Merge remote-tracking branch 'upstream/master' into nTox

toxcore/DHT.c

@@ -498,7 +498,7 @@ static int getnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cli
     uint8_t plain[sizeof(ping_id) + CLIENT_ID_SIZE];
     uint8_t encrypt[sizeof(ping_id) + CLIENT_ID_SIZE + ENCRYPTION_PADDING];
     uint8_t nonce[crypto_box_NONCEBYTES];
-    random_nonce(nonce);
+    new_nonce(nonce);
 
     memcpy(plain, &ping_id, sizeof(ping_id));
     memcpy(plain + sizeof(ping_id), client_id, CLIENT_ID_SIZE);
@@ -540,7 +540,7 @@ static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cl
     uint8_t plain[sizeof(ping_id) + sizeof(Node_format) * MAX_SENT_NODES];
     uint8_t encrypt[sizeof(ping_id) + sizeof(Node_format) * MAX_SENT_NODES + ENCRYPTION_PADDING];
     uint8_t nonce[crypto_box_NONCEBYTES];
-    random_nonce(nonce);
+    new_nonce(nonce);
 
     memcpy(plain, &ping_id, sizeof(ping_id));
     memcpy(plain + sizeof(ping_id), nodes_list, num_nodes * sizeof(Node_format));

toxcore/net_crypto.c

@@ -145,14 +145,26 @@ static void increment_nonce(uint8_t *nonce)
 /* Fill the given nonce with random bytes. */
 void random_nonce(uint8_t *nonce)
 {
-    uint32_t i, temp;
-
-    for (i = 0; i < crypto_box_NONCEBYTES / 4; ++i) {
-        temp = random_int();
-        memcpy(nonce + 4 * i, &temp, 4);
-    }
+    randombytes(nonce, crypto_box_NONCEBYTES);
 }
 
+
+static uint8_t base_nonce[crypto_box_NONCEBYTES];
+static uint8_t nonce_set = 0;
+
+/*Gives a nonce guaranteed to be different from previous ones.*/
+void new_nonce(uint8_t *nonce)
+{
+    if (nonce_set == 0) {
+        random_nonce(base_nonce);
+        nonce_set = 1;
+    }
+
+    increment_nonce(base_nonce);
+    memcpy(nonce, base_nonce, crypto_box_NONCEBYTES);
+}
+
+
 /*  return 0 if there is no received data in the buffer.
  *  return -1  if the packet was discarded.
  *  return length of received data if successful.
@@ -237,7 +249,7 @@ int create_request(uint8_t *send_public_key, uint8_t *send_secret_key, uint8_t *
     uint8_t temp[MAX_DATA_SIZE];
     memcpy(temp + 1, data, length);
     temp[0] = request_id;
-    random_nonce(nonce);
+    new_nonce(nonce);
     int len = encrypt_data(recv_public_key, send_secret_key, nonce, temp, length + 1,
                            1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + packet);
 
@@ -336,7 +348,7 @@ static int send_cryptohandshake(Net_Crypto *c, int connection_id, uint8_t *publi
     uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES];
     uint8_t nonce[crypto_box_NONCEBYTES];
 
-    random_nonce(nonce);
+    new_nonce(nonce);
     memcpy(temp, secret_nonce, crypto_box_NONCEBYTES);
     memcpy(temp + crypto_box_NONCEBYTES, session_key, crypto_box_PUBLICKEYBYTES);
 

toxcore/net_crypto.h

@@ -115,6 +115,9 @@ int decrypt_data_fast(uint8_t *enc_key, uint8_t *nonce,
 /* Fill the given nonce with random bytes. */
 void random_nonce(uint8_t *nonce);
 
+/*Gives a nonce guaranteed to be different from previous ones.*/
+void new_nonce(uint8_t *nonce);
+
 /*  return 0 if there is no received data in the buffer.
  *  return -1  if the packet was discarded.
  *  return length of received data if successful.

toxcore/network.c

@@ -49,7 +49,6 @@ uint64_t current_time(void)
 }
 
 /*  return a random number.
- * NOTE: This function should probably not be used where cryptographic randomness is absolutely necessary.
  */
 uint32_t random_int(void)
 {
@@ -57,7 +56,9 @@ uint32_t random_int(void)
     /* NOTE: this function comes from libsodium. */
     return randombytes_random();
 #else
-    return random();
+    uint32_t randnum;
+    randombytes((uint8_t *)&randnum , sizeof(randnum));
+    return randnum;
 #endif
 }
 

toxcore/network.h

@@ -57,6 +57,7 @@
 #include <sodium.h>
 #else
 #include <crypto_box.h>
+#include <randombytes.h>
 #define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES)
 #endif
 
@@ -130,7 +131,6 @@ typedef struct {
 uint64_t current_time(void);
 
 /*  return a random number.
- * NOTE: this function should probably not be used where cryptographic randomness is absolutely necessary.
  */
 uint32_t random_int(void);
 

toxcore/ping.c

@@ -135,7 +135,7 @@ int send_ping_request(void *ping, Net_Crypto *c, IP_Port ipp, uint8_t *client_id
 
     pk[0] = NET_PACKET_PING_REQUEST;
     id_cpy(pk + 1, c->self_public_key);     // Our pubkey
-    random_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate random nonce
+    new_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate new nonce
 
     // Encrypt ping_id using recipient privkey
     rc = encrypt_data(client_id,
@@ -160,7 +160,7 @@ int send_ping_response(Net_Crypto *c, IP_Port ipp, uint8_t *client_id, uint64_t
 
     pk[0] = NET_PACKET_PING_RESPONSE;
     id_cpy(pk + 1, c->self_public_key);     // Our pubkey
-    random_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate random nonce
+    new_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate new nonce
 
     // Encrypt ping_id using recipient privkey
     rc = encrypt_data(client_id,