Implement support for bidNonce and seller nonces
Introduce a mechanism that allows sellers to avoid giving the same nonce
to all buyers, since this can be used to determine that these buyers are
in the same auction. Instead, a new nonce is given to each buyer based
on the SHA-256 combination of both the auctionNonce and a new seller
nonce, which is given to the browser, but not to buyers.
The browser can verify the bidNonce from bids by computing the expected
bidNonce for a given auctionNonce and seller nonce, thus preserving the
existing replay protections of the auctionNonce.
Bug: 40275797
Fuchsia-Binary-Size: Size increase is unavoidable.
Change-Id: I9f2a6117891b30c33cc6831c63f6622faf6f55f1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5905479
Reviewed-by: Orr Bernstein orrb@google.com
Reviewed-by: Mike Taylor miketaylr@chromium.org
Reviewed-by: Brendon Tiszka tiszka@chromium.org
Commit-Queue: Caleb Raitto caraitto@chromium.org
Cr-Commit-Position: refs/heads/main@{#1376464}