Line data Source code
1 : #ifndef HEADER_fd_src_disco_keyguard_fd_keyguard_h 2 : #define HEADER_fd_src_disco_keyguard_fd_keyguard_h 3 : 4 : /* fd_keyguard creates digital signatures on behalf of validator 5 : components. */ 6 : 7 : #include "../fd_disco_base.h" 8 : 9 : FD_PROTOTYPES_BEGIN 10 : 11 : /* FD_KEYGUARD_SIGN_REQ_MTU is the maximum size (inclusive) of a signing 12 : request payload. The payload in this case is the message byte array 13 : passed to fd_ed25519_sign. */ 14 : 15 0 : #define FD_KEYGUARD_SIGN_REQ_MTU (2048UL) 16 : 17 : /* Role definitions ***************************************************/ 18 : 19 0 : #define FD_KEYGUARD_ROLE_VOTER (0) /* vote transaction sender */ 20 0 : #define FD_KEYGUARD_ROLE_GOSSIP (1) /* gossip participant */ 21 0 : #define FD_KEYGUARD_ROLE_LEADER (2) /* block producer (shreds) */ 22 0 : #define FD_KEYGUARD_ROLE_REPAIR (4) /* Repair tile */ 23 0 : #define FD_KEYGUARD_ROLE_BUNDLE (5) /* Bundle tile */ 24 0 : #define FD_KEYGUARD_ROLE_EVENT (6) /* Event tile */ 25 : #define FD_KEYGUARD_ROLE_CNT (7) /* number of known roles */ 26 : 27 : /* Payload types ******************************************************/ 28 : 29 0 : #define FD_KEYGUARD_PAYLOAD_LG_TXN (0) /* Solana transaction message (e.g. vote) */ 30 0 : #define FD_KEYGUARD_PAYLOAD_LG_GOSSIP (1) /* Gossip CrdsData */ 31 0 : #define FD_KEYGUARD_PAYLOAD_LG_PRUNE (2) /* Gossip PruneData */ 32 0 : #define FD_KEYGUARD_PAYLOAD_LG_SHRED (3) /* Solana legacy or merkle shred */ 33 0 : #define FD_KEYGUARD_PAYLOAD_LG_TLS_CV (4) /* TLS 1.3 certificate verify payload */ 34 0 : #define FD_KEYGUARD_PAYLOAD_LG_REPAIR (6) /* RepairProtocol */ 35 0 : #define FD_KEYGUARD_PAYLOAD_LG_PING (7) /* Gossip/Repair ping protocol */ 36 0 : #define FD_KEYGUARD_PAYLOAD_LG_BUNDLE (8) /* Bundle block producer authentication */ 37 0 : #define FD_KEYGUARD_PAYLOAD_LG_EVENT (9) /* Event reporter authentication */ 38 : 39 0 : #define FD_KEYGUARD_PAYLOAD_TXN (1UL<<FD_KEYGUARD_PAYLOAD_LG_TXN ) 40 0 : #define FD_KEYGUARD_PAYLOAD_GOSSIP (1UL<<FD_KEYGUARD_PAYLOAD_LG_GOSSIP) 41 0 : #define FD_KEYGUARD_PAYLOAD_PRUNE (1UL<<FD_KEYGUARD_PAYLOAD_LG_PRUNE ) 42 0 : #define FD_KEYGUARD_PAYLOAD_SHRED (1UL<<FD_KEYGUARD_PAYLOAD_LG_SHRED ) 43 0 : #define FD_KEYGUARD_PAYLOAD_TLS_CV (1UL<<FD_KEYGUARD_PAYLOAD_LG_TLS_CV) 44 0 : #define FD_KEYGUARD_PAYLOAD_REPAIR (1UL<<FD_KEYGUARD_PAYLOAD_LG_REPAIR) 45 0 : #define FD_KEYGUARD_PAYLOAD_PING (1UL<<FD_KEYGUARD_PAYLOAD_LG_PING ) 46 0 : #define FD_KEYGUARD_PAYLOAD_BUNDLE (1UL<<FD_KEYGUARD_PAYLOAD_LG_BUNDLE) 47 0 : #define FD_KEYGUARD_PAYLOAD_EVENT (1UL<<FD_KEYGUARD_PAYLOAD_LG_EVENT) 48 : 49 : /* Sign types *********************************************************/ 50 : 51 0 : #define FD_KEYGUARD_SIGN_TYPE_ED25519 (0) /* ed25519_sign(input) */ 52 0 : #define FD_KEYGUARD_SIGN_TYPE_SHA256_ED25519 (1) /* ed25519_sign(sha256(data)) */ 53 0 : #define FD_KEYGUARD_SIGN_TYPE_PUBKEY_CONCAT_ED25519 (2) /* ed25519_sign(pubkey-data) */ 54 0 : #define FD_KEYGUARD_SIGN_TYPE_FD_METRICS_REPORT_CONCAT_ED25519 (3) /* ed25519_sign(FD_METRICS_REPORT-data)) */ 55 : 56 : /* Type confusion/ambiguity checks ************************************/ 57 : 58 : /* fd_keyguard_payload_match returns a bitwise OR of 59 : FD_KEYGUARD_PAYLOAD_{...}. 60 : 61 : [data,data+sz) is the payload that is requested to be signed. 62 : 63 : sign_type is in FD_KEYGUARD_SIGN_TYPE_{...}. 64 : 65 : Returns 0 if none matched. fd_ulong_popcnt(return value) is 1 if the 66 : payload is unambiguously of a single type. */ 67 : 68 : FD_FN_PURE ulong 69 : fd_keyguard_payload_match( uchar const * data, 70 : ulong sz, 71 : int sign_type ); 72 : 73 : /* Authorization ******************************************************/ 74 : 75 : struct fd_keyguard_authority { 76 : uchar identity_pubkey[32]; 77 : }; 78 : 79 : typedef struct fd_keyguard_authority fd_keyguard_authority_t; 80 : 81 : /* fd_keyguard_payload_authorize decides whether the keyguard accepts 82 : a signing request. 83 : 84 : [data,data+sz) is the payload that is requested to be signed. 85 : 86 : role is one of FD_KEYGUARD_ROLE_{...}. It is assumed that the origin 87 : of the request was previously authorized for the given role. 88 : 89 : Returns 1 if authorized, otherwise 0. 90 : 91 : This function is more restrictive than the respective 92 : fd_keyguard_payload_matches functions. */ 93 : 94 : int 95 : fd_keyguard_payload_authorize( fd_keyguard_authority_t const * authority, 96 : uchar const * data, 97 : ulong sz, 98 : int role, 99 : int sign_type ); 100 : 101 : FD_PROTOTYPES_END 102 : 103 : #endif /* HEADER_fd_src_disco_keyguard_fd_keyguard_h */
