sign: add signing function for events

src/app/fdctl/run/tiles/fd_sign.c

@@ -28,6 +28,8 @@ typedef struct {
   ulong public_key_base58_sz;
   uchar concat[ FD_BASE58_ENCODED_32_SZ+1UL+9UL ];
 
+  uchar event_concat[ 18UL+32UL ];
+
   int               in_role[ MAX_IN ];
   uchar *           in_data[ MAX_IN ];
   ushort            in_mtu [ MAX_IN ];
@@ -135,6 +137,11 @@ after_frag_sensitive( void *              _ctx,
     fd_ed25519_sign( ctx->out[ in_idx ].data, ctx->concat, ctx->public_key_base58_sz+1UL+9UL, ctx->public_key, ctx->private_key, ctx->sha512 );
     break;
   }
+  case FD_KEYGUARD_SIGN_TYPE_FD_METRICS_REPORT_CONCAT_ED25519: {
+    memcpy( ctx->event_concat+18UL, ctx->_data, 32UL );
+    fd_ed25519_sign( ctx->out[ in_idx ].data, ctx->event_concat, 18UL+32UL, ctx->public_key, ctx->private_key, ctx->sha512 );
+    break;
+  }
   default:
     FD_LOG_EMERG(( "invalid sign type: %d", sign_type ));
   }
@@ -211,6 +218,8 @@ unprivileged_init_sensitive( fd_topo_t *      topo,
   fd_base58_encode_32( ctx->public_key, &ctx->public_key_base58_sz, (char *)ctx->concat );
   ctx->concat[ ctx->public_key_base58_sz ] = '-';
 
+  memcpy( ctx->event_concat, "FD_METRICS_REPORT-", 18UL );
+
   for( ulong i=0; i<MAX_IN; i++ ) ctx->in_role[ i ] = -1;
 
   for( ulong i=0; i<tile->in_cnt; i++ ) {
@@ -250,6 +259,11 @@ unprivileged_init_sensitive( fd_topo_t *      topo,
       FD_TEST( !strcmp( out_link->name, "sign_bundle" ) );
       FD_TEST( in_link->mtu==9UL );
       FD_TEST( out_link->mtu==64UL );
+    } else if( !strcmp(in_link->name, "event_sign" ) ) {
+      ctx->in_role[ i ] = FD_KEYGUARD_ROLE_EVENT;
+      FD_TEST( !strcmp( out_link->name, "sign_event" ) );
+      FD_TEST( in_link->mtu==32UL );
+      FD_TEST( out_link->mtu==64UL );
     } else {
       FD_LOG_CRIT(( "unexpected link %s", in_link->name ));
     }

src/disco/keyguard/fd_keyguard.h

@@ -21,7 +21,8 @@ FD_PROTOTYPES_BEGIN
 #define FD_KEYGUARD_ROLE_LEADER  (2)  /* block producer (shreds) */
 #define FD_KEYGUARD_ROLE_REPAIR  (4)  /* Repair tile */
 #define FD_KEYGUARD_ROLE_BUNDLE  (5)  /* Bundle tile */
-#define FD_KEYGUARD_ROLE_CNT     (6)  /* number of known roles */
+#define FD_KEYGUARD_ROLE_EVENT   (6)  /* Event tile */
+#define FD_KEYGUARD_ROLE_CNT     (7)  /* number of known roles */
 
 /* Payload types ******************************************************/
 
@@ -33,6 +34,7 @@ FD_PROTOTYPES_BEGIN
 #define FD_KEYGUARD_PAYLOAD_LG_REPAIR (6)  /* RepairProtocol */
 #define FD_KEYGUARD_PAYLOAD_LG_PING   (7)  /* Gossip/Repair ping protocol */
 #define FD_KEYGUARD_PAYLOAD_LG_BUNDLE (8)  /* Bundle block producer authentication */
+#define FD_KEYGUARD_PAYLOAD_LG_EVENT  (9)  /* Event reporter authentication */
 
 #define FD_KEYGUARD_PAYLOAD_TXN    (1UL<<FD_KEYGUARD_PAYLOAD_LG_TXN   )
 #define FD_KEYGUARD_PAYLOAD_GOSSIP (1UL<<FD_KEYGUARD_PAYLOAD_LG_GOSSIP)
@@ -42,12 +44,14 @@ FD_PROTOTYPES_BEGIN
 #define FD_KEYGUARD_PAYLOAD_REPAIR (1UL<<FD_KEYGUARD_PAYLOAD_LG_REPAIR)
 #define FD_KEYGUARD_PAYLOAD_PING   (1UL<<FD_KEYGUARD_PAYLOAD_LG_PING  )
 #define FD_KEYGUARD_PAYLOAD_BUNDLE (1UL<<FD_KEYGUARD_PAYLOAD_LG_BUNDLE)
+#define FD_KEYGUARD_PAYLOAD_EVENT  (1UL<<FD_KEYGUARD_PAYLOAD_LG_EVENT)
 
 /* Sign types *********************************************************/
 
-#define FD_KEYGUARD_SIGN_TYPE_ED25519               (0)  /* ed25519_sign(input) */
-#define FD_KEYGUARD_SIGN_TYPE_SHA256_ED25519        (1)  /* ed25519_sign(sha256(data)) */
-#define FD_KEYGUARD_SIGN_TYPE_PUBKEY_CONCAT_ED25519 (2)  /* ed25519_sign(pubkey-data) */
+#define FD_KEYGUARD_SIGN_TYPE_ED25519                          (0)  /* ed25519_sign(input) */
+#define FD_KEYGUARD_SIGN_TYPE_SHA256_ED25519                   (1)  /* ed25519_sign(sha256(data)) */
+#define FD_KEYGUARD_SIGN_TYPE_PUBKEY_CONCAT_ED25519            (2)  /* ed25519_sign(pubkey-data) */
+#define FD_KEYGUARD_SIGN_TYPE_FD_METRICS_REPORT_CONCAT_ED25519 (3)  /* ed25519_sign(FD_METRICS_REPORT-data)) */
 
 /* Type confusion/ambiguity checks ************************************/
 

src/disco/keyguard/fd_keyguard_authorize.c

@@ -158,6 +158,14 @@ fd_keyguard_payload_authorize( fd_keyguard_authority_t const * authority,
     /* no further restrictions on bundle */
     return 1;
 
+  case FD_KEYGUARD_ROLE_EVENT:
+    if( FD_UNLIKELY( payload_mask != FD_KEYGUARD_PAYLOAD_EVENT ) ) {
+      FD_LOG_WARNING(( "unauthorized payload type for event (mask=%#lx)", payload_mask ));
+      return 0;
+    }
+    /* no further restrictions on event */
+    return 1;
+
   default:
     FD_LOG_WARNING(( "unsupported role=%#x", (uint)role ));
     return 0;

src/disco/keyguard/fd_keyguard_match.c

@@ -292,6 +292,18 @@ fd_keyguard_payload_matches_bundle( uchar const * data,
   return 1;
 }
 
+FD_FN_PURE int
+fd_keyguard_payload_matches_event( uchar const * data,
+                                   ulong         sz,
+                                   int           sign_type ) {
+  (void)data;
+
+  if( sign_type != FD_KEYGUARD_SIGN_TYPE_FD_METRICS_REPORT_CONCAT_ED25519 ) return 0;
+  if( sz!=32UL ) return 0;
+
+  return 1;
+}
+
 FD_FN_PURE ulong
 fd_keyguard_payload_match( uchar const * data,
                            ulong         sz,
@@ -305,5 +317,6 @@ fd_keyguard_payload_match( uchar const * data,
   res |= fd_ulong_if( fd_keyguard_payload_matches_tls_cv    ( data, sz, sign_type ), FD_KEYGUARD_PAYLOAD_TLS_CV, 0 );
   res |= fd_ulong_if( fd_keyguard_payload_matches_ping_msg  ( data, sz, sign_type ), FD_KEYGUARD_PAYLOAD_PING,   0 );
   res |= fd_ulong_if( fd_keyguard_payload_matches_bundle    ( data, sz, sign_type ), FD_KEYGUARD_PAYLOAD_BUNDLE, 0 );
+  res |= fd_ulong_if( fd_keyguard_payload_matches_event     ( data, sz, sign_type ), FD_KEYGUARD_PAYLOAD_EVENT,  0 );
   return res;
 }