crypto: Generate keys deterministically (#510)

crypto/ecdsa.GenerateKey is no longer deterministic: golang/go#58637 Switched to a different module for key generation.
consensus-shipyard · Nov 4, 2023 · 5bb9ce3 · 5bb9ce3
1 parent e178c5a
commit 5bb9ce3
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 1 deletion.
diff --git a/go.mod b/go.mod
@@ -23,6 +23,7 @@ require (
 require github.com/golang/mock v1.6.0
 
 require (
+	filippo.io/keygen v0.0.0-20230306160926-5201437acf8e
 	github.com/dave/jennifer v1.5.1
 	github.com/drand/kyber v1.1.15
 	github.com/drand/kyber-bls12381 v0.2.3
@@ -45,6 +46,7 @@ require (
 )
 
 require (
+	filippo.io/bigmod v0.0.1 // indirect
 	github.com/benbjohnson/clock v1.3.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.0.0 // indirect

diff --git a/go.sum b/go.sum
@@ -37,6 +37,10 @@ dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7
 dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBrvjyP0v+ecvNYvCpyZgu5/xkfAUhi6wJj28eUfSU=
 dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4=
 dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU=
+filippo.io/bigmod v0.0.1 h1:OaEqDr3gEbofpnHbGqZweSL/bLMhy1pb54puiCDeuOA=
+filippo.io/bigmod v0.0.1/go.mod h1:KyzqAbH7bRH6MOuOF1TPfUjvLoi0mRF2bIyD2ouRNQI=
+filippo.io/keygen v0.0.0-20230306160926-5201437acf8e h1:+xwUCyMiCWKWsI0RowhzB4sngpUdMHgU6lLuWJCX5Dg=
+filippo.io/keygen v0.0.0-20230306160926-5201437acf8e/go.mod h1:ZGSiF/b2hd6MRghF/cid0vXw8pXykRTmIu+JSPw/NCQ=
 git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
 github.com/AlecAivazis/survey/v2 v2.3.2 h1:TqTB+aDDCLYhf9/bD2TwSO8u8jDSmMUd2SUVO4gCnU8=
 github.com/AlecAivazis/survey/v2 v2.3.2/go.mod h1:TH2kPCDU3Kqq7pLbnCWwZXDBjnhZtmsCle5EiYDJ2fg=

diff --git a/pkg/crypto/ecdsa.go b/pkg/crypto/ecdsa.go
@@ -15,6 +15,8 @@ import (
 	"io"
 	"math/big"
 
+	detKeygen "filippo.io/keygen"
+
 	es "github.com/go-errors/errors"
 )
 
@@ -80,9 +82,15 @@ func generateEcdsaKeyPair(randomness io.Reader) (*ecdsa.PrivateKey, *ecdsa.Publi
 		randomness = rand.Reader
 	}
 
+	keyMaterial := make([]byte, 16)
+	if _, err := io.ReadFull(randomness, keyMaterial); err != nil {
+		return nil, nil, err
+	}
+
 	// TODO: No clue which curve to use, picked P256 because it was in the documentation example.
 	//       Check whether this is OK.
-	privKey, err := ecdsa.GenerateKey(elliptic.P256(), randomness)
+	// Using an external package for key generation to ensure keys are deterministic
+	privKey, err := detKeygen.ECDSA(elliptic.P256(), keyMaterial)
 	if err != nil {
 		return nil, nil, err
 	}