diff --git a/node/cmd/guardiand/admintemplate.go b/node/cmd/guardiand/admintemplate.go index 818297cbb..fdefb1a1c 100644 --- a/node/cmd/guardiand/admintemplate.go +++ b/node/cmd/guardiand/admintemplate.go @@ -101,7 +101,7 @@ func runGuardianSetTemplate(cmd *cobra.Command, args []string) { // Use deterministic devnet addresses as examples in the template, such that this doubles as a test fixture. guardians := make([]*nodev1.GuardianSetUpdate_Guardian, *setUpdateNumGuardians) for i := 0; i < *setUpdateNumGuardians; i++ { - k := devnet.DeterministicEcdsaKeyByIndex(crypto.S256(), uint64(i)) + k := devnet.InsecureDeterministicEcdsaKeyByIndex(crypto.S256(), uint64(i)) guardians[i] = &nodev1.GuardianSetUpdate_Guardian{ Pubkey: crypto.PubkeyToAddress(k.PublicKey).Hex(), Name: fmt.Sprintf("Example validator %d", i), diff --git a/node/cmd/guardiand/guardiankey.go b/node/cmd/guardiand/guardiankey.go index a7f96bc32..8e6318d24 100644 --- a/node/cmd/guardiand/guardiankey.go +++ b/node/cmd/guardiand/guardiankey.go @@ -5,11 +5,12 @@ import ( "crypto/rand" "errors" "fmt" - "github.com/certusone/wormhole/node/pkg/common" "io/ioutil" "log" "os" + "github.com/certusone/wormhole/node/pkg/common" + ethcrypto "github.com/ethereum/go-ethereum/crypto" "github.com/spf13/cobra" "golang.org/x/crypto/openpgp/armor" //nolint @@ -145,5 +146,5 @@ func generateDevnetGuardianKey() (*ecdsa.PrivateKey, error) { } // Generate guardian key - return devnet.DeterministicEcdsaKeyByIndex(ethcrypto.S256(), uint64(idx)), nil + return devnet.InsecureDeterministicEcdsaKeyByIndex(ethcrypto.S256(), uint64(idx)), nil } diff --git a/node/pkg/common/nodekey_test.go b/node/pkg/common/nodekey_test.go index c9e8a6bf6..4445298fe 100644 --- a/node/pkg/common/nodekey_test.go +++ b/node/pkg/common/nodekey_test.go @@ -2,18 +2,19 @@ package common import ( "fmt" - "github.com/libp2p/go-libp2p-core/crypto" - "github.com/stretchr/testify/assert" - "go.uber.org/zap" "io/ioutil" "math/rand" "os" "testing" + + "github.com/libp2p/go-libp2p-core/crypto" + "github.com/stretchr/testify/assert" + "go.uber.org/zap" ) func TestGetOrCreateNodeKeyWithNewPath(t *testing.T) { // Get a non-existing temp file path to write auto-generated privKey to - path := "/tmp/node_key_test_" + fmt.Sprint(rand.Int()) + path := "/tmp/node_key_test_" + fmt.Sprint(rand.Int()) //#nosec G404 no CSPRNG needed here defer os.Remove(path) logger, _ := zap.NewProduction() diff --git a/node/pkg/devnet/deterministic_bridge_key.go b/node/pkg/devnet/deterministic_bridge_key.go index 08108e559..106030473 100644 --- a/node/pkg/devnet/deterministic_bridge_key.go +++ b/node/pkg/devnet/deterministic_bridge_key.go @@ -6,11 +6,11 @@ import ( mathrand "math/rand" ) -// DeterministicEcdsaKeyByIndex generates a deterministic ecdsa.PrivateKey from a given index. -func DeterministicEcdsaKeyByIndex(c elliptic.Curve, idx uint64) *ecdsa.PrivateKey { +// InsecureDeterministicEcdsaKeyByIndex generates a deterministic ecdsa.PrivateKey from a given index. +func InsecureDeterministicEcdsaKeyByIndex(c elliptic.Curve, idx uint64) *ecdsa.PrivateKey { // use 555 as offset to deterministically generate key 0 to match vaa-test such that // we generate the same key. - r := mathrand.New(mathrand.NewSource(int64(555 + idx))) + r := mathrand.New(mathrand.NewSource(int64(555 + idx))) //#nosec G404 Testnet/devnet keys are not secret. key, err := ecdsa.GenerateKey(c, r) if err != nil { panic(err) diff --git a/node/pkg/devnet/deterministic_bridge_key_test.go b/node/pkg/devnet/deterministic_bridge_key_test.go index 23a718dc3..b116d3496 100644 --- a/node/pkg/devnet/deterministic_bridge_key_test.go +++ b/node/pkg/devnet/deterministic_bridge_key_test.go @@ -3,9 +3,10 @@ package devnet import ( "encoding/hex" "fmt" + "testing" + "github.com/ethereum/go-ethereum/crypto" "github.com/stretchr/testify/assert" - "testing" ) func TestDeterministicEcdsaKeyByIndex(t *testing.T) { @@ -23,7 +24,7 @@ func TestDeterministicEcdsaKeyByIndex(t *testing.T) { for _, tc := range tests { t.Run(fmt.Sprint(tc.index), func(t *testing.T) { - privKey := DeterministicEcdsaKeyByIndex(crypto.S256(), tc.index) + privKey := InsecureDeterministicEcdsaKeyByIndex(crypto.S256(), tc.index) got := crypto.FromECDSA(privKey) assert.Equal(t, tc.privKeyHex, hex.EncodeToString(got)) }) diff --git a/node/pkg/devnet/deterministic_p2p_key.go b/node/pkg/devnet/deterministic_p2p_key.go index c9bc3e780..dc0b79878 100644 --- a/node/pkg/devnet/deterministic_p2p_key.go +++ b/node/pkg/devnet/deterministic_p2p_key.go @@ -8,7 +8,7 @@ import ( // DeterministicP2PPrivKeyByIndex generates a deterministic libp2p crypto.PrivateKey from a given index. func DeterministicP2PPrivKeyByIndex(idx int64) crypto.PrivKey { - r := mathrand.New(mathrand.NewSource(int64(idx))) + r := mathrand.New(mathrand.NewSource(int64(idx))) //#nosec G404 testnet / devnet keys are public knowledge priv, _, err := crypto.GenerateKeyPairWithReader(crypto.Ed25519, -1, r) if err != nil { panic(err) diff --git a/node/pkg/devnet/guardianset_vaa.go b/node/pkg/devnet/guardianset_vaa.go index fcec61eb2..8027b949a 100644 --- a/node/pkg/devnet/guardianset_vaa.go +++ b/node/pkg/devnet/guardianset_vaa.go @@ -22,7 +22,7 @@ func DevnetGuardianSetVSS(n uint) *vaa.VAA { pubkeys := make([]common.Address, n) for n := range pubkeys { - key := DeterministicEcdsaKeyByIndex(crypto.S256(), uint64(n)) + key := InsecureDeterministicEcdsaKeyByIndex(crypto.S256(), uint64(n)) pubkeys[n] = crypto.PubkeyToAddress(key.PublicKey) } @@ -41,7 +41,7 @@ func DevnetGuardianSetVSS(n uint) *vaa.VAA { } // The devnet is initialized with a single guardian (ethereum/migrations/1_initial_migration.js). - key0 := DeterministicEcdsaKeyByIndex(crypto.S256(), 0) + key0 := InsecureDeterministicEcdsaKeyByIndex(crypto.S256(), 0) v.AddSignature(key0, 0) return v diff --git a/node/pkg/supervisor/supervisor_node.go b/node/pkg/supervisor/supervisor_node.go index 257d524d5..2c97f7c2e 100644 --- a/node/pkg/supervisor/supervisor_node.go +++ b/node/pkg/supervisor/supervisor_node.go @@ -210,7 +210,7 @@ func (n *node) runGroup(runnables map[string]Runnable) error { } // Check the requested runnable names. - for name, _ := range runnables { + for name := range runnables { if !reNodeName.MatchString(name) { return fmt.Errorf("runnable name %q is invalid", name) } @@ -237,7 +237,7 @@ func (n *node) runGroup(runnables map[string]Runnable) error { // Schedule execution of group members. go func() { - for name, _ := range runnables { + for name := range runnables { n.sup.pReq <- &processorRequest{ schedule: &processorRequestSchedule{ dn: dns[name], diff --git a/node/pkg/supervisor/supervisor_processor.go b/node/pkg/supervisor/supervisor_processor.go index 309d44a29..26940931a 100644 --- a/node/pkg/supervisor/supervisor_processor.go +++ b/node/pkg/supervisor/supervisor_processor.go @@ -206,7 +206,7 @@ func (s *supervisor) processDied(r *processorRequestDied) { // Cancel all siblings. if n.parent != nil { - for name, _ := range n.parent.groupSiblings(n.name) { + for name := range n.parent.groupSiblings(n.name) { if name == n.name { continue } @@ -262,7 +262,7 @@ func (s *supervisor) processGC() { // We build a queue of nodes to visit, starting from the leaves. queue = []*node{} - for l, _ := range leaves { + for l := range leaves { queue = append(queue, s.nodeByDN(l)) } @@ -366,7 +366,7 @@ func (s *supervisor) processGC() { } // Reinitialize and reschedule all subtrees - for dn, _ := range can { + for dn := range can { n := s.nodeByDN(dn) // Only back off when the node unexpectedly died - not when it got canceled.