From c06a3137e5bec47f3bead532bb69b4a742132d79 Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Wed, 14 Apr 2021 22:57:58 +0300 Subject: [PATCH] app: add support for ephemeral keys --- README.md | 2 +- app.go | 13 ++++++++++++- neofs/credentials.go | 22 ++++++++++++++++++++++ settings.go | 2 +- 4 files changed, 36 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 537aeb3..6e214cc 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ version Show current version --metrics enable prometheus -h, --help show help -v, --version show version - --key string "generated" to generate key, path to private key file, hex string or wif (default "generated") + --key string path to private key file, hex string or wif (the key will be autogenerated if not specified) --verbose debug gRPC connections --request_timeout duration gRPC request timeout (default 5s) --connect_timeout duration gRPC connect timeout (default 30s) diff --git a/app.go b/app.go index bcb2537..1144de0 100644 --- a/app.go +++ b/app.go @@ -56,6 +56,11 @@ func WithConfig(c *viper.Viper) Option { } func newApp(ctx context.Context, opt ...Option) App { + var ( + creds neofs.Credentials + err error + ) + a := &app{ log: zap.L(), cfg: viper.GetViper(), @@ -86,7 +91,13 @@ func newApp(ctx context.Context, opt ...Option) App { a.webServer.DisablePreParseMultipartForm = true a.webServer.StreamRequestBody = a.cfg.GetBool(cfgWebStreamRequestBody) // -- -- -- -- -- -- -- -- -- -- -- -- -- -- - creds, err := neofs.NewCredentials(a.cfg.GetString(cmdNeoFSKey)) + keystring := a.cfg.GetString(cmdNeoFSKey) + if len(keystring) == 0 { + a.log.Info("no key specified, creating one automatically for this run") + creds, err = neofs.NewEphemeralCredentials() + } else { + creds, err = neofs.NewCredentials(keystring) + } if err != nil { a.log.Fatal("failed to get neofs credentials", zap.Error(err)) } diff --git a/neofs/credentials.go b/neofs/credentials.go index 20b8c9b..990aa96 100644 --- a/neofs/credentials.go +++ b/neofs/credentials.go @@ -2,6 +2,9 @@ package neofs import ( "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "math/big" "github.com/nspcc-dev/neofs-api-go/pkg/owner" crypto "github.com/nspcc-dev/neofs-crypto" @@ -33,6 +36,25 @@ func NewCredentials(secret string) (Credentials, error) { return setFromPrivateKey(key) } +// NewEphemeralCredentials creates new private key and Credentials based on that +// key. +func NewEphemeralCredentials() (Credentials, error) { + c := elliptic.P256() + priv, x, y, err := elliptic.GenerateKey(c, rand.Reader) + if err != nil { + return nil, err + } + key := &ecdsa.PrivateKey{ + PublicKey: ecdsa.PublicKey{ + Curve: c, + X: x, + Y: y, + }, + D: new(big.Int).SetBytes(priv), + } + return setFromPrivateKey(key) +} + // PrivateKey returns ecdsa.PrivateKey. func (c *credentials) PrivateKey() *ecdsa.PrivateKey { return c.key diff --git a/settings.go b/settings.go index 7844293..32326cd 100644 --- a/settings.go +++ b/settings.go @@ -104,7 +104,7 @@ func settings() *viper.Viper { help := flags.BoolP(cmdHelp, "h", false, "show help") version := flags.BoolP(cmdVersion, "v", false, "show version") - flags.String(cmdNeoFSKey, "", `path to private key file, hex string or wif`) + flags.String(cmdNeoFSKey, "", `path to private key file, hex string or wif (autogenerated key will be used if not specified)`) flags.Bool(cmdVerbose, false, "debug gRPC connections") flags.Duration(cfgConTimeout, defaultConnectTimeout, "gRPC connect timeout")