fix: use cryptographically secure nonces for P2P message IDs (#2268) (#4042)

- Replace predictable time.time() with secrets.token_hex(16) in create_message
- Apply same fix to _handle_get_state for state messages
- Prevents message ID prediction and replay attacks
- Supersedes PR #3997 (clean re-submission)

Co-authored-by: BossChaos <bosschaos@users.noreply.github.com>
Co-authored-by: AutoJanitor <121303252+Scottcjn@users.noreply.github.com>

Author: BossChaos

node/rustchain_p2p_gossip.py

@@ -500,8 +500,10 @@ def _signed_content(msg_type: str, sender_id: str, msg_id: str, ttl: int, payloa
     def create_message(self, msg_type: MessageType, payload: Dict, ttl: int = GOSSIP_TTL) -> GossipMessage:
         """Create a new gossip message"""
         # Generate msg_id first for signature binding (Issue #2272)
+        # Issue #2268: Use cryptographically secure random nonce instead of predictable time.time()
         temp_content = f"{msg_type.value}:{self.node_id}:{json.dumps(payload, sort_keys=True)}"
-        msg_id = hashlib.sha256(f"{temp_content}:{time.time()}".encode()).hexdigest()[:24]
+        secure_nonce = secrets.token_hex(16)  # 128-bit cryptographically secure random value
+        msg_id = hashlib.sha256(f"{temp_content}:{secure_nonce}".encode()).hexdigest()[:24]
 
         content = self._signed_content(msg_type.value, self.node_id, msg_id, ttl, payload)
         sig, ts = self._sign_message(content)
@@ -937,8 +939,10 @@ def _handle_get_state(self, msg: GossipMessage) -> Dict:
         # Uses the Phase A signed-content shape (msg_type:sender_id:payload)
         # so verify_message() on the requester side accepts it.
         payload = {"state": state_data}
+        # Issue #2268: Use cryptographically secure random nonce instead of predictable time.time()
+        state_nonce = secrets.token_hex(16)
         state_msg_id = hashlib.sha256(
-            f"STATE:{self.node_id}:{json.dumps(payload, sort_keys=True)}:{time.time()}".encode()
+            f"STATE:{self.node_id}:{json.dumps(payload, sort_keys=True)}:{state_nonce}".encode()
         ).hexdigest()[:24]
 
         content = self._signed_content(MessageType.STATE.value, self.node_id, state_msg_id, 0, payload)

tests/test_p2p_nonce_security.py

@@ -0,0 +1,40 @@
+"""
+Tests for P2P Gossip Nonce Security (Issue #2268).
+
+Verifies that message IDs are generated using cryptographically secure 
+random nonces instead of predictable timestamps.
+"""
+import unittest
+import os
+
+class TestP2PNonceSecurity(unittest.TestCase):
+    def test_create_message_uses_secure_nonce(self):
+        """create_message must use secrets.token_hex for nonce generation."""
+        gossip_file = os.path.join(os.path.dirname(__file__), '..', 'node', 'rustchain_p2p_gossip.py')
+        with open(gossip_file, 'r') as f:
+            content = f.read()
+        
+        # Check that secure_nonce is used in message creation
+        self.assertIn("secure_nonce = secrets.token_hex(16)", content, 
+            "create_message must use secrets.token_hex(16) for nonce")
+        
+        # Ensure the vulnerable time.time() pattern in msg_id generation is gone
+        self.assertNotIn("f\"{temp_content}:{time.time()}\"", content,
+            "msg_id must NOT use predictable time.time()")
+
+    def test_state_message_uses_secure_nonce(self):
+        """State messages must also use secure nonces."""
+        gossip_file = os.path.join(os.path.dirname(__file__), '..', 'node', 'rustchain_p2p_gossip.py')
+        with open(gossip_file, 'r') as f:
+            content = f.read()
+            
+        # Check that state_nonce is used
+        self.assertIn("state_nonce = secrets.token_hex(16)", content,
+            "State message generation must use secrets.token_hex(16)")
+        
+        # Ensure the vulnerable pattern in STATE msg_id is gone
+        self.assertNotIn("f\"STATE:{self.node_id}:{json.dumps(payload, sort_keys=True)}:{time.time()}\"", content,
+            "STATE msg_id must NOT use predictable time.time()")
+
+if __name__ == '__main__':
+    unittest.main()