From 3c64d964df1ac1b46247185cc271c21a96dae233 Mon Sep 17 00:00:00 2001 From: Kevin Heifner Date: Wed, 10 Jan 2024 08:00:25 -0600 Subject: [PATCH 1/3] GH-2060 Shutdown on startup if signature-provider is malformed. --- plugins/producer_plugin/producer_plugin.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/plugins/producer_plugin/producer_plugin.cpp b/plugins/producer_plugin/producer_plugin.cpp index d64884a2a4..559d6e53af 100644 --- a/plugins/producer_plugin/producer_plugin.cpp +++ b/plugins/producer_plugin/producer_plugin.cpp @@ -1139,10 +1139,13 @@ void producer_plugin_impl::plugin_initialize(const boost::program_options::varia } } catch(secure_enclave_exception& e) { elog("Error with Secure Enclave signature provider: ${e}; ignoring ${val}", ("e", e.top_message())("val", key_spec_pair)); + throw; } catch (fc::exception& e) { elog("Malformed signature provider: \"${val}\": ${e}, ignoring!", ("val", key_spec_pair)("e", e)); + throw; } catch (...) { elog("Malformed signature provider: \"${val}\", ignoring!", ("val", key_spec_pair)); + throw; } } } From 08b62d77c53257669a45316c713e337f8ff7a19f Mon Sep 17 00:00:00 2001 From: Kevin Heifner Date: Wed, 10 Jan 2024 08:01:06 -0600 Subject: [PATCH 2/3] GH-2060 Update signature provider parsing for base64 encoded BLS public keys --- .../signature_provider_plugin/signature_provider_plugin.cpp | 3 +++ tests/TestHarness/launcher.py | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/plugins/signature_provider_plugin/signature_provider_plugin.cpp b/plugins/signature_provider_plugin/signature_provider_plugin.cpp index 7cd9eec57d..fba48def38 100644 --- a/plugins/signature_provider_plugin/signature_provider_plugin.cpp +++ b/plugins/signature_provider_plugin/signature_provider_plugin.cpp @@ -42,6 +42,9 @@ class signature_provider_plugin_impl { std::tuple parse_spec(const std::string& spec) const { auto delim = spec.find("="); EOS_ASSERT(delim != std::string::npos, chain::plugin_config_exception, "Missing \"=\" in the key spec pair"); + // public_key can be base64 encoded with trailing `=` + while( spec.size() > delim+1 && spec[delim+1] == '=' ) + ++delim; auto pub_key_str = spec.substr(0, delim); auto spec_str = spec.substr(delim + 1); diff --git a/tests/TestHarness/launcher.py b/tests/TestHarness/launcher.py index 1301a5385a..ff331401fb 100644 --- a/tests/TestHarness/launcher.py +++ b/tests/TestHarness/launcher.py @@ -514,7 +514,7 @@ def construct_command_line(self, instance: nodeDefinition): a(a(eosdcmd, '--plugin'), 'eosio::producer_plugin') producer_keys = list(sum([('--signature-provider', f'{key.pubkey}=KEY:{key.privkey}') for key in instance.keys], ())) eosdcmd.extend(producer_keys) - finalizer_keys = list(sum([('--signature-provider', f'{key.blspubkey}=KEY:{key.blsprivkey}') for key in instance.keys], ())) + finalizer_keys = list(sum([('--signature-provider', f'{key.blspubkey}=KEY:{key.blsprivkey}') for key in instance.keys if key.blspubkey is not None], ())) eosdcmd.extend(finalizer_keys) producer_names = list(sum([('--producer-name', p) for p in instance.producers], ())) eosdcmd.extend(producer_names) From 348ef289db72d233f7133d1c82263cd03f5b8e2e Mon Sep 17 00:00:00 2001 From: Kevin Heifner Date: Wed, 10 Jan 2024 10:41:43 -0600 Subject: [PATCH 3/3] GH-2060 Add better error if separator not provided correctly --- plugins/signature_provider_plugin/signature_provider_plugin.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plugins/signature_provider_plugin/signature_provider_plugin.cpp b/plugins/signature_provider_plugin/signature_provider_plugin.cpp index fba48def38..31d928ee55 100644 --- a/plugins/signature_provider_plugin/signature_provider_plugin.cpp +++ b/plugins/signature_provider_plugin/signature_provider_plugin.cpp @@ -43,8 +43,10 @@ class signature_provider_plugin_impl { auto delim = spec.find("="); EOS_ASSERT(delim != std::string::npos, chain::plugin_config_exception, "Missing \"=\" in the key spec pair"); // public_key can be base64 encoded with trailing `=` + // e.g. --signature-provider PUB_BLS_FmgkiuA===KEY:PVT_BLS_NZhJZHFu while( spec.size() > delim+1 && spec[delim+1] == '=' ) ++delim; + EOS_ASSERT(delim < spec.size() + 1, chain::plugin_config_exception, "Missing spec data in the key spec pair"); auto pub_key_str = spec.substr(0, delim); auto spec_str = spec.substr(delim + 1);