Line data Source code
1 : #ifndef HEADER_fd_src_disco_keyguard_fd_keyguard_h 2 : #define HEADER_fd_src_disco_keyguard_fd_keyguard_h 3 : 4 : /* fd_keyguard creates digital signatures on behalf of validator 5 : components. */ 6 : 7 : #include "../fd_disco_base.h" 8 : 9 : FD_PROTOTYPES_BEGIN 10 : 11 : /* FD_KEYGUARD_SIGN_REQ_MTU is the maximum size (inclusive) of a signing 12 : request payload. The payload in this case is the message byte array 13 : passed to fd_ed25519_sign. */ 14 : 15 0 : #define FD_KEYGUARD_SIGN_REQ_MTU (2048UL) 16 : 17 : /* Role definitions ***************************************************/ 18 : 19 0 : #define FD_KEYGUARD_ROLE_VOTER (0) /* vote transaction sender */ 20 0 : #define FD_KEYGUARD_ROLE_GOSSIP (1) /* gossip participant */ 21 0 : #define FD_KEYGUARD_ROLE_LEADER (2) /* block producer (shreds) */ 22 0 : #define FD_KEYGUARD_ROLE_REPAIR (4) /* Repair tile */ 23 0 : #define FD_KEYGUARD_ROLE_BUNDLE (5) /* Bundle tile */ 24 0 : #define FD_KEYGUARD_ROLE_EVENT (6) /* Event tile */ 25 0 : #define FD_KEYGUARD_ROLE_BUNDLE_CRANK (7) /* Sign cranking transactions for bundle tips */ 26 : #define FD_KEYGUARD_ROLE_CNT (8) /* number of known roles */ 27 : 28 : /* Payload types ******************************************************/ 29 : 30 0 : #define FD_KEYGUARD_PAYLOAD_LG_TXN (0) /* Solana transaction message (e.g. vote) */ 31 0 : #define FD_KEYGUARD_PAYLOAD_LG_GOSSIP (1) /* Gossip CrdsData */ 32 0 : #define FD_KEYGUARD_PAYLOAD_LG_PRUNE (2) /* Gossip PruneData */ 33 0 : #define FD_KEYGUARD_PAYLOAD_LG_SHRED (3) /* Solana legacy or merkle shred */ 34 0 : #define FD_KEYGUARD_PAYLOAD_LG_TLS_CV (4) /* TLS 1.3 certificate verify payload */ 35 0 : #define FD_KEYGUARD_PAYLOAD_LG_REPAIR (6) /* RepairProtocol */ 36 0 : #define FD_KEYGUARD_PAYLOAD_LG_PING (7) /* Gossip/Repair ping protocol */ 37 0 : #define FD_KEYGUARD_PAYLOAD_LG_BUNDLE (8) /* Bundle block producer authentication */ 38 0 : #define FD_KEYGUARD_PAYLOAD_LG_EVENT (9) /* Event reporter authentication */ 39 : 40 0 : #define FD_KEYGUARD_PAYLOAD_TXN (1UL<<FD_KEYGUARD_PAYLOAD_LG_TXN ) 41 0 : #define FD_KEYGUARD_PAYLOAD_GOSSIP (1UL<<FD_KEYGUARD_PAYLOAD_LG_GOSSIP) 42 0 : #define FD_KEYGUARD_PAYLOAD_PRUNE (1UL<<FD_KEYGUARD_PAYLOAD_LG_PRUNE ) 43 0 : #define FD_KEYGUARD_PAYLOAD_SHRED (1UL<<FD_KEYGUARD_PAYLOAD_LG_SHRED ) 44 0 : #define FD_KEYGUARD_PAYLOAD_TLS_CV (1UL<<FD_KEYGUARD_PAYLOAD_LG_TLS_CV) 45 0 : #define FD_KEYGUARD_PAYLOAD_REPAIR (1UL<<FD_KEYGUARD_PAYLOAD_LG_REPAIR) 46 0 : #define FD_KEYGUARD_PAYLOAD_PING (1UL<<FD_KEYGUARD_PAYLOAD_LG_PING ) 47 0 : #define FD_KEYGUARD_PAYLOAD_BUNDLE (1UL<<FD_KEYGUARD_PAYLOAD_LG_BUNDLE) 48 0 : #define FD_KEYGUARD_PAYLOAD_EVENT (1UL<<FD_KEYGUARD_PAYLOAD_LG_EVENT ) 49 : 50 : /* Sign types *********************************************************/ 51 : 52 0 : #define FD_KEYGUARD_SIGN_TYPE_ED25519 (0) /* ed25519_sign(input) */ 53 0 : #define FD_KEYGUARD_SIGN_TYPE_SHA256_ED25519 (1) /* ed25519_sign(sha256(data)) */ 54 0 : #define FD_KEYGUARD_SIGN_TYPE_PUBKEY_CONCAT_ED25519 (2) /* ed25519_sign(pubkey-data) */ 55 0 : #define FD_KEYGUARD_SIGN_TYPE_FD_METRICS_REPORT_CONCAT_ED25519 (3) /* ed25519_sign(FD_METRICS_REPORT-data)) */ 56 : 57 : /* Type confusion/ambiguity checks ************************************/ 58 : 59 : /* fd_keyguard_payload_match returns a bitwise OR of 60 : FD_KEYGUARD_PAYLOAD_{...}. 61 : 62 : [data,data+sz) is the payload that is requested to be signed. 63 : 64 : sign_type is in FD_KEYGUARD_SIGN_TYPE_{...}. 65 : 66 : Returns 0 if none matched. fd_ulong_popcnt(return value) is 1 if the 67 : payload is unambiguously of a single type. */ 68 : 69 : FD_FN_PURE ulong 70 : fd_keyguard_payload_match( uchar const * data, 71 : ulong sz, 72 : int sign_type ); 73 : 74 : /* Authorization ******************************************************/ 75 : 76 : struct fd_keyguard_authority { 77 : uchar identity_pubkey[32]; 78 : }; 79 : 80 : typedef struct fd_keyguard_authority fd_keyguard_authority_t; 81 : 82 : /* fd_keyguard_payload_authorize decides whether the keyguard accepts 83 : a signing request. 84 : 85 : [data,data+sz) is the payload that is requested to be signed. 86 : 87 : role is one of FD_KEYGUARD_ROLE_{...}. It is assumed that the origin 88 : of the request was previously authorized for the given role. 89 : 90 : Returns 1 if authorized, otherwise 0. 91 : 92 : This function is more restrictive than the respective 93 : fd_keyguard_payload_matches functions. */ 94 : 95 : int 96 : fd_keyguard_payload_authorize( fd_keyguard_authority_t const * authority, 97 : uchar const * data, 98 : ulong sz, 99 : int role, 100 : int sign_type ); 101 : 102 : FD_PROTOTYPES_END 103 : 104 : #endif /* HEADER_fd_src_disco_keyguard_fd_keyguard_h */