add a method to generate a client nonce (NONC)

handshake/crypto_setup_client.go

@@ -2,8 +2,11 @@ package handshake
 
 import (
 	"bytes"
+	"crypto/rand"
 	"encoding/binary"
+	"errors"
 	"io"
+	"time"
 
 	"github.com/lucas-clemente/quic-go/crypto"
 	"github.com/lucas-clemente/quic-go/protocol"
@@ -23,6 +26,10 @@ type cryptoSetupClient struct {
 var _ crypto.AEAD = &cryptoSetupClient{}
 var _ CryptoSetup = &cryptoSetupClient{}
 
+var (
+	errNoObitForClientNonce = errors.New("No OBIT for client nonce available")
+)
+
 // NewCryptoSetupClient creates a new CryptoSetup instance for a client
 func NewCryptoSetupClient(
 	connID protocol.ConnectionID,
@@ -114,3 +121,21 @@ func (h *cryptoSetupClient) sendInchoateCHLO() error {
 	}
 	return nil
 }
+
+func (h *cryptoSetupClient) generateClientNonce() ([]byte, error) {
+	nonce := make([]byte, 32)
+	binary.BigEndian.PutUint32(nonce, uint32(time.Now().Unix()))
+
+	if len(h.serverConfig.obit) != 8 {
+		return nil, errNoObitForClientNonce
+	}
+
+	copy(nonce[4:12], h.serverConfig.obit)
+
+	_, err := rand.Read(nonce[12:])
+	if err != nil {
+		return nil, err
+	}
+
+	return nonce, nil
+}