From e1e5fce3be5ac01e951ad656525a6d25b3f798f5 Mon Sep 17 00:00:00 2001
From: foonoxous <RWQe4qDs7LIsmI7Q94ctNMSfwfDW8eld24YGevEzQEKZyfJz1NPlH6uf>
Date: Wed, 19 Jan 2022 20:35:01 +0000
Subject: [PATCH 1/2] Opt for deterministic XEdDSA by using file hash as nonce.
 The value is always different because it depends on the file nonce and on
 everything else. This avoids unnecessary use of random numbers.

---
 covert/blockstream.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/covert/blockstream.py b/covert/blockstream.py
index c0f833a..c7dd6a6 100644
--- a/covert/blockstream.py
+++ b/covert/blockstream.py
@@ -244,7 +244,7 @@ def encrypt_file(auth, blockinput, a):
   a.filehash = blkhash
   # Add signature blocks
   for key in identities:
-    signature = xed_sign(key.sk, blkhash, token_bytes(64))
+    signature = xed_sign(key.sk, blkhash, blkhash)  # blkhash is both the message and the nonce
     nsig = sha512(blkhash + key.pk).digest()[:12]
     ksig = blkhash[:32]
     yield chacha.encrypt(signature, None, nsig, ksig)

From 75afa38f811e1af41f955f0616ca638bcda20463 Mon Sep 17 00:00:00 2001
From: foonoxous <RWQe4qDs7LIsmI7Q94ctNMSfwfDW8eld24YGevEzQEKZyfJz1NPlH6uf>
Date: Wed, 19 Jan 2022 20:48:05 +0000
Subject: [PATCH 2/2] Remove unused secrets import.

---
 covert/blockstream.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/covert/blockstream.py b/covert/blockstream.py
index c7dd6a6..ca415b0 100644
--- a/covert/blockstream.py
+++ b/covert/blockstream.py
@@ -4,7 +4,6 @@
 from concurrent.futures import ThreadPoolExecutor
 from contextlib import suppress
 from hashlib import sha512
-from secrets import token_bytes
 
 from nacl.exceptions import CryptoError