Add Constellation/STAR encryption for P3A by DJAndries · Pull Request #14399 · brave/brave-core (original) (raw)

Resolves brave/brave-browser#24338

Submitter Checklist:

• I confirm that no security/privacy review is needed, or that I have requested one
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally: npm run test -- brave_browser_tests, npm run test -- brave_unit_tests, npm run lint, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Custom-Headers
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

Please test in a version that includes #18340 or #18410.

Access https://star-randsrv.bsg.brave.software/info and note the currentEpoch value.

Perform this first test without a MITM proxy (Nitro Enclave attestation will not work without proxy).

1. Start browser with a fresh profile and the following flags: --enable-features="BraveP3AConstellation" --p3a-star-randomness-host=https://star-randsrv.bsg.bravesoftware.com --p3a-constellation-upload-url=https://collector.bsg.bravesoftware.com/
2. Access local state, validate the following details: brave.p3a.approved_cert_fp should contain a value prefixed with sha256/, brave.p3a.current_epoch should contain the value noted above, brave.p3a.current_pk should contain a long string, brave.p3a.next_epoch_time should contain a numerical timestamp value, p3a.logs_constellation_prep should exist with the typical list of metrics/values/etc.
3. Wait five minutes and reload local state page. p3a.constellation_logs.{epoch number} should contain a list of metrics with the name as the key, and the encrypted base-64 value as the value. A new log should appear in the list every minute. Verify that the relevant metrics in the p3a.logs_constellation_prep list indicate being sent.
4. Quit the browser and add the following flag when restarting --p3a-fake-star-epoch=. Add one to the current epoch and append the value to the flag.
5. Access local state, validate that the metrics still exist in p3a.constellation_logs.{original epoch number}.
6. Wait five minutes and refresh the local state page. The Constellation logs object should contain less metric than before (because the encrypted metrics were uploaded to our server and no longer need to be stored).
7. Repeat steps 0 - 2. Repeat step 3 with an epoch value that is 5 or more epochs ahead of the current epoch value. Access local state and ensure the metrics in p3a.constellation_logs.{original epoch number} do not exist (due to expiry).

Perform this second test using a MITM proxy, and add the --p3a-disable-star-attestation flag.

1. Start browser with a fresh profile and using the flags mentioned in step 0 from the first test.
2. Ensure that an /info request is sent to the randomness server.
3. Wait a few minutes, ensure that /randomness requests are sent to the randomness server. Ensure that the number of metrics existing in the Constellation logs (in local state) matches the number of randomness requests sent. Ensure no requests are sent to the upload url.
4. Quit the browser and relaunch, ensure that the info request is not sent (server info should be cached).
5. Add the fake STAR epoch flag and relaunch the browser, add one to the current epoch like above.
6. An /info request should be sent. Encrypted metrics should be uploaded to the upload URL after a few minutes. Randomness requests should fail since the current fake epoch is not valid.

Ensure JSON metrics are sent as usual with or without the Constellation feature enabled.