Reland "PSM: Support PSM RLWE based message definitions in Chromium"

This reverts commit 6e670242. Reason for reland: shell-encryption tests were failing for Win and Android, see: crbug.com/1124018. Then all tests have been disabled for all platforms except for ChromeOS, until the problem being solved from the upstream, then being rolled into Chromium. Original change's description: > Revert "PSM: Support PSM RLWE based message definitions in Chromium" > > This reverts commit 33d4fbea. > > Reason for revert: We believe this is causing the build failure that closed the tree: https://ci.chromium.org/p/chromium/builders/ci/win-archive-rel/17171? > > Original change's description: > > PSM: Support PSM RLWE based message definitions in Chromium > > > > This CL adds the communication between client and server > > for issuing and retrieving determination using PSM. It also > > supports the usage of private_membership third_party protos > > package in device_management_backend. > > > > BUG=chromium:1094675 > > > > Binary-Size: Increase is temporary. > > Change-Id: If791aa1a4a936e1d42fde397a33c1a19c640359d > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2245131 > > Reviewed-by: David Benjamin <davidben@chromium.org> > > Reviewed-by: Amr Aboelkher <amraboelkher@chromium.org> > > Reviewed-by: Pavol Marko <pmarko@chromium.org> > > Commit-Queue: Amr Aboelkher <amraboelkher@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#803532} > > TBR=davidben@chromium.org,emaxx@chromium.org,tikuta@chromium.org,pmarko@chromium.org,amraboelkher@google.com,amraboelkher@chromium.org > > Change-Id: I33f2f9200c3ef24d7c6059d116a88807d83aa0f0 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Bug: chromium:1094675 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2388267 > Reviewed-by: Tommy Martino <tmartino@chromium.org> > Commit-Queue: Tommy Martino <tmartino@chromium.org> > Cr-Commit-Position: refs/heads/master@{#803555} # Not skipping CQ checks because this is a reland. TBR=davidben@chromium.org,emaxx@chromium.org,tmartino@chromium.org,tikuta@chromium.org,pmarko@chromium.org,amraboelkher@google.com,amraboelkher@chromium.org Bug: chromium:1094675 Binary-Size: Increase is temporary. Change-Id: Ia5c92b07b3614228823d2b4e883eb03e80474f37 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2388621 Commit-Queue: Amr Aboelkher <amraboelkher@chromium.org> Reviewed-by: Amr Aboelkher <amraboelkher@chromium.org> Cr-Commit-Position: refs/heads/master@{#803700}

Reland "PSM: Support PSM RLWE based message definitions in Chromium"
This reverts commit 6e670242. Reason for reland: shell-encryption tests were failing for Win and Android, see: crbug.com/1124018. Then all tests have been disabled for all platforms except for ChromeOS, until the problem being solved from the upstream, then being rolled into Chromium. Original change's description: > Revert "PSM: Support PSM RLWE based message definitions in Chromium" > > This reverts commit 33d4fbea. > > Reason for revert: We believe this is causing the build failure that closed the tree: https://ci.chromium.org/p/chromium/builders/ci/win-archive-rel/17171? > > Original change's description: > > PSM: Support PSM RLWE based message definitions in Chromium > > > > This CL adds the communication between client and server > > for issuing and retrieving determination using PSM. It also > > supports the usage of private_membership third_party protos > > package in device_management_backend. > > > > BUG=chromium:1094675 > > > > Binary-Size: Increase is temporary. > > Change-Id: If791aa1a4a936e1d42fde397a33c1a19c640359d > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2245131 > > Reviewed-by: David Benjamin <davidben@chromium.org> > > Reviewed-by: Amr Aboelkher <amraboelkher@chromium.org> > > Reviewed-by: Pavol Marko <pmarko@chromium.org> > > Commit-Queue: Amr Aboelkher <amraboelkher@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#803532} > > TBR=davidben@chromium.org,emaxx@chromium.org,tikuta@chromium.org,pmarko@chromium.org,amraboelkher@google.com,amraboelkher@chromium.org > > Change-Id: I33f2f9200c3ef24d7c6059d116a88807d83aa0f0 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Bug: chromium:1094675 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2388267 > Reviewed-by: Tommy Martino <tmartino@chromium.org> > Commit-Queue: Tommy Martino <tmartino@chromium.org> > Cr-Commit-Position: refs/heads/master@{#803555} # Not skipping CQ checks because this is a reland. TBR=davidben@chromium.org,emaxx@chromium.org,tmartino@chromium.org,tikuta@chromium.org,pmarko@chromium.org,amraboelkher@google.com,amraboelkher@chromium.org Bug: chromium:1094675 Binary-Size: Increase is temporary. Change-Id: Ia5c92b07b3614228823d2b4e883eb03e80474f37 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2388621 Commit-Queue: Amr Aboelkher <amraboelkher@chromium.org> Reviewed-by: Amr Aboelkher <amraboelkher@chromium.org> Cr-Commit-Position: refs/heads/master@{#803700}
2cb2db95 · Amr Aboelkher · Commit Bot · d0454ccc · 2cb2db95 · 2cb2db95
Commit 2cb2db95 authored Sep 01, 2020 by Amr Aboelkher Committed by Commit Bot Sep 01, 2020
5 changed files
--- a/chrome/test/BUILD.gn
+++ b/chrome/test/BUILD.gn
@@ -66,6 +66,9 @@ group("policy_testserver_pyproto") {
    "$root_out_dir/pyproto/components/policy/proto/device_management_backend_pb2.py",
    "$root_out_dir/pyproto/components/policy/proto/cloud_policy_pb2.py",
    "$root_out_dir/pyproto/components/policy/proto/policy_common_definitions_pb2.py",
+    "$root_out_dir/pyproto/third_party/shell-encryption/src/serialization_pb2.py",
+    "$root_out_dir/pyproto/third_party/private_membership/src/private_membership_pb2.py",
+    "$root_out_dir/pyproto/third_party/private_membership/src/private_membership_rlwe_pb2.py",
  ]

  if (!is_android) {
@@ -800,6 +803,9 @@ if (!is_android) {
      "//chrome:browser_tests_pak",
      "//chrome/browser/resources/media/mei_preload:component",
      "//chrome/test/data/webui:modulize",
+      "//components/policy/proto",
+      "//third_party/private_membership:private_membership_proto",
+      "//third_party/shell-encryption:serialization_proto",

      # TODO(thakis): Why do these need copying in browser_tests?
      # content_browsertests uses the non-copied files instead.

--- a/components/policy/proto/BUILD.gn
+++ b/components/policy/proto/BUILD.gn
@@ -67,7 +67,22 @@ proto_library("proto_internal") {
    sources += [ "chrome_extension_policy.proto" ]
  }

-  link_deps = [ ":policy_common_definitions_compile_proto" ]
+  extra_configs =
+      [ "//third_party/private_membership:private_membership_config" ]
+
+  import_dirs = [
+    "//third_party/private_membership/src",
+    "//third_party/shell-encryption/src",
+    ".",
+  ]
+
+  proto_in_dir = "//"
+
+  link_deps = [
+    ":policy_common_definitions_compile_proto",
+    "//third_party/private_membership:private_membership_proto",
+  ]
+
  cc_generator_options = "dllexport_decl=POLICY_PROTO_EXPORT:"
  cc_include = "components/policy/proto/policy_proto_export.h"
  component_build_force_source_set = true

--- a/components/policy/proto/device_management_backend.proto
+++ b/components/policy/proto/device_management_backend.proto
@@ -8,6 +8,8 @@ option optimize_for = LITE_RUNTIME;

 package enterprise_management;

+import "private_membership_rlwe.proto";
+
 // Everything below this comment will be synchronized between client and server
 // repos ( go/cros-proto-sync ).

@@ -2153,6 +2155,38 @@ message SessionStatusReportResponse {
  optional string error_message = 2;
 }

+// Request from client to query device state using Private Set Membership (PSM).
+// Please see go/cros-enterprise-psm and go/cros-client-psm for more details.
+message PrivateSetMembershipRequest {
+  // A request proto from the RLWE PSM protocol.
+  optional PrivateSetMembershipRlweRequest rlwe_request = 1;
+}
+
+message PrivateSetMembershipResponse {
+  // A response proto from the RLWE PSM protocol.
+  optional PrivateSetMembershipRlweResponse rlwe_response = 1;
+}
+
+message PrivateSetMembershipRlweRequest {
+  // First request sent by the client for checking membership.
+  optional private_membership.rlwe.PrivateMembershipRlweOprfRequest
+      oprf_request = 1;
+
+  // Second request sent by the client for checking membership.
+  optional private_membership.rlwe.PrivateMembershipRlweQueryRequest
+      query_request = 2;
+}
+
+message PrivateSetMembershipRlweResponse {
+  // First response sent by the server for checking membership.
+  optional private_membership.rlwe.PrivateMembershipRlweOprfResponse
+      oprf_response = 1;
+
+  // Second response sent by the server for checking membership.
+  optional private_membership.rlwe.PrivateMembershipRlweQueryResponse
+      query_response = 2;
+}
+
 // Request from device to server to determine whether the device should
 // go through enterprise enrollment. Unlike the other requests, this request is
 // not authenticated.
@@ -3437,6 +3471,7 @@ message ClientCertificateProvisioningResponse {
 //     * device_pairing
 //     * device_state_retrieval
 //     * enterprise_check
+//     * enterprise_psm_check
 //     * chrome_desktop_report
 //     * chrome_os_user_report
 //     * ping
@@ -3479,8 +3514,9 @@ message ClientCertificateProvisioningResponse {
 //     Authorization: GoogleDMToken token=<dm token from register>
 //
 //   * The Authorization header isn't used for enterprise_check,
-//     device_initial_enrollment_state or certificate_based_register requests,
-//     nor for register requests using OAuth. In the latter case, the OAuth
+//     enterprise_psm_check, device_initial_enrollment_state or
+//     certificate_based_register requests, nor for register
+//     requests using OAuth. In the latter case, the OAuth
 //     token is passed in the "oauth" parameter.
 //
 // DeviceManagementRequest should only contain one request which matches the
@@ -3628,11 +3664,9 @@ message DeviceManagementRequest {
  // Request to check user account for smart enrollment.
  optional CheckUserAccountRequest check_user_account_request = 36;

-  // This message is temporarily commented out due to build errors, to be
-  // resolved in crrev.com/c/2245131.
  // Request from device to check the state stored in PSM. Currently, it is used
-  // for ZT/LP device initial enrollment state check.
-  // optional PrivateSetMembershipRequest private_set_membership_request = 37;
+  // for ZTE/LP device initial enrollment state check.
+  optional PrivateSetMembershipRequest private_set_membership_request = 37;

  // Next id: 38.
 }
@@ -3767,10 +3801,8 @@ message DeviceManagementResponse {
  // Response to a checking user account type for smart enrollment.
  optional CheckUserAccountResponse check_user_account_response = 34;

-  // This message is temporarily commented out due to build errors, to be
-  // resolved in crrev.com/c/2245131.
  // Response to a client private set membership request.
-  // optional PrivateSetMembershipResponse private_set_membership_response = 35;
+  optional PrivateSetMembershipResponse private_set_membership_response = 35;

  // Next id: 36.
 }

--- a/components/policy/test_support/local_policy_test_server.cc
+++ b/components/policy/test_support/local_policy_test_server.cc
@@ -244,6 +244,13 @@ LocalPolicyTestServer::GetPythonPath() const {
                     .AppendASCII("policy")
                     .AppendASCII("proto"));

+  ret->push_back(pyproto_dir.AppendASCII("third_party")
+                     .AppendASCII("shell-encryption")
+                     .AppendASCII("src"));
+  ret->push_back(pyproto_dir.AppendASCII("third_party")
+                     .AppendASCII("private_membership")
+                     .AppendASCII("src"));
+
  return ret;
 }


--- a/net/test/spawned_test_server/local_test_server.cc
+++ b/net/test/spawned_test_server/local_test_server.cc
@@ -84,8 +84,8 @@ bool LocalTestServer::GetTestServerPath(base::FilePath* testserver_path) const {
    return false;
  }
  testserver_dir = testserver_dir.Append(FILE_PATH_LITERAL("net"))
-                                 .Append(FILE_PATH_LITERAL("tools"))
-                                 .Append(FILE_PATH_LITERAL("testserver"));
+                       .Append(FILE_PATH_LITERAL("tools"))
+                       .Append(FILE_PATH_LITERAL("testserver"));
  *testserver_path = testserver_dir.Append(FILE_PATH_LITERAL("testserver.py"));
  return true;
 }
@@ -161,9 +161,9 @@ bool LocalTestServer::Init(const base::FilePath& document_root) {
    return false;
  SetResourcePath(src_dir.Append(document_root),
                  src_dir.AppendASCII("net")
-                         .AppendASCII("data")
-                         .AppendASCII("ssl")
-                         .AppendASCII("certificates"));
+                      .AppendASCII("data")
+                      .AppendASCII("ssl")
+                      .AppendASCII("certificates"));
  return true;
 }

@@ -184,7 +184,7 @@ base::Optional<std::vector<base::FilePath>> LocalTestServer::GetPythonPath()
  // Locate the Python code generated by the protocol buffers compiler.
  base::FilePath pyproto_dir;
  if (GetPyProtoPath(&pyproto_dir)) {
-    ret.push_back(pyproto_dir);
+    ret.push_back(std::move(pyproto_dir));
  } else {
    LOG(WARNING) << "Cannot find pyproto dir for generated code. "
                 << "Testserver features that rely on it will not work";
@@ -215,7 +215,7 @@ bool LocalTestServer::AddCommandLineArguments(
          return false;
      }
    } else if (!AppendArgumentFromJSONValue(key, value, command_line)) {
-        return false;
+      return false;
    }
  }