LCOV - code coverage report
Current view: top level - disco/keyguard - fd_keyguard.h (source / functions) Hit Total Coverage
Test: cov.lcov Lines: 25 33 75.8 %
Date: 2026-07-04 05:35:33 Functions: 0 0 -

          Line data    Source code
       1             : #ifndef HEADER_fd_src_disco_keyguard_fd_keyguard_h
       2             : #define HEADER_fd_src_disco_keyguard_fd_keyguard_h
       3             : 
       4             : /* fd_keyguard creates digital signatures on behalf of validator
       5             :    components. */
       6             : 
       7             : #include "../fd_disco_base.h"
       8             : 
       9             : FD_PROTOTYPES_BEGIN
      10             : 
      11             : /* FD_KEYGUARD_SIGN_REQ_MTU is the maximum size (inclusive) of a signing
      12             :    request payload.  The payload in this case is the message byte array
      13             :    passed to fd_ed25519_sign. */
      14             : 
      15           3 : #define FD_KEYGUARD_SIGN_REQ_MTU (2048UL)
      16             : 
      17             : /* Role definitions ***************************************************/
      18             : 
      19           6 : #define FD_KEYGUARD_ROLE_TXSEND       (0)  /* vote transaction sender */
      20           0 : #define FD_KEYGUARD_ROLE_GOSSIP       (1)  /* gossip participant */
      21           0 : #define FD_KEYGUARD_ROLE_LEADER       (2)  /* block producer (shreds) */
      22           0 : #define FD_KEYGUARD_ROLE_REPAIR       (4)  /* Repair tile */
      23           0 : #define FD_KEYGUARD_ROLE_BUNDLE       (5)  /* Bundle tile */
      24           0 : #define FD_KEYGUARD_ROLE_EVENT        (6)  /* Event tile */
      25           0 : #define FD_KEYGUARD_ROLE_BUNDLE_CRANK (7)  /* Sign cranking transactions for bundle tips */
      26           0 : #define FD_KEYGUARD_ROLE_RSERVE       (8)  /* Repair server tile */
      27             : #define FD_KEYGUARD_ROLE_CNT          (9)  /* number of known roles */
      28             : 
      29             : /* Payload types ******************************************************/
      30             : 
      31           6 : #define FD_KEYGUARD_PAYLOAD_LG_TXN    ( 0)  /* Solana transaction message (e.g. vote) */
      32           6 : #define FD_KEYGUARD_PAYLOAD_LG_GOSSIP ( 1)  /* Gossip CrdsData */
      33           3 : #define FD_KEYGUARD_PAYLOAD_LG_PRUNE  ( 2)  /* Gossip PruneData */
      34           6 : #define FD_KEYGUARD_PAYLOAD_LG_SHRED  ( 3)  /* Solana legacy or merkle shred */
      35           6 : #define FD_KEYGUARD_PAYLOAD_LG_TLS_CV ( 4)  /* TLS 1.3 certificate verify payload */
      36           6 : #define FD_KEYGUARD_PAYLOAD_LG_REPAIR ( 6)  /* RepairProtocol */
      37           6 : #define FD_KEYGUARD_PAYLOAD_LG_PING   ( 7)  /* Gossip ping protocol */
      38           3 : #define FD_KEYGUARD_PAYLOAD_LG_BUNDLE ( 8)  /* Bundle block producer authentication */
      39           3 : #define FD_KEYGUARD_PAYLOAD_LG_EVENT  ( 9)  /* Event reporter authentication */
      40           3 : #define FD_KEYGUARD_PAYLOAD_LG_PONG   (10)  /* Gossip/Repair ping/pong protocol */
      41             : 
      42           6 : #define FD_KEYGUARD_PAYLOAD_TXN    (1UL<<FD_KEYGUARD_PAYLOAD_LG_TXN   )
      43           6 : #define FD_KEYGUARD_PAYLOAD_GOSSIP (1UL<<FD_KEYGUARD_PAYLOAD_LG_GOSSIP)
      44           3 : #define FD_KEYGUARD_PAYLOAD_PRUNE  (1UL<<FD_KEYGUARD_PAYLOAD_LG_PRUNE )
      45           6 : #define FD_KEYGUARD_PAYLOAD_SHRED  (1UL<<FD_KEYGUARD_PAYLOAD_LG_SHRED )
      46           6 : #define FD_KEYGUARD_PAYLOAD_TLS_CV (1UL<<FD_KEYGUARD_PAYLOAD_LG_TLS_CV)
      47           6 : #define FD_KEYGUARD_PAYLOAD_REPAIR (1UL<<FD_KEYGUARD_PAYLOAD_LG_REPAIR)
      48           6 : #define FD_KEYGUARD_PAYLOAD_PING   (1UL<<FD_KEYGUARD_PAYLOAD_LG_PING  )
      49           3 : #define FD_KEYGUARD_PAYLOAD_BUNDLE (1UL<<FD_KEYGUARD_PAYLOAD_LG_BUNDLE)
      50           3 : #define FD_KEYGUARD_PAYLOAD_EVENT  (1UL<<FD_KEYGUARD_PAYLOAD_LG_EVENT )
      51           3 : #define FD_KEYGUARD_PAYLOAD_PONG   (1UL<<FD_KEYGUARD_PAYLOAD_LG_PONG  )
      52             : 
      53             : /* Sign types *********************************************************/
      54             : 
      55          30 : #define FD_KEYGUARD_SIGN_TYPE_ED25519               (0)  /* ed25519_sign(input) */
      56           6 : #define FD_KEYGUARD_SIGN_TYPE_SHA256_ED25519        (1)  /* ed25519_sign(sha256(data)) */
      57           3 : #define FD_KEYGUARD_SIGN_TYPE_PUBKEY_CONCAT_ED25519 (2)  /* ed25519_sign(pubkey-data) */
      58           0 : #define FD_KEYGUARD_SIGN_TYPE_CNT                   (3)  /* number of sign types */
      59             : 
      60             : /* Type confusion/ambiguity checks ************************************/
      61             : 
      62             : /* fd_keyguard_payload_match returns a bitwise OR of
      63             :    FD_KEYGUARD_PAYLOAD_{...}.
      64             : 
      65             :    [data,data+sz) is the payload that is requested to be signed.
      66             : 
      67             :    sign_type is in FD_KEYGUARD_SIGN_TYPE_{...}.
      68             : 
      69             :    Returns 0 if none matched.  fd_ulong_popcnt(return value) is 1 if the
      70             :    payload is unambiguously of a single type. */
      71             : 
      72             : FD_FN_PURE ulong
      73             : fd_keyguard_payload_match( uchar const * data,
      74             :                            ulong         sz,
      75             :                            int           sign_type );
      76             : 
      77             : /* Authorization ******************************************************/
      78             : 
      79             : struct fd_keyguard_authority {
      80             :   uchar identity_pubkey[32];
      81             : };
      82             : 
      83             : typedef struct fd_keyguard_authority fd_keyguard_authority_t;
      84             : 
      85             : /* fd_keyguard_payload_authorize decides whether the keyguard accepts
      86             :    a signing request.
      87             : 
      88             :    [data,data+sz) is the payload that is requested to be signed.
      89             : 
      90             :    role is one of FD_KEYGUARD_ROLE_{...}.  It is assumed that the origin
      91             :    of the request was previously authorized for the given role.
      92             : 
      93             :    Returns 1 if authorized, otherwise 0.
      94             : 
      95             :    This function is more restrictive than the respective
      96             :    fd_keyguard_payload_matches functions. */
      97             : 
      98             : int
      99             : fd_keyguard_payload_authorize( fd_keyguard_authority_t const * authority,
     100             :                                uchar const *                   data,
     101             :                                ulong                           sz,
     102             :                                int                             role,
     103             :                                int                             sign_type );
     104             : 
     105             : FD_PROTOTYPES_END
     106             : 
     107             : #endif /* HEADER_fd_src_disco_keyguard_fd_keyguard_h */

Generated by: LCOV version 1.14