From 6a7da5a8b6edb3439a92f82449d04ab31f19ee0a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Damir=20Jeli=C4=87?= <poljar@termina.org.uk>
Date: Wed, 21 Oct 2020 12:55:45 +0200
Subject: [PATCH] crypto: Correctly generate a random nonce for pickling of the
 signing objects.

---
 matrix_sdk_crypto/src/olm/signing.rs | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/matrix_sdk_crypto/src/olm/signing.rs b/matrix_sdk_crypto/src/olm/signing.rs
index 8395db9c..633a18b9 100644
--- a/matrix_sdk_crypto/src/olm/signing.rs
+++ b/matrix_sdk_crypto/src/olm/signing.rs
@@ -19,6 +19,7 @@ use aes_gcm::{
     Aes256Gcm,
 };
 use base64::{decode_config, encode_config, DecodeError, URL_SAFE_NO_PAD};
+use getrandom::getrandom;
 use serde::{Deserialize, Serialize};
 use std::{
     collections::BTreeMap,
@@ -42,6 +43,8 @@ use crate::{
     requests::UploadSigningKeysRequest,
 };
 
+const NONCE_SIZE: usize = 12;
+
 fn encode<T: AsRef<[u8]>>(input: T) -> String {
     encode_config(input, URL_SAFE_NO_PAD)
 }
@@ -276,7 +279,11 @@ impl Signing {
     async fn pickle(&self, pickle_key: &[u8]) -> PickledSigning {
         let key = GenericArray::from_slice(pickle_key);
         let cipher = Aes256Gcm::new(key);
-        let nonce = GenericArray::from_slice(b"unique nonce");
+
+        let mut nonce = vec![0u8; NONCE_SIZE];
+        getrandom(&mut nonce).expect("Can't generate nonce to pickle the signing object");
+        let nonce = GenericArray::from_slice(nonce.as_slice());
+
         let ciphertext = cipher
             .encrypt(nonce, self.seed.as_slice())
             .expect("Can't encrypt signing pickle");