Line data Source code
1 : #ifndef HEADER_fd_src_disco_keyguard_fd_keyguard_h 2 : #define HEADER_fd_src_disco_keyguard_fd_keyguard_h 3 : 4 : /* fd_keyguard creates digital signatures on behalf of validator 5 : components. */ 6 : 7 : #include "../fd_disco_base.h" 8 : 9 : FD_PROTOTYPES_BEGIN 10 : 11 : /* FD_KEYGUARD_SIGN_REQ_MTU is the maximum size (inclusive) of a signing 12 : request payload. The payload in this case is the message byte array 13 : passed to fd_ed25519_sign. */ 14 : 15 3 : #define FD_KEYGUARD_SIGN_REQ_MTU (2048UL) 16 : 17 : /* Role definitions ***************************************************/ 18 : 19 6 : #define FD_KEYGUARD_ROLE_TXSEND (0) /* vote transaction sender */ 20 0 : #define FD_KEYGUARD_ROLE_GOSSIP (1) /* gossip participant */ 21 0 : #define FD_KEYGUARD_ROLE_LEADER (2) /* block producer (shreds) */ 22 0 : #define FD_KEYGUARD_ROLE_REPAIR (4) /* Repair tile */ 23 0 : #define FD_KEYGUARD_ROLE_BUNDLE (5) /* Bundle tile */ 24 0 : #define FD_KEYGUARD_ROLE_EVENT (6) /* Event tile */ 25 0 : #define FD_KEYGUARD_ROLE_BUNDLE_CRANK (7) /* Sign cranking transactions for bundle tips */ 26 0 : #define FD_KEYGUARD_ROLE_RSERVE (8) /* Repair server tile */ 27 : #define FD_KEYGUARD_ROLE_CNT (9) /* number of known roles */ 28 : 29 : /* Payload types ******************************************************/ 30 : 31 6 : #define FD_KEYGUARD_PAYLOAD_LG_TXN ( 0) /* Solana transaction message (e.g. vote) */ 32 6 : #define FD_KEYGUARD_PAYLOAD_LG_GOSSIP ( 1) /* Gossip CrdsData */ 33 3 : #define FD_KEYGUARD_PAYLOAD_LG_PRUNE ( 2) /* Gossip PruneData */ 34 6 : #define FD_KEYGUARD_PAYLOAD_LG_SHRED ( 3) /* Solana legacy or merkle shred */ 35 6 : #define FD_KEYGUARD_PAYLOAD_LG_TLS_CV ( 4) /* TLS 1.3 certificate verify payload */ 36 6 : #define FD_KEYGUARD_PAYLOAD_LG_REPAIR ( 6) /* RepairProtocol */ 37 6 : #define FD_KEYGUARD_PAYLOAD_LG_PING ( 7) /* Gossip ping protocol */ 38 3 : #define FD_KEYGUARD_PAYLOAD_LG_BUNDLE ( 8) /* Bundle block producer authentication */ 39 3 : #define FD_KEYGUARD_PAYLOAD_LG_EVENT ( 9) /* Event reporter authentication */ 40 3 : #define FD_KEYGUARD_PAYLOAD_LG_PONG (10) /* Gossip/Repair ping/pong protocol */ 41 : 42 6 : #define FD_KEYGUARD_PAYLOAD_TXN (1UL<<FD_KEYGUARD_PAYLOAD_LG_TXN ) 43 6 : #define FD_KEYGUARD_PAYLOAD_GOSSIP (1UL<<FD_KEYGUARD_PAYLOAD_LG_GOSSIP) 44 3 : #define FD_KEYGUARD_PAYLOAD_PRUNE (1UL<<FD_KEYGUARD_PAYLOAD_LG_PRUNE ) 45 6 : #define FD_KEYGUARD_PAYLOAD_SHRED (1UL<<FD_KEYGUARD_PAYLOAD_LG_SHRED ) 46 6 : #define FD_KEYGUARD_PAYLOAD_TLS_CV (1UL<<FD_KEYGUARD_PAYLOAD_LG_TLS_CV) 47 6 : #define FD_KEYGUARD_PAYLOAD_REPAIR (1UL<<FD_KEYGUARD_PAYLOAD_LG_REPAIR) 48 6 : #define FD_KEYGUARD_PAYLOAD_PING (1UL<<FD_KEYGUARD_PAYLOAD_LG_PING ) 49 3 : #define FD_KEYGUARD_PAYLOAD_BUNDLE (1UL<<FD_KEYGUARD_PAYLOAD_LG_BUNDLE) 50 3 : #define FD_KEYGUARD_PAYLOAD_EVENT (1UL<<FD_KEYGUARD_PAYLOAD_LG_EVENT ) 51 3 : #define FD_KEYGUARD_PAYLOAD_PONG (1UL<<FD_KEYGUARD_PAYLOAD_LG_PONG ) 52 : 53 : /* Sign types *********************************************************/ 54 : 55 30 : #define FD_KEYGUARD_SIGN_TYPE_ED25519 (0) /* ed25519_sign(input) */ 56 6 : #define FD_KEYGUARD_SIGN_TYPE_SHA256_ED25519 (1) /* ed25519_sign(sha256(data)) */ 57 3 : #define FD_KEYGUARD_SIGN_TYPE_PUBKEY_CONCAT_ED25519 (2) /* ed25519_sign(pubkey-data) */ 58 0 : #define FD_KEYGUARD_SIGN_TYPE_CNT (3) /* number of sign types */ 59 : 60 : /* Type confusion/ambiguity checks ************************************/ 61 : 62 : /* fd_keyguard_payload_match returns a bitwise OR of 63 : FD_KEYGUARD_PAYLOAD_{...}. 64 : 65 : [data,data+sz) is the payload that is requested to be signed. 66 : 67 : sign_type is in FD_KEYGUARD_SIGN_TYPE_{...}. 68 : 69 : Returns 0 if none matched. fd_ulong_popcnt(return value) is 1 if the 70 : payload is unambiguously of a single type. */ 71 : 72 : FD_FN_PURE ulong 73 : fd_keyguard_payload_match( uchar const * data, 74 : ulong sz, 75 : int sign_type ); 76 : 77 : /* Authorization ******************************************************/ 78 : 79 : struct fd_keyguard_authority { 80 : uchar identity_pubkey[32]; 81 : }; 82 : 83 : typedef struct fd_keyguard_authority fd_keyguard_authority_t; 84 : 85 : /* fd_keyguard_payload_authorize decides whether the keyguard accepts 86 : a signing request. 87 : 88 : [data,data+sz) is the payload that is requested to be signed. 89 : 90 : role is one of FD_KEYGUARD_ROLE_{...}. It is assumed that the origin 91 : of the request was previously authorized for the given role. 92 : 93 : Returns 1 if authorized, otherwise 0. 94 : 95 : This function is more restrictive than the respective 96 : fd_keyguard_payload_matches functions. */ 97 : 98 : int 99 : fd_keyguard_payload_authorize( fd_keyguard_authority_t const * authority, 100 : uchar const * data, 101 : ulong sz, 102 : int role, 103 : int sign_type ); 104 : 105 : FD_PROTOTYPES_END 106 : 107 : #endif /* HEADER_fd_src_disco_keyguard_fd_keyguard_h */