malbeclabs
diff --git a/‎controlplane/telemetry/cmd/geoprobe-agent/main.go‎
Lines changed: 8 additions & 2 deletions b/‎controlplane/telemetry/cmd/geoprobe-agent/main.go‎
Lines changed: 8 additions & 2 deletions
diff --git a/‎controlplane/telemetry/cmd/geoprobe-target-sender/main.go‎
Lines changed: 22 additions & 18 deletions b/‎controlplane/telemetry/cmd/geoprobe-target-sender/main.go‎
Lines changed: 22 additions & 18 deletions
diff --git a/‎controlplane/telemetry/cmd/geoprobe-target-sender/main_test.go‎
Lines changed: 24 additions & 16 deletions b/‎controlplane/telemetry/cmd/geoprobe-target-sender/main_test.go‎
Lines changed: 24 additions & 16 deletions
diff --git a/‎rfcs/rfc16-geolocation-verification.md‎
Lines changed: 7 additions & 4 deletions b/‎rfcs/rfc16-geolocation-verification.md‎
Lines changed: 7 additions & 4 deletions
diff --git a/‎tools/twamp/pkg/signed/packet.go‎
Lines changed: 20 additions & 14 deletions b/‎tools/twamp/pkg/signed/packet.go‎
Lines changed: 20 additions & 14 deletions
@@ -32,6 +32,7 @@ const (
 	defaultTWAMPReflectorTimeout = 1 * time.Second
 	defaultMaxOffsetAge          = 1 * time.Hour
 	defaultEvictionInterval      = 30 * time.Minute
+	defaultVerifyInterval        = 29 * time.Second
 	discoveryInterval            = 60 * time.Second
 )
 
@@ -43,12 +44,13 @@ var (
 	additionalParent      = flag.String("additional-parent", "", "Trusted parent DZD in the format devicekey,metricskey (base58 pubkeys).")
 	additionalTargets     = flag.String("additional-targets", "", "Comma-separated list of target addresses (host:port) to measure and send composite offsets.")
 	twampListenPort       = flag.Uint("twamp-listen-port", defaultTWAMPListenPort, "Port for TWAMP reflector.")
-	signedTWAMPListenPort = flag.Uint("signed-twamp-port", defaultSignedTWAMPListenPort, "Port for Signed TWAMP reflector.")
-	allowedPubkeysFlag    = flag.String("allowed-pubkeys", "", "Comma-separated base58 Ed25519 pubkeys always authorized for signed TWAMP probes.")
+	signedTWAMPListenPort = flag.Uint("signed-twamp-port", defaultSignedTWAMPListenPort, "Port for Signed TWAMP reflector for inbound probing.")
+	allowedPubkeysFlag    = flag.String("allowed-pubkeys", "", "Comma-separated base58 Ed25519 pubkeys always authorized for signed TWAMP probes in inbound probing.")
 	udpListenPort         = flag.Uint("udp-listen-port", defaultUDPListenPort, "Port for receiving DZD offset datagrams.")
 	probeInterval         = flag.Duration("probe-interval", defaultProbeInterval, "Interval between measurement cycles.")
 	twampSenderTimeout    = flag.Duration("twamp-sender-timeout", defaultTWAMPSenderTimeout, "Timeout for TWAMP probes to targets.")
 	maxOffsetAge          = flag.Duration("max-offset-age", defaultMaxOffsetAge, "TTL for cached DZD offsets.")
+	verifyInterval        = flag.Duration("verify-interval", defaultVerifyInterval, "Minimum time between signature verifications per sender for the signed TWAMP reflector in inbound probing.")
 	verbose               = flag.Bool("verbose", false, "Enable verbose logging.")
 	showVersion           = flag.Bool("version", false, "Print the version and exit.")
 	// Set by LDFLAGS
@@ -323,11 +325,15 @@ func main() {
 
 	// Set up Signed TWAMP reflector.
 	signedSigner := signed.NewEd25519Signer(ed25519.PrivateKey(keypair))
+	var geoprobePubkeyBytes [32]byte
+	copy(geoprobePubkeyBytes[:], geoProbePubkey[:])
 	signedReflector, err := signed.NewReflector(
 		fmt.Sprintf("0.0.0.0:%d", *signedTWAMPListenPort),
 		defaultTWAMPReflectorTimeout,
 		signedSigner,
+		geoprobePubkeyBytes,
 		allowedKeys,
+		*verifyInterval,
 	)
 	if err != nil {
 		log.Error("Failed to create Signed TWAMP reflector", "error", err)
 
@@ -22,14 +22,14 @@ import (
 
 const (
 	defaultProbePort = 8924
-	defaultInterval  = 60 * time.Second
+	defaultInterval  = 30 * time.Second
 	defaultTimeout   = 2 * time.Second
 )
 
 var (
 	probeIP     = flag.String("probe-ip", "", "IP address of the GeoProbe to probe (required)")
 	probePort   = flag.Uint("probe-port", defaultProbePort, "TWAMP port on the probe")
-	probePK     = flag.String("probe-pk", "", "Base58 Ed25519 public key of the GeoProbe's Signing Authority (required)")
+	probePK     = flag.String("probe-pk", "", "Base58 Ed25519 public key of the GeoProbe's signing authority (required)")
 	keypairPath = flag.String("keypair", "", "Path to this target's Ed25519 keypair file for signing outbound message (required)")
 	interval    = flag.Duration("interval", defaultInterval, "Interval between probes")
 	count       = flag.Uint("count", 0, "Number of probes to send (0 = infinite)")
@@ -207,16 +207,18 @@ func setupLogger(format string, debug bool) *slog.Logger {
 }
 
 func logProbeResult(log *slog.Logger, seq uint32, rtt time.Duration, probeSigValid, replySigValid bool, reply *signed.ReplyPacket) {
-	reflectorPK := solana.PublicKeyFromBytes(reply.ReflectorPubkey[:])
+	authorityPK := solana.PublicKeyFromBytes(reply.AuthorityPubkey[:])
+	geoprobePK := solana.PublicKeyFromBytes(reply.GeoprobePubkey[:])
 
 	if *logFormat == "json" {
 		output := probeOutput{
-			Timestamp:         time.Now().UTC().Format(time.RFC3339),
-			Seq:               seq,
-			RttMs:             float64(rtt.Microseconds()) / 1000.0,
-			ProbeSigValid:     probeSigValid,
-			ReflectorSigValid: replySigValid,
-			ReflectorPubkey:   reflectorPK.String(),
+			Timestamp:       time.Now().UTC().Format(time.RFC3339),
+			Seq:             seq,
+			RttMs:           float64(rtt.Microseconds()) / 1000.0,
+			ProbeSigValid:   probeSigValid,
+			ReplySigValid:   replySigValid,
+			AuthorityPubkey: authorityPK.String(),
+			GeoprobePubkey:  geoprobePK.String(),
 		}
 		data, err := json.Marshal(output)
 		if err != nil {
@@ -233,13 +235,14 @@ func logProbeResult(log *slog.Logger, seq uint32, rtt time.Duration, probeSigVal
 		if !replySigValid {
 			replySigStr = "INVALID"
 		}
-		fmt.Printf("[%s] seq=%d rtt=%s probe_sig=%s reflector_sig=%s probe=%s\n",
+		fmt.Printf("[%s] seq=%d rtt=%s probe_sig=%s reflector_sig=%s authority=%s geoprobe=%s\n",
 			time.Now().UTC().Format("2006-01-02 15:04:05 MST"),
 			seq,
 			formatRTT(rtt),
 			probeSigStr,
 			replySigStr,
-			abbreviatePubkey(reflectorPK.String()),
+			abbreviatePubkey(authorityPK.String()),
+			abbreviatePubkey(geoprobePK.String()),
 		)
 	}
 }
@@ -273,13 +276,14 @@ func logProbeError(log *slog.Logger, seq uint32, probeErr error) {
 }
 
 type probeOutput struct {
-	Timestamp         string  `json:"timestamp"`
-	Seq               uint32  `json:"seq"`
-	RttMs             float64 `json:"rtt_ms"`
-	ProbeSigValid     bool    `json:"probe_sig_valid,omitempty"`
-	ReflectorSigValid bool    `json:"reflector_sig_valid,omitempty"`
-	ReflectorPubkey   string  `json:"reflector_pubkey,omitempty"`
-	Error             string  `json:"error,omitempty"`
+	Timestamp       string  `json:"timestamp"`
+	Seq             uint32  `json:"seq"`
+	RttMs           float64 `json:"rtt_ms"`
+	ProbeSigValid   bool    `json:"probe_sig_valid,omitempty"`
+	ReplySigValid   bool    `json:"reply_sig_valid,omitempty"`
+	AuthorityPubkey string  `json:"authority_pubkey,omitempty"`
+	GeoprobePubkey  string  `json:"geoprobe_pubkey,omitempty"`
+	Error           string  `json:"error,omitempty"`
 }
 
 func formatRTT(d time.Duration) string {
 
@@ -89,12 +89,13 @@ func TestAbbreviatePubkey(t *testing.T) {
 
 func TestProbeOutput_JSON(t *testing.T) {
 	output := probeOutput{
-		Timestamp:         "2025-01-15T14:23:45Z",
-		Seq:               1,
-		RttMs:             12.534,
-		ProbeSigValid:     true,
-		ReflectorSigValid: true,
-		ReflectorPubkey:   "FSM7abc123456zmQ",
+		Timestamp:       "2025-01-15T14:23:45Z",
+		Seq:             1,
+		RttMs:           12.534,
+		ProbeSigValid:   true,
+		ReplySigValid:   true,
+		AuthorityPubkey: "FSM7abc123456zmQ",
+		GeoprobePubkey:  "ABCD1234xyz",
 	}
 
 	data, err := json.Marshal(output)
@@ -113,8 +114,11 @@ func TestProbeOutput_JSON(t *testing.T) {
 	if decoded.RttMs != 12.534 {
 		t.Errorf("expected rtt_ms=12.534, got %f", decoded.RttMs)
 	}
-	if decoded.ReflectorPubkey != "FSM7abc123456zmQ" {
-		t.Errorf("expected reflector_pubkey=FSM7abc123456zmQ, got %s", decoded.ReflectorPubkey)
+	if decoded.AuthorityPubkey != "FSM7abc123456zmQ" {
+		t.Errorf("expected authority_pubkey=FSM7abc123456zmQ, got %s", decoded.AuthorityPubkey)
+	}
+	if decoded.GeoprobePubkey != "ABCD1234xyz" {
+		t.Errorf("expected geoprobe_pubkey=ABCD1234xyz, got %s", decoded.GeoprobePubkey)
 	}
 }
 
@@ -143,8 +147,11 @@ func TestProbeOutput_TimeoutJSON(t *testing.T) {
 		t.Errorf("expected rtt_ms=-1, got %v", decoded["rtt_ms"])
 	}
 	// omitempty fields should not be present.
-	if _, ok := decoded["reflector_pubkey"]; ok {
-		t.Error("expected reflector_pubkey to be omitted for timeout")
+	if _, ok := decoded["authority_pubkey"]; ok {
+		t.Error("expected authority_pubkey to be omitted for timeout")
+	}
+	if _, ok := decoded["geoprobe_pubkey"]; ok {
+		t.Error("expected geoprobe_pubkey to be omitted for timeout")
 	}
 	if _, ok := decoded["probe_sig_valid"]; ok {
 		t.Error("expected probe_sig_valid to be omitted for timeout")
@@ -153,12 +160,13 @@ func TestProbeOutput_TimeoutJSON(t *testing.T) {
 
 func TestProbeOutput_SuccessJSON_OmitsError(t *testing.T) {
 	output := probeOutput{
-		Timestamp:         "2025-01-15T14:23:45Z",
-		Seq:               1,
-		RttMs:             5.0,
-		ProbeSigValid:     true,
-		ReflectorSigValid: true,
-		ReflectorPubkey:   "test",
+		Timestamp:       "2025-01-15T14:23:45Z",
+		Seq:             1,
+		RttMs:           5.0,
+		ProbeSigValid:   true,
+		ReplySigValid:   true,
+		AuthorityPubkey: "test",
+		GeoprobePubkey:  "test2",
 	}
 
 	data, err := json.Marshal(output)
 
@@ -351,17 +351,20 @@ type SignedProbePacket struct {
 
 The signature covers `[Seq, Sec, Frac, SenderPubkey]` (bytes 0–43)
 
-**SignedReplyPacket (204 bytes)** — sent from Probe to Target:
+**SignedReplyPacket (236 bytes)** — sent from Probe to Target:
 
 ```go
 type SignedReplyPacket struct {
     Probe           SignedProbePacket  // Bytes 0-107: Complete original signed probe (echoed)
-    ReflectorPubkey [32]byte          // Bytes 108-139: Probe's Ed25519 Authority public key
-    Signature       [64]byte          // Bytes 140-203: Ed25519 signature over bytes 0-139
+    AuthorityPubkey [32]byte          // Bytes 108-139: Signing authority's Ed25519 public key
+    GeoprobePubkey  [32]byte          // Bytes 140-171: Geoprobe identity public key
+    Signature       [64]byte          // Bytes 172-235: Ed25519 signature over bytes 0-171
 }
 ```
 
-The probe's signature covers `[Probe, ReflectorPubkey]` (bytes 0–139)
+`AuthorityPubkey` is the key used to sign and verify the reply. `GeoprobePubkey` identifies the specific geoprobe that produced the reply
+
+The probe's signature covers `[Probe, AuthorityPubkey, GeoprobePubkey]` (bytes 0–171)
 
 #### Interfaces
 
 
@@ -10,10 +10,10 @@ import (
 
 const (
 	ProbePacketSize = 108
-	ReplyPacketSize = 204
+	ReplyPacketSize = 236
 
 	probePayloadSize = 44  // bytes 0-43: fields signed by sender
-	replyPayloadSize = 140 // bytes 0-139: fields signed by reflector
+	replyPayloadSize = 172 // bytes 0-171: fields signed by reflector
 )
 
 var errInvalidPacket = errors.New("invalid packet format")
@@ -61,8 +61,9 @@ type ProbePacket struct {
 // ReplyPacket is sent from Probe to Target in the inbound probing flow.
 type ReplyPacket struct {
 	Probe           ProbePacket // Bytes 0-107: Complete original signed probe (echoed)
-	ReflectorPubkey [32]byte    // Bytes 108-139: Probe's Ed25519 public key
-	Signature       [64]byte    // Bytes 140-203: Ed25519 signature over bytes 0-139
+	AuthorityPubkey [32]byte    // Bytes 108-139: Signing authority's Ed25519 public key
+	GeoprobePubkey  [32]byte    // Bytes 140-171: Geoprobe identity public key
+	Signature       [64]byte    // Bytes 172-235: Ed25519 signature over bytes 0-171
 }
 
 func NewProbePacket(seq uint32, signer Signer) *ProbePacket {
@@ -134,8 +135,9 @@ func (r *ReplyPacket) Marshal(buf []byte) error {
 	if err := r.Probe.Marshal(buf[0:108]); err != nil {
 		return err
 	}
-	copy(buf[108:140], r.ReflectorPubkey[:])
-	copy(buf[140:204], r.Signature[:])
+	copy(buf[108:140], r.AuthorityPubkey[:])
+	copy(buf[140:172], r.GeoprobePubkey[:])
+	copy(buf[172:236], r.Signature[:])
 	return nil
 }
 
@@ -152,22 +154,25 @@ func UnmarshalReplyPacket(buf []byte) (*ReplyPacket, error) {
 	r := &ReplyPacket{
 		Probe: *probe,
 	}
-	copy(r.ReflectorPubkey[:], buf[108:140])
-	copy(r.Signature[:], buf[140:204])
+	copy(r.AuthorityPubkey[:], buf[108:140])
+	copy(r.GeoprobePubkey[:], buf[140:172])
+	copy(r.Signature[:], buf[172:236])
 	return r, nil
 }
 
-func NewReplyPacket(probe *ProbePacket, signer Signer) *ReplyPacket {
+func NewReplyPacket(probe *ProbePacket, signer Signer, geoprobePubkey [32]byte) *ReplyPacket {
 	pub := signer.Public()
 
 	r := &ReplyPacket{
-		Probe: *probe,
+		Probe:          *probe,
+		GeoprobePubkey: geoprobePubkey,
 	}
-	copy(r.ReflectorPubkey[:], pub)
+	copy(r.AuthorityPubkey[:], pub)
 
 	var payload [replyPayloadSize]byte
 	_ = probe.Marshal(payload[0:108])
-	copy(payload[108:140], r.ReflectorPubkey[:])
+	copy(payload[108:140], r.AuthorityPubkey[:])
+	copy(payload[140:172], r.GeoprobePubkey[:])
 
 	sig := signer.Sign(payload[:])
 	copy(r.Signature[:], sig)
@@ -178,7 +183,8 @@ func NewReplyPacket(probe *ProbePacket, signer Signer) *ReplyPacket {
 func (r *ReplyPacket) Verify() bool {
 	var payload [replyPayloadSize]byte
 	_ = r.Probe.Marshal(payload[0:108])
-	copy(payload[108:140], r.ReflectorPubkey[:])
+	copy(payload[108:140], r.AuthorityPubkey[:])
+	copy(payload[140:172], r.GeoprobePubkey[:])
 
-	return ed25519.Verify(ed25519.PublicKey(r.ReflectorPubkey[:]), payload[:], r.Signature[:])
+	return ed25519.Verify(ed25519.PublicKey(r.AuthorityPubkey[:]), payload[:], r.Signature[:])
 }