Add class that performs CryptAuth v2 Enrollment flow

Implements the client end of the CryptAuth v2 Enrollment protocol, which
consists of two request/response interactions with the CryptAuth

1a) SyncKeysRequest: Contains the names of key bundles used by us--the
    client--as well as the handles and metadata of any existing keys in
    those key bundles. General metadata about the local device, such as
    hardware and feature support, is also included. Even if new key
    bundles are not being enrolled and no metadata is being changed, the
    Enrollment protocol requires periodic check-ins with the CryptAuth

1b) SyncKeysResponse: The response from CryptAuth includes instructions
    about what existing keys should be active, inactive, or deleted
    altogether. It also provides information about what new keys, if
    any, should be generated and added to one of the key bundles listed
    in the request.  Aside from key instructions, a client directive is
    returned, which provides paramaters related to scheduling the next
    check-in with the server.

2a) EnrollKeysRequest: The second request in the Enrollment protocol is
    only necessary if the client needs to enroll new keys, as denoted in
    the SyncKeysResponse. The request contains information such as the
    material of the new public key (if it is an asymmetric key) and
    necessary proof for verifying that we indeed possess the private or
    symmetric key.

2b) EnrollKeysResponse: We simply view this response as an indication
    that the EnrollKeysRequest was sucessful.

The enrollment flow is triggered on construction, and when the
enrollment attempt finishes--successfully or not--the |callback| is

Bug: 899080
Change-Id: I3bb662677b21247180e96dc96bf6eea7c4af25df
Commit-Queue: Josh Nohle <>
Reviewed-by: Kyle Horimoto <>
Cr-Commit-Position: refs/heads/master@{#636048}
7 files changed