nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 21:23:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'sebastian/bug13286'

Browse Source
This commit is contained in:
Nick Mathewson 2014-10-27 12:12:16 -04:00
commit 0793ef862b
21 changed files with 82 additions and 221 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
changes/bug13286 Normal file
View File

@ -0,0 +1,2 @@
o Removed features:
Remove the --disable-curve25519 configure option.

162
configure.ac
View File

@ -39,8 +39,6 @@ AC_ARG_ENABLE(static-zlib,
AS_HELP_STRING(--enable-static-zlib, Link against a static zlib library. Requires --with-zlib-dir))
AC_ARG_ENABLE(static-tor,
AS_HELP_STRING(--enable-static-tor, Create an entirely static Tor binary. Requires --with-openssl-dir and --with-libevent-dir and --with-zlib-dir))
AC_ARG_ENABLE(curve25519,
AS_HELP_STRING(--disable-curve25519, Build Tor with no curve25519 elliptic-curve crypto support))
AC_ARG_ENABLE(unittests,
AS_HELP_STRING(--disable-unittests, [Don't build unit tests for Tor. Risky!]))
AC_ARG_ENABLE(coverage,
@ -765,101 +763,92 @@ dnl ============================================================
dnl We need an implementation of curve25519.
dnl set these defaults.
have_a_curve25519=no
build_curve25519_donna=no
build_curve25519_donna_c64=no
use_curve25519_donna=no
use_curve25519_nacl=no
CURVE25519_LIBS=
if test x$enable_curve25519 != xno; then
dnl The best choice is using curve25519-donna-c64, but that requires
dnl that we
AC_CACHE_CHECK([whether we can use curve25519-donna-c64],
tor_cv_can_use_curve25519_donna_c64,
[AC_RUN_IFELSE(
[AC_LANG_PROGRAM([dnl
#include <stdint.h>
typedef unsigned uint128_t __attribute__((mode(TI)));
int func(uint64_t a, uint64_t b) {
uint128_t c = ((uint128_t)a) * b;
int ok = ((uint64_t)(c>>96)) == 522859 &&
(((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
(((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
(((uint64_t)(c))&0xffffffffL) == 0;
return ok;
}
], [dnl
int ok = func( ((uint64_t)2000000000) * 1000000000,
((uint64_t)1234567890) << 24);
return !ok;
])],
[tor_cv_can_use_curve25519_donna_c64=yes],
[tor_cv_can_use_curve25519_donna_c64=no],
[AC_LINK_IFELSE(
[AC_LANG_PROGRAM([dnl
#include <stdint.h>
typedef unsigned uint128_t __attribute__((mode(TI)));
int func(uint64_t a, uint64_t b) {
uint128_t c = ((uint128_t)a) * b;
int ok = ((uint64_t)(c>>96)) == 522859 &&
(((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
(((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
(((uint64_t)(c))&0xffffffffL) == 0;
return ok;
}
], [dnl
int ok = func( ((uint64_t)2000000000) * 1000000000,
((uint64_t)1234567890) << 24);
return !ok;
])],
[tor_cv_can_use_curve25519_donna_c64=cross],
[tor_cv_can_use_curve25519_donna_c64=no])])])
dnl The best choice is using curve25519-donna-c64, but that requires
dnl that we
AC_CACHE_CHECK([whether we can use curve25519-donna-c64],
tor_cv_can_use_curve25519_donna_c64,
[AC_RUN_IFELSE(
[AC_LANG_PROGRAM([dnl
#include <stdint.h>
typedef unsigned uint128_t __attribute__((mode(TI)));
int func(uint64_t a, uint64_t b) {
uint128_t c = ((uint128_t)a) * b;
int ok = ((uint64_t)(c>>96)) == 522859 &&
(((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
(((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
(((uint64_t)(c))&0xffffffffL) == 0;
return ok;
}
], [dnl
int ok = func( ((uint64_t)2000000000) * 1000000000,
((uint64_t)1234567890) << 24);
return !ok;
])],
[tor_cv_can_use_curve25519_donna_c64=yes],
[tor_cv_can_use_curve25519_donna_c64=no],
[AC_LINK_IFELSE(
[AC_LANG_PROGRAM([dnl
#include <stdint.h>
typedef unsigned uint128_t __attribute__((mode(TI)));
int func(uint64_t a, uint64_t b) {
uint128_t c = ((uint128_t)a) * b;
int ok = ((uint64_t)(c>>96)) == 522859 &&
(((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
(((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
(((uint64_t)(c))&0xffffffffL) == 0;
return ok;
}
], [dnl
int ok = func( ((uint64_t)2000000000) * 1000000000,
((uint64_t)1234567890) << 24);
return !ok;
])],
[tor_cv_can_use_curve25519_donna_c64=cross],
[tor_cv_can_use_curve25519_donna_c64=no])])])
AC_CHECK_HEADERS([crypto_scalarmult_curve25519.h \
nacl/crypto_scalarmult_curve25519.h])
AC_CHECK_HEADERS([crypto_scalarmult_curve25519.h \
nacl/crypto_scalarmult_curve25519.h])
AC_CACHE_CHECK([for nacl compiled with a fast curve25519 implementation],
tor_cv_can_use_curve25519_nacl,
[tor_saved_LIBS="$LIBS"
LIBS="$LIBS -lnacl"
AC_LINK_IFELSE(
[AC_LANG_PROGRAM([dnl
#ifdef HAVE_CRYPTO_SCALARMULT_CURVE25519_H
#include <crypto_scalarmult_curve25519.h>
#elif defined(HAVE_NACL_CRYPTO_SCALARMULT_CURVE25519_H)
#include <nacl/crypto_scalarmult_curve25519.h>
#endif
#ifdef crypto_scalarmult_curve25519_ref_BYTES
#error Hey, this is the reference implementation! That's not fast.
#endif
], [
unsigned char *a, *b, *c; crypto_scalarmult_curve25519(a,b,c);
])], [tor_cv_can_use_curve25519_nacl=yes],
[tor_cv_can_use_curve25519_nacl=no])
LIBS="$tor_saved_LIBS" ])
AC_CACHE_CHECK([for nacl compiled with a fast curve25519 implementation],
tor_cv_can_use_curve25519_nacl,
[tor_saved_LIBS="$LIBS"
LIBS="$LIBS -lnacl"
AC_LINK_IFELSE(
[AC_LANG_PROGRAM([dnl
#ifdef HAVE_CRYPTO_SCALARMULT_CURVE25519_H
#include <crypto_scalarmult_curve25519.h>
#elif defined(HAVE_NACL_CRYPTO_SCALARMULT_CURVE25519_H)
#include <nacl/crypto_scalarmult_curve25519.h>
#endif
#ifdef crypto_scalarmult_curve25519_ref_BYTES
#error Hey, this is the reference implementation! That's not fast.
#endif
], [
unsigned char *a, *b, *c; crypto_scalarmult_curve25519(a,b,c);
])], [tor_cv_can_use_curve25519_nacl=yes],
[tor_cv_can_use_curve25519_nacl=no])
LIBS="$tor_saved_LIBS" ])
dnl Okay, now we need to figure out which one to actually use. Fall back
dnl to curve25519-donna.c
dnl Okay, now we need to figure out which one to actually use. Fall back
dnl to curve25519-donna.c
if test x$tor_cv_can_use_curve25519_donna_c64 != xno; then
build_curve25519_donna_c64=yes
use_curve25519_donna=yes
elif test x$tor_cv_can_use_curve25519_nacl = xyes; then
use_curve25519_nacl=yes
CURVE25519_LIBS=-lnacl
else
build_curve25519_donna=yes
use_curve25519_donna=yes
fi
if test x$tor_cv_can_use_curve25519_donna_c64 != xno; then
build_curve25519_donna_c64=yes
use_curve25519_donna=yes
elif test x$tor_cv_can_use_curve25519_nacl = xyes; then
use_curve25519_nacl=yes
CURVE25519_LIBS=-lnacl
else
build_curve25519_donna=yes
use_curve25519_donna=yes
fi
have_a_curve25519=yes
fi
if test x$have_a_curve25519 = xyes; then
AC_DEFINE(CURVE25519_ENABLED, 1,
[Defined if we have a curve25519 implementation])
fi
if test x$use_curve25519_donna = xyes; then
AC_DEFINE(USE_CURVE25519_DONNA, 1,
[Defined if we should use an internal curve25519_donna{,_c64} implementation])
@ -870,7 +859,6 @@ if test x$use_curve25519_nacl = xyes; then
fi
AM_CONDITIONAL(BUILD_CURVE25519_DONNA, test x$build_curve25519_donna = xyes)
AM_CONDITIONAL(BUILD_CURVE25519_DONNA_C64, test x$build_curve25519_donna_c64 = xyes)
AM_CONDITIONAL(CURVE25519_ENABLED, test x$have_a_curve25519 = xyes)
AC_SUBST(CURVE25519_LIBS)
dnl Make sure to enable support for large off_t if available.

2
src/common/crypto_curve25519.h
View File

@ -30,7 +30,6 @@ typedef struct curve25519_keypair_t {
curve25519_secret_key_t seckey;
} curve25519_keypair_t;
#ifdef CURVE25519_ENABLED
/* These functions require that we actually know how to use curve25519 keys.
* The other data structures and functions in this header let us parse them,
* store them, and move them around.
@ -63,7 +62,6 @@ int curve25519_rand_seckey_bytes(uint8_t *out, int extra_strong);
STATIC int curve25519_impl(uint8_t *output, const uint8_t *secret,
const uint8_t *basepoint);
#endif
#endif
#define CURVE25519_BASE64_PADDED_LEN 44

3
src/common/crypto_ed25519.h
View File

@ -39,7 +39,6 @@ typedef struct {
ed25519_secret_key_t seckey;
} ed25519_keypair_t;
#ifdef CURVE25519_ENABLED
int ed25519_secret_key_generate(ed25519_secret_key_t *seckey_out,
int extra_strong);
int ed25519_secret_key_from_seed(ed25519_secret_key_t *seckey_out,
@ -88,8 +87,6 @@ int ed25519_public_blind(ed25519_public_key_t *out,
const ed25519_public_key_t *inp,
const uint8_t *param);
#endif
#define ED25519_BASE64_LEN 43
int ed25519_public_from_base64(ed25519_public_key_t *pkey,

11
src/common/include.am
View File

@ -54,12 +54,6 @@ endif
LIBDONNA += $(LIBED25519_REF10)
if CURVE25519_ENABLED
libcrypto_extra_source = \
src/common/crypto_curve25519.c \
src/common/crypto_ed25519.c
endif
LIBOR_A_SOURCES = \
src/common/address.c \
src/common/backtrace.c \
@ -85,8 +79,9 @@ LIBOR_CRYPTO_A_SOURCES = \
src/common/crypto_format.c \
src/common/torgzip.c \
src/common/tortls.c \
src/trunnel/pwbox.c \
$(libcrypto_extra_source)
src/trunnel/pwbox.c \
src/common/crypto_curve25519.c \
src/common/crypto_ed25519.c
LIBOR_EVENT_A_SOURCES = \
src/common/compat_libevent.c \

20
src/or/circuitbuild.c
View File

@ -59,9 +59,7 @@ static crypt_path_t *onion_next_hop_in_cpath(crypt_path_t *cpath);
static int onion_extend_cpath(origin_circuit_t *circ);
static int count_acceptable_nodes(smartlist_t *routers);
static int onion_append_hop(crypt_path_t **head_ptr, extend_info_t *choice);
#ifdef CURVE25519_ENABLED
static int circuits_can_use_ntor(void);
#endif
/** This function tries to get a channel to the specified endpoint,
* and then calls command_setup_channel() to give it the right
@ -368,7 +366,6 @@ circuit_rep_hist_note_result(origin_circuit_t *circ)
} while (hop!=circ->cpath);
}
#ifdef CURVE25519_ENABLED
/** Return 1 iff at least one node in circ's cpath supports ntor. */
static int
circuit_cpath_supports_ntor(const origin_circuit_t *circ)
@ -388,9 +385,6 @@ circuit_cpath_supports_ntor(const origin_circuit_t *circ)
return 0;
}
#else
#define circuit_cpath_supports_ntor(circ) 0
#endif
/** Pick all the entries in our cpath. Stop and return 0 when we're
* happy, or return -1 if an error occurs. */
@ -398,11 +392,7 @@ static int
onion_populate_cpath(origin_circuit_t *circ)
{
int n_tries = 0;
#ifdef CURVE25519_ENABLED
const int using_ntor = circuits_can_use_ntor();
#else
const int using_ntor = 0;
#endif
#define MAX_POPULATE_ATTEMPTS 32
@ -772,7 +762,6 @@ circuit_timeout_want_to_count_circ(origin_circuit_t *circ)
&& circ->build_state->desired_path_len == DEFAULT_ROUTE_LEN;
}
#ifdef CURVE25519_ENABLED
/** Return true if the ntor handshake is enabled in the configuration, or if
* it's been set to "auto" in the configuration and it's enabled in the
* consensus. */
@ -784,7 +773,6 @@ circuits_can_use_ntor(void)
return options->UseNTorHandshake;
return networkstatus_get_param(NULL, "UseNTorHandshake", 0, 0, 1);
}
#endif
/** Decide whether to use a TAP or ntor handshake for connecting to <b>ei</b>
* directly, and set *<b>cell_type_out</b> and *<b>handshake_type_out</b>
@ -794,7 +782,6 @@ circuit_pick_create_handshake(uint8_t *cell_type_out,
uint16_t *handshake_type_out,
const extend_info_t *ei)
{
#ifdef CURVE25519_ENABLED
if (!tor_mem_is_zero((const char*)ei->curve25519_onion_key.public_key,
CURVE25519_PUBKEY_LEN) &&
circuits_can_use_ntor()) {
@ -802,9 +789,6 @@ circuit_pick_create_handshake(uint8_t *cell_type_out,
*handshake_type_out = ONION_HANDSHAKE_TYPE_NTOR;
return;
}
#else
(void) ei;
#endif
*cell_type_out = CELL_CREATE;
*handshake_type_out = ONION_HANDSHAKE_TYPE_TAP;
@ -2198,13 +2182,9 @@ extend_info_new(const char *nickname, const char *digest,
strlcpy(info->nickname, nickname, sizeof(info->nickname));
if (onion_key)
info->onion_key = crypto_pk_dup_key(onion_key);
#ifdef CURVE25519_ENABLED
if (curve25519_key)
memcpy(&info->curve25519_onion_key, curve25519_key,
sizeof(curve25519_public_key_t));
#else
(void)curve25519_key;
#endif
tor_addr_copy(&info->addr, addr);
info->port = port;
return info;

8
src/or/include.am
View File

@ -23,12 +23,6 @@ else
evdns_source=src/ext/eventdns.c
endif
if CURVE25519_ENABLED
onion_ntor_source=src/or/onion_ntor.c
else
onion_ntor_source=
endif
LIBTOR_A_SOURCES = \
src/or/addressmap.c \
src/or/buffers.c \
@ -82,9 +76,9 @@ LIBTOR_A_SOURCES = \
src/or/routerset.c \
src/or/statefile.c \
src/or/status.c \
src/or/onion_ntor.c \
$(evdns_source) \
$(tor_platform_source) \
$(onion_ntor_source) \
src/or/config_codedigest.c
src_or_libtor_a_SOURCES = $(LIBTOR_A_SOURCES)

22
src/or/onion.c
View File

@ -111,15 +111,11 @@ have_room_for_onionskin(uint16_t type)
(uint64_t)options->MaxOnionQueueDelay)
return 0;
#ifdef CURVE25519_ENABLED
/* If we support the ntor handshake, then don't let TAP handshakes use
* more than 2/3 of the space on the queue. */
if (type == ONION_HANDSHAKE_TYPE_TAP &&
tap_usec / 1000 > (uint64_t)options->MaxOnionQueueDelay * 2 / 3)
return 0;
#else
(void) type;
#endif
return 1;
}
@ -353,11 +349,9 @@ setup_server_onion_keys(server_onion_keys_t *keys)
memset(keys, 0, sizeof(server_onion_keys_t));
memcpy(keys->my_identity, router_get_my_id_digest(), DIGEST_LEN);
dup_onion_keys(&keys->onion_key, &keys->last_onion_key);
#ifdef CURVE25519_ENABLED
keys->curve25519_key_map = construct_ntor_key_map();
keys->junk_keypair = tor_malloc_zero(sizeof(curve25519_keypair_t));
curve25519_keypair_generate(keys->junk_keypair, 0);
#endif
}
/** Release all storage held in <b>keys</b>, but do not free <b>keys</b>
@ -370,10 +364,8 @@ release_server_onion_keys(server_onion_keys_t *keys)
crypto_pk_free(keys->onion_key);
crypto_pk_free(keys->last_onion_key);
#ifdef CURVE25519_ENABLED
ntor_key_map_free(keys->curve25519_key_map);
tor_free(keys->junk_keypair);
#endif
memset(keys, 0, sizeof(server_onion_keys_t));
}
@ -391,12 +383,10 @@ onion_handshake_state_release(onion_handshake_state_t *state)
fast_handshake_state_free(state->u.fast);
state->u.fast = NULL;
break;
#ifdef CURVE25519_ENABLED
case ONION_HANDSHAKE_TYPE_NTOR:
ntor_handshake_state_free(state->u.ntor);
state->u.ntor = NULL;
break;
#endif
default:
log_warn(LD_BUG, "called with unknown handshake state type %d",
(int)state->tag);
@ -436,7 +426,6 @@ onion_skin_create(int type,
r = CREATE_FAST_LEN;
break;
case ONION_HANDSHAKE_TYPE_NTOR:
#ifdef CURVE25519_ENABLED
if (tor_mem_is_zero((const char*)node->curve25519_onion_key.public_key,
CURVE25519_PUBKEY_LEN))
return -1;
@ -447,9 +436,6 @@ onion_skin_create(int type,
return -1;
r = NTOR_ONIONSKIN_LEN;
#else
return -1;
#endif
break;
default:
log_warn(LD_BUG, "called with unknown handshake state type %d", type);
@ -501,7 +487,6 @@ onion_skin_server_handshake(int type,
memcpy(rend_nonce_out, reply_out+DIGEST_LEN, DIGEST_LEN);
break;
case ONION_HANDSHAKE_TYPE_NTOR:
#ifdef CURVE25519_ENABLED
if (onionskin_len < NTOR_ONIONSKIN_LEN)
return -1;
{
@ -522,9 +507,6 @@ onion_skin_server_handshake(int type,
tor_free(keys_tmp);
r = NTOR_REPLY_LEN;
}
#else
return -1;
#endif
break;
default:
log_warn(LD_BUG, "called with unknown handshake state type %d", type);
@ -577,7 +559,6 @@ onion_skin_client_handshake(int type,
memcpy(rend_authenticator_out, reply+DIGEST_LEN, DIGEST_LEN);
return 0;
#ifdef CURVE25519_ENABLED
case ONION_HANDSHAKE_TYPE_NTOR:
if (reply_len < NTOR_REPLY_LEN) {
log_warn(LD_CIRC, "ntor reply was not of the correct length.");
@ -598,7 +579,6 @@ onion_skin_client_handshake(int type,
tor_free(keys_tmp);
}
return 0;
#endif
default:
log_warn(LD_BUG, "called with unknown handshake state type %d", type);
tor_fragile_assert();
@ -637,12 +617,10 @@ check_create_cell(const create_cell_t *cell, int unknown_ok)
if (cell->handshake_len != CREATE_FAST_LEN)
return -1;
break;
#ifdef CURVE25519_ENABLED
case ONION_HANDSHAKE_TYPE_NTOR:
if (cell->handshake_len != NTOR_ONIONSKIN_LEN)
return -1;
break;
#endif
default:
if (! unknown_ok)
return -1;

2
src/or/onion.h
View File

@ -23,10 +23,8 @@ typedef struct server_onion_keys_t {
uint8_t my_identity[DIGEST_LEN];
crypto_pk_t *onion_key;
crypto_pk_t *last_onion_key;
#ifdef CURVE25519_ENABLED
di_digest256_map_t *curve25519_key_map;
curve25519_keypair_t *junk_keypair;
#endif
} server_onion_keys_t;
#define MAX_ONIONSKIN_CHALLENGE_LEN 255

3
src/or/onion_ntor.h
View File

@ -17,7 +17,6 @@ typedef struct ntor_handshake_state_t ntor_handshake_state_t;
/** Length of an ntor reply, as sent from server to client. */
#define NTOR_REPLY_LEN 64
#ifdef CURVE25519_ENABLED
void ntor_handshake_state_free(ntor_handshake_state_t *state);
int onion_skin_ntor_create(const uint8_t *router_id,
@ -59,5 +58,3 @@ struct ntor_handshake_state_t {
#endif
#endif

2
src/or/or.h
View File

@ -2554,9 +2554,7 @@ typedef struct extend_info_t {
uint16_t port; /**< OR port. */
tor_addr_t addr; /**< IP address. */
crypto_pk_t *onion_key; /**< Current onionskin key. */
#ifdef CURVE25519_ENABLED
curve25519_public_key_t curve25519_onion_key;
#endif
} extend_info_t;
/** Certificate for v3 directory protocol: binds long-term authority identity

22
src/or/router.c
View File

@ -55,13 +55,11 @@ static crypto_pk_t *onionkey=NULL;
/** Previous private onionskin decryption key: used to decode CREATE cells
* generated by clients that have an older version of our descriptor. */
static crypto_pk_t *lastonionkey=NULL;
#ifdef CURVE25519_ENABLED
/** Current private ntor secret key: used to perform the ntor handshake. */
static curve25519_keypair_t curve25519_onion_key;
/** Previous private ntor secret key: used to perform the ntor handshake
* with clients that have an older version of our descriptor. */
static curve25519_keypair_t last_curve25519_onion_key;
#endif
/** Private server "identity key": used to sign directory info and TLS
* certificates. Never changes. */
static crypto_pk_t *server_identitykey=NULL;
@ -134,7 +132,6 @@ dup_onion_keys(crypto_pk_t **key, crypto_pk_t **last)
tor_mutex_release(key_lock);
}
#ifdef CURVE25519_ENABLED
/** Return the current secret onion key for the ntor handshake. Must only
* be called from the main thread. */
static const curve25519_keypair_t *
@ -181,7 +178,6 @@ ntor_key_map_free(di_digest256_map_t *map)
return;
dimap_free(map, ntor_key_map_free_helper);
}
#endif
/** Return the time when the onion key was last set. This is either the time
* when the process launched, or the time of the most recent key rotation since
@ -313,9 +309,7 @@ rotate_onion_key(void)
char *fname, *fname_prev;
crypto_pk_t *prkey = NULL;
or_state_t *state = get_or_state();
#ifdef CURVE25519_ENABLED
curve25519_keypair_t new_curve25519_keypair;
#endif
time_t now;
fname = get_datadir_fname2("keys", "secret_onion_key");
fname_prev = get_datadir_fname2("keys", "secret_onion_key.old");
@ -335,7 +329,6 @@ rotate_onion_key(void)
log_err(LD_FS,"Couldn't write generated onion key to \"%s\".", fname);
goto error;
}
#ifdef CURVE25519_ENABLED
tor_free(fname);
tor_free(fname_prev);
fname = get_datadir_fname2("keys", "secret_onion_key_ntor");
@ -351,18 +344,15 @@ rotate_onion_key(void)
log_err(LD_FS,"Couldn't write curve25519 onion key to \"%s\".",fname);
goto error;
}
#endif
log_info(LD_GENERAL, "Rotating onion key");
tor_mutex_acquire(key_lock);
crypto_pk_free(lastonionkey);
lastonionkey = onionkey;
onionkey = prkey;
#ifdef CURVE25519_ENABLED
memcpy(&last_curve25519_onion_key, &curve25519_onion_key,
sizeof(curve25519_keypair_t));
memcpy(&curve25519_onion_key, &new_curve25519_keypair,
sizeof(curve25519_keypair_t));
#endif
now = time(NULL);
state->LastRotatedOnionKey = onionkey_set_at = now;
tor_mutex_release(key_lock);
@ -374,9 +364,7 @@ rotate_onion_key(void)
if (prkey)
crypto_pk_free(prkey);
done:
#ifdef CURVE25519_ENABLED
memwipe(&new_curve25519_keypair, 0, sizeof(new_curve25519_keypair));
#endif
tor_free(fname);
tor_free(fname_prev);
}
@ -450,7 +438,6 @@ init_key_from_file(const char *fname, int generate, int severity)
return NULL;
}
#ifdef CURVE25519_ENABLED
/** Load a curve25519 keypair from the file <b>fname</b>, writing it into
* <b>keys_out</b>. If the file isn't found and <b>generate</b> is true,
* create a new keypair and write it into the file. If there are errors, log
@ -519,7 +506,6 @@ init_curve25519_keypair_from_file(curve25519_keypair_t *keys_out,
error:
return -1;
}
#endif
/** Try to load the vote-signing private key and certificate for being a v3
* directory authority, and make sure they match. If <b>legacy</b>, load a
@ -875,7 +861,6 @@ init_keys(void)
}
tor_free(keydir);
#ifdef CURVE25519_ENABLED
{
/* 2b. Load curve25519 onion keys. */
int r;
@ -896,7 +881,6 @@ init_keys(void)
}
tor_free(keydir);
}
#endif
/* 3. Initialize link key and TLS context. */
if (router_initialize_tls_context() < 0) {
@ -1806,11 +1790,9 @@ router_rebuild_descriptor(int force)
ri->cache_info.published_on = time(NULL);
ri->onion_pkey = crypto_pk_dup_key(get_onion_key()); /* must invoke from
* main thread */
#ifdef CURVE25519_ENABLED
ri->onion_curve25519_pkey =
tor_memdup(&get_current_curve25519_keypair()->pubkey,
sizeof(curve25519_public_key_t));
#endif
/* For now, at most one IPv6 or-address is being advertised. */
{
@ -2389,7 +2371,6 @@ router_dump_router_to_string(routerinfo_t *router,
smartlist_add_asprintf(chunks, "contact %s\n", ci);
}
#ifdef CURVE25519_ENABLED
if (router->onion_curve25519_pkey) {
char kbuf[128];
base64_encode(kbuf, sizeof(kbuf),
@ -2397,7 +2378,6 @@ router_dump_router_to_string(routerinfo_t *router,
CURVE25519_PUBKEY_LEN);
smartlist_add_asprintf(chunks, "ntor-onion-key %s", kbuf);
}
#endif
/* Write the exit policy to the end of 's'. */
if (!router->exit_policy || !smartlist_len(router->exit_policy)) {
@ -3073,10 +3053,8 @@ router_free_all(void)
crypto_pk_free(legacy_signing_key);
authority_cert_free(legacy_key_certificate);
#ifdef CURVE25519_ENABLED
memwipe(&curve25519_onion_key, 0, sizeof(curve25519_onion_key));
memwipe(&last_curve25519_onion_key, 0, sizeof(last_curve25519_onion_key));
#endif
if (warned_nonexistent_family) {
SMARTLIST_FOREACH(warned_nonexistent_family, char *, cp, tor_free(cp));

2
src/or/router.h
View File

@ -32,10 +32,8 @@ crypto_pk_t *init_key_from_file(const char *fname, int generate,
int severity);
void v3_authority_check_key_expiry(void);
#ifdef CURVE25519_ENABLED
di_digest256_map_t *construct_ntor_key_map(void);
void ntor_key_map_free(di_digest256_map_t *map);
#endif
int router_initialize_tls_context(void);
int init_keys(void);

7
src/test/bench.c
View File

@ -26,10 +26,8 @@ const char tor_git_revision[] = "";
#endif
#include "config.h"
#ifdef CURVE25519_ENABLED
#include "crypto_curve25519.h"
#include "onion_ntor.h"
#endif
#include "crypto_ed25519.h"
#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_PROCESS_CPUTIME_ID)
@ -179,7 +177,6 @@ bench_onion_TAP(void)
crypto_pk_free(key2);
}
#ifdef CURVE25519_ENABLED
static void
bench_onion_ntor(void)
{
@ -293,7 +290,6 @@ bench_ed25519(void)
printf("Blind a public key: %.2f usec\n",
MICROCOUNT(start, end, iters));
}
#endif
static void
bench_cell_aes(void)
@ -573,10 +569,9 @@ static struct benchmark_t benchmarks[] = {
ENT(siphash),
ENT(aes),
ENT(onion_TAP),
#ifdef CURVE25519_ENABLED
ENT(onion_ntor),
ENT(ed25519),
#endif
ENT(cell_aes),
ENT(cell_ops),
ENT(dh),

6
src/test/include.am
View File

@ -80,7 +80,6 @@ noinst_HEADERS+= \
src/test/failing_routerdescs.inc \
src/test/ed25519_vectors.inc
if CURVE25519_ENABLED
noinst_PROGRAMS+= src/test/test-ntor-cl
src_test_test_ntor_cl_SOURCES = src/test/test_ntor_cl.c
src_test_test_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@
@ -91,9 +90,6 @@ src_test_test_ntor_cl_LDADD = src/or/libtor.a src/common/libor.a \
src_test_test_ntor_cl_AM_CPPFLAGS = \
-I"$(top_srcdir)/src/or"
NTOR_TEST_DEPS=src/test/test-ntor-cl
else
NTOR_TEST_DEPS=
endif
if COVERAGE_ENABLED
CMDLINE_TEST_TOR = ./src/or/tor-cov
@ -113,10 +109,8 @@ src_test_test_bt_cl_CPPFLAGS= $(src_test_AM_CPPFLAGS)
check-local: $(NTOR_TEST_DEPS) $(CMDLINE_TEST_TOR)
if USEPYTHON
$(PYTHON) $(top_srcdir)/src/test/test_cmdline_args.py $(CMDLINE_TEST_TOR) "${top_srcdir}"
if CURVE25519_ENABLED
$(PYTHON) $(top_srcdir)/src/test/ntor_ref.py test-tor
$(PYTHON) $(top_srcdir)/src/test/ntor_ref.py self-test
endif
./src/test/test-bt-cl assert | $(PYTHON) $(top_srcdir)/src/test/bt_test.py
./src/test/test-bt-cl crash | $(PYTHON) $(top_srcdir)/src/test/bt_test.py
endif

6
src/test/test.c
View File

@ -64,10 +64,8 @@ double fabs(double x);
#include "rephist.h"
#include "routerparse.h"
#include "statefile.h"
#ifdef CURVE25519_ENABLED
#include "crypto_curve25519.h"
#include "onion_ntor.h"
#endif
#ifdef USE_DMALLOC
#include <dmalloc.h>
@ -365,7 +363,6 @@ test_bad_onion_handshake(void *arg)
crypto_pk_free(pk2);
}
#ifdef CURVE25519_ENABLED
static void
test_ntor_handshake(void *arg)
{
@ -417,7 +414,6 @@ test_ntor_handshake(void *arg)
ntor_handshake_state_free(c_state);
dimap_free(s_keymap, NULL);
}
#endif
/** Run unit tests for the onion queues. */
static void
@ -1267,9 +1263,7 @@ static struct testcase_t test_array[] = {
ENT(onion_handshake),
{ "bad_onion_handshake", test_bad_onion_handshake, 0, NULL, NULL },
ENT(onion_queues),
#ifdef CURVE25519_ENABLED
{ "ntor_handshake", test_ntor_handshake, 0, NULL, NULL },
#endif
ENT(circuit_timeout),
ENT(rend_fns),
ENT(geoip),

8
src/test/test_cell_formats.c
View File

@ -445,7 +445,6 @@ test_cfmt_create_cells(void *arg)
cell.command = CELL_CREATE2;
memcpy(cell.payload, "\x00\x02\x00\x54", 4); /* ntor, 84 bytes long */
memcpy(cell.payload+4, b, NTOR_ONIONSKIN_LEN);
#ifdef CURVE25519_ENABLED
tt_int_op(0, ==, create_cell_parse(&cc, &cell));
tt_int_op(CELL_CREATE2, ==, cc.cell_type);
tt_int_op(ONION_HANDSHAKE_TYPE_NTOR, ==, cc.handshake_type);
@ -454,9 +453,6 @@ test_cfmt_create_cells(void *arg)
tt_int_op(0, ==, create_cell_format(&cell2, &cc));
tt_int_op(cell.command, ==, cell2.command);
tt_mem_op(cell.payload,==, cell2.payload, CELL_PAYLOAD_SIZE);
#else
tt_int_op(-1, ==, create_cell_parse(&cc, &cell));
#endif
/* A valid create cell with an ntor payload, in legacy format. */
memset(&cell, 0, sizeof(cell));
@ -465,7 +461,6 @@ test_cfmt_create_cells(void *arg)
cell.command = CELL_CREATE;
memcpy(cell.payload, "ntorNTORntorNTOR", 16);
memcpy(cell.payload+16, b, NTOR_ONIONSKIN_LEN);
#ifdef CURVE25519_ENABLED
tt_int_op(0, ==, create_cell_parse(&cc, &cell));
tt_int_op(CELL_CREATE, ==, cc.cell_type);
tt_int_op(ONION_HANDSHAKE_TYPE_NTOR, ==, cc.handshake_type);
@ -474,9 +469,6 @@ test_cfmt_create_cells(void *arg)
tt_int_op(0, ==, create_cell_format(&cell2, &cc));
tt_int_op(cell.command, ==, cell2.command);
tt_mem_op(cell.payload,==, cell2.payload, CELL_PAYLOAD_SIZE);
#else
tt_int_op(-1, ==, create_cell_parse(&cc, &cell));
#endif
/* == Okay, now let's try to parse some impossible stuff. */

6
src/test/test_crypto.c
View File

@ -11,9 +11,7 @@
#include "aes.h"
#include "util.h"
#include "siphash.h"
#ifdef CURVE25519_ENABLED
#include "crypto_curve25519.h"
#endif
#include "crypto_ed25519.h"
#include "ed25519_vectors.inc"
#include "crypto_s2k.h"
@ -1332,7 +1330,6 @@ test_crypto_hkdf_sha256(void *arg)
#undef EXPAND
}
#ifdef CURVE25519_ENABLED
static void
test_crypto_curve25519_impl(void *arg)
{
@ -1876,7 +1873,6 @@ test_crypto_ed25519_testvectors(void *arg)
done:
tor_free(mem_op_hex_tmp);
}
#endif /* CURVE25519_ENABLED */
static void
test_crypto_siphash(void *arg)
@ -2025,7 +2021,6 @@ struct testcase_t crypto_tests[] = {
CRYPTO_LEGACY(base32_decode),
{ "kdf_TAP", test_crypto_kdf_TAP, 0, NULL, NULL },
{ "hkdf_sha256", test_crypto_hkdf_sha256, 0, NULL, NULL },
#ifdef CURVE25519_ENABLED
{ "curve25519_impl", test_crypto_curve25519_impl, 0, NULL, NULL },
{ "curve25519_impl_hibit", test_crypto_curve25519_impl, 0, NULL, (void*)"y"},
{ "curve25519_wrappers", test_crypto_curve25519_wrappers, 0, NULL, NULL },
@ -2037,7 +2032,6 @@ struct testcase_t crypto_tests[] = {
{ "ed25519_convert", test_crypto_ed25519_convert, 0, NULL, NULL },
{ "ed25519_blinding", test_crypto_ed25519_blinding, 0, NULL, NULL },
{ "ed25519_testvectors", test_crypto_ed25519_testvectors, 0, NULL, NULL },
#endif
{ "siphash", test_crypto_siphash, 0, NULL, NULL },
END_OF_TESTCASES
};

4
src/test/test_dir.c
View File

@ -216,10 +216,8 @@ test_dir_formats(void *arg)
strlcat(buf2, "signing-key\n", sizeof(buf2));
strlcat(buf2, pk1_str, sizeof(buf2));
strlcat(buf2, "hidden-service-dir\n", sizeof(buf2));
#ifdef CURVE25519_ENABLED
strlcat(buf2, "ntor-onion-key "
"skyinAnvardNostarsNomoonNowindormistsorsnow=\n", sizeof(buf2));
#endif
strlcat(buf2, "accept *:80\nreject 18.0.0.0/8:24\n", sizeof(buf2));
strlcat(buf2, "router-signature\n", sizeof(buf2));
@ -239,11 +237,9 @@ test_dir_formats(void *arg)
tt_int_op(rp2->bandwidthrate,==, r2->bandwidthrate);
tt_int_op(rp2->bandwidthburst,==, r2->bandwidthburst);
tt_int_op(rp2->bandwidthcapacity,==, r2->bandwidthcapacity);
#ifdef CURVE25519_ENABLED
tt_mem_op(rp2->onion_curve25519_pkey->public_key,==,
r2->onion_curve25519_pkey->public_key,
CURVE25519_PUBKEY_LEN);
#endif
tt_assert(crypto_pk_cmp_keys(rp2->onion_pkey, pk2) == 0);
tt_assert(crypto_pk_cmp_keys(rp2->identity_pkey, pk1) == 0);

4
src/test/test_ntor_cl.c
View File

@ -13,10 +13,6 @@
#include "crypto_curve25519.h"
#include "onion_ntor.h"
#ifndef CURVE25519_ENABLED
#error "This isn't going to work without curve25519."
#endif
#define N_ARGS(n) STMT_BEGIN { \
if (argc < (n)) { \
fprintf(stderr, "%s needs %d arguments.\n",argv[1],n); \

1
src/win32/orconfig.h
View File

@ -244,7 +244,6 @@
#define SHARE_DATADIR ""
#define HAVE_EVENT2_DNS_H
#define HAVE_EVENT_BASE_LOOPEXIT
#define CURVE25519_ENABLED
#define USE_CURVE25519_DONNA
#define ENUM_VALS_ARE_SIGNED 1