cryptohome: remove obsolete AuthorizationData usage

It was used only in UpdateKeyEx workflow, which was removed in [1][2][3]

[1]https://chromium-review.googlesource.com/c/chromium/src/+/2550904
[2]https://chromium-review.googlesource.com/c/chromiumos/platform/tast-tests/+/2566390
[3]https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2565147

Bug: chromium:1150430, b:172344610
Test: build
Change-Id: Ifb1de81e552277774eff207492e2b7a099e22697
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2567086Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org>
Reviewed-by: Denis Kuznetsov [CET] <antrim@chromium.org>
Commit-Queue: Daniil Lunev <dlunev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#833438}

chromeos/cryptohome/cryptohome_parameters.cc

@@ -107,63 +107,6 @@ AccountId GetAccountIdFromAccountIdentifier(
   return LookupUserByCryptohomeId(account_identifier.account_id());
 }
 
-KeyDefinition::AuthorizationData::Secret::Secret() : encrypt(false),
-                                                     sign(false),
-                                                     wrapped(false) {
-}
-
-KeyDefinition::AuthorizationData::Secret::Secret(
-    bool encrypt,
-    bool sign,
-    const std::string& symmetric_key,
-    const std::string& public_key,
-    bool wrapped)
-    : encrypt(encrypt),
-      sign(sign),
-      symmetric_key(symmetric_key),
-      public_key(public_key),
-      wrapped(wrapped) {
-}
-
-bool KeyDefinition::AuthorizationData::Secret::operator==(
-    const Secret& other) const {
-  return encrypt == other.encrypt &&
-         sign == other.sign &&
-         symmetric_key == other.symmetric_key &&
-         public_key == other.public_key &&
-         wrapped == other.wrapped;
-}
-
-KeyDefinition::AuthorizationData::AuthorizationData() : type(TYPE_HMACSHA256) {
-}
-
-KeyDefinition::AuthorizationData::AuthorizationData(
-    bool encrypt,
-    bool sign,
-    const std::string& symmetric_key) : type(TYPE_HMACSHA256) {
-    secrets.push_back(Secret(encrypt,
-                             sign,
-                             symmetric_key,
-                             std::string() /* public_key */,
-                             false /* wrapped */));
-}
-
-KeyDefinition::AuthorizationData::AuthorizationData(
-    const AuthorizationData& other) = default;
-
-KeyDefinition::AuthorizationData::~AuthorizationData() = default;
-
-bool KeyDefinition::AuthorizationData::operator==(
-    const AuthorizationData& other) const {
-  if (type != other.type || secrets.size() != other.secrets.size())
-    return false;
-  for (size_t i = 0; i < secrets.size(); ++i) {
-    if (!(secrets[i] == other.secrets[i]))
-      return false;
-  }
-  return true;
-}
-
 KeyDefinition::ProviderData::ProviderData() = default;
 
 KeyDefinition::ProviderData::ProviderData(const std::string& name)
@@ -252,15 +195,10 @@ bool KeyDefinition::operator==(const KeyDefinition& other) const {
       privileges != other.privileges || policy != other.policy ||
       revision != other.revision ||
       challenge_response_keys != other.challenge_response_keys ||
-      authorization_data.size() != other.authorization_data.size() ||
       provider_data.size() != other.provider_data.size()) {
     return false;
   }
 
-  for (size_t i = 0; i < authorization_data.size(); ++i) {
-    if (!(authorization_data[i] == other.authorization_data[i]))
-      return false;
-  }
   for (size_t i = 0; i < provider_data.size(); ++i) {
     if (!(provider_data[i] == other.provider_data[i]))
       return false;

chromeos/cryptohome/cryptohome_parameters.h

@@ -85,42 +85,6 @@ struct COMPONENT_EXPORT(CHROMEOS_CRYPTOHOME) KeyDefinition {
     TYPE_FINGERPRINT = 2,
   };
 
-  struct AuthorizationData {
-    enum Type {
-      TYPE_HMACSHA256 = 0,
-      TYPE_AES256CBC_HMACSHA256
-    };
-
-    struct Secret {
-      Secret();
-      Secret(bool encrypt,
-             bool sign,
-             const std::string& symmetric_key,
-             const std::string& public_key,
-             bool wrapped);
-
-      bool operator==(const Secret& other) const;
-
-      bool encrypt;
-      bool sign;
-      std::string symmetric_key;
-      std::string public_key;
-      bool wrapped;
-    };
-
-    AuthorizationData();
-    AuthorizationData(bool encrypt,
-                      bool sign,
-                      const std::string& symmetric_key);
-    AuthorizationData(const AuthorizationData& other);
-    ~AuthorizationData();
-
-    bool operator==(const AuthorizationData& other) const;
-
-    Type type;
-    std::vector<Secret> secrets;
-  };
-
   // This struct holds metadata that will be stored alongside the key. Each
   // |ProviderData| entry must have a |name| and may hold either a |number| or a
   // sequence of |bytes|. The metadata is entirely opaque to cryptohome. It is
@@ -177,7 +141,6 @@ struct COMPONENT_EXPORT(CHROMEOS_CRYPTOHOME) KeyDefinition {
   std::string secret;
   std::vector<chromeos::ChallengeResponseKey> challenge_response_keys;
 
-  std::vector<AuthorizationData> authorization_data;
   std::vector<ProviderData> provider_data;
 };
 

chromeos/cryptohome/cryptohome_util.cc

@@ -69,20 +69,6 @@ void KeyDefPrivilegesToKeyPrivileges(int key_def_privileges,
                                     PRIV_AUTHORIZED_UPDATE);
 }
 
-// TODO(crbug.com/797848): Add tests that cover this logic.
-void KeyDefSecretToKeyAuthorizationSecret(
-    const KeyDefinition::AuthorizationData::Secret& key_def_secret,
-    KeyAuthorizationSecret* secret) {
-  secret->mutable_usage()->set_encrypt(key_def_secret.encrypt);
-  secret->mutable_usage()->set_sign(key_def_secret.sign);
-  secret->set_wrapped(key_def_secret.wrapped);
-  if (!key_def_secret.symmetric_key.empty())
-    secret->set_symmetric_key(key_def_secret.symmetric_key);
-
-  if (!key_def_secret.public_key.empty())
-    secret->set_public_key(key_def_secret.public_key);
-}
-
 // TODO(crbug.com/797848): Add tests that cover this logic.
 void KeyDefProviderDataToKeyProviderDataEntry(
     const KeyDefinition::ProviderData& provider_data,
@@ -95,17 +81,6 @@ void KeyDefProviderDataToKeyProviderDataEntry(
     entry->set_bytes(*provider_data.bytes);
 }
 
-// TODO(crbug.com/797848): Add tests that cover this logic.
-KeyAuthorizationData::KeyAuthorizationType GetKeyAuthDataType(
-    KeyDefinition::AuthorizationData::Type key_def_auth_data_type) {
-  switch (key_def_auth_data_type) {
-    case KeyDefinition::AuthorizationData::TYPE_HMACSHA256:
-      return KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_HMACSHA256;
-    case KeyDefinition::AuthorizationData::TYPE_AES256CBC_HMACSHA256:
-      return KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_AES256CBC_HMACSHA256;
-  }
-}
-
 }  // namespace
 
 MountError MountExReplyToMountError(const base::Optional<BaseReply>& reply) {
@@ -182,16 +157,6 @@ std::vector<KeyDefinition> GetKeyDataReplyToKeyDefinitions(
         it->policy().low_entropy_credential();
     key_definition.policy.auth_locked = it->policy().auth_locked();
 
-    // Extract |authorization_data|.
-    for (RepeatedPtrField<KeyAuthorizationData>::const_iterator auth_it =
-             it->authorization_data().begin();
-         auth_it != it->authorization_data().end(); ++auth_it) {
-      key_definition.authorization_data.push_back(
-          KeyDefinition::AuthorizationData());
-      KeyAuthorizationDataToAuthorizationData(
-          *auth_it, &key_definition.authorization_data.back());
-    }
-
     // Extract |provider_data|.
     for (RepeatedPtrField<KeyProviderData::Entry>::const_iterator
              provider_data_it = it->provider_data().entry().begin();
@@ -310,15 +275,6 @@ void KeyDefinitionToKey(const KeyDefinition& key_def, Key* key) {
                                     data->mutable_privileges());
   }
 
-  for (const auto& key_def_auth_data : key_def.authorization_data) {
-    KeyAuthorizationData* auth_data = data->add_authorization_data();
-    auth_data->set_type(GetKeyAuthDataType(key_def_auth_data.type));
-    for (const auto& key_def_secret : key_def_auth_data.secrets) {
-      KeyDefSecretToKeyAuthorizationSecret(key_def_secret,
-                                           auth_data->add_secrets());
-    }
-  }
-
   for (const auto& provider_data : key_def.provider_data) {
     KeyDefProviderDataToKeyProviderDataEntry(
         provider_data, data->mutable_provider_data()->add_entry());
@@ -400,26 +356,4 @@ MountError CryptohomeErrorToMountError(CryptohomeErrorCode code) {
   }
 }
 
-void KeyAuthorizationDataToAuthorizationData(
-    const KeyAuthorizationData& authorization_data_proto,
-    KeyDefinition::AuthorizationData* authorization_data) {
-  switch (authorization_data_proto.type()) {
-    case KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_HMACSHA256:
-      authorization_data->type =
-          KeyDefinition::AuthorizationData::TYPE_HMACSHA256;
-      break;
-    case KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_AES256CBC_HMACSHA256:
-      authorization_data->type =
-          KeyDefinition::AuthorizationData::TYPE_AES256CBC_HMACSHA256;
-      break;
-  }
-
-  for (const auto& secret : authorization_data_proto.secrets()) {
-    authorization_data->secrets.push_back(
-        KeyDefinition::AuthorizationData::Secret(
-            secret.usage().encrypt(), secret.usage().sign(),
-            secret.symmetric_key(), secret.public_key(), secret.wrapped()));
-  }
-}
-
 }  // namespace cryptohome

chromeos/cryptohome/cryptohome_util.h

@@ -66,13 +66,6 @@ void KeyDefinitionToKey(const KeyDefinition& key_def, Key* key);
 COMPONENT_EXPORT(CHROMEOS_CRYPTOHOME)
 MountError CryptohomeErrorToMountError(CryptohomeErrorCode code);
 
-// Converts the given KeyAuthorizationData to AuthorizationData pointed to by
-// |authorization_data|.
-COMPONENT_EXPORT(CHROMEOS_CRYPTOHOME)
-void KeyAuthorizationDataToAuthorizationData(
-    const KeyAuthorizationData& authorization_data_proto,
-    KeyDefinition::AuthorizationData* authorization_data);
-
 }  // namespace cryptohome
 
 #endif  // CHROMEOS_CRYPTOHOME_CRYPTOHOME_UTIL_H_

chromeos/cryptohome/cryptohome_util_unittest.cc

@@ -385,53 +385,6 @@ TEST(CryptohomeUtilTest, KeyDefinitionToKey_ChallengeResponse) {
   EXPECT_EQ(key.data().challenge_response_key(1).signature_algorithm(1),
             kKey2Algorithm2Proto);
 }
-
-TEST(CryptohomeUtilTest, KeyAuthorizationDataToAuthorizationDataHmacSha256) {
-  KeyAuthorizationData auth_data_proto;
-  auth_data_proto.set_type(
-      KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_HMACSHA256);
-  KeyDefinition::AuthorizationData auth_data;
-
-  KeyAuthorizationDataToAuthorizationData(auth_data_proto, &auth_data);
-
-  EXPECT_EQ(auth_data.type, KeyDefinition::AuthorizationData::TYPE_HMACSHA256);
-}
-
-TEST(CryptohomeUtilTest, KeyAuthorizationDataToAuthorizationDataAes256Cbc) {
-  KeyAuthorizationData auth_data_proto;
-  auth_data_proto.set_type(
-      KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_AES256CBC_HMACSHA256);
-  KeyDefinition::AuthorizationData auth_data;
-
-  KeyAuthorizationDataToAuthorizationData(auth_data_proto, &auth_data);
-
-  EXPECT_EQ(auth_data.type,
-            KeyDefinition::AuthorizationData::TYPE_AES256CBC_HMACSHA256);
-}
-
-TEST(CryptohomeUtilTest, KeyAuthorizationDataToAuthorizationDataSecret) {
-  constexpr bool kEncrypt = true;
-  constexpr bool kSign = false;
-  constexpr bool kWrapped = true;
-  const std::string kSymmetricKey = "symmetric_key";
-  const std::string kPublicKey = "public_key";
-  KeyAuthorizationData auth_data_proto;
-  KeyAuthorizationSecret* secret = auth_data_proto.add_secrets();
-  KeyAuthorizationSecretUsage* usage = secret->mutable_usage();
-  usage->set_encrypt(kEncrypt);
-  usage->set_sign(kSign);
-  secret->set_wrapped(kWrapped);
-  secret->set_symmetric_key(kSymmetricKey);
-  secret->set_public_key(kPublicKey);
-  KeyDefinition::AuthorizationData::Secret expected_secret(
-      kEncrypt, kSign, kSymmetricKey, kPublicKey, kWrapped);
-  KeyDefinition::AuthorizationData auth_data;
-
-  KeyAuthorizationDataToAuthorizationData(auth_data_proto, &auth_data);
-
-  EXPECT_EQ(auth_data.secrets.back(), expected_secret);
-}
-
 TEST(CryptohomeUtilTest, AccountDiskUsageReplyToUsageSizeNullOptional) {
   const base::Optional<BaseReply> reply = base::nullopt;
 
@@ -530,8 +483,6 @@ TEST(CryptohomeUtilTest, GetKeyDataReplyToKeyDefinitionsTwoEntries) {
   key_data->set_label(kKeyLabel);
   key_data->mutable_privileges()->set_update(false);
   key_data->set_revision(kKeyRevision);
-  key_data->add_authorization_data()->set_type(
-      KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_HMACSHA256);
   KeyProviderData* data = key_data->mutable_provider_data();
   KeyProviderData::Entry* entry1 = data->add_entry();
   entry1->set_name(kProviderData1Name);
@@ -551,9 +502,6 @@ TEST(CryptohomeUtilTest, GetKeyDataReplyToKeyDefinitionsTwoEntries) {
   EXPECT_EQ(kKeyLabel, key_definition.label);
   EXPECT_EQ(PRIV_ADD | PRIV_REMOVE, key_definition.privileges);
   EXPECT_EQ(kKeyRevision, key_definition.revision);
-  ASSERT_EQ(1u, key_definition.authorization_data.size());
-  EXPECT_EQ(KeyDefinition::AuthorizationData::TYPE_HMACSHA256,
-            key_definition.authorization_data.front().type);
   ASSERT_EQ(2u, key_definition.provider_data.size());
   const KeyDefinition::ProviderData* provider_data =
       &key_definition.provider_data[0];