1 files changed, 22 insertions, 1 deletions

diff --git a/net/quic/crypto/crypto_utils.h b/net/quic/crypto/crypto_utils.h
index 1fe4934..058a1ab 100644
--- a/net/quic/crypto/crypto_utils.h
+++ b/net/quic/crypto/crypto_utils.h
@@ -9,13 +9,16 @@
 
 #include <string>
 
+#include "base/string_piece.h"
 #include "net/base/net_export.h"
+#include "net/quic/crypto/crypto_handshake.h"
 #include "net/quic/crypto/crypto_protocol.h"
 
 namespace net {
 
 class QuicClock;
 class QuicRandom;
+struct QuicCryptoNegotiatedParameters;
 
 class NET_EXPORT_PRIVATE CryptoUtils {
  public:
@@ -24,6 +27,11 @@ class NET_EXPORT_PRIVATE CryptoUtils {
     PEER_PRIORITY,
   };
 
+  enum Perspective {
+    SERVER,
+    CLIENT,
+  };
+
   // FindMutualTag sets |out_result| to the first tag in the priority list that
   // is also in the other list and returns true. If there is no intersection it
   // returns false.
@@ -39,10 +47,23 @@ class NET_EXPORT_PRIVATE CryptoUtils {
                             CryptoTag* out_result,
                             size_t* out_index);
 
-  // Generates the connection nonce.
+  // Generates the connection nonce. The nonce is formed as:
+  //   <4 bytes> current time
+  //   <8 bytes> |orbit| (or random if |orbit| is empty)
+  //   <20 bytes> random
   static void GenerateNonce(const QuicClock* clock,
                             QuicRandom* random_generator,
+                            const std::string& orbit,
                             std::string* nonce);
+
+  // DeriveKeys populates the |encrypter| and |decrypter| members of |params|
+  // given the contents of |premaster_secret|, |nonce| and |hkdf_input|.
+  // |perspective| controls whether the server's keys are assigned to
+  // |encrypter| or |decrypter|.
+  static void DeriveKeys(QuicCryptoNegotiatedParameters* params,
+                         base::StringPiece nonce,
+                         const std::string& hkdf_input,
+                         Perspective perspective);
 };
 
 }  // namespace net