                                     const nsAFlatString& aKeyType,
                                     nsAString& aOutPublicKey,
                                     const nsAString& aKeyParams)
 {
     nsNSSShutDownPreventionLock locker;
@@ -520,27 +471,27 @@ nsKeygenFormProcessor::GetPublicKey(cons
     switch (keyGenMechanism) {
         case CKM_RSA_PKCS_KEY_PAIR_GEN:
             rsaParams.keySizeInBits = keysize;
             rsaParams.pe = DEFAULT_RSA_KEYGEN_PE;
             algTag = DEFAULT_RSA_KEYGEN_ALG;
             params = &rsaParams;
             break;
         case CKM_EC_KEY_PAIR_GEN:
-            /* XXX We ought to rethink how the KEYGEN tag is 
+            /* XXX We ought to rethink how the KEYGEN tag is
              * displayed. The pulldown selections presented
              * to the user must depend on the keytype.
              * The displayed selection could be picked
              * from the keyparams attribute (this is currently called
              * the pqg attribute).
              * For now, we pick ecparams from the keyparams field
-             * if it specifies a valid supported curve, or else 
+             * if it specifies a valid supported curve, or else
              * we pick one of secp384r1, secp256r1 or secp192r1
              * respectively depending on the user's selection
-             * (High, Medium, Low). 
+             * (High, Medium, Low).
              * (RSA uses RSA-2048, RSA-1024 and RSA-512 for historical
              * reasons, while ECC choices represent a stronger mapping)
              * NOTE: The user's selection
              * is silently ignored when a valid curve is presented
              * in keyparams.
              */
             ecParams = DecodeECParams(keyparamsString);
             if (!ecParams) {
@@ -554,17 +505,17 @@ nsKeygenFormProcessor::GetPublicKey(cons
                 switch (keysize) {
                 case 2048:
                     ecParams = DecodeECParams("secp384r1");
                     break;
                 case 1024:
                 case 512:
                     ecParams = DecodeECParams("secp256r1");
                     break;
-                } 
+                }
             }
             MOZ_ASSERT(ecParams);
             params = ecParams.get();
             /* XXX The signature algorithm ought to choose the hashing
              * algorithm based on key size once ECDSA variations based
              * on SHA256 SHA384 and SHA512 are standardized.
              */
             algTag = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST;
@@ -611,17 +562,17 @@ nsKeygenFormProcessor::GetPublicKey(cons
                 PK11SlotInfo *used_slot = nullptr;
                 rv = KeygenRunnable->ConsumeResult(&used_slot, &privateKey, &publicKey);
                 if (NS_SUCCEEDED(rv) && used_slot) {
                   PK11_FreeSlot(used_slot);
                 }
             }
         }
     }
-    
+
     if (NS_FAILED(rv) || !privateKey) {
         goto loser;
     }
     // just in case we'll need to authenticate to the db -jp //
     privateKey->wincx = m_ctx;
 
     /*
      * Create a subject public key info from the public key.
@@ -675,17 +626,16 @@ nsKeygenFormProcessor::GetPublicKey(cons
         rv = NS_ERROR_OUT_OF_MEMORY;
         goto loser;
     }
 
     CopyASCIItoUTF16(keystring.get(), aOutPublicKey);
 
     rv = NS_OK;
 
-    GatherKeygenTelemetry(keyGenMechanism, keysize, keyparamsString);
 loser:
     if (srv != SECSuccess) {
         if ( privateKey ) {
             PK11_DestroyTokenObject(privateKey->pkcs11Slot,privateKey->pkcs11ID);
         }
         if ( publicKey ) {
             PK11_DestroyTokenObject(publicKey->pkcs11Slot,publicKey->pkcs11ID);
         }
@@ -724,39 +674,39 @@ nsKeygenFormProcessor::ExtractParams(nsI
     aElement->GetAttribute(NS_LITERAL_STRING("keytype"), keyTypeValue);
     if (keyTypeValue.IsEmpty()) {
         // If this field is not present, we default to rsa.
         keyTypeValue.AssignLiteral("rsa");
     }
 
     aElement->GetAttribute(NS_LITERAL_STRING("pqg"),
                            keyParamsValue);
-    /* XXX We can still support the pqg attribute in the keygen 
-     * tag for backward compatibility while introducing a more 
+    /* XXX We can still support the pqg attribute in the keygen
+     * tag for backward compatibility while introducing a more
      * general attribute named keyparams.
      */
     if (keyParamsValue.IsEmpty()) {
-        aElement->GetAttribute(NS_LITERAL_STRING("keyparams"), 
+        aElement->GetAttribute(NS_LITERAL_STRING("keyparams"),
                                keyParamsValue);
     }
 
     aElement->GetAttribute(NS_LITERAL_STRING("challenge"), challengeValue);
 }
 
 nsresult
 nsKeygenFormProcessor::ProcessValue(nsIDOMHTMLElement* aElement,
                                     const nsAString& aName,
                                     nsAString& aValue)
 {
     nsAutoString challengeValue;
     nsAutoString keyTypeValue;
     nsAutoString keyParamsValue;
     ExtractParams(aElement, challengeValue, keyTypeValue, keyParamsValue);
 
-    return GetPublicKey(aValue, challengeValue, keyTypeValue, 
+    return GetPublicKey(aValue, challengeValue, keyTypeValue,
                         aValue, keyParamsValue);
 }
 
 nsresult
 nsKeygenFormProcessor::ProcessValueIPC(const nsAString& aOldValue,
                                        const nsAString& aChallenge,
                                        const nsAString& aKeyType,
                                        const nsAString& aKeyParams,
@@ -765,20 +715,20 @@ nsKeygenFormProcessor::ProcessValueIPC(c
     return GetPublicKey(aOldValue, aChallenge, PromiseFlatString(aKeyType),
                         newValue, aKeyParams);
 }
 
 nsresult
 nsKeygenFormProcessor::ProvideContent(const nsAString& aFormType,
                                       nsTArray<nsString>& aContent,
                                       nsAString& aAttribute)
-{ 
+{
   if (Compare(aFormType, NS_LITERAL_STRING("SELECT"),
               nsCaseInsensitiveStringComparator()) == 0) {
 
     for (size_t i = 0; i < number_of_key_size_choices; ++i) {
       aContent.AppendElement(mSECKeySizeChoiceList[i].name);
     }
     aAttribute.AssignLiteral("-mozilla-keygen");
   }
   return NS_OK;
-} 
+}
 
--- a/toolkit/components/telemetry/Histograms.json
+++ b/toolkit/components/telemetry/Histograms.json
@@ -2143,25 +2143,16 @@
   "SSL_OBSERVED_END_ENTITY_CERTIFICATE_LIFETIME": {
     "expires_in_version": "55",
     "alert_emails": ["seceng-telemetry@mozilla.com"],
     "kind": "enumerated",
     "n_values": 125,
     "releaseChannelCollection": "opt-out",
     "description": "The lifetime of accepted HTTPS server certificates, in weeks, up to 2 years. Bucket 105 is all end-entity HTTPS server certificates with a lifetime > 2 years."
   },
-  "KEYGEN_GENERATED_KEY_TYPE": {
-    "expires_in_version": "55",
-    "alert_emails": ["seceng-telemetry@mozilla.com"],
-    "kind": "count",
-    "keyed": true,
-    "releaseChannelCollection": "opt-out",
-    "bug_numbers": [1191414,1284945],
-    "description": "The number of times we generate a key via keygen, keyed on algorithm and keysize. Keys include RSA with key size (512, 1024, 2048, possibly others), secp384r1, secp256r1, and 'other_ec'."
-  },
   "WEBSOCKETS_HANDSHAKE_TYPE": {
     "expires_in_version": "never",
     "kind": "enumerated",
     "n_values": 16,
     "description": "Websockets Handshake Results (ws-ok-plain, ws-ok-proxy, ws-failed-plain, ws-failed-proxy, wss-ok-plain, wss-ok-proxy, wss-failed-plain, wss-failed-proxy)"
   },
   "SPDY_VERSION2": {
     "expires_in_version": "never",