Line data    Source code

       1             : #ifndef HEADER_fd_src_disco_keyguard_fd_keyguard_client_h
       2             : #define HEADER_fd_src_disco_keyguard_fd_keyguard_client_h
       3             : 
       4             : /* A simple blocking client to a remote signing server, based on a pair
       5             :    of (input, output) mcaches and data regions.
       6             : 
       7             :    For maximum security, the caller should ensure a few things before
       8             :    using,
       9             : 
      10             :     (a) The request mcache and data region are placed in a shared memory
      11             :         map that is accessible exclusively to the calling tile, and the
      12             :         keyguard tile.  The keyguard tile should map the memory as read
      13             :         only.
      14             : 
      15             :     (b) The response mcache and data region are placed in a shared
      16             :         memory map that is accessible exclusively to the calling tile,
      17             :         and the keyguard tile.  The calling tile should map the memory
      18             :         as read only.
      19             : 
      20             :     (c) No other data is placed in these shared memory maps, and no
      21             :         other tiles have access to them.
      22             : 
      23             :     (d) Each input/output mcache correspond to a single role, and the
      24             :         keyguard tile verifies that all incoming requests are
      25             :         specifically formatted for that role. */
      26             : 
      27             : #include "../fd_disco_base.h"
      28             : 
      29             : #define FD_KEYGUARD_CLIENT_ALIGN (128UL)
      30             : #define FD_KEYGUARD_CLIENT_FOOTPRINT (128UL)
      31             : 
      32             : struct __attribute__((aligned(FD_KEYGUARD_CLIENT_ALIGN))) fd_keyguard_client {
      33             :   fd_frag_meta_t * request;
      34             :   ulong            request_seq;
      35             :   uchar          * request_data;
      36             : 
      37             :   fd_frag_meta_t * response;
      38             :   ulong            response_seq;
      39             :   uchar          * response_data;
      40             : };
      41             : typedef struct fd_keyguard_client fd_keyguard_client_t;
      42             : 
      43             : FD_PROTOTYPES_BEGIN
      44             : 
      45             : void *
      46             : fd_keyguard_client_new( void *           shmem,
      47             :                         fd_frag_meta_t * request_mcache,
      48             :                         uchar *          request_data,
      49             :                         fd_frag_meta_t * response_mcache,
      50             :                         uchar *          response_data );
      51             : 
      52             : static inline fd_keyguard_client_t *
      53           0 : fd_keyguard_client_join( void * shclient ) { return (fd_keyguard_client_t*)shclient; }
      54             : 
      55             : static inline void *
      56           0 : fd_keyguard_client_leave( fd_keyguard_client_t * client ) { return (void*)client; }
      57             : 
      58             : static inline void *
      59           0 : fd_keyguard_client_delete( void * shclient ) { return shclient; }
      60             : 
      61             : /* fd_keyguard_client_sign sends a remote signing request to the signing
      62             :     server, and blocks (spins) until the response is received.
      63             : 
      64             :     Signing is treated as infallible, and there are no error codes or
      65             :     results. If the remote signer is stuck or not running, this function
      66             :     will not timeout and instead hangs forever waiting for a response.
      67             :     This is currently by design.
      68             : 
      69             :     sign_data should be a pointer to a buffer, with length sign_data_len
      70             :     that will be signed.  The data should correspond to one of the
      71             :     roles described in fd_keyguard.h.  If the remote signing tile
      72             :     receives a malformed signing request, or one for a role that does
      73             :     not correspond to the role assigned to the receiving mcache, it
      74             :     will abort the whole program with a critical error.
      75             : 
      76             :     The response, a 64 byte signature, will be written into the signature
      77             :     buffer, which must be at least this size.
      78             : 
      79             :     sign_type is in FD_KEYGUARD_SIGN_TYPE_{...}. */
      80             : 
      81             : void
      82             : fd_keyguard_client_sign( fd_keyguard_client_t * client,
      83             :                          uchar *                signature,
      84             :                          uchar const *          sign_data,
      85             :                          ulong                  sign_data_len,
      86             :                          int                    sign_type );
      87             : 
      88             : FD_PROTOTYPES_END
      89             : 
      90             : #endif /* HEADER_fd_src_disco_keyguard_fd_keyguard_client_h */