Reland "PSM: Support PSM RLWE based message definitions in Chromium"

This reverts commit 6e670242.

Reason for reland: shell-encryption tests were failing for Win and Android, see: crbug.com/1124018. Then all tests have been disabled for all platforms except for ChromeOS, until the problem being solved from the upstream, then being rolled into Chromium.

Original change's description:
> Revert "PSM: Support PSM RLWE based message definitions in Chromium"
>
> This reverts commit 33d4fbea.
>
> Reason for revert: We believe this is causing the build failure that closed the tree: https://ci.chromium.org/p/chromium/builders/ci/win-archive-rel/17171?
>
> Original change's description:
> > PSM: Support PSM RLWE based message definitions in Chromium
> >
> > This CL adds the communication between client and server
> > for issuing and retrieving determination using PSM. It also
> > supports the usage of private_membership third_party protos
> > package in device_management_backend.
> >
> > BUG=chromium:1094675
> >
> > Binary-Size: Increase is temporary.
> > Change-Id: If791aa1a4a936e1d42fde397a33c1a19c640359d
> > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2245131
> > Reviewed-by: David Benjamin <davidben@chromium.org>
> > Reviewed-by: Amr Aboelkher <amraboelkher@chromium.org>
> > Reviewed-by: Pavol Marko <pmarko@chromium.org>
> > Commit-Queue: Amr Aboelkher <amraboelkher@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#803532}
>
> TBR=davidben@chromium.org,emaxx@chromium.org,tikuta@chromium.org,pmarko@chromium.org,amraboelkher@google.com,amraboelkher@chromium.org
>
> Change-Id: I33f2f9200c3ef24d7c6059d116a88807d83aa0f0
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: chromium:1094675
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2388267
> Reviewed-by: Tommy Martino <tmartino@chromium.org>
> Commit-Queue: Tommy Martino <tmartino@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#803555}

# Not skipping CQ checks because this is a reland.


TBR=davidben@chromium.org,emaxx@chromium.org,tmartino@chromium.org,tikuta@chromium.org,pmarko@chromium.org,amraboelkher@google.com,amraboelkher@chromium.org

Bug: chromium:1094675
Binary-Size: Increase is temporary.
Change-Id: Ia5c92b07b3614228823d2b4e883eb03e80474f37
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2388621
Commit-Queue: Amr Aboelkher <amraboelkher@chromium.org>
Reviewed-by: Amr Aboelkher <amraboelkher@chromium.org>
Cr-Commit-Position: refs/heads/master@{#803700}

chrome/test/BUILD.gn

@@ -66,6 +66,9 @@ group("policy_testserver_pyproto") {
     "$root_out_dir/pyproto/components/policy/proto/device_management_backend_pb2.py",
     "$root_out_dir/pyproto/components/policy/proto/cloud_policy_pb2.py",
     "$root_out_dir/pyproto/components/policy/proto/policy_common_definitions_pb2.py",
+    "$root_out_dir/pyproto/third_party/shell-encryption/src/serialization_pb2.py",
+    "$root_out_dir/pyproto/third_party/private_membership/src/private_membership_pb2.py",
+    "$root_out_dir/pyproto/third_party/private_membership/src/private_membership_rlwe_pb2.py",
   ]
 
   if (!is_android) {
@@ -800,6 +803,9 @@ if (!is_android) {
       "//chrome:browser_tests_pak",
       "//chrome/browser/resources/media/mei_preload:component",
       "//chrome/test/data/webui:modulize",
+      "//components/policy/proto",
+      "//third_party/private_membership:private_membership_proto",
+      "//third_party/shell-encryption:serialization_proto",
 
       # TODO(thakis): Why do these need copying in browser_tests?
       # content_browsertests uses the non-copied files instead.

components/policy/proto/BUILD.gn

@@ -67,7 +67,22 @@ proto_library("proto_internal") {
     sources += [ "chrome_extension_policy.proto" ]
   }
 
-  link_deps = [ ":policy_common_definitions_compile_proto" ]
+  extra_configs =
+      [ "//third_party/private_membership:private_membership_config" ]
+
+  import_dirs = [
+    "//third_party/private_membership/src",
+    "//third_party/shell-encryption/src",
+    ".",
+  ]
+
+  proto_in_dir = "//"
+
+  link_deps = [
+    ":policy_common_definitions_compile_proto",
+    "//third_party/private_membership:private_membership_proto",
+  ]
+
   cc_generator_options = "dllexport_decl=POLICY_PROTO_EXPORT:"
   cc_include = "components/policy/proto/policy_proto_export.h"
   component_build_force_source_set = true

components/policy/proto/device_management_backend.proto

@@ -8,6 +8,8 @@ option optimize_for = LITE_RUNTIME;
 
 package enterprise_management;
 
+import "private_membership_rlwe.proto";
+
 // Everything below this comment will be synchronized between client and server
 // repos ( go/cros-proto-sync ).
 
@@ -2153,6 +2155,38 @@ message SessionStatusReportResponse {
   optional string error_message = 2;
 }
 
+// Request from client to query device state using Private Set Membership (PSM).
+// Please see go/cros-enterprise-psm and go/cros-client-psm for more details.
+message PrivateSetMembershipRequest {
+  // A request proto from the RLWE PSM protocol.
+  optional PrivateSetMembershipRlweRequest rlwe_request = 1;
+}
+
+message PrivateSetMembershipResponse {
+  // A response proto from the RLWE PSM protocol.
+  optional PrivateSetMembershipRlweResponse rlwe_response = 1;
+}
+
+message PrivateSetMembershipRlweRequest {
+  // First request sent by the client for checking membership.
+  optional private_membership.rlwe.PrivateMembershipRlweOprfRequest
+      oprf_request = 1;
+
+  // Second request sent by the client for checking membership.
+  optional private_membership.rlwe.PrivateMembershipRlweQueryRequest
+      query_request = 2;
+}
+
+message PrivateSetMembershipRlweResponse {
+  // First response sent by the server for checking membership.
+  optional private_membership.rlwe.PrivateMembershipRlweOprfResponse
+      oprf_response = 1;
+
+  // Second response sent by the server for checking membership.
+  optional private_membership.rlwe.PrivateMembershipRlweQueryResponse
+      query_response = 2;
+}
+
 // Request from device to server to determine whether the device should
 // go through enterprise enrollment. Unlike the other requests, this request is
 // not authenticated.
@@ -3437,6 +3471,7 @@ message ClientCertificateProvisioningResponse {
 //     * device_pairing
 //     * device_state_retrieval
 //     * enterprise_check
+//     * enterprise_psm_check
 //     * chrome_desktop_report
 //     * chrome_os_user_report
 //     * ping
@@ -3479,8 +3514,9 @@ message ClientCertificateProvisioningResponse {
 //     Authorization: GoogleDMToken token=<dm token from register>
 //
 //   * The Authorization header isn't used for enterprise_check,
-//     device_initial_enrollment_state or certificate_based_register requests,
-//     nor for register requests using OAuth. In the latter case, the OAuth
+//     enterprise_psm_check, device_initial_enrollment_state or
+//     certificate_based_register requests, nor for register
+//     requests using OAuth. In the latter case, the OAuth
 //     token is passed in the "oauth" parameter.
 //
 // DeviceManagementRequest should only contain one request which matches the
@@ -3628,11 +3664,9 @@ message DeviceManagementRequest {
   // Request to check user account for smart enrollment.
   optional CheckUserAccountRequest check_user_account_request = 36;
 
-  // This message is temporarily commented out due to build errors, to be
-  // resolved in crrev.com/c/2245131.
   // Request from device to check the state stored in PSM. Currently, it is used
-  // for ZT/LP device initial enrollment state check.
-  // optional PrivateSetMembershipRequest private_set_membership_request = 37;
+  // for ZTE/LP device initial enrollment state check.
+  optional PrivateSetMembershipRequest private_set_membership_request = 37;
 
   // Next id: 38.
 }
@@ -3767,10 +3801,8 @@ message DeviceManagementResponse {
   // Response to a checking user account type for smart enrollment.
   optional CheckUserAccountResponse check_user_account_response = 34;
 
-  // This message is temporarily commented out due to build errors, to be
-  // resolved in crrev.com/c/2245131.
   // Response to a client private set membership request.
-  // optional PrivateSetMembershipResponse private_set_membership_response = 35;
+  optional PrivateSetMembershipResponse private_set_membership_response = 35;
 
   // Next id: 36.
 }

components/policy/test_support/local_policy_test_server.cc

@@ -244,6 +244,13 @@ LocalPolicyTestServer::GetPythonPath() const {
                      .AppendASCII("policy")
                      .AppendASCII("proto"));
 
+  ret->push_back(pyproto_dir.AppendASCII("third_party")
+                     .AppendASCII("shell-encryption")
+                     .AppendASCII("src"));
+  ret->push_back(pyproto_dir.AppendASCII("third_party")
+                     .AppendASCII("private_membership")
+                     .AppendASCII("src"));
+
   return ret;
 }
 

net/test/spawned_test_server/local_test_server.cc

@@ -184,7 +184,7 @@ base::Optional<std::vector<base::FilePath>> LocalTestServer::GetPythonPath()
   // Locate the Python code generated by the protocol buffers compiler.
   base::FilePath pyproto_dir;
   if (GetPyProtoPath(&pyproto_dir)) {
-    ret.push_back(pyproto_dir);
+    ret.push_back(std::move(pyproto_dir));
   } else {
     LOG(WARNING) << "Cannot find pyproto dir for generated code. "
                  << "Testserver features that rely on it will not work";