Add feature flag to toggle between double and triple keyed Network Anonymization Key scheme. When kEnableDoubleKeyNetworkAnonymizationKey is enabled, the frame_site value of the NAK will be set to nullopt. This will make the partition key not reliant on the frame site of the requestor. Bug: 1343856 Change-Id: I3e3699177addf3db54d667db5b1b607f1f882c8d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3782900 Reviewed-by: Matt Menke <[email protected]> Commit-Queue: Brianna Goldstein <[email protected]> Cr-Commit-Position: refs/heads/main@{#1027890}

commit: 1ad5e96ef9bed7fbd09d958a306f97c766988450 [log] [tgz]
author: Brianna Goldstein <[email protected]> Mon Jul 25 19:17:46 2022
committer: Chromium LUCI CQ <[email protected]> Mon Jul 25 19:17:46 2022
tree: 9cc13df3911e202dfbffc86dd9975869f603e624
parent: e4e769cb1e20e4458bdef165c5f6749c62f25baf [diff] [blame]
diff --git a/net/base/network_anonymization_key.h b/net/base/network_anonymization_key.h
index 155c652..a9610b9 100644
--- a/net/base/network_anonymization_key.h
+++ b/net/base/network_anonymization_key.h

@@ -130,6 +130,12 @@
     return nonce_;
   }
 
+  // Returns true if the NetworkAnonymizationKey has a double keyed scheme. This
+  // means the values of the NetworkAnonymizationKey are as follows:
+  // `top_frame_site` -> the schemeful site of the top level page.
+  // `frame_site ` -> nullopt
+  static bool IsDoubleKeyingEnabled();
+
  private:
   std::string GetSiteDebugString(
       const absl::optional<SchemefulSite>& site) const;
commit	1ad5e96ef9bed7fbd09d958a306f97c766988450	[log] [tgz]
author	Brianna Goldstein <[email protected]>	Mon Jul 25 19:17:46 2022
committer	Chromium LUCI CQ <[email protected]>	Mon Jul 25 19:17:46 2022
tree	9cc13df3911e202dfbffc86dd9975869f603e624
parent	e4e769cb1e20e4458bdef165c5f6749c62f25baf [diff] [blame]