[DeviceSync v2] Support devices without decrypted metadata

In v2 DeviceSync, CryptAuth will not return the encrypted group private key in a SyncMetadata response if other devices in the group have not uploaded the encrypted key yet, for instance if they are offline when a new device joins the group. And, devices without the group private key cannot decrypt device metadata sent in the SyncMetadata response. This metadata contains a public key used for multidevice (BetterTogether) features and a PII-free device name at the moment. In this CL, we allow devices to be stored without decrypted metadata. This is necessary to preserve the existing multidevice setup flow after migrating to v2 DeviceSync; only device names and supported features are needed to preserve the flow. See go/cros-devicesync-v2-multidevice. Bug: 951969 Change-Id: Id2986f866be5a86ea0b20afe5fffc1b9693c070c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1695963 Commit-Queue: Josh Nohle <nohle@chromium.org> Auto-Submit: Josh Nohle <nohle@chromium.org> Reviewed-by: Kyle Horimoto <khorimoto@chromium.org> Cr-Commit-Position: refs/heads/master@{#676220}

[DeviceSync v2] Support devices without decrypted metadata
In v2 DeviceSync, CryptAuth will not return the encrypted group private key in a SyncMetadata response if other devices in the group have not uploaded the encrypted key yet, for instance if they are offline when a new device joins the group. And, devices without the group private key cannot decrypt device metadata sent in the SyncMetadata response. This metadata contains a public key used for multidevice (BetterTogether) features and a PII-free device name at the moment. In this CL, we allow devices to be stored without decrypted metadata. This is necessary to preserve the existing multidevice setup flow after migrating to v2 DeviceSync; only device names and supported features are needed to preserve the flow. See go/cros-devicesync-v2-multidevice. Bug: 951969 Change-Id: Id2986f866be5a86ea0b20afe5fffc1b9693c070c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1695963 Commit-Queue: Josh Nohle <nohle@chromium.org> Auto-Submit: Josh Nohle <nohle@chromium.org> Reviewed-by: Kyle Horimoto <khorimoto@chromium.org> Cr-Commit-Position: refs/heads/master@{#676220}
2ec27377 · Josh Nohle · Commit Bot · 4487c45a · 2ec27377 · 2ec27377
Commit 2ec27377 authored Jul 11, 2019 by Josh Nohle Committed by Commit Bot Jul 11, 2019
3 changed files
--- a/chromeos/services/device_sync/cryptauth_device.cc
+++ b/chromeos/services/device_sync/cryptauth_device.cc
@@ -93,11 +93,15 @@ base::Optional<CryptAuthDevice> CryptAuthDevice::FromDictionary(
    return base::nullopt;
  base::Optional<cryptauthv2::BetterTogetherDeviceMetadata>
-      better_together_device_metadata = util::DecodeProtoMessageFromValueString<
+      better_together_device_metadata;
-          cryptauthv2::BetterTogetherDeviceMetadata>(
+  const base::Value* metadata_value =
-          dict.FindKey(kBetterTogetherDeviceMetadataDictKey));
+      dict.FindKey(kBetterTogetherDeviceMetadataDictKey);
-  if (!better_together_device_metadata)
+  if (metadata_value) {
-    return base::nullopt;
+    better_together_device_metadata = util::DecodeProtoMessageFromValueString<
+        cryptauthv2::BetterTogetherDeviceMetadata>(metadata_value);
+    if (!better_together_device_metadata)
+      return base::nullopt;
+  }
  base::Optional<
      std::map<multidevice::SoftwareFeature, multidevice::SoftwareFeatureState>>
@@ -108,7 +112,7 @@ base::Optional<CryptAuthDevice> CryptAuthDevice::FromDictionary(
  return CryptAuthDevice(*instance_id, *device_name,
                         *device_better_together_public_key, *last_update_time,
-                         *better_together_device_metadata, *feature_states);
+                         better_together_device_metadata, *feature_states);
 }
 CryptAuthDevice::CryptAuthDevice(const std::string& instance_id)
@@ -121,7 +125,7 @@ CryptAuthDevice::CryptAuthDevice(
    const std::string& device_name,
    const std::string& device_better_together_public_key,
    const base::Time& last_update_time,
-    const cryptauthv2::BetterTogetherDeviceMetadata&
+    const base::Optional<cryptauthv2::BetterTogetherDeviceMetadata>&
        better_together_device_metadata,
    const std::map<multidevice::SoftwareFeature,
                   multidevice::SoftwareFeatureState>& feature_states)
@@ -145,22 +149,30 @@ base::Value CryptAuthDevice::AsDictionary() const {
  dict.SetKey(kDeviceBetterTogetherPublicKeyDictKey,
              util::EncodeAsValueString(device_better_together_public_key));
  dict.SetKey(kLastUpdateTimeDictKey, ::util::TimeToValue(last_update_time));
-  dict.SetKey(
-      kBetterTogetherDeviceMetadataDictKey,
-      util::EncodeProtoMessageAsValueString(&better_together_device_metadata));
  dict.SetKey(kFeatureStatesDictKey, FeatureStatesToDictionary(feature_states));
+  if (better_together_device_metadata) {
+    dict.SetKey(kBetterTogetherDeviceMetadataDictKey,
+                util::EncodeProtoMessageAsValueString(
+                    &better_together_device_metadata.value()));
+  }
  return dict;
 }
 bool CryptAuthDevice::operator==(const CryptAuthDevice& other) const {
-  return instance_id_ == other.instance_id_ &&
+  bool does_metadata_match =
+      (!better_together_device_metadata &&
+       !other.better_together_device_metadata) ||
+      (better_together_device_metadata.has_value() &&
+       better_together_device_metadata.has_value() &&
+       better_together_device_metadata->SerializeAsString() ==
+           other.better_together_device_metadata->SerializeAsString());
+  return does_metadata_match && instance_id_ == other.instance_id_ &&
         device_name == other.device_name &&
         device_better_together_public_key ==
             other.device_better_together_public_key &&
         last_update_time == other.last_update_time &&
-         better_together_device_metadata.SerializeAsString() ==
-             other.better_together_device_metadata.SerializeAsString() &&
         feature_states == other.feature_states;
 }

--- a/chromeos/services/device_sync/cryptauth_device.h
+++ b/chromeos/services/device_sync/cryptauth_device.h
@@ -27,14 +27,14 @@ class CryptAuthDevice {
      const base::Value& dict);
  // |instance_id|: The Instance ID, used as a unique device identifier. Cannot
-  //     be empty.
+  //                be empty.
  explicit CryptAuthDevice(const std::string& instance_id);
  CryptAuthDevice(
      const std::string& instance_id,
      const std::string& device_name,
      const std::string& device_better_together_public_key,
      const base::Time& last_update_time,
-      const cryptauthv2::BetterTogetherDeviceMetadata&
+      const base::Optional<cryptauthv2::BetterTogetherDeviceMetadata>&
          better_together_device_metadata,
      const std::map<multidevice::SoftwareFeature,
                     multidevice::SoftwareFeatureState>& feature_states);
@@ -75,8 +75,9 @@ class CryptAuthDevice {
  base::Time last_update_time;
  // Device metadata relevant to the suite of multi-device ("Better Together")
-  // features.
+  // features. Null if metadata could not be decrypted.
-  cryptauthv2::BetterTogetherDeviceMetadata better_together_device_metadata;
+  base::Optional<cryptauthv2::BetterTogetherDeviceMetadata>
+      better_together_device_metadata;
  // A map from the multi-device feature type (example: kBetterTogetherHost) to
  // feature state (example: kEnabled).

--- a/chromeos/services/device_sync/cryptauth_device_registry_impl_unittest.cc
+++ b/chromeos/services/device_sync/cryptauth_device_registry_impl_unittest.cc
@@ -78,7 +78,7 @@ class DeviceSyncCryptAuthDeviceRegistryImplTest : public testing::Test {
                          kFakeFeatureStates0),
          CryptAuthDevice(kInstanceId1, kDeviceName1,
                          kDeviceBetterTogetherPublicKey1, kLastUpdateTime1,
-                          cryptauthv2::GetBetterTogetherDeviceMetadataForTest(),
+                          base::nullopt /* better_together_device_metadata */,
                          kFakeFeatureStates1)};
    }());