Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IF: Update signature-provider parsing for base64 BLS public keys #2066

Merged
merged 3 commits into from
Jan 10, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions plugins/producer_plugin/producer_plugin.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1139,10 +1139,13 @@ void producer_plugin_impl::plugin_initialize(const boost::program_options::varia
}
} catch(secure_enclave_exception& e) {
elog("Error with Secure Enclave signature provider: ${e}; ignoring ${val}", ("e", e.top_message())("val", key_spec_pair));
throw;
} catch (fc::exception& e) {
elog("Malformed signature provider: \"${val}\": ${e}, ignoring!", ("val", key_spec_pair)("e", e));
throw;
} catch (...) {
elog("Malformed signature provider: \"${val}\", ignoring!", ("val", key_spec_pair));
throw;
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,11 @@ class signature_provider_plugin_impl {
std::tuple<std::string, std::string, std::string> parse_spec(const std::string& spec) const {
auto delim = spec.find("=");
EOS_ASSERT(delim != std::string::npos, chain::plugin_config_exception, "Missing \"=\" in the key spec pair");
// public_key can be base64 encoded with trailing `=`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add in the comment what spec looks like when the public_key has trailing =?

// e.g. --signature-provider PUB_BLS_Fmgk<snip>iuA===KEY:PVT_BLS_NZhJ<snip>ZHFu
while( spec.size() > delim+1 && spec[delim+1] == '=' )
++delim;
EOS_ASSERT(delim < spec.size() + 1, chain::plugin_config_exception, "Missing spec data in the key spec pair");
auto pub_key_str = spec.substr(0, delim);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

won't pub_key_str potentially end with multiple = characters? Maybe it is not an issue?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, which like the example comment shows is rather ugly. We will likely move to base64url in the future partly do to this.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So should we do something like this:

         auto delim_end = delim;
         while( spec.size() > delim_end+1 && spec[delim_end+1] == '=' )
            ++delim_end;
         EOS_ASSERT(delim_end < spec.size() + 1, chain::plugin_config_exception, "Missing spec data in the key spec pair");
         auto pub_key_str = spec.substr(0, delim);
         auto spec_str = spec.substr(delim_end + 1);

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, The public key is PUB_BLS_Fmgk<snip>iuA== the separator is =KEY:. Also note the separator can also be =KEOSD: and =SE:.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, OK. No spaces possible, right?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct, no spaces allowed.

auto spec_str = spec.substr(delim + 1);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this be out of range if = is the last char in spec and delim points to =?


Expand Down
2 changes: 1 addition & 1 deletion tests/TestHarness/launcher.py
Original file line number Diff line number Diff line change
Expand Up @@ -514,7 +514,7 @@ def construct_command_line(self, instance: nodeDefinition):
a(a(eosdcmd, '--plugin'), 'eosio::producer_plugin')
producer_keys = list(sum([('--signature-provider', f'{key.pubkey}=KEY:{key.privkey}') for key in instance.keys], ()))
eosdcmd.extend(producer_keys)
finalizer_keys = list(sum([('--signature-provider', f'{key.blspubkey}=KEY:{key.blsprivkey}') for key in instance.keys], ()))
finalizer_keys = list(sum([('--signature-provider', f'{key.blspubkey}=KEY:{key.blsprivkey}') for key in instance.keys if key.blspubkey is not None], ()))
eosdcmd.extend(finalizer_keys)
producer_names = list(sum([('--producer-name', p) for p in instance.producers], ()))
eosdcmd.extend(producer_names)
Expand Down