[EasyUnlock] Serialize and store BeaconSeeds along as cryptohome key metadata.

chrome/browser/signin/easy_unlock_service_signin_chromeos.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/easy_unlock_service_signin_chromeos.h"
 
 #include <stdint.h>
 
 #include "base/base64url.h"
 #include "base/bind.h"
 #include "base/command_line.h"
+#include "base/json/json_string_value_serializer.h"
 #include "base/location.h"
 #include "base/logging.h"
 #include "base/memory/ptr_util.h"
 #include "base/sys_info.h"
 #include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_challenge_wrapper.h"
 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_key_manager.h"
 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.h"
 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager_factory.h"
@@ skipping 64 matching lines @@
     const chromeos::EasyUnlockKeyManager::GetDeviceDataListCallback& callback) {
   chromeos::EasyUnlockKeyManager* key_manager =
       chromeos::UserSessionManager::GetInstance()->GetEasyUnlockKeyManager();
   DCHECK(key_manager);
 
   key_manager->GetDeviceDataList(
       chromeos::UserContext(account_id),
       base::Bind(&RetryDataLoadOnError, account_id, backoff_ms, callback));
 }
 
+// Deserializes a vector of BeaconSeeds. If an error occurs, an empty vector
+// will be returned. Note: The logic to serialize BeaconSeeds lives in
+// EasyUnlockServiceRegular.
+std::vector<cryptauth::BeaconSeed> DeserializeBeaconSeeds(

[Ryan Hansberry, 2017/05/09 02:44:08]

Why should serialization and deserialization logic not live in something more
generic, like in cryptauth?

[Tim Song, 2017/05/10 18:23:26]

This would require some refactoring. Essentially, these values are stored
outside of the user session (as cryptohome key metadata) where CryptAuthService
is not available. 

Indeed, we should ideally have one serialization algorithm for both these use
cases, but the problem right now is that CryptAuth serializes from the
ExternalDeviceInfo proto, whereas we have some custom data scheme here.

It is a bigger refactoring effort (but probably worth it) to store the
serialized ExternalDeviceInfos in the cryptohome key metadata rather than these
custom fields. 

[Ryan Hansberry, 2017/05/15 15:36:41]

Got it. Can you please add a comment explaining this background?

[Tim Song, 2017/05/17 19:18:07]

Done.

+    const std::string& serialized_beacon_seeds) {
+  std::vector<cryptauth::BeaconSeed> beacon_seeds;
+
+  JSONStringValueDeserializer deserializer(serialized_beacon_seeds);
+  std::string error;
+  std::unique_ptr<base::Value> deserialized_value =
+      deserializer.Deserialize(nullptr, &error);
+  if (!deserialized_value) {
+    PA_LOG(ERROR) << "Unable to deserialize BeaconSeeds: " << error;
+    return beacon_seeds;
+  }
+
+  base::ListValue* beacon_seed_list;
+  if (!deserialized_value->GetAsList(&beacon_seed_list)) {
+    PA_LOG(ERROR) << "Deserialized BeaconSeeds value is not list.";
+    return beacon_seeds;
+  }
+
+  for (size_t i = 0; i < beacon_seed_list->GetSize(); ++i) {
+    std::string b64_beacon_seed;
+    if (!beacon_seed_list->GetString(i, &b64_beacon_seed)) {
+      PA_LOG(ERROR) << "Expected Base64 BeaconSeed.";
+      continue;
+    }
+
+    std::string proto_serialized_beacon_seed;
+    if (!base::Base64UrlDecode(b64_beacon_seed,
+                               base::Base64UrlDecodePolicy::REQUIRE_PADDING,
+                               &proto_serialized_beacon_seed)) {
+      PA_LOG(ERROR) << "Unable to Base64 decode BeaconSeed.";
+      continue;
+    }
+
+    cryptauth::BeaconSeed beacon_seed;
+    if (!beacon_seed.ParseFromString(proto_serialized_beacon_seed)) {
+      PA_LOG(ERROR) << "Unable to parse BeaconSeed proto.";
+      continue;
+    }
+
+    beacon_seeds.push_back(beacon_seed);
+  }
+
+  PA_LOG(INFO) << "Deserialized " << beacon_seeds.size() << " BeaconSeeds.";
+  return beacon_seeds;
+}
+
 }  // namespace
 
 EasyUnlockServiceSignin::UserData::UserData()
     : state(EasyUnlockServiceSignin::USER_DATA_STATE_INITIAL) {
 }
 
 EasyUnlockServiceSignin::UserData::~UserData() {}
 
 EasyUnlockServiceSignin::EasyUnlockServiceSignin(Profile* profile)
     : EasyUnlockService(profile),
@@ skipping 323 matching lines @@
     return;
 
   cryptauth::RemoteDeviceList remote_devices;
   for (const auto& device : devices) {
     std::string decoded_public_key, decoded_psk, decoded_challenge;
     if (!base::Base64UrlDecode(device.public_key,
                                base::Base64UrlDecodePolicy::REQUIRE_PADDING,
                                &decoded_public_key) ||
         !base::Base64UrlDecode(device.psk,
                                base::Base64UrlDecodePolicy::REQUIRE_PADDING,
-                               &decoded_psk) ||
-        !base::Base64UrlDecode(device.challenge,
-                               base::Base64UrlDecodePolicy::REQUIRE_PADDING,
-                               &decoded_challenge)) {
-      PA_LOG(ERROR) << "Unable base64url decode stored remote device: "
-                    << device.public_key;
+                               &decoded_psk)) {
+      PA_LOG(ERROR) << "Unable base64url decode stored remote device:\n"
+                    << "  public_key: " << device.public_key << "\n"
+                    << "  psk: " << device.psk;
       continue;
     }
     cryptauth::RemoteDevice remote_device(
         account_id.GetUserEmail(), std::string(), decoded_public_key,
         device.bluetooth_address, decoded_psk, decoded_challenge);
+
+    if (!device.serialized_beacon_seeds.empty()) {
+      PA_LOG(INFO) << "Deserializing BeaconSeeds: "
+                   << device.serialized_beacon_seeds;
+      // TODO(tengs): Assign deserialized BeaconSeeds to the RemoteDevice.
+      DeserializeBeaconSeeds(device.serialized_beacon_seeds);
+    } else {
+      PA_LOG(WARNING) << "No BeaconSeeds were loaded.";
+    }
+
     remote_devices.push_back(remote_device);
     PA_LOG(INFO) << "Loaded Remote Device:\n"
                  << "  user id: " << remote_device.user_id << "\n"
                  << "  name: " << remote_device.name << "\n"
                  << "  public key" << device.public_key << "\n"
                  << "  bt_addr:" << remote_device.bluetooth_address;
   }
 
   SetProximityAuthDevices(account_id, remote_devices);
 }
 
 const EasyUnlockServiceSignin::UserData*
     EasyUnlockServiceSignin::FindLoadedDataForCurrentUser() const {
   if (!account_id_.is_valid())
     return nullptr;
 
   const auto it = user_data_.find(account_id_);
   if (it == user_data_.end())
     return nullptr;
   if (it->second->state != USER_DATA_STATE_LOADED)
     return nullptr;
   return it->second.get();
 }