disco: allow asynchronous signing requests

Author: emwang-jump

src/disco/bundle/fd_bundle_tile.c

@@ -523,7 +523,8 @@ unprivileged_init( fd_topo_t *      topo,
       sign_out->mcache,
       sign_out->dcache,
       sign_in->mcache,
-      sign_in->dcache
+      sign_in->dcache,
+      sign_out->mtu
   ) ) ) ) {
     FD_LOG_ERR(( "fd_keyguard_client_join failed" )); /* unreachable */
   }

src/disco/keyguard/fd_keyguard_client.c

@@ -1,21 +1,33 @@
 #include "fd_keyguard_client.h"
 
+#include "../../tango/mcache/fd_mcache.h"
+#include "../../tango/dcache/fd_dcache.h"
+
 void *
-fd_keyguard_client_new( void *         shmem,
+fd_keyguard_client_new( void *           shmem,
                         fd_frag_meta_t * request_mcache,
-                        uchar *          request_data,
+                        uchar *          request_dcache,
                         fd_frag_meta_t * response_mcache,
-                        uchar *          response_data ) {
+                        uchar *          response_dcache,
+                        ulong            request_mtu ) {
   fd_keyguard_client_t * client = (fd_keyguard_client_t*)shmem;
-  client->request       = request_mcache;
-  client->request_depth = fd_mcache_depth( request_mcache );
-  client->request_seq   = 0UL;
-  client->request_data  = request_data;
-
-  client->response       = response_mcache;
-  client->response_depth = fd_mcache_depth( response_mcache );
-  client->response_seq   = 0UL;
-  client->response_data  = response_data;
+
+  client->request        = request_mcache;
+  client->request_depth  = fd_mcache_depth( request_mcache );
+  client->request_seq    = 0UL;
+  client->request_mem    = fd_wksp_containing( request_dcache );
+  client->request_chunk0 = fd_dcache_compact_chunk0( client->request_mem, request_dcache );
+  client->request_wmark  = fd_dcache_compact_wmark( client->request_mem, request_dcache, request_mtu );
+  client->request_chunk  = client->request_chunk0;
+  client->request_mtu    = request_mtu;
+
+  client->response        = response_mcache;
+  client->response_depth  = fd_mcache_depth( response_mcache );
+  client->response_seq    = 0UL;
+  client->response_mem    = fd_wksp_containing( response_dcache );
+  client->response_chunk0 = fd_dcache_compact_chunk0( client->response_mem, response_dcache );
+  client->response_wmark  = fd_dcache_compact_wmark( client->response_mem, response_dcache, 64UL );
+
   return shmem;
 }
 
@@ -25,12 +37,15 @@ fd_keyguard_client_sign( fd_keyguard_client_t * client,
                          uchar const *          sign_data,
                          ulong                  sign_data_len,
                          int                    sign_type ) {
+  FD_TEST( sign_data_len<=client->request_mtu );
 
-  fd_memcpy( client->request_data, sign_data, sign_data_len );
+  uchar * dst = fd_chunk_to_laddr( client->request_mem, client->request_chunk );
+  fd_memcpy( dst, sign_data, sign_data_len );
 
   ulong sig = (ulong)(uint)sign_type;
-  fd_mcache_publish( client->request, client->request_depth, client->request_seq, sig, 0UL, sign_data_len, 0UL, 0UL, 0UL );
-  client->request_seq = fd_seq_inc( client->request_seq, 1UL );
+  fd_mcache_publish( client->request, client->request_depth, client->request_seq, sig, client->request_chunk, sign_data_len, 0UL, 0UL, 0UL );
+  client->request_seq   = fd_seq_inc( client->request_seq, 1UL );
+  client->request_chunk = fd_dcache_compact_next( client->request_chunk, sign_data_len, client->request_chunk0, client->request_wmark );
 
   fd_frag_meta_t meta;
   fd_frag_meta_t const * mline;
@@ -41,7 +56,13 @@ fd_keyguard_client_sign( fd_keyguard_client_t * client,
   if( FD_UNLIKELY( !poll_max ) ) FD_LOG_ERR(( "sign request timed out while polling" ));
   if( FD_UNLIKELY( seq_diff ) ) FD_LOG_ERR(( "sign request was overrun while polling" ));
 
-  fd_memcpy( signature, client->response_data, 64UL );
+  /* Chunk is in shared memory and might be be written to by an
+     attacking tile after we validate it, so load once. */
+  ulong chunk = FD_VOLATILE_CONST( mline->chunk );
+  FD_TEST( chunk>=client->response_chunk0 && chunk<=client->response_wmark );
+
+  uchar * src = fd_chunk_to_laddr( client->response_mem, chunk );
+  fd_memcpy( signature, src, 64UL );
 
   seq_found = fd_frag_meta_seq_query( mline );
   if( FD_UNLIKELY( fd_seq_ne( seq_found, client->response_seq ) ) ) FD_LOG_ERR(( "sign request was overrun while reading" ));

src/disco/keyguard/fd_keyguard_client.h

@@ -24,7 +24,7 @@
         keyguard tile verifies that all incoming requests are
         specifically formatted for that role. */
 
-#include "fd_keyguard.h"
+#include "../../tango/fd_tango_base.h"
 
 #define FD_KEYGUARD_CLIENT_ALIGN (128UL)
 #define FD_KEYGUARD_CLIENT_FOOTPRINT (128UL)
@@ -33,12 +33,18 @@ struct __attribute__((aligned(FD_KEYGUARD_CLIENT_ALIGN))) fd_keyguard_client {
   fd_frag_meta_t * request;
   ulong            request_seq;
   ulong            request_depth;
-  uchar          * request_data;
+  fd_wksp_t *      request_mem;
+  ulong            request_chunk;
+  ulong            request_chunk0;
+  ulong            request_wmark;
+  ulong            request_mtu;
 
   fd_frag_meta_t * response;
   ulong            response_seq;
   ulong            response_depth;
-  uchar          * response_data;
+  fd_wksp_t *      response_mem;
+  ulong            response_chunk0;
+  ulong            response_wmark;
 };
 typedef struct fd_keyguard_client fd_keyguard_client_t;
 
@@ -47,9 +53,10 @@ FD_PROTOTYPES_BEGIN
 void *
 fd_keyguard_client_new( void *           shmem,
                         fd_frag_meta_t * request_mcache,
-                        uchar *          request_data,
+                        uchar *          request_dcache,
                         fd_frag_meta_t * response_mcache,
-                        uchar *          response_data );
+                        uchar *          response_dcache,
+                        ulong            request_mtu );
 
 static inline fd_keyguard_client_t *
 fd_keyguard_client_join( void * shclient ) { return (fd_keyguard_client_t*)shclient; }

src/disco/pack/fd_pack_tile.c

@@ -1182,7 +1182,8 @@ unprivileged_init( fd_topo_t *      topo,
             sign_out->mcache,
             sign_out->dcache,
             sign_in->mcache,
-            sign_in->dcache ) ) ) ) {
+            sign_in->dcache,
+            sign_out->mtu ) ) ) ) {
       FD_LOG_ERR(( "failed to construct keyguard" ));
     }
     /* Initialize enough of the prev config that it produces a

src/disco/shred/fd_shred_tile.c

@@ -1176,7 +1176,8 @@ unprivileged_init( fd_topo_t *      topo,
                                                             sign_out->mcache,
                                                             sign_out->dcache,
                                                             sign_in->mcache,
-                                                            sign_in->dcache ) ) );
+                                                            sign_in->dcache,
+                                                            sign_out->mtu ) ) );
 
   ulong shred_limit = fd_ulong_if( tile->shred.larger_shred_limits_per_block, 32UL*32UL*1024UL, 32UL*1024UL );
   fd_fec_set_t * resolver_sets = fec_sets + (shred_store_mcache_depth+1UL)/2UL + 1UL;

src/disco/shred/fd_shredder.h

@@ -10,6 +10,7 @@
 #include "../../ballet/reedsol/fd_reedsol.h"
 #include "../../ballet/bmtree/fd_bmtree.h"
 #include "../../ballet/shred/fd_fec_set.h"
+#include "../../ballet/shred/fd_shred.h"
 
 #define FD_SHREDDER_MAX_STAKE_WEIGHTS (1UL<<20)
 

src/disco/sign/fd_sign_tile.c

@@ -16,11 +16,22 @@
 /* fd_sign_in_ctx_t is a context object for each in (producer) mcache
    connected to the sign tile. */
 
-typedef struct {
-  ulong            seq;
-  fd_frag_meta_t * mcache;
-  uchar *          data;
-} fd_sign_out_ctx_t;
+struct fd_sign_out_ctx {
+  fd_wksp_t * out_mem;
+  ulong       out_chunk0;
+  ulong       out_wmark;
+  ulong       out_chunk;
+};
+typedef struct fd_sign_out_ctx fd_sign_out_ctx_t;
+
+struct fd_sign_in_ctx {
+  int              role;
+  fd_wksp_t *      mem;
+  ulong            chunk0;
+  ulong            wmark;
+  ulong            mtu;
+};
+typedef struct fd_sign_in_ctx fd_sign_in_ctx_t;
 
 typedef struct {
   uchar             _data[ FD_KEYGUARD_SIGN_REQ_MTU ];
@@ -31,10 +42,7 @@ typedef struct {
 
   uchar event_concat[ 18UL+32UL ];
 
-  int               in_role[ MAX_IN ];
-  uchar *           in_data[ MAX_IN ];
-  ushort            in_mtu [ MAX_IN ];
-
+  fd_sign_in_ctx_t  in[ MAX_IN ];
   fd_sign_out_ctx_t out[ MAX_IN ];
 
   fd_sha512_t       sha512 [ 1 ];
@@ -103,18 +111,19 @@ during_frag_sensitive( void * _ctx,
                        ulong  sz ) {
   (void)seq;
   (void)sig;
-  (void)chunk;
 
   fd_sign_ctx_t * ctx = (fd_sign_ctx_t *)_ctx;
   FD_TEST( in_idx<MAX_IN );
 
-  int  role = ctx->in_role[ in_idx ];
-  uint mtu  = ctx->in_mtu [ in_idx ];
+  int   role = ctx->in[ in_idx ].role;
+  ulong mtu  = ctx->in[ in_idx ].mtu;
 
-  if( sz>mtu ) {
-    FD_LOG_EMERG(( "oversz signing request (role=%d sz=%lu mtu=%u)", role, sz, mtu ));
+  if( chunk<ctx->in[ in_idx ].chunk0 || chunk>ctx->in[ in_idx ].wmark || sz>mtu ) {
+    FD_LOG_EMERG(( "oversz or out of bounds signing request (role=%d chunk=%lu sz=%lu mtu=%lu, chunk0=%lu, wmark=%lu)", role, chunk, sz, mtu, ctx->in[ in_idx ].chunk0, ctx->in[ in_idx ].wmark ));
   }
-  fd_memcpy( ctx->_data, ctx->in_data[ in_idx ], sz );
+
+  void * src = fd_chunk_to_laddr( ctx->in[ in_idx ].mem, chunk );
+  fd_memcpy( ctx->_data, src, sz );
 }
 
 
@@ -139,17 +148,15 @@ after_frag_sensitive( void *              _ctx,
                       ulong               tspub,
                       fd_stem_context_t * stem ) {
   (void)seq;
-  (void)tsorig;
   (void)tspub;
-  (void)stem;
 
   fd_sign_ctx_t * ctx = (fd_sign_ctx_t *)_ctx;
 
   int sign_type = (int)(uint)sig;
 
   FD_TEST( in_idx<MAX_IN );
 
-  int role = ctx->in_role[ in_idx ];
+  int role = ctx->in[ in_idx ].role;
 
   fd_keyguard_authority_t authority = {0};
   memcpy( authority.identity_pubkey, ctx->public_key, 32 );
@@ -158,33 +165,40 @@ after_frag_sensitive( void *              _ctx,
     FD_LOG_EMERG(( "fd_keyguard_payload_authorize failed (role=%d sign_type=%d)", role, sign_type ));
   }
 
+  long sign_duration = -fd_tickcount();
+
+  uchar * dst = fd_chunk_to_laddr( ctx->out[ in_idx ].out_mem, ctx->out[ in_idx ].out_chunk );
+
   switch( sign_type ) {
   case FD_KEYGUARD_SIGN_TYPE_ED25519: {
-    fd_ed25519_sign( ctx->out[ in_idx ].data, ctx->_data, sz, ctx->public_key, ctx->private_key, ctx->sha512 );
+    fd_ed25519_sign( dst, ctx->_data, sz, ctx->public_key, ctx->private_key, ctx->sha512 );
     break;
   }
   case FD_KEYGUARD_SIGN_TYPE_SHA256_ED25519: {
     uchar hash[ 32 ];
     fd_sha256_hash( ctx->_data, sz, hash );
-    fd_ed25519_sign( ctx->out[ in_idx ].data, hash, 32UL, ctx->public_key, ctx->private_key, ctx->sha512 );
+    fd_ed25519_sign( dst, hash, 32UL, ctx->public_key, ctx->private_key, ctx->sha512 );
     break;
   }
   case FD_KEYGUARD_SIGN_TYPE_PUBKEY_CONCAT_ED25519: {
     memcpy( ctx->concat+ctx->public_key_base58_sz+1UL, ctx->_data, 9UL );
-    fd_ed25519_sign( ctx->out[ in_idx ].data, ctx->concat, ctx->public_key_base58_sz+1UL+9UL, ctx->public_key, ctx->private_key, ctx->sha512 );
+    fd_ed25519_sign( dst, ctx->concat, ctx->public_key_base58_sz+1UL+9UL, ctx->public_key, ctx->private_key, ctx->sha512 );
     break;
   }
   case FD_KEYGUARD_SIGN_TYPE_FD_METRICS_REPORT_CONCAT_ED25519: {
     memcpy( ctx->event_concat+18UL, ctx->_data, 32UL );
-    fd_ed25519_sign( ctx->out[ in_idx ].data, ctx->event_concat, 18UL+32UL, ctx->public_key, ctx->private_key, ctx->sha512 );
+    fd_ed25519_sign( dst, ctx->event_concat, 18UL+32UL, ctx->public_key, ctx->private_key, ctx->sha512 );
     break;
   }
   default:
     FD_LOG_EMERG(( "invalid sign type: %d", sign_type ));
   }
 
-  fd_mcache_publish( ctx->out[ in_idx ].mcache, 128UL, ctx->out[ in_idx ].seq, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL );
-  ctx->out[ in_idx ].seq = fd_seq_inc( ctx->out[ in_idx ].seq, 1UL );
+  sign_duration += fd_tickcount();
+  fd_histf_sample( ctx->sign_duration, (ulong)sign_duration );
+
+  fd_stem_publish( stem, in_idx, 0UL, ctx->out[ in_idx ].out_chunk, 64UL, 0UL, tsorig, 0UL );
+  ctx->out[ in_idx ].out_chunk = fd_dcache_compact_next( ctx->out[ in_idx ].out_chunk, 64UL, ctx->out[ in_idx ].out_chunk0, ctx->out[ in_idx ].out_wmark );
 }
 
 static void
@@ -250,52 +264,55 @@ unprivileged_init_sensitive( fd_topo_t *      topo,
   ctx->keyswitch = fd_keyswitch_join( fd_topo_obj_laddr( topo, tile->keyswitch_obj_id ) );
   derive_fields( ctx );
 
-  for( ulong i=0UL; i<MAX_IN; i++ ) ctx->in_role[ i ] = -1;
+  for( ulong i=0UL; i<MAX_IN; i++ ) ctx->in[ i ].role = -1;
 
   for( ulong i=0UL; i<tile->in_cnt; i++ ) {
     fd_topo_link_t * in_link = &topo->links[ tile->in_link_id[ i ] ];
     fd_topo_link_t * out_link = &topo->links[ tile->out_link_id[ i ] ];
 
     if( in_link->mtu > FD_KEYGUARD_SIGN_REQ_MTU ) FD_LOG_CRIT(( "oversz link[%lu].mtu=%lu", i, in_link->mtu ));
-    ctx->in_data[ i ] = in_link->dcache;
-    ctx->in_mtu [ i ] = (ushort)in_link->mtu;
+    ctx->in[ i ].mem    = fd_wksp_containing( in_link->dcache );
+    ctx->in[ i ].mtu    = in_link->mtu;
+    ctx->in[ i ].chunk0 = fd_dcache_compact_chunk0( ctx->in[ i ].mem, in_link->dcache );
+    ctx->in[ i ].wmark  = fd_dcache_compact_wmark( ctx->in[ i ].mem, in_link->dcache, in_link->mtu );
 
-    ctx->out[ i ].mcache = out_link->mcache;
-    ctx->out[ i ].data   = out_link->dcache;
-    ctx->out[ i ].seq    = 0UL;
+    ctx->out[ i ].out_mem    = fd_wksp_containing( out_link->dcache );
+    ctx->out[ i ].out_chunk0 = fd_dcache_compact_chunk0( ctx->out[ i ].out_mem, out_link->dcache );
+    ctx->out[ i ].out_wmark  = fd_dcache_compact_wmark( ctx->out[ i ].out_mem, out_link->dcache, 64UL );
+    ctx->out[ i ].out_chunk  = ctx->out[ i ].out_chunk0;
 
     if( !strcmp( in_link->name, "shred_sign" ) ) {
-      ctx->in_role[ i ] = FD_KEYGUARD_ROLE_LEADER;
+      ctx->in[ i ].role = FD_KEYGUARD_ROLE_LEADER;
       FD_TEST( !strcmp( out_link->name, "sign_shred" ) );
       FD_TEST( in_link->mtu==32UL );
       FD_TEST( out_link->mtu==64UL );
     } else if ( !strcmp( in_link->name, "gossip_sign" ) ) {
-      ctx->in_role[ i ] = FD_KEYGUARD_ROLE_GOSSIP;
+      ctx->in[ i ].role = FD_KEYGUARD_ROLE_GOSSIP;
       FD_TEST( !strcmp( out_link->name, "sign_gossip" ) );
       FD_TEST( in_link->mtu==2048UL );
       FD_TEST( out_link->mtu==64UL );
     } else if ( !strcmp( in_link->name, "repair_sign")) {
-      ctx->in_role[ i ] = FD_KEYGUARD_ROLE_REPAIR;
+      ctx->in[ i ].role = FD_KEYGUARD_ROLE_REPAIR;
       FD_TEST( !strcmp( out_link->name, "sign_repair" ) );
       FD_TEST( in_link->mtu==2048UL );
       FD_TEST( out_link->mtu==64UL );
     } else if ( !strcmp(in_link->name, "send_sign"  ) ) {
-      ctx->in_role[ i ] = FD_KEYGUARD_ROLE_SEND;
+      ctx->in[ i ].role = FD_KEYGUARD_ROLE_SEND;
       FD_TEST( !strcmp( out_link->name, "sign_send"  ) );
       FD_TEST( in_link->mtu==FD_TXN_MTU  );
       FD_TEST( out_link->mtu==64UL );
     } else if( !strcmp(in_link->name, "bundle_sign" ) ) {
-      ctx->in_role[ i ] = FD_KEYGUARD_ROLE_BUNDLE;
+      ctx->in[ i ].role = FD_KEYGUARD_ROLE_BUNDLE;
       FD_TEST( !strcmp( out_link->name, "sign_bundle" ) );
       FD_TEST( in_link->mtu==9UL );
       FD_TEST( out_link->mtu==64UL );
     } else if( !strcmp(in_link->name, "event_sign" ) ) {
-      ctx->in_role[ i ] = FD_KEYGUARD_ROLE_EVENT;
+      ctx->in[ i ].role = FD_KEYGUARD_ROLE_EVENT;
       FD_TEST( !strcmp( out_link->name, "sign_event" ) );
       FD_TEST( in_link->mtu==32UL );
       FD_TEST( out_link->mtu==64UL );
     } else if( !strcmp(in_link->name, "pack_sign" ) ) {
-      ctx->in_role[ i ] = FD_KEYGUARD_ROLE_BUNDLE_CRANK;
+      ctx->in[ i ].role = FD_KEYGUARD_ROLE_BUNDLE_CRANK;
       FD_TEST( !strcmp( out_link->name, "sign_pack" ) );
       FD_TEST( in_link->mtu==1232UL );
       FD_TEST( out_link->mtu==64UL );

src/discof/gossip/fd_gossip_tile.c

@@ -742,7 +742,8 @@ unprivileged_init( fd_topo_t *      topo,
                                                             sign_out->mcache,
                                                             sign_out->dcache,
                                                             sign_in->mcache,
-                                                            sign_in->dcache ) )==NULL ) {
+                                                            sign_in->dcache,
+                                                            sign_out->mtu ) )==NULL ) {
     FD_LOG_ERR(( "Keyguard join failed" ));
   }
 

src/discof/repair/fd_repair_tile.c

@@ -968,7 +968,8 @@ unprivileged_init( fd_topo_t *      topo,
                                                         sign_out->mcache,
                                                         sign_out->dcache,
                                                         sign_in->mcache,
-                                                        sign_in->dcache ) ) == NULL ) {
+                                                        sign_in->dcache,
+                                                        sign_out->mtu ) ) == NULL ) {
     FD_LOG_ERR(( "Keyguard join failed" ));
   }
 

src/discof/send/fd_send_tile.c

@@ -551,7 +551,8 @@ unprivileged_init( fd_topo_t *      topo,
                                                             sign_out->mcache,
                                                             sign_out->dcache,
                                                             sign_in->mcache,
-                                                            sign_in->dcache ) )==NULL ) {
+                                                            sign_in->dcache,
+                                                            sign_out->mtu ) )==NULL ) {
     FD_LOG_ERR(( "Keyguard join failed" ));
   }