Use a 12-byte nonce as an input to Chacha20-Poly1305

Previously, we were using the Chacha20-Poly1305 implementation at
`rust-lightning/lightning/src/crypto/chacha20poly1305rfc.rs`. That
implementation required us to use an 8-byte nonce.

Since we made the switch to the `rust-bitcoin/chacha20_poly1305`
implementation, we can now use a full 12-byte nonce as specified in the
RFC.

Author: tankyleo

src/util/key_obfuscator.rs

@@ -136,6 +136,10 @@ impl KeyObfuscator {
 	fn generate_synthetic_nonce(&self, initial_nonce_material: &[u8]) -> [u8; NONCE_LENGTH] {
 		let hmac = Self::hkdf(&self.hashing_key, initial_nonce_material);
 		let mut nonce = [0u8; NONCE_LENGTH];
+                // TODO: While the RFC specifies a 12-byte nonce, we use an 8-byte nonce for
+                // backwards compatibility with the rust-lightning implementation of
+                // Chacha20Poly1305. We now use the rust-bitcoin implementation, which allows
+                // for 12-byte nonces, so we should figure out an upgrade path for this.
 		nonce[4..].copy_from_slice(&hmac[..8]);
 		nonce
 	}

src/util/storable_builder.rs

@@ -47,7 +47,7 @@ impl<T: EntropySource> StorableBuilder<T> {
 		&self, input: Vec<u8>, version: i64, data_encryption_key: &[u8; 32], aad: &[u8],
 	) -> Storable {
 		let mut nonce = [0u8; NONCE_LENGTH];
-		self.entropy_source.fill_bytes(&mut nonce[4..]);
+		self.entropy_source.fill_bytes(&mut nonce);
 
 		let mut data_blob = PlaintextBlob { value: input, version }.encode_to_vec();