device/fido: add a cache for authenticator ECDH keys.

While, at the moment, I don't believe we will end up asking for the
authenticator's ECDH key twice, when we support the PRF extension we
could. Thus add a cache and skip asking an authenticator for it twice.

Change-Id: I73ecaa38447cbbe04f34c12d83f9c79bca553c90
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2255208
Commit-Queue: Adam Langley <agl@chromium.org>
Auto-Submit: Adam Langley <agl@chromium.org>
Reviewed-by: Martin Kreichgauer <martinkr@google.com>
Cr-Commit-Position: refs/heads/master@{#781110}

device/fido/fido_device_authenticator.cc

@@ -147,6 +147,12 @@ void FidoDeviceAuthenticator::GetPinRetries(GetRetriesCallback callback) {
 
 void FidoDeviceAuthenticator::GetEphemeralKey(
     GetEphemeralKeyCallback callback) {
+  if (cached_ephemeral_key_.has_value()) {
+    std::move(callback).Run(CtapDeviceResponseCode::kSuccess,
+                            cached_ephemeral_key_);
+    return;
+  }
+
   DCHECK(Options());
   DCHECK(
       Options()->client_pin_availability !=
@@ -154,10 +160,26 @@ void FidoDeviceAuthenticator::GetEphemeralKey(
       Options()->supports_pin_uv_auth_token);
 
   RunOperation<pin::KeyAgreementRequest, pin::KeyAgreementResponse>(
-      pin::KeyAgreementRequest(), std::move(callback),
+      pin::KeyAgreementRequest(),
+      base::BindOnce(&FidoDeviceAuthenticator::OnHaveEphemeralKey,
+                     weak_factory_.GetWeakPtr(), std::move(callback)),
       base::BindOnce(&pin::KeyAgreementResponse::Parse));
 }
 
+void FidoDeviceAuthenticator::OnHaveEphemeralKey(
+    GetEphemeralKeyCallback callback,
+    CtapDeviceResponseCode status,
+    base::Optional<pin::KeyAgreementResponse> key) {
+  if (status != CtapDeviceResponseCode::kSuccess) {
+    std::move(callback).Run(status, base::nullopt);
+  }
+  DCHECK(key.has_value());
+
+  cached_ephemeral_key_.emplace(std::move(key.value()));
+  std::move(callback).Run(CtapDeviceResponseCode::kSuccess,
+                          cached_ephemeral_key_);
+}
+
 void FidoDeviceAuthenticator::GetPINToken(
     std::string pin,
     const std::vector<pin::Permissions>& permissions,

device/fido/fido_device_authenticator.h

@@ -127,6 +127,9 @@ class COMPONENT_EXPORT(DEVICE_FIDO) FidoDeviceAuthenticator
                               base::Optional<pin::KeyAgreementResponse>)>;
   void InitializeAuthenticatorDone(base::OnceClosure callback);
   void GetEphemeralKey(GetEphemeralKeyCallback callback);
+  void OnHaveEphemeralKey(GetEphemeralKeyCallback callback,
+                          CtapDeviceResponseCode status,
+                          base::Optional<pin::KeyAgreementResponse> key);
   void OnHaveEphemeralKeyForGetPINToken(
       std::string pin,
       uint8_t permissions,
@@ -182,6 +185,7 @@ class COMPONENT_EXPORT(DEVICE_FIDO) FidoDeviceAuthenticator
   base::Optional<AuthenticatorSupportedOptions> options_;
   std::unique_ptr<FidoTask> task_;
   std::unique_ptr<GenericDeviceOperation> operation_;
+  base::Optional<pin::KeyAgreementResponse> cached_ephemeral_key_;
   base::WeakPtrFactory<FidoDeviceAuthenticator> weak_factory_{this};
 
   DISALLOW_COPY_AND_ASSIGN(FidoDeviceAuthenticator);