Merge pull request #452 from tox-rs/randombytes

refactor(rand): remove randombytes_into usages

Author: kurnevsky

examples/Cargo.toml

@@ -15,6 +15,7 @@ futures = { version = "0.3", default-features = false, features = ["std", "async
 env_logger = "0.8"
 hex = "0.4"
 failure = "0.1"
+rand = "0.8"
 
 [dev-dependencies.tokio]
 version = "1.0"

examples/echo.rs

@@ -10,6 +10,7 @@ use futures::{*, future::TryFutureExt};
 use futures::channel::mpsc;
 use hex::FromHex;
 use failure::{err_msg, Error};
+use rand::thread_rng;
 
 use std::net::SocketAddr;
 
@@ -49,11 +50,13 @@ const TCP_RELAYS: [(&str, &str); 5] = [
 async fn main() -> Result<(), Error> {
     env_logger::init();
 
+    let mut rng = thread_rng();
+
     let (dht_pk, dht_sk) = gen_keypair();
 
     // create random tox id and print it
     let (real_pk, real_sk) = gen_keypair();
-    let id = ToxId::new(real_pk);
+    let id = ToxId::new(&mut rng, real_pk);
     println!("your tox id is: {:X}",id);
 
     // Create a channel for server to communicate with network

tox_core/src/dht/dht_friend.rs

@@ -4,7 +4,7 @@ Module for friend.
 
 use std::time::Instant;
 use std::net::SocketAddr;
-use rand::Rng;
+use rand::{CryptoRng, Rng};
 
 use crate::time::*;
 use crate::dht::kbucket::*;
@@ -41,7 +41,7 @@ pub struct DhtFriend {
 
 impl DhtFriend {
     /// Create new `DhtFriend`.
-    pub fn new<R: Rng>(rng: &mut R, pk: PublicKey) -> Self {
+    pub fn new<R: Rng + CryptoRng>(rng: &mut R, pk: PublicKey) -> Self {
         DhtFriend {
             pk,
             close_nodes: Kbucket::new(FRIEND_CLOSE_NODES_COUNT),

tox_core/src/dht/request_queue.rs

@@ -3,7 +3,7 @@
 use std::collections::HashMap;
 use std::collections::hash_map::Entry;
 use std::time::{Duration, Instant};
-use rand::Rng;
+use rand::{CryptoRng, Rng};
 
 use crate::utils::gen_ping_id;
 use crate::time::*;
@@ -29,7 +29,7 @@ impl<T> RequestQueue<T> {
     }
 
     /// Generate unique non zero request ID.
-    fn generate_ping_id<R: Rng>(&self, rng: &mut R) -> u64 {
+    fn generate_ping_id<R: Rng + CryptoRng>(&self, rng: &mut R) -> u64 {
         loop {
             let ping_id = gen_ping_id(rng);
             if !self.ping_map.contains_key(&ping_id) {
@@ -40,7 +40,7 @@ impl<T> RequestQueue<T> {
 
     /// Generate and store unique non zero request ID. Later this request ID can
     /// be verified with `check_ping_id` function.
-    pub fn new_ping_id<R: Rng>(&mut self, rng: &mut R, data: T) -> u64 {
+    pub fn new_ping_id<R: Rng + CryptoRng>(&mut self, rng: &mut R, data: T) -> u64 {
         let ping_id = self.generate_ping_id(rng);
         self.ping_map.insert(ping_id, (clock_now(), data));
         ping_id

tox_core/src/dht/server/hole_punching.rs

@@ -7,7 +7,7 @@ https://zetok.github.io/tox-spec/#hole-punching
 use std::net::{IpAddr, SocketAddr};
 use std::time::{Duration, Instant};
 use std::collections::HashMap;
-use rand::Rng;
+use rand::{CryptoRng, Rng};
 
 use crate::dht::dht_friend::*;
 use crate::dht::server::*;
@@ -58,7 +58,7 @@ pub struct HolePunching {
 
 impl HolePunching {
     /// Create new `HolePunching` object.
-    pub fn new<R: Rng>(rng: &mut R) -> Self {
+    pub fn new<R: Rng + CryptoRng>(rng: &mut R) -> Self {
         HolePunching {
             is_punching_done: true,
             num_punch_tries: 0,

tox_core/src/dht/server/mod.rs

@@ -201,7 +201,7 @@ impl Server {
             request_queue: Arc::new(RwLock::new(RequestQueue::new(PING_TIMEOUT))),
             close_nodes: Arc::new(RwLock::new(ForcedKtree::new(&pk))),
             onion_symmetric_key: Arc::new(RwLock::new(onion_symmetric_key)),
-            onion_announce: Arc::new(RwLock::new(OnionAnnounce::new(pk))),
+            onion_announce: Arc::new(RwLock::new(OnionAnnounce::new(&mut rng, pk))),
             fake_friends_keys,
             friends: Arc::new(RwLock::new(friends)),
             nodes_to_bootstrap: Arc::new(RwLock::new(Kbucket::new(MAX_TO_BOOTSTRAP))),

tox_core/src/net_crypto/mod.rs

@@ -1137,6 +1137,7 @@ mod tests {
     // https://github.com/rust-lang/rust/issues/61520
     use super::{*, Packet};
     use futures::{Future, StreamExt};
+    use rand::CryptoRng;
 
     impl NetCrypto {
         pub async fn has_friend(&self, pk: &PublicKey) -> bool {
@@ -1177,7 +1178,7 @@ mod tests {
             self.connections.write().await.insert(peer_real_pk, Arc::new(RwLock::new(connection)));
         }
 
-        pub fn get_cookie<R: Rng>(&self, rng: &mut R, real_pk: PublicKey, dht_pk: PublicKey) -> EncryptedCookie {
+        pub fn get_cookie<R: Rng + CryptoRng>(&self, rng: &mut R, real_pk: PublicKey, dht_pk: PublicKey) -> EncryptedCookie {
             let cookie = Cookie::new(real_pk, dht_pk);
             EncryptedCookie::new(rng, &self.symmetric_key, &cookie)
         }

tox_core/src/onion/onion_announce.rs

@@ -6,6 +6,7 @@ use std::net::{IpAddr, SocketAddr};
 use std::time::{Duration, Instant, SystemTime};
 use sha2::{Digest, Sha256};
 use sha2::digest::generic_array::typenum::marker_traits::Unsigned;
+use rand::{CryptoRng, Rng};
 
 use tox_binary_io::*;
 use tox_crypto::*;
@@ -164,11 +165,9 @@ pub struct OnionAnnounce {
 
 impl OnionAnnounce {
     /// Create new `OnionAnnounce` instance.
-    pub fn new(dht_pk: PublicKey) -> OnionAnnounce {
-        let mut secret_bytes = [0; SECRET_BYTES_SIZE];
-        randombytes_into(&mut secret_bytes);
+    pub fn new<R: Rng + CryptoRng>(rng: &mut R, dht_pk: PublicKey) -> OnionAnnounce {
         OnionAnnounce {
-            secret_bytes,
+            secret_bytes: rng.gen(),
             entries: Vec::with_capacity(ONION_ANNOUNCE_MAX_ENTRIES),
             dht_pk
         }
@@ -338,6 +337,8 @@ impl OnionAnnounce {
 
 #[cfg(test)]
 mod tests {
+    use rand::thread_rng;
+
     use super::*;
 
     const ONION_RETURN_3_PAYLOAD_SIZE: usize = ONION_RETURN_3_SIZE - xsalsa20poly1305::NONCE_SIZE;
@@ -381,7 +382,7 @@ mod tests {
     #[test]
     fn ping_id_respects_timeout_gap() {
         crypto_init().unwrap();
-        let onion_announce = OnionAnnounce::new(gen_keypair().0);
+        let onion_announce = OnionAnnounce::new(&mut thread_rng(), gen_keypair().0);
 
         let time = SystemTime::now();
         let time_1 = time - Duration::from_secs(unix_time(time) % PING_ID_TIMEOUT.as_secs());
@@ -399,7 +400,7 @@ mod tests {
     #[test]
     fn ping_id_depends_on_all_args() {
         crypto_init().unwrap();
-        let onion_announce = OnionAnnounce::new(gen_keypair().0);
+        let onion_announce = OnionAnnounce::new(&mut thread_rng(), gen_keypair().0);
 
         let time_1 = SystemTime::now();
         let time_2 = time_1 + PING_ID_TIMEOUT;
@@ -446,7 +447,7 @@ mod tests {
     async fn expired_entry_not_in_entries() {
         crypto_init().unwrap();
         let dht_pk = gen_keypair().0;
-        let mut onion_announce = OnionAnnounce::new(dht_pk);
+        let mut onion_announce = OnionAnnounce::new(&mut thread_rng(), dht_pk);
 
         let entry = create_random_entry("1.2.3.4:12345".parse().unwrap());
         let entry_pk = entry.pk;
@@ -469,7 +470,7 @@ mod tests {
     fn add_to_entries_when_limit_is_not_reached() {
         crypto_init().unwrap();
         let dht_pk = gen_keypair().0;
-        let mut onion_announce = OnionAnnounce::new(dht_pk);
+        let mut onion_announce = OnionAnnounce::new(&mut thread_rng(), dht_pk);
 
         let mut pks = Vec::new();
 
@@ -492,7 +493,7 @@ mod tests {
     async fn add_to_entries_should_update_existent_entry() {
         crypto_init().unwrap();
         let dht_pk = gen_keypair().0;
-        let mut onion_announce = OnionAnnounce::new(dht_pk);
+        let mut onion_announce = OnionAnnounce::new(&mut thread_rng(), dht_pk);
 
         let mut pks = Vec::new();
 
@@ -533,7 +534,7 @@ mod tests {
     async fn add_to_entries_should_replace_timed_out_entries() {
         crypto_init().unwrap();
         let dht_pk = gen_keypair().0;
-        let mut onion_announce = OnionAnnounce::new(dht_pk);
+        let mut onion_announce = OnionAnnounce::new(&mut thread_rng(), dht_pk);
 
         let mut pks = Vec::new();
 
@@ -576,7 +577,7 @@ mod tests {
     fn add_to_entries_should_replace_the_farthest_entry() {
         crypto_init().unwrap();
         let dht_pk = PublicKey::from_slice(&[0; 32]).unwrap();
-        let mut onion_announce = OnionAnnounce::new(dht_pk);
+        let mut onion_announce = OnionAnnounce::new(&mut thread_rng(), dht_pk);
 
         // add one entry with farthest pk
         let mut entry = create_random_entry("1.2.3.4:12345".parse().unwrap());
@@ -612,7 +613,7 @@ mod tests {
     fn add_to_entries_should_should_not_add_the_farthest_entry() {
         crypto_init().unwrap();
         let dht_pk = PublicKey::from_slice(&[0; 32]).unwrap();
-        let mut onion_announce = OnionAnnounce::new(dht_pk);
+        let mut onion_announce = OnionAnnounce::new(&mut thread_rng(), dht_pk);
 
         let mut pks = Vec::new();
 
@@ -650,7 +651,7 @@ mod tests {
         let data_pk = gen_keypair().0;
         let packet_pk = gen_keypair().0;
 
-        let mut onion_announce = OnionAnnounce::new(dht_pk);
+        let mut onion_announce = OnionAnnounce::new(&mut thread_rng(), dht_pk);
 
         // insert random entry
         let entry = create_random_entry("1.2.3.4:12345".parse().unwrap());
@@ -687,7 +688,7 @@ mod tests {
         let data_pk = gen_keypair().0;
         let packet_pk = gen_keypair().0;
 
-        let mut onion_announce = OnionAnnounce::new(dht_pk);
+        let mut onion_announce = OnionAnnounce::new(&mut thread_rng(), dht_pk);
 
         // insert random entry
         let entry = create_random_entry("1.2.3.4:12345".parse().unwrap());
@@ -728,7 +729,7 @@ mod tests {
         let data_pk = gen_keypair().0;
         let packet_pk = gen_keypair().0;
 
-        let mut onion_announce = OnionAnnounce::new(dht_pk);
+        let mut onion_announce = OnionAnnounce::new(&mut thread_rng(), dht_pk);
 
         // insert random entry
         let entry = create_random_entry("1.2.3.4:12345".parse().unwrap());
@@ -768,7 +769,7 @@ mod tests {
         let data_pk = gen_keypair().0;
         let packet_pk = gen_keypair().0;
 
-        let mut onion_announce = OnionAnnounce::new(dht_pk);
+        let mut onion_announce = OnionAnnounce::new(&mut thread_rng(), dht_pk);
 
         // insert ourselves
         let mut entry = create_random_entry("1.2.3.4:12345".parse().unwrap());
@@ -807,7 +808,7 @@ mod tests {
         crypto_init().unwrap();
         let (dht_pk, _dht_sk) = gen_keypair();
 
-        let mut onion_announce = OnionAnnounce::new(dht_pk);
+        let mut onion_announce = OnionAnnounce::new(&mut thread_rng(), dht_pk);
 
         // insert random entry
         let entry = create_random_entry("1.2.3.4:12345".parse().unwrap());
@@ -852,7 +853,7 @@ mod tests {
         crypto_init().unwrap();
         let (dht_pk, _dht_sk) = gen_keypair();
 
-        let onion_announce = OnionAnnounce::new(dht_pk);
+        let onion_announce = OnionAnnounce::new(&mut thread_rng(), dht_pk);
 
         let onion_return = OnionReturn {
             nonce: [42; xsalsa20poly1305::NONCE_SIZE],

tox_core/src/state_format/old.rs

@@ -7,6 +7,7 @@ use nom::{
     combinator::rest,
     bytes::complete::take,
 };
+use rand::{Rng, distributions::{Distribution, Standard}};
 
 use tox_binary_io::*;
 use tox_crypto::*;
@@ -36,13 +37,11 @@ pub struct NospamKeys {
 /// Number of bytes of serialized [`NospamKeys`](./struct.NospamKeys.html).
 pub const NOSPAMKEYSBYTES: usize = NOSPAMBYTES + PUBLICKEYBYTES + SECRETKEYBYTES;
 
-impl NospamKeys {
-    /// Generates random `NospamKeys`.
-    pub fn random() -> Self {
-        let nospam = NoSpam::random();
+impl Distribution<NospamKeys> for Standard {
+    fn sample<R: Rng + ?Sized>(&self, rng: &mut R) -> NospamKeys {
         let (pk, sk) = gen_keypair();
         NospamKeys {
-            nospam,
+            nospam: rng.gen(),
             pk,
             sk
         }
@@ -615,12 +614,13 @@ impl ToBytes for State {
 mod tests {
     use super::*;
 
+    use rand::thread_rng;
     use tox_packet::ip_port::*;
 
     encode_decode_test!(
         tox_crypto::crypto_init().unwrap(),
         no_spam_keys_encode_decode,
-        NospamKeys::random()
+        thread_rng().gen::<NospamKeys>()
     );
 
     encode_decode_test!(
@@ -755,7 +755,7 @@ mod tests {
         state_encode_decode,
         State {
             sections: vec![
-                Section::NospamKeys(NospamKeys::random()),
+                Section::NospamKeys(thread_rng().gen()),
                 Section::DhtState(DhtState(vec![
                     PackedNode {
                         pk: gen_keypair().0,

tox_core/src/utils.rs

@@ -1,10 +1,10 @@
 /*! Common utility functions
 */
 
-use rand::Rng;
+use rand::{CryptoRng, Rng};
 
 /// Generate non-zero ping_id
-pub fn gen_ping_id<R: Rng>(rng: &mut R) -> u64 {
+pub fn gen_ping_id<R: Rng + CryptoRng>(rng: &mut R) -> u64 {
     let mut ping_id = 0;
     while ping_id == 0 {
         ping_id = rng.gen();