Use a secure counter for OCB's nonce. Protect nonce in Network::Packet.

src/crypto/crypto.cc

@@ -61,6 +61,16 @@ long int myatoi( const char *str )
   return ret;
 }
 
+uint64_t Crypto::unique( void )
+{
+  static uint64_t counter = 0;
+  uint64_t rv = counter++;
+  if ( counter == 0 ) {
+    throw CryptoException( "Counter wrapped", true );
+  }
+  return rv;
+}
+
 AlignedBuffer::AlignedBuffer( size_t len, const char *data )
   : m_len( len ), m_allocated( NULL ), m_data( NULL )
 {

src/crypto/crypto.h

@@ -58,6 +58,13 @@ namespace Crypto {
     ~CryptoException() throw () {}
   };
 
+  /*
+   * OCB (and other algorithms) require a source of nonce/sequence
+   * numbers that never repeats its output.  Enforce that with this
+   * function.
+   */
+  uint64_t unique( void );
+
   /* 16-byte-aligned buffer, with length. */
   class AlignedBuffer {
   private: