-
tguilbert authored
cc::SurfaceId, gpu::Mailbox and ScopedSurfaceRequestManager need an unguessable identifier. Security recommends using 128 bits to make sure an ID is unguessable. However, there is no conveniently serializable way to represent 128 bits. This change introduces base::UnguessableToken, a 128 bit class with a cryptographically strong Create() function. UnguessableToken can be used by themselves, or as part of an aggregate ID. An empty UnguessableToken is a valid value. It is however illegal to send empty UnguessableToken across processes (because the resource that is supposed to be protected by the token would now be guessable). Sending empty tokens across processes is a security issue, and should be handled as such. This change also introduces the appropriate code to send tokens over IPC and Mojo. base::Optional should be used in cases where it may be valid to send no token (rather than sending an empty token). TEST=Added unittests. Also tested in a prototype that uses IPC and Mojo. BUG=643857 Review-Url: https://codereview.chromium.org/2333443002 Cr-Commit-Position: refs/heads/master@{#419550}
4a5ac609
