From 121fe99e7ec61013ef5a0f7ddc02f7c49f3d6f0c Mon Sep 17 00:00:00 2001 From: Felix Lange Date: Thu, 8 Oct 2020 11:19:54 +0200 Subject: [PATCH] p2p/discover: remove use of shared hash instance for key derivation (#21673) For some reason, using the shared hash causes a cryptographic incompatibility when using Go 1.15. I noticed this during the development of Discovery v5.1 when I added test vector verification. The go library commit that broke this is golang/go@97240d5, but the way we used HKDF is slightly dodgy anyway and it's not a regression. --- p2p/discover/v5_encoding.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/p2p/discover/v5_encoding.go b/p2p/discover/v5_encoding.go index 80d26f153..80e23e309 100644 --- a/p2p/discover/v5_encoding.go +++ b/p2p/discover/v5_encoding.go @@ -383,7 +383,7 @@ func (c *wireCodec) deriveKeys(n1, n2 enode.ID, priv *ecdsa.PrivateKey, pub *ecd info := []byte("discovery v5 key agreement") info = append(info, n1[:]...) info = append(info, n2[:]...) - kdf := hkdf.New(c.sha256reset, eph, challenge.IDNonce[:], info) + kdf := hkdf.New(sha256.New, eph, challenge.IDNonce[:], info) sec := handshakeSecrets{ writeKey: make([]byte, aesKeySize), readKey: make([]byte, aesKeySize),