use fresh nonce

src/lib.rs

@@ -126,13 +126,13 @@ where
 
     pub fn next<R: Rng + CryptoRng>(
         self,
-        rng: R,
+        mut rng: R,
         username: &str,
         pubs: AKE::PublicKey,
         ServerRegisterMessage { vu, resp }: ServerRegisterMessage
     ) -> UserEnvelope<AKE> {
         let User(_, Register(process)) = self;
-        let (privu, pubu) = AKE::keypair(rng);
+        let (privu, pubu) = AKE::keypair(&mut rng);
 
         let rwd = oprf::f(&vu, process, resp);
         let mut rwdk = vec![0; AE::KEY_LENGTH];
@@ -141,7 +141,7 @@ where
         let envu = Envelope { privu, pubu, pubs, vu };
 
         UserEnvelope {
-            envelope: AE::seal(&rwdk, &envu),
+            envelope: AE::seal(&mut rng, &rwdk, &envu),
             pubu: envu.pubu
         }
     }

src/traits.rs

@@ -33,7 +33,7 @@ pub trait AuthKeyExchange {
 pub trait AuthEnc<AKE: AuthKeyExchange> {
     const KEY_LENGTH: usize;
 
-    fn seal(key: &[u8], input: &Envelope<AKE>) -> Vec<u8>;
+    fn seal<R: Rng + CryptoRng>(r: R, key: &[u8], input: &Envelope<AKE>) -> Vec<u8>;
     fn open(key: &[u8], input: &[u8]) -> Result<Envelope<AKE>, ()>;
 }
 

tests/common/oake_norx_scrypt_sha3_cbor.rs

@@ -71,18 +71,19 @@ impl AuthKeyExchange for Oake {
 pub struct NorxCbor;
 
 impl<AKE: AuthKeyExchange> AuthEnc<AKE> for NorxCbor {
-    const KEY_LENGTH: usize = norx::constant::KEY_LENGTH + norx::constant::NONCE_LENGTH;
+    const KEY_LENGTH: usize = norx::constant::KEY_LENGTH;
 
-    fn seal(key: &[u8], input: &Envelope<AKE>) -> Vec<u8> {
+    fn seal<R: Rng + CryptoRng>(mut rng: R, key: &[u8], input: &Envelope<AKE>) -> Vec<u8> {
         use norx::constant::{ KEY_LENGTH, NONCE_LENGTH, TAG_LENGTH, BLOCK_LENGTH };
 
-        let (key, nonce) = key.split_at(KEY_LENGTH);
+        let m = serde_cbor::to_vec(input).unwrap();
+
         let key = array_ref!(key, 0, KEY_LENGTH);
+        let mut output = vec![0; NONCE_LENGTH + m.len() + TAG_LENGTH];
+        let (nonce, c) = output.split_at_mut(NONCE_LENGTH);
+        rng.fill(nonce);
         let nonce = array_ref!(nonce, 0, NONCE_LENGTH);
 
-        let m = serde_cbor::to_vec(input).unwrap();
-        let mut c = vec![0; m.len() + TAG_LENGTH];
-
         let (m1, m2) = m.split_at(m.len() - m.len() % BLOCK_LENGTH);
         let (c1, c2) = c.split_at_mut(m1.len());
 
@@ -97,18 +98,17 @@ impl<AKE: AuthKeyExchange> AuthEnc<AKE> for NorxCbor {
         );
         process.finalize(key, &[], m2, c2);
 
-        c
+        output
     }
 
     fn open(key: &[u8], input: &[u8]) -> Result<Envelope<AKE>, ()> {
         use norx::constant::{ KEY_LENGTH, NONCE_LENGTH, TAG_LENGTH, BLOCK_LENGTH };
 
-        let (key, nonce) = key.split_at(KEY_LENGTH);
         let key = array_ref!(key, 0, KEY_LENGTH);
+        let (nonce, c) = input.split_at(NONCE_LENGTH);
         let nonce = array_ref!(nonce, 0, NONCE_LENGTH);
 
-        let c = input;
-        let m_len = input.len() - TAG_LENGTH;
+        let m_len = c.len() - TAG_LENGTH;
         let mut m = vec![0; m_len];
         let (m1, m2) = m.split_at_mut(m_len - m_len % BLOCK_LENGTH);
         let (c1, c2) = c.split_at(m1.len());

tests/opaque.rs

@@ -23,5 +23,6 @@ fn test_opaque() {
     let msg = server.login(&mut rng, "user", &userdata, msg, &mut rwds).unwrap();
     user.next("user", "server", msg, &mut rwdu).unwrap();
 
+    assert_ne!(rwds, [0; 32]);
     assert_eq!(rwds, rwdu);
 }