base/nonce.cc - Issue 2333443002: Add base::UnguessableToken

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: base/nonce.cc

Issue 2333443002: Add base::UnguessableToken (Closed)

Patch Set: Addressed comments. Added CHECKs, const time ==. Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: base/nonce.cc

diff --git a/base/nonce.cc b/base/nonce.cc

new file mode 100644

index 0000000000000000000000000000000000000000..cf43a4d635e09161384ac41d6ce7390d7650828f

--- /dev/null

+++ b/base/nonce.cc

@@ -0,0 +1,44 @@

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+#include "base/nonce.h"

+#include "base/format_macros.h"

+#include "base/rand_util.h"

+#include "base/strings/stringprintf.h"

+namespace base {

+// If base::Nonce is no longer 128 bits, the IPC serialization logic and Mojo

+// StructTraits should be updated to match the size of the struct.

+static_assert(sizeof(Nonce) == 2 * sizeof(uint64_t),

+ "base::Nonce should be of size 2 * sizeof(uint64_t).");

+Nonce::Nonce() : high_(0), low_(0) {}

+Nonce::Nonce(uint64_t high, uint64_t low) : high_(high), low_(low) {}

+std::string Nonce::ToString() const {

+ return base::StringPrintf("(%" PRIu64 ":%" PRIu64 ")", high_, low_);

+// static

+Nonce Nonce::Generate() {

+ Nonce nonce;

+ // Use base::RandBytes instead of crypto::RandBytes, because crypto calls the

+ // base version directly, and to prevent the dependency from base/ to crypto/.

+ base::RandBytes(&nonce, sizeof(nonce));

+ return nonce;

+// static

+Nonce Nonce::Deserialize(uint64_t high, uint64_t low) {

+ // Make sure we are not trying to deserialize an empty nonce.

+ // Sending an empty nonce accross processes likely means that

watk 2016/09/15 18:46:10 across

tguilbert 2016/09/15 22:57:39 Done.

+ // Nonce::Generate() was never called, which points to a security hole.

+ CHECK((high | low));

danakj 2016/09/15 18:06:36 DCHECK?

tguilbert 2016/09/15 22:57:39 I think this CHECK is important. There is no case

+ return Nonce(high, low);

+} // namespace base

« base/nonce.h ('K') | « base/nonce.h ('k') | base/nonce_unittest.cc » ('j') | no next file with comments »