Add base::UnguessableToken

base/nonce_token.cc

Index: base/nonce_token.cc
diff --git a/base/nonce_token.cc b/base/nonce_token.cc
new file mode 100644
index 0000000000000000000000000000000000000000..0863e3e9583971d81aa9e429189aa7962ae8f30b
--- /dev/null
+++ b/base/nonce_token.cc
@@ -0,0 +1,43 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/nonce_token.h"
+
+#include "base/format_macros.h"
+#include "base/rand_util.h"
+#include "base/strings/stringprintf.h"
+
+namespace base {
+
+NonceToken::NonceToken(uint64_t high, uint64_t low) : high_(high), low_(low) {}
+
+std::string NonceToken::ToString() const {
+  return base::StringPrintf("(%" PRIu64 ":%" PRIu64 ")", high_, low_);
+}
+
+// static
+NonceToken NonceToken::Create() {
+  NonceToken token;
+  // Use base::RandBytes instead of crypto::RandBytes, because crypto calls the
+  // base version directly, and to prevent the dependency from base/ to crypto/.
+  base::RandBytes(&token, sizeof(token));
+  return token;
+}
+
+void NonceToken::Serialize(uint64_t* high_out, uint64_t* low_out) const {
+  // Serializing an uninitialized NonceToken is a security issue.
+  CHECK(!is_empty());
+  *high_out = high_;
+  *low_out = low_;
+}
+
+// static
+NonceToken NonceToken::Deserialize(uint64_t high, uint64_t low) {
+  // Sending a zeroed out NonceToken across processes means that it was never
+  // initialized via NonceToken::Create(), which is a security issue.
+  CHECK(!NonceToken::IsZeroData(high, low));
+  return NonceToken(high, low);
+}
+
+}  // namespace base