[Nearby] Do not log error for key decryption failure

Even if a metadata encryption key is decrypted successfully, i.e., bytes
are returned, it might not correspond to the intended key. This is
expected for Nearby Share because we try to decrypt the metadata
encryption keys for all public certificates until we find the right
one. Key decryption failures and mismatched key commitments will be
common, so do not log errors.

Change-Id: Ia916db644dc5e33bb7647a6cd0b3f925b22d3630
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2350301
Commit-Queue: Josh Nohle <nohle@chromium.org>
Commit-Queue: James Vecore <vecore@google.com>
Auto-Submit: Josh Nohle <nohle@chromium.org>
Reviewed-by: James Vecore <vecore@google.com>
Cr-Commit-Position: refs/heads/master@{#797031}

chrome/browser/nearby_sharing/certificates/nearby_share_decrypted_public_certificate.cc

@@ -126,21 +126,18 @@ NearbyShareDecryptedPublicCertificate::DecryptPublicCertificate(
     return base::nullopt;
   }
 
-  // Note: Failure to decrypt the metadata key should not log an error. When
-  // another device advertises their encrypted metadata key, we do not know what
-  // public certificate that corresponds too. So, we will potentially be calling
-  // DecryptPublicCertificate() on all of our public certificates with the same
-  // encrypted metadata key until we find the correct one.
+  // Note: Failure to decrypt the metadata key or failure to confirm that the
+  // decrypted metadata key agrees with the key commitment tag should not log an
+  // error. When another device advertises their encrypted metadata key, we do
+  // not know what public certificate that corresponds to. So, we will
+  // potentially be calling DecryptPublicCertificate() on all of our public
+  // certificates with the same encrypted metadata key until we find the correct
+  // one.
   base::Optional<std::vector<uint8_t>> decrypted_metadata_key =
       DecryptMetadataKey(encrypted_metadata_key, secret_key.get());
-  if (!decrypted_metadata_key)
-    return base::nullopt;
-
-  // Confirm that the decrypted metadata key agrees with key commitment tag.
-  if (!VerifyMetadataEncryptionKeyTag(*decrypted_metadata_key,
+  if (!decrypted_metadata_key ||
+      !VerifyMetadataEncryptionKeyTag(*decrypted_metadata_key,
                                       metadata_encryption_key_tag)) {
-    NS_LOG(ERROR) << "Metadata decryption failed: Failed to verify metadata "
-                  << "encryption key tag.";
     return base::nullopt;
   }
 

chrome/browser/nearby_sharing/certificates/nearby_share_decrypted_public_certificate_unittest.cc

@@ -63,7 +63,7 @@ TEST(NearbyShareDecryptedPublicCertificateTest, Decrypt_InvalidDataFailure) {
       proto_cert, GetNearbyShareTestEncryptedMetadataKey()));
 }
 
-TEST(NearbySharePublicCertificateTest, Verify) {
+TEST(NearbyShareDecryptedPublicCertificateTest, Verify) {
   base::Optional<NearbyShareDecryptedPublicCertificate> cert =
       NearbyShareDecryptedPublicCertificate::DecryptPublicCertificate(
           GetNearbyShareTestPublicCertificate(),